diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -7,9 +7,8 @@
 
 
 ## Version
-
-`1.6.1`
-
+ 
+`2.0` - Derived from API version @2017-11-28@ of the AWS service descriptions, licensed under Apache 2.0.
 
 ## Description
 
@@ -26,7 +25,7 @@
 The provided lenses should be compatible with any of the major lens libraries
 [lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
 
-See [Network.AWS.GuardDuty](http://hackage.haskell.org/package/amazonka-guardduty/docs/Network-AWS-GuardDuty.html)
+See [Amazonka.GuardDuty](http://hackage.haskell.org/package/amazonka-guardduty/docs/Amazonka-GuardDuty.html)
 or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
 
 
diff --git a/Setup.hs b/Setup.hs
deleted file mode 100644
--- a/Setup.hs
+++ /dev/null
@@ -1,2 +0,0 @@
-import           Distribution.Simple
-main = defaultMain
diff --git a/amazonka-guardduty.cabal b/amazonka-guardduty.cabal
--- a/amazonka-guardduty.cabal
+++ b/amazonka-guardduty.cabal
@@ -1,127 +1,293 @@
-name:                  amazonka-guardduty
-version:               1.6.1
-synopsis:              Amazon GuardDuty SDK.
-homepage:              https://github.com/brendanhay/amazonka
-bug-reports:           https://github.com/brendanhay/amazonka/issues
-license:               MPL-2.0
-license-file:          LICENSE
-author:                Brendan Hay
-maintainer:            Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-copyright:             Copyright (c) 2013-2018 Brendan Hay
-category:              Network, AWS, Cloud, Distributed Computing
-build-type:            Simple
-cabal-version:         >= 1.10
-extra-source-files:    README.md fixture/*.yaml fixture/*.proto src/.gitkeep
+cabal-version:      2.2
+name:               amazonka-guardduty
+version:            2.0
+synopsis:           Amazon GuardDuty SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
 description:
-    The types from this library are intended to be used with
-    <http://hackage.haskell.org/package/amazonka amazonka>, which provides
-    mechanisms for specifying AuthN/AuthZ information, sending requests,
-    and receiving responses.
-    .
-    Lenses are used for constructing and manipulating types,
-    due to the depth of nesting of AWS types and transparency regarding
-    de/serialisation into more palatable Haskell values.
-    The provided lenses should be compatible with any of the major lens libraries
-    such as <http://hackage.haskell.org/package/lens lens> or
-    <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
-    .
-    See "Network.AWS.GuardDuty" or <https://aws.amazon.com/documentation/ the AWS documentation>
-    to get started.
+  Derived from API version @2017-11-28@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.GuardDuty.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.GuardDuty" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
 
 source-repository head
-    type:              git
-    location:          git://github.com/brendanhay/amazonka.git
-    subdir:            amazonka-guardduty
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-guardduty
 
 library
-    default-language:  Haskell2010
-    hs-source-dirs:    src gen
-
-    ghc-options:
-        -Wall
-        -fwarn-incomplete-uni-patterns
-        -fwarn-incomplete-record-updates
-        -funbox-strict-fields
-
-    exposed-modules:
-          Network.AWS.GuardDuty
-        , Network.AWS.GuardDuty.AcceptInvitation
-        , Network.AWS.GuardDuty.ArchiveFindings
-        , Network.AWS.GuardDuty.CreateDetector
-        , Network.AWS.GuardDuty.CreateFilter
-        , Network.AWS.GuardDuty.CreateIPSet
-        , Network.AWS.GuardDuty.CreateMembers
-        , Network.AWS.GuardDuty.CreateSampleFindings
-        , Network.AWS.GuardDuty.CreateThreatIntelSet
-        , Network.AWS.GuardDuty.DeclineInvitations
-        , Network.AWS.GuardDuty.DeleteDetector
-        , Network.AWS.GuardDuty.DeleteFilter
-        , Network.AWS.GuardDuty.DeleteIPSet
-        , Network.AWS.GuardDuty.DeleteInvitations
-        , Network.AWS.GuardDuty.DeleteMembers
-        , Network.AWS.GuardDuty.DeleteThreatIntelSet
-        , Network.AWS.GuardDuty.DisassociateFromMasterAccount
-        , Network.AWS.GuardDuty.DisassociateMembers
-        , Network.AWS.GuardDuty.GetDetector
-        , Network.AWS.GuardDuty.GetFilter
-        , Network.AWS.GuardDuty.GetFindings
-        , Network.AWS.GuardDuty.GetFindingsStatistics
-        , Network.AWS.GuardDuty.GetIPSet
-        , Network.AWS.GuardDuty.GetInvitationsCount
-        , Network.AWS.GuardDuty.GetMasterAccount
-        , Network.AWS.GuardDuty.GetMembers
-        , Network.AWS.GuardDuty.GetThreatIntelSet
-        , Network.AWS.GuardDuty.InviteMembers
-        , Network.AWS.GuardDuty.ListDetectors
-        , Network.AWS.GuardDuty.ListFilters
-        , Network.AWS.GuardDuty.ListFindings
-        , Network.AWS.GuardDuty.ListIPSets
-        , Network.AWS.GuardDuty.ListInvitations
-        , Network.AWS.GuardDuty.ListMembers
-        , Network.AWS.GuardDuty.ListThreatIntelSets
-        , Network.AWS.GuardDuty.StartMonitoringMembers
-        , Network.AWS.GuardDuty.StopMonitoringMembers
-        , Network.AWS.GuardDuty.Types
-        , Network.AWS.GuardDuty.UnarchiveFindings
-        , Network.AWS.GuardDuty.UpdateDetector
-        , Network.AWS.GuardDuty.UpdateFilter
-        , Network.AWS.GuardDuty.UpdateFindingsFeedback
-        , Network.AWS.GuardDuty.UpdateIPSet
-        , Network.AWS.GuardDuty.UpdateThreatIntelSet
-        , Network.AWS.GuardDuty.Waiters
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
 
-    other-modules:
-          Network.AWS.GuardDuty.Types.Product
-        , Network.AWS.GuardDuty.Types.Sum
+  exposed-modules:
+    Amazonka.GuardDuty
+    Amazonka.GuardDuty.AcceptAdministratorInvitation
+    Amazonka.GuardDuty.ArchiveFindings
+    Amazonka.GuardDuty.CreateDetector
+    Amazonka.GuardDuty.CreateFilter
+    Amazonka.GuardDuty.CreateIPSet
+    Amazonka.GuardDuty.CreateMembers
+    Amazonka.GuardDuty.CreatePublishingDestination
+    Amazonka.GuardDuty.CreateSampleFindings
+    Amazonka.GuardDuty.CreateThreatIntelSet
+    Amazonka.GuardDuty.DeclineInvitations
+    Amazonka.GuardDuty.DeleteDetector
+    Amazonka.GuardDuty.DeleteFilter
+    Amazonka.GuardDuty.DeleteInvitations
+    Amazonka.GuardDuty.DeleteIPSet
+    Amazonka.GuardDuty.DeleteMembers
+    Amazonka.GuardDuty.DeletePublishingDestination
+    Amazonka.GuardDuty.DeleteThreatIntelSet
+    Amazonka.GuardDuty.DescribeMalwareScans
+    Amazonka.GuardDuty.DescribeOrganizationConfiguration
+    Amazonka.GuardDuty.DescribePublishingDestination
+    Amazonka.GuardDuty.DisableOrganizationAdminAccount
+    Amazonka.GuardDuty.DisassociateFromAdministratorAccount
+    Amazonka.GuardDuty.DisassociateMembers
+    Amazonka.GuardDuty.EnableOrganizationAdminAccount
+    Amazonka.GuardDuty.GetAdministratorAccount
+    Amazonka.GuardDuty.GetDetector
+    Amazonka.GuardDuty.GetFilter
+    Amazonka.GuardDuty.GetFindings
+    Amazonka.GuardDuty.GetFindingsStatistics
+    Amazonka.GuardDuty.GetInvitationsCount
+    Amazonka.GuardDuty.GetIPSet
+    Amazonka.GuardDuty.GetMalwareScanSettings
+    Amazonka.GuardDuty.GetMemberDetectors
+    Amazonka.GuardDuty.GetMembers
+    Amazonka.GuardDuty.GetRemainingFreeTrialDays
+    Amazonka.GuardDuty.GetThreatIntelSet
+    Amazonka.GuardDuty.GetUsageStatistics
+    Amazonka.GuardDuty.InviteMembers
+    Amazonka.GuardDuty.Lens
+    Amazonka.GuardDuty.ListDetectors
+    Amazonka.GuardDuty.ListFilters
+    Amazonka.GuardDuty.ListFindings
+    Amazonka.GuardDuty.ListInvitations
+    Amazonka.GuardDuty.ListIPSets
+    Amazonka.GuardDuty.ListMembers
+    Amazonka.GuardDuty.ListOrganizationAdminAccounts
+    Amazonka.GuardDuty.ListPublishingDestinations
+    Amazonka.GuardDuty.ListTagsForResource
+    Amazonka.GuardDuty.ListThreatIntelSets
+    Amazonka.GuardDuty.StartMonitoringMembers
+    Amazonka.GuardDuty.StopMonitoringMembers
+    Amazonka.GuardDuty.TagResource
+    Amazonka.GuardDuty.Types
+    Amazonka.GuardDuty.Types.AccessControlList
+    Amazonka.GuardDuty.Types.AccessKeyDetails
+    Amazonka.GuardDuty.Types.AccountDetail
+    Amazonka.GuardDuty.Types.AccountFreeTrialInfo
+    Amazonka.GuardDuty.Types.AccountLevelPermissions
+    Amazonka.GuardDuty.Types.Action
+    Amazonka.GuardDuty.Types.AdminAccount
+    Amazonka.GuardDuty.Types.Administrator
+    Amazonka.GuardDuty.Types.AdminStatus
+    Amazonka.GuardDuty.Types.AwsApiCallAction
+    Amazonka.GuardDuty.Types.BlockPublicAccess
+    Amazonka.GuardDuty.Types.BucketLevelPermissions
+    Amazonka.GuardDuty.Types.BucketPolicy
+    Amazonka.GuardDuty.Types.City
+    Amazonka.GuardDuty.Types.CloudTrailConfigurationResult
+    Amazonka.GuardDuty.Types.Condition
+    Amazonka.GuardDuty.Types.Container
+    Amazonka.GuardDuty.Types.Country
+    Amazonka.GuardDuty.Types.CriterionKey
+    Amazonka.GuardDuty.Types.DataSource
+    Amazonka.GuardDuty.Types.DataSourceConfigurations
+    Amazonka.GuardDuty.Types.DataSourceConfigurationsResult
+    Amazonka.GuardDuty.Types.DataSourceFreeTrial
+    Amazonka.GuardDuty.Types.DataSourcesFreeTrial
+    Amazonka.GuardDuty.Types.DataSourceStatus
+    Amazonka.GuardDuty.Types.DefaultServerSideEncryption
+    Amazonka.GuardDuty.Types.Destination
+    Amazonka.GuardDuty.Types.DestinationProperties
+    Amazonka.GuardDuty.Types.DestinationType
+    Amazonka.GuardDuty.Types.DetectorStatus
+    Amazonka.GuardDuty.Types.DNSLogsConfigurationResult
+    Amazonka.GuardDuty.Types.DnsRequestAction
+    Amazonka.GuardDuty.Types.DomainDetails
+    Amazonka.GuardDuty.Types.EbsSnapshotPreservation
+    Amazonka.GuardDuty.Types.EbsVolumeDetails
+    Amazonka.GuardDuty.Types.EbsVolumeScanDetails
+    Amazonka.GuardDuty.Types.EbsVolumesResult
+    Amazonka.GuardDuty.Types.EcsClusterDetails
+    Amazonka.GuardDuty.Types.EcsTaskDetails
+    Amazonka.GuardDuty.Types.EksClusterDetails
+    Amazonka.GuardDuty.Types.Evidence
+    Amazonka.GuardDuty.Types.Feedback
+    Amazonka.GuardDuty.Types.FilterAction
+    Amazonka.GuardDuty.Types.FilterCondition
+    Amazonka.GuardDuty.Types.FilterCriteria
+    Amazonka.GuardDuty.Types.FilterCriterion
+    Amazonka.GuardDuty.Types.Finding
+    Amazonka.GuardDuty.Types.FindingCriteria
+    Amazonka.GuardDuty.Types.FindingPublishingFrequency
+    Amazonka.GuardDuty.Types.FindingStatistics
+    Amazonka.GuardDuty.Types.FindingStatisticType
+    Amazonka.GuardDuty.Types.FlowLogsConfigurationResult
+    Amazonka.GuardDuty.Types.GeoLocation
+    Amazonka.GuardDuty.Types.HighestSeverityThreatDetails
+    Amazonka.GuardDuty.Types.HostPath
+    Amazonka.GuardDuty.Types.IamInstanceProfile
+    Amazonka.GuardDuty.Types.InstanceDetails
+    Amazonka.GuardDuty.Types.Invitation
+    Amazonka.GuardDuty.Types.IpSetFormat
+    Amazonka.GuardDuty.Types.IpSetStatus
+    Amazonka.GuardDuty.Types.KubernetesApiCallAction
+    Amazonka.GuardDuty.Types.KubernetesAuditLogsConfiguration
+    Amazonka.GuardDuty.Types.KubernetesAuditLogsConfigurationResult
+    Amazonka.GuardDuty.Types.KubernetesConfiguration
+    Amazonka.GuardDuty.Types.KubernetesConfigurationResult
+    Amazonka.GuardDuty.Types.KubernetesDataSourceFreeTrial
+    Amazonka.GuardDuty.Types.KubernetesDetails
+    Amazonka.GuardDuty.Types.KubernetesUserDetails
+    Amazonka.GuardDuty.Types.KubernetesWorkloadDetails
+    Amazonka.GuardDuty.Types.LocalIpDetails
+    Amazonka.GuardDuty.Types.LocalPortDetails
+    Amazonka.GuardDuty.Types.MalwareProtectionConfiguration
+    Amazonka.GuardDuty.Types.MalwareProtectionConfigurationResult
+    Amazonka.GuardDuty.Types.MalwareProtectionDataSourceFreeTrial
+    Amazonka.GuardDuty.Types.Member
+    Amazonka.GuardDuty.Types.MemberDataSourceConfiguration
+    Amazonka.GuardDuty.Types.NetworkConnectionAction
+    Amazonka.GuardDuty.Types.NetworkInterface
+    Amazonka.GuardDuty.Types.OrderBy
+    Amazonka.GuardDuty.Types.Organization
+    Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurations
+    Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurationsResult
+    Amazonka.GuardDuty.Types.OrganizationEbsVolumes
+    Amazonka.GuardDuty.Types.OrganizationEbsVolumesResult
+    Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfiguration
+    Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfigurationResult
+    Amazonka.GuardDuty.Types.OrganizationKubernetesConfiguration
+    Amazonka.GuardDuty.Types.OrganizationKubernetesConfigurationResult
+    Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfiguration
+    Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfigurationResult
+    Amazonka.GuardDuty.Types.OrganizationS3LogsConfiguration
+    Amazonka.GuardDuty.Types.OrganizationS3LogsConfigurationResult
+    Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindings
+    Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindingsResult
+    Amazonka.GuardDuty.Types.Owner
+    Amazonka.GuardDuty.Types.PermissionConfiguration
+    Amazonka.GuardDuty.Types.PortProbeAction
+    Amazonka.GuardDuty.Types.PortProbeDetail
+    Amazonka.GuardDuty.Types.PrivateIpAddressDetails
+    Amazonka.GuardDuty.Types.ProductCode
+    Amazonka.GuardDuty.Types.PublicAccess
+    Amazonka.GuardDuty.Types.PublishingStatus
+    Amazonka.GuardDuty.Types.RemoteAccountDetails
+    Amazonka.GuardDuty.Types.RemoteIpDetails
+    Amazonka.GuardDuty.Types.RemotePortDetails
+    Amazonka.GuardDuty.Types.Resource
+    Amazonka.GuardDuty.Types.ResourceDetails
+    Amazonka.GuardDuty.Types.S3BucketDetail
+    Amazonka.GuardDuty.Types.S3LogsConfiguration
+    Amazonka.GuardDuty.Types.S3LogsConfigurationResult
+    Amazonka.GuardDuty.Types.Scan
+    Amazonka.GuardDuty.Types.ScanCondition
+    Amazonka.GuardDuty.Types.ScanConditionPair
+    Amazonka.GuardDuty.Types.ScanCriterionKey
+    Amazonka.GuardDuty.Types.ScanDetections
+    Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindings
+    Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindingsResult
+    Amazonka.GuardDuty.Types.ScanFilePath
+    Amazonka.GuardDuty.Types.ScannedItemCount
+    Amazonka.GuardDuty.Types.ScanResourceCriteria
+    Amazonka.GuardDuty.Types.ScanResult
+    Amazonka.GuardDuty.Types.ScanResultDetails
+    Amazonka.GuardDuty.Types.ScanStatus
+    Amazonka.GuardDuty.Types.ScanThreatName
+    Amazonka.GuardDuty.Types.SecurityContext
+    Amazonka.GuardDuty.Types.SecurityGroup
+    Amazonka.GuardDuty.Types.ServiceAdditionalInfo
+    Amazonka.GuardDuty.Types.ServiceInfo
+    Amazonka.GuardDuty.Types.SortCriteria
+    Amazonka.GuardDuty.Types.Tag
+    Amazonka.GuardDuty.Types.ThreatDetectedByName
+    Amazonka.GuardDuty.Types.ThreatIntelligenceDetail
+    Amazonka.GuardDuty.Types.ThreatIntelSetFormat
+    Amazonka.GuardDuty.Types.ThreatIntelSetStatus
+    Amazonka.GuardDuty.Types.ThreatsDetectedItemCount
+    Amazonka.GuardDuty.Types.Total
+    Amazonka.GuardDuty.Types.TriggerDetails
+    Amazonka.GuardDuty.Types.UnprocessedAccount
+    Amazonka.GuardDuty.Types.UnprocessedDataSourcesResult
+    Amazonka.GuardDuty.Types.UsageAccountResult
+    Amazonka.GuardDuty.Types.UsageCriteria
+    Amazonka.GuardDuty.Types.UsageDataSourceResult
+    Amazonka.GuardDuty.Types.UsageResourceResult
+    Amazonka.GuardDuty.Types.UsageStatistics
+    Amazonka.GuardDuty.Types.UsageStatisticType
+    Amazonka.GuardDuty.Types.Volume
+    Amazonka.GuardDuty.Types.VolumeDetail
+    Amazonka.GuardDuty.Types.VolumeMount
+    Amazonka.GuardDuty.UnarchiveFindings
+    Amazonka.GuardDuty.UntagResource
+    Amazonka.GuardDuty.UpdateDetector
+    Amazonka.GuardDuty.UpdateFilter
+    Amazonka.GuardDuty.UpdateFindingsFeedback
+    Amazonka.GuardDuty.UpdateIPSet
+    Amazonka.GuardDuty.UpdateMalwareScanSettings
+    Amazonka.GuardDuty.UpdateMemberDetectors
+    Amazonka.GuardDuty.UpdateOrganizationConfiguration
+    Amazonka.GuardDuty.UpdatePublishingDestination
+    Amazonka.GuardDuty.UpdateThreatIntelSet
+    Amazonka.GuardDuty.Waiters
 
-    build-depends:
-          amazonka-core == 1.6.1.*
-        , base          >= 4.7     && < 5
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
 
 test-suite amazonka-guardduty-test
-    type:              exitcode-stdio-1.0
-    default-language:  Haskell2010
-    hs-source-dirs:    test
-    main-is:           Main.hs
-
-    ghc-options:       -Wall -threaded
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
 
-    -- This section is encoded by the template and any modules added by
-    -- hand outside these namespaces will not correctly be added to the
-    -- distribution package.
-    other-modules:
-          Test.AWS.GuardDuty
-        , Test.AWS.Gen.GuardDuty
-        , Test.AWS.GuardDuty.Internal
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.GuardDuty
+    Test.Amazonka.GuardDuty
+    Test.Amazonka.GuardDuty.Internal
 
-    build-depends:
-          amazonka-core == 1.6.1.*
-        , amazonka-test == 1.6.1.*
-        , amazonka-guardduty
-        , base
-        , bytestring
-        , tasty
-        , tasty-hunit
-        , text
-        , time
-        , unordered-containers
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-guardduty
+    , amazonka-test         >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/AcceptAdministratorInvitation.yaml b/fixture/AcceptAdministratorInvitation.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AcceptAdministratorInvitation.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AcceptAdministratorInvitationResponse.proto b/fixture/AcceptAdministratorInvitationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AcceptAdministratorInvitationResponse.proto
diff --git a/fixture/CreatePublishingDestination.yaml b/fixture/CreatePublishingDestination.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreatePublishingDestination.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreatePublishingDestinationResponse.proto b/fixture/CreatePublishingDestinationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreatePublishingDestinationResponse.proto
diff --git a/fixture/DeletePublishingDestination.yaml b/fixture/DeletePublishingDestination.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePublishingDestination.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeletePublishingDestinationResponse.proto b/fixture/DeletePublishingDestinationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePublishingDestinationResponse.proto
diff --git a/fixture/DescribeMalwareScans.yaml b/fixture/DescribeMalwareScans.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeMalwareScans.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeMalwareScansResponse.proto b/fixture/DescribeMalwareScansResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeMalwareScansResponse.proto
diff --git a/fixture/DescribeOrganizationConfiguration.yaml b/fixture/DescribeOrganizationConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeOrganizationConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeOrganizationConfigurationResponse.proto b/fixture/DescribeOrganizationConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeOrganizationConfigurationResponse.proto
diff --git a/fixture/DescribePublishingDestination.yaml b/fixture/DescribePublishingDestination.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribePublishingDestination.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribePublishingDestinationResponse.proto b/fixture/DescribePublishingDestinationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribePublishingDestinationResponse.proto
diff --git a/fixture/DisableOrganizationAdminAccount.yaml b/fixture/DisableOrganizationAdminAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableOrganizationAdminAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableOrganizationAdminAccountResponse.proto b/fixture/DisableOrganizationAdminAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableOrganizationAdminAccountResponse.proto
diff --git a/fixture/DisassociateFromAdministratorAccount.yaml b/fixture/DisassociateFromAdministratorAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateFromAdministratorAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateFromAdministratorAccountResponse.proto b/fixture/DisassociateFromAdministratorAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateFromAdministratorAccountResponse.proto
diff --git a/fixture/EnableOrganizationAdminAccount.yaml b/fixture/EnableOrganizationAdminAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableOrganizationAdminAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableOrganizationAdminAccountResponse.proto b/fixture/EnableOrganizationAdminAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableOrganizationAdminAccountResponse.proto
diff --git a/fixture/GetAdministratorAccount.yaml b/fixture/GetAdministratorAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetAdministratorAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetAdministratorAccountResponse.proto b/fixture/GetAdministratorAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetAdministratorAccountResponse.proto
diff --git a/fixture/GetMalwareScanSettings.yaml b/fixture/GetMalwareScanSettings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetMalwareScanSettings.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetMalwareScanSettingsResponse.proto b/fixture/GetMalwareScanSettingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetMalwareScanSettingsResponse.proto
diff --git a/fixture/GetMemberDetectors.yaml b/fixture/GetMemberDetectors.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetMemberDetectors.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetMemberDetectorsResponse.proto b/fixture/GetMemberDetectorsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetMemberDetectorsResponse.proto
diff --git a/fixture/GetRemainingFreeTrialDays.yaml b/fixture/GetRemainingFreeTrialDays.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetRemainingFreeTrialDays.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetRemainingFreeTrialDaysResponse.proto b/fixture/GetRemainingFreeTrialDaysResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetRemainingFreeTrialDaysResponse.proto
diff --git a/fixture/GetUsageStatistics.yaml b/fixture/GetUsageStatistics.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetUsageStatistics.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetUsageStatisticsResponse.proto b/fixture/GetUsageStatisticsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetUsageStatisticsResponse.proto
diff --git a/fixture/ListOrganizationAdminAccounts.yaml b/fixture/ListOrganizationAdminAccounts.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListOrganizationAdminAccounts.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListOrganizationAdminAccountsResponse.proto b/fixture/ListOrganizationAdminAccountsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListOrganizationAdminAccountsResponse.proto
diff --git a/fixture/ListPublishingDestinations.yaml b/fixture/ListPublishingDestinations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListPublishingDestinations.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListPublishingDestinationsResponse.proto b/fixture/ListPublishingDestinationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListPublishingDestinationsResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateMalwareScanSettings.yaml b/fixture/UpdateMalwareScanSettings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateMalwareScanSettings.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateMalwareScanSettingsResponse.proto b/fixture/UpdateMalwareScanSettingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateMalwareScanSettingsResponse.proto
diff --git a/fixture/UpdateMemberDetectors.yaml b/fixture/UpdateMemberDetectors.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateMemberDetectors.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateMemberDetectorsResponse.proto b/fixture/UpdateMemberDetectorsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateMemberDetectorsResponse.proto
diff --git a/fixture/UpdateOrganizationConfiguration.yaml b/fixture/UpdateOrganizationConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateOrganizationConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateOrganizationConfigurationResponse.proto b/fixture/UpdateOrganizationConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateOrganizationConfigurationResponse.proto
diff --git a/fixture/UpdatePublishingDestination.yaml b/fixture/UpdatePublishingDestination.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdatePublishingDestination.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/guardduty/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  guardduty.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdatePublishingDestinationResponse.proto b/fixture/UpdatePublishingDestinationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdatePublishingDestinationResponse.proto
diff --git a/gen/Amazonka/GuardDuty.hs b/gen/Amazonka/GuardDuty.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty.hs
@@ -0,0 +1,1096 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.GuardDuty
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2017-11-28@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- Amazon GuardDuty is a continuous security monitoring service that
+-- analyzes and processes the following data sources: VPC flow logs, Amazon
+-- Web Services CloudTrail management event logs, CloudTrail S3 data event
+-- logs, EKS audit logs, DNS logs, and Amazon EBS volume data. It uses
+-- threat intelligence feeds, such as lists of malicious IPs and domains,
+-- and machine learning to identify unexpected, potentially unauthorized,
+-- and malicious activity within your Amazon Web Services environment. This
+-- can include issues like escalations of privileges, uses of exposed
+-- credentials, or communication with malicious IPs, domains, or presence
+-- of malware on your Amazon EC2 instances and container workloads. For
+-- example, GuardDuty can detect compromised EC2 instances and container
+-- workloads serving malware, or mining bitcoin.
+--
+-- GuardDuty also monitors Amazon Web Services account access behavior for
+-- signs of compromise, such as unauthorized infrastructure deployments
+-- like EC2 instances deployed in a Region that has never been used, or
+-- unusual API calls like a password policy change to reduce password
+-- strength.
+--
+-- GuardDuty informs you about the status of your Amazon Web Services
+-- environment by producing security findings that you can view in the
+-- GuardDuty console or through Amazon EventBridge. For more information,
+-- see the
+-- /<https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html Amazon GuardDuty User Guide>/
+-- .
+module Amazonka.GuardDuty
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** BadRequestException
+    _BadRequestException,
+
+    -- ** InternalServerErrorException
+    _InternalServerErrorException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** AcceptAdministratorInvitation
+    AcceptAdministratorInvitation (AcceptAdministratorInvitation'),
+    newAcceptAdministratorInvitation,
+    AcceptAdministratorInvitationResponse (AcceptAdministratorInvitationResponse'),
+    newAcceptAdministratorInvitationResponse,
+
+    -- ** ArchiveFindings
+    ArchiveFindings (ArchiveFindings'),
+    newArchiveFindings,
+    ArchiveFindingsResponse (ArchiveFindingsResponse'),
+    newArchiveFindingsResponse,
+
+    -- ** CreateDetector
+    CreateDetector (CreateDetector'),
+    newCreateDetector,
+    CreateDetectorResponse (CreateDetectorResponse'),
+    newCreateDetectorResponse,
+
+    -- ** CreateFilter
+    CreateFilter (CreateFilter'),
+    newCreateFilter,
+    CreateFilterResponse (CreateFilterResponse'),
+    newCreateFilterResponse,
+
+    -- ** CreateIPSet
+    CreateIPSet (CreateIPSet'),
+    newCreateIPSet,
+    CreateIPSetResponse (CreateIPSetResponse'),
+    newCreateIPSetResponse,
+
+    -- ** CreateMembers
+    CreateMembers (CreateMembers'),
+    newCreateMembers,
+    CreateMembersResponse (CreateMembersResponse'),
+    newCreateMembersResponse,
+
+    -- ** CreatePublishingDestination
+    CreatePublishingDestination (CreatePublishingDestination'),
+    newCreatePublishingDestination,
+    CreatePublishingDestinationResponse (CreatePublishingDestinationResponse'),
+    newCreatePublishingDestinationResponse,
+
+    -- ** CreateSampleFindings
+    CreateSampleFindings (CreateSampleFindings'),
+    newCreateSampleFindings,
+    CreateSampleFindingsResponse (CreateSampleFindingsResponse'),
+    newCreateSampleFindingsResponse,
+
+    -- ** CreateThreatIntelSet
+    CreateThreatIntelSet (CreateThreatIntelSet'),
+    newCreateThreatIntelSet,
+    CreateThreatIntelSetResponse (CreateThreatIntelSetResponse'),
+    newCreateThreatIntelSetResponse,
+
+    -- ** DeclineInvitations
+    DeclineInvitations (DeclineInvitations'),
+    newDeclineInvitations,
+    DeclineInvitationsResponse (DeclineInvitationsResponse'),
+    newDeclineInvitationsResponse,
+
+    -- ** DeleteDetector
+    DeleteDetector (DeleteDetector'),
+    newDeleteDetector,
+    DeleteDetectorResponse (DeleteDetectorResponse'),
+    newDeleteDetectorResponse,
+
+    -- ** DeleteFilter
+    DeleteFilter (DeleteFilter'),
+    newDeleteFilter,
+    DeleteFilterResponse (DeleteFilterResponse'),
+    newDeleteFilterResponse,
+
+    -- ** DeleteIPSet
+    DeleteIPSet (DeleteIPSet'),
+    newDeleteIPSet,
+    DeleteIPSetResponse (DeleteIPSetResponse'),
+    newDeleteIPSetResponse,
+
+    -- ** DeleteInvitations
+    DeleteInvitations (DeleteInvitations'),
+    newDeleteInvitations,
+    DeleteInvitationsResponse (DeleteInvitationsResponse'),
+    newDeleteInvitationsResponse,
+
+    -- ** DeleteMembers
+    DeleteMembers (DeleteMembers'),
+    newDeleteMembers,
+    DeleteMembersResponse (DeleteMembersResponse'),
+    newDeleteMembersResponse,
+
+    -- ** DeletePublishingDestination
+    DeletePublishingDestination (DeletePublishingDestination'),
+    newDeletePublishingDestination,
+    DeletePublishingDestinationResponse (DeletePublishingDestinationResponse'),
+    newDeletePublishingDestinationResponse,
+
+    -- ** DeleteThreatIntelSet
+    DeleteThreatIntelSet (DeleteThreatIntelSet'),
+    newDeleteThreatIntelSet,
+    DeleteThreatIntelSetResponse (DeleteThreatIntelSetResponse'),
+    newDeleteThreatIntelSetResponse,
+
+    -- ** DescribeMalwareScans (Paginated)
+    DescribeMalwareScans (DescribeMalwareScans'),
+    newDescribeMalwareScans,
+    DescribeMalwareScansResponse (DescribeMalwareScansResponse'),
+    newDescribeMalwareScansResponse,
+
+    -- ** DescribeOrganizationConfiguration
+    DescribeOrganizationConfiguration (DescribeOrganizationConfiguration'),
+    newDescribeOrganizationConfiguration,
+    DescribeOrganizationConfigurationResponse (DescribeOrganizationConfigurationResponse'),
+    newDescribeOrganizationConfigurationResponse,
+
+    -- ** DescribePublishingDestination
+    DescribePublishingDestination (DescribePublishingDestination'),
+    newDescribePublishingDestination,
+    DescribePublishingDestinationResponse (DescribePublishingDestinationResponse'),
+    newDescribePublishingDestinationResponse,
+
+    -- ** DisableOrganizationAdminAccount
+    DisableOrganizationAdminAccount (DisableOrganizationAdminAccount'),
+    newDisableOrganizationAdminAccount,
+    DisableOrganizationAdminAccountResponse (DisableOrganizationAdminAccountResponse'),
+    newDisableOrganizationAdminAccountResponse,
+
+    -- ** DisassociateFromAdministratorAccount
+    DisassociateFromAdministratorAccount (DisassociateFromAdministratorAccount'),
+    newDisassociateFromAdministratorAccount,
+    DisassociateFromAdministratorAccountResponse (DisassociateFromAdministratorAccountResponse'),
+    newDisassociateFromAdministratorAccountResponse,
+
+    -- ** DisassociateMembers
+    DisassociateMembers (DisassociateMembers'),
+    newDisassociateMembers,
+    DisassociateMembersResponse (DisassociateMembersResponse'),
+    newDisassociateMembersResponse,
+
+    -- ** EnableOrganizationAdminAccount
+    EnableOrganizationAdminAccount (EnableOrganizationAdminAccount'),
+    newEnableOrganizationAdminAccount,
+    EnableOrganizationAdminAccountResponse (EnableOrganizationAdminAccountResponse'),
+    newEnableOrganizationAdminAccountResponse,
+
+    -- ** GetAdministratorAccount
+    GetAdministratorAccount (GetAdministratorAccount'),
+    newGetAdministratorAccount,
+    GetAdministratorAccountResponse (GetAdministratorAccountResponse'),
+    newGetAdministratorAccountResponse,
+
+    -- ** GetDetector
+    GetDetector (GetDetector'),
+    newGetDetector,
+    GetDetectorResponse (GetDetectorResponse'),
+    newGetDetectorResponse,
+
+    -- ** GetFilter
+    GetFilter (GetFilter'),
+    newGetFilter,
+    GetFilterResponse (GetFilterResponse'),
+    newGetFilterResponse,
+
+    -- ** GetFindings
+    GetFindings (GetFindings'),
+    newGetFindings,
+    GetFindingsResponse (GetFindingsResponse'),
+    newGetFindingsResponse,
+
+    -- ** GetFindingsStatistics
+    GetFindingsStatistics (GetFindingsStatistics'),
+    newGetFindingsStatistics,
+    GetFindingsStatisticsResponse (GetFindingsStatisticsResponse'),
+    newGetFindingsStatisticsResponse,
+
+    -- ** GetIPSet
+    GetIPSet (GetIPSet'),
+    newGetIPSet,
+    GetIPSetResponse (GetIPSetResponse'),
+    newGetIPSetResponse,
+
+    -- ** GetInvitationsCount
+    GetInvitationsCount (GetInvitationsCount'),
+    newGetInvitationsCount,
+    GetInvitationsCountResponse (GetInvitationsCountResponse'),
+    newGetInvitationsCountResponse,
+
+    -- ** GetMalwareScanSettings
+    GetMalwareScanSettings (GetMalwareScanSettings'),
+    newGetMalwareScanSettings,
+    GetMalwareScanSettingsResponse (GetMalwareScanSettingsResponse'),
+    newGetMalwareScanSettingsResponse,
+
+    -- ** GetMemberDetectors
+    GetMemberDetectors (GetMemberDetectors'),
+    newGetMemberDetectors,
+    GetMemberDetectorsResponse (GetMemberDetectorsResponse'),
+    newGetMemberDetectorsResponse,
+
+    -- ** GetMembers
+    GetMembers (GetMembers'),
+    newGetMembers,
+    GetMembersResponse (GetMembersResponse'),
+    newGetMembersResponse,
+
+    -- ** GetRemainingFreeTrialDays
+    GetRemainingFreeTrialDays (GetRemainingFreeTrialDays'),
+    newGetRemainingFreeTrialDays,
+    GetRemainingFreeTrialDaysResponse (GetRemainingFreeTrialDaysResponse'),
+    newGetRemainingFreeTrialDaysResponse,
+
+    -- ** GetThreatIntelSet
+    GetThreatIntelSet (GetThreatIntelSet'),
+    newGetThreatIntelSet,
+    GetThreatIntelSetResponse (GetThreatIntelSetResponse'),
+    newGetThreatIntelSetResponse,
+
+    -- ** GetUsageStatistics
+    GetUsageStatistics (GetUsageStatistics'),
+    newGetUsageStatistics,
+    GetUsageStatisticsResponse (GetUsageStatisticsResponse'),
+    newGetUsageStatisticsResponse,
+
+    -- ** InviteMembers
+    InviteMembers (InviteMembers'),
+    newInviteMembers,
+    InviteMembersResponse (InviteMembersResponse'),
+    newInviteMembersResponse,
+
+    -- ** ListDetectors (Paginated)
+    ListDetectors (ListDetectors'),
+    newListDetectors,
+    ListDetectorsResponse (ListDetectorsResponse'),
+    newListDetectorsResponse,
+
+    -- ** ListFilters (Paginated)
+    ListFilters (ListFilters'),
+    newListFilters,
+    ListFiltersResponse (ListFiltersResponse'),
+    newListFiltersResponse,
+
+    -- ** ListFindings (Paginated)
+    ListFindings (ListFindings'),
+    newListFindings,
+    ListFindingsResponse (ListFindingsResponse'),
+    newListFindingsResponse,
+
+    -- ** ListIPSets (Paginated)
+    ListIPSets (ListIPSets'),
+    newListIPSets,
+    ListIPSetsResponse (ListIPSetsResponse'),
+    newListIPSetsResponse,
+
+    -- ** ListInvitations (Paginated)
+    ListInvitations (ListInvitations'),
+    newListInvitations,
+    ListInvitationsResponse (ListInvitationsResponse'),
+    newListInvitationsResponse,
+
+    -- ** ListMembers (Paginated)
+    ListMembers (ListMembers'),
+    newListMembers,
+    ListMembersResponse (ListMembersResponse'),
+    newListMembersResponse,
+
+    -- ** ListOrganizationAdminAccounts (Paginated)
+    ListOrganizationAdminAccounts (ListOrganizationAdminAccounts'),
+    newListOrganizationAdminAccounts,
+    ListOrganizationAdminAccountsResponse (ListOrganizationAdminAccountsResponse'),
+    newListOrganizationAdminAccountsResponse,
+
+    -- ** ListPublishingDestinations
+    ListPublishingDestinations (ListPublishingDestinations'),
+    newListPublishingDestinations,
+    ListPublishingDestinationsResponse (ListPublishingDestinationsResponse'),
+    newListPublishingDestinationsResponse,
+
+    -- ** ListTagsForResource
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** ListThreatIntelSets (Paginated)
+    ListThreatIntelSets (ListThreatIntelSets'),
+    newListThreatIntelSets,
+    ListThreatIntelSetsResponse (ListThreatIntelSetsResponse'),
+    newListThreatIntelSetsResponse,
+
+    -- ** StartMonitoringMembers
+    StartMonitoringMembers (StartMonitoringMembers'),
+    newStartMonitoringMembers,
+    StartMonitoringMembersResponse (StartMonitoringMembersResponse'),
+    newStartMonitoringMembersResponse,
+
+    -- ** StopMonitoringMembers
+    StopMonitoringMembers (StopMonitoringMembers'),
+    newStopMonitoringMembers,
+    StopMonitoringMembersResponse (StopMonitoringMembersResponse'),
+    newStopMonitoringMembersResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UnarchiveFindings
+    UnarchiveFindings (UnarchiveFindings'),
+    newUnarchiveFindings,
+    UnarchiveFindingsResponse (UnarchiveFindingsResponse'),
+    newUnarchiveFindingsResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateDetector
+    UpdateDetector (UpdateDetector'),
+    newUpdateDetector,
+    UpdateDetectorResponse (UpdateDetectorResponse'),
+    newUpdateDetectorResponse,
+
+    -- ** UpdateFilter
+    UpdateFilter (UpdateFilter'),
+    newUpdateFilter,
+    UpdateFilterResponse (UpdateFilterResponse'),
+    newUpdateFilterResponse,
+
+    -- ** UpdateFindingsFeedback
+    UpdateFindingsFeedback (UpdateFindingsFeedback'),
+    newUpdateFindingsFeedback,
+    UpdateFindingsFeedbackResponse (UpdateFindingsFeedbackResponse'),
+    newUpdateFindingsFeedbackResponse,
+
+    -- ** UpdateIPSet
+    UpdateIPSet (UpdateIPSet'),
+    newUpdateIPSet,
+    UpdateIPSetResponse (UpdateIPSetResponse'),
+    newUpdateIPSetResponse,
+
+    -- ** UpdateMalwareScanSettings
+    UpdateMalwareScanSettings (UpdateMalwareScanSettings'),
+    newUpdateMalwareScanSettings,
+    UpdateMalwareScanSettingsResponse (UpdateMalwareScanSettingsResponse'),
+    newUpdateMalwareScanSettingsResponse,
+
+    -- ** UpdateMemberDetectors
+    UpdateMemberDetectors (UpdateMemberDetectors'),
+    newUpdateMemberDetectors,
+    UpdateMemberDetectorsResponse (UpdateMemberDetectorsResponse'),
+    newUpdateMemberDetectorsResponse,
+
+    -- ** UpdateOrganizationConfiguration
+    UpdateOrganizationConfiguration (UpdateOrganizationConfiguration'),
+    newUpdateOrganizationConfiguration,
+    UpdateOrganizationConfigurationResponse (UpdateOrganizationConfigurationResponse'),
+    newUpdateOrganizationConfigurationResponse,
+
+    -- ** UpdatePublishingDestination
+    UpdatePublishingDestination (UpdatePublishingDestination'),
+    newUpdatePublishingDestination,
+    UpdatePublishingDestinationResponse (UpdatePublishingDestinationResponse'),
+    newUpdatePublishingDestinationResponse,
+
+    -- ** UpdateThreatIntelSet
+    UpdateThreatIntelSet (UpdateThreatIntelSet'),
+    newUpdateThreatIntelSet,
+    UpdateThreatIntelSetResponse (UpdateThreatIntelSetResponse'),
+    newUpdateThreatIntelSetResponse,
+
+    -- * Types
+
+    -- ** AdminStatus
+    AdminStatus (..),
+
+    -- ** CriterionKey
+    CriterionKey (..),
+
+    -- ** DataSource
+    DataSource (..),
+
+    -- ** DataSourceStatus
+    DataSourceStatus (..),
+
+    -- ** DestinationType
+    DestinationType (..),
+
+    -- ** DetectorStatus
+    DetectorStatus (..),
+
+    -- ** EbsSnapshotPreservation
+    EbsSnapshotPreservation (..),
+
+    -- ** Feedback
+    Feedback (..),
+
+    -- ** FilterAction
+    FilterAction (..),
+
+    -- ** FindingPublishingFrequency
+    FindingPublishingFrequency (..),
+
+    -- ** FindingStatisticType
+    FindingStatisticType (..),
+
+    -- ** IpSetFormat
+    IpSetFormat (..),
+
+    -- ** IpSetStatus
+    IpSetStatus (..),
+
+    -- ** OrderBy
+    OrderBy (..),
+
+    -- ** PublishingStatus
+    PublishingStatus (..),
+
+    -- ** ScanCriterionKey
+    ScanCriterionKey (..),
+
+    -- ** ScanResult
+    ScanResult (..),
+
+    -- ** ScanStatus
+    ScanStatus (..),
+
+    -- ** ThreatIntelSetFormat
+    ThreatIntelSetFormat (..),
+
+    -- ** ThreatIntelSetStatus
+    ThreatIntelSetStatus (..),
+
+    -- ** UsageStatisticType
+    UsageStatisticType (..),
+
+    -- ** AccessControlList
+    AccessControlList (AccessControlList'),
+    newAccessControlList,
+
+    -- ** AccessKeyDetails
+    AccessKeyDetails (AccessKeyDetails'),
+    newAccessKeyDetails,
+
+    -- ** AccountDetail
+    AccountDetail (AccountDetail'),
+    newAccountDetail,
+
+    -- ** AccountFreeTrialInfo
+    AccountFreeTrialInfo (AccountFreeTrialInfo'),
+    newAccountFreeTrialInfo,
+
+    -- ** AccountLevelPermissions
+    AccountLevelPermissions (AccountLevelPermissions'),
+    newAccountLevelPermissions,
+
+    -- ** Action
+    Action (Action'),
+    newAction,
+
+    -- ** AdminAccount
+    AdminAccount (AdminAccount'),
+    newAdminAccount,
+
+    -- ** Administrator
+    Administrator (Administrator'),
+    newAdministrator,
+
+    -- ** AwsApiCallAction
+    AwsApiCallAction (AwsApiCallAction'),
+    newAwsApiCallAction,
+
+    -- ** BlockPublicAccess
+    BlockPublicAccess (BlockPublicAccess'),
+    newBlockPublicAccess,
+
+    -- ** BucketLevelPermissions
+    BucketLevelPermissions (BucketLevelPermissions'),
+    newBucketLevelPermissions,
+
+    -- ** BucketPolicy
+    BucketPolicy (BucketPolicy'),
+    newBucketPolicy,
+
+    -- ** City
+    City (City'),
+    newCity,
+
+    -- ** CloudTrailConfigurationResult
+    CloudTrailConfigurationResult (CloudTrailConfigurationResult'),
+    newCloudTrailConfigurationResult,
+
+    -- ** Condition
+    Condition (Condition'),
+    newCondition,
+
+    -- ** Container
+    Container (Container'),
+    newContainer,
+
+    -- ** Country
+    Country (Country'),
+    newCountry,
+
+    -- ** DNSLogsConfigurationResult
+    DNSLogsConfigurationResult (DNSLogsConfigurationResult'),
+    newDNSLogsConfigurationResult,
+
+    -- ** DataSourceConfigurations
+    DataSourceConfigurations (DataSourceConfigurations'),
+    newDataSourceConfigurations,
+
+    -- ** DataSourceConfigurationsResult
+    DataSourceConfigurationsResult (DataSourceConfigurationsResult'),
+    newDataSourceConfigurationsResult,
+
+    -- ** DataSourceFreeTrial
+    DataSourceFreeTrial (DataSourceFreeTrial'),
+    newDataSourceFreeTrial,
+
+    -- ** DataSourcesFreeTrial
+    DataSourcesFreeTrial (DataSourcesFreeTrial'),
+    newDataSourcesFreeTrial,
+
+    -- ** DefaultServerSideEncryption
+    DefaultServerSideEncryption (DefaultServerSideEncryption'),
+    newDefaultServerSideEncryption,
+
+    -- ** Destination
+    Destination (Destination'),
+    newDestination,
+
+    -- ** DestinationProperties
+    DestinationProperties (DestinationProperties'),
+    newDestinationProperties,
+
+    -- ** DnsRequestAction
+    DnsRequestAction (DnsRequestAction'),
+    newDnsRequestAction,
+
+    -- ** DomainDetails
+    DomainDetails (DomainDetails'),
+    newDomainDetails,
+
+    -- ** EbsVolumeDetails
+    EbsVolumeDetails (EbsVolumeDetails'),
+    newEbsVolumeDetails,
+
+    -- ** EbsVolumeScanDetails
+    EbsVolumeScanDetails (EbsVolumeScanDetails'),
+    newEbsVolumeScanDetails,
+
+    -- ** EbsVolumesResult
+    EbsVolumesResult (EbsVolumesResult'),
+    newEbsVolumesResult,
+
+    -- ** EcsClusterDetails
+    EcsClusterDetails (EcsClusterDetails'),
+    newEcsClusterDetails,
+
+    -- ** EcsTaskDetails
+    EcsTaskDetails (EcsTaskDetails'),
+    newEcsTaskDetails,
+
+    -- ** EksClusterDetails
+    EksClusterDetails (EksClusterDetails'),
+    newEksClusterDetails,
+
+    -- ** Evidence
+    Evidence (Evidence'),
+    newEvidence,
+
+    -- ** FilterCondition
+    FilterCondition (FilterCondition'),
+    newFilterCondition,
+
+    -- ** FilterCriteria
+    FilterCriteria (FilterCriteria'),
+    newFilterCriteria,
+
+    -- ** FilterCriterion
+    FilterCriterion (FilterCriterion'),
+    newFilterCriterion,
+
+    -- ** Finding
+    Finding (Finding'),
+    newFinding,
+
+    -- ** FindingCriteria
+    FindingCriteria (FindingCriteria'),
+    newFindingCriteria,
+
+    -- ** FindingStatistics
+    FindingStatistics (FindingStatistics'),
+    newFindingStatistics,
+
+    -- ** FlowLogsConfigurationResult
+    FlowLogsConfigurationResult (FlowLogsConfigurationResult'),
+    newFlowLogsConfigurationResult,
+
+    -- ** GeoLocation
+    GeoLocation (GeoLocation'),
+    newGeoLocation,
+
+    -- ** HighestSeverityThreatDetails
+    HighestSeverityThreatDetails (HighestSeverityThreatDetails'),
+    newHighestSeverityThreatDetails,
+
+    -- ** HostPath
+    HostPath (HostPath'),
+    newHostPath,
+
+    -- ** IamInstanceProfile
+    IamInstanceProfile (IamInstanceProfile'),
+    newIamInstanceProfile,
+
+    -- ** InstanceDetails
+    InstanceDetails (InstanceDetails'),
+    newInstanceDetails,
+
+    -- ** Invitation
+    Invitation (Invitation'),
+    newInvitation,
+
+    -- ** KubernetesApiCallAction
+    KubernetesApiCallAction (KubernetesApiCallAction'),
+    newKubernetesApiCallAction,
+
+    -- ** KubernetesAuditLogsConfiguration
+    KubernetesAuditLogsConfiguration (KubernetesAuditLogsConfiguration'),
+    newKubernetesAuditLogsConfiguration,
+
+    -- ** KubernetesAuditLogsConfigurationResult
+    KubernetesAuditLogsConfigurationResult (KubernetesAuditLogsConfigurationResult'),
+    newKubernetesAuditLogsConfigurationResult,
+
+    -- ** KubernetesConfiguration
+    KubernetesConfiguration (KubernetesConfiguration'),
+    newKubernetesConfiguration,
+
+    -- ** KubernetesConfigurationResult
+    KubernetesConfigurationResult (KubernetesConfigurationResult'),
+    newKubernetesConfigurationResult,
+
+    -- ** KubernetesDataSourceFreeTrial
+    KubernetesDataSourceFreeTrial (KubernetesDataSourceFreeTrial'),
+    newKubernetesDataSourceFreeTrial,
+
+    -- ** KubernetesDetails
+    KubernetesDetails (KubernetesDetails'),
+    newKubernetesDetails,
+
+    -- ** KubernetesUserDetails
+    KubernetesUserDetails (KubernetesUserDetails'),
+    newKubernetesUserDetails,
+
+    -- ** KubernetesWorkloadDetails
+    KubernetesWorkloadDetails (KubernetesWorkloadDetails'),
+    newKubernetesWorkloadDetails,
+
+    -- ** LocalIpDetails
+    LocalIpDetails (LocalIpDetails'),
+    newLocalIpDetails,
+
+    -- ** LocalPortDetails
+    LocalPortDetails (LocalPortDetails'),
+    newLocalPortDetails,
+
+    -- ** MalwareProtectionConfiguration
+    MalwareProtectionConfiguration (MalwareProtectionConfiguration'),
+    newMalwareProtectionConfiguration,
+
+    -- ** MalwareProtectionConfigurationResult
+    MalwareProtectionConfigurationResult (MalwareProtectionConfigurationResult'),
+    newMalwareProtectionConfigurationResult,
+
+    -- ** MalwareProtectionDataSourceFreeTrial
+    MalwareProtectionDataSourceFreeTrial (MalwareProtectionDataSourceFreeTrial'),
+    newMalwareProtectionDataSourceFreeTrial,
+
+    -- ** Member
+    Member (Member'),
+    newMember,
+
+    -- ** MemberDataSourceConfiguration
+    MemberDataSourceConfiguration (MemberDataSourceConfiguration'),
+    newMemberDataSourceConfiguration,
+
+    -- ** NetworkConnectionAction
+    NetworkConnectionAction (NetworkConnectionAction'),
+    newNetworkConnectionAction,
+
+    -- ** NetworkInterface
+    NetworkInterface (NetworkInterface'),
+    newNetworkInterface,
+
+    -- ** Organization
+    Organization (Organization'),
+    newOrganization,
+
+    -- ** OrganizationDataSourceConfigurations
+    OrganizationDataSourceConfigurations (OrganizationDataSourceConfigurations'),
+    newOrganizationDataSourceConfigurations,
+
+    -- ** OrganizationDataSourceConfigurationsResult
+    OrganizationDataSourceConfigurationsResult (OrganizationDataSourceConfigurationsResult'),
+    newOrganizationDataSourceConfigurationsResult,
+
+    -- ** OrganizationEbsVolumes
+    OrganizationEbsVolumes (OrganizationEbsVolumes'),
+    newOrganizationEbsVolumes,
+
+    -- ** OrganizationEbsVolumesResult
+    OrganizationEbsVolumesResult (OrganizationEbsVolumesResult'),
+    newOrganizationEbsVolumesResult,
+
+    -- ** OrganizationKubernetesAuditLogsConfiguration
+    OrganizationKubernetesAuditLogsConfiguration (OrganizationKubernetesAuditLogsConfiguration'),
+    newOrganizationKubernetesAuditLogsConfiguration,
+
+    -- ** OrganizationKubernetesAuditLogsConfigurationResult
+    OrganizationKubernetesAuditLogsConfigurationResult (OrganizationKubernetesAuditLogsConfigurationResult'),
+    newOrganizationKubernetesAuditLogsConfigurationResult,
+
+    -- ** OrganizationKubernetesConfiguration
+    OrganizationKubernetesConfiguration (OrganizationKubernetesConfiguration'),
+    newOrganizationKubernetesConfiguration,
+
+    -- ** OrganizationKubernetesConfigurationResult
+    OrganizationKubernetesConfigurationResult (OrganizationKubernetesConfigurationResult'),
+    newOrganizationKubernetesConfigurationResult,
+
+    -- ** OrganizationMalwareProtectionConfiguration
+    OrganizationMalwareProtectionConfiguration (OrganizationMalwareProtectionConfiguration'),
+    newOrganizationMalwareProtectionConfiguration,
+
+    -- ** OrganizationMalwareProtectionConfigurationResult
+    OrganizationMalwareProtectionConfigurationResult (OrganizationMalwareProtectionConfigurationResult'),
+    newOrganizationMalwareProtectionConfigurationResult,
+
+    -- ** OrganizationS3LogsConfiguration
+    OrganizationS3LogsConfiguration (OrganizationS3LogsConfiguration'),
+    newOrganizationS3LogsConfiguration,
+
+    -- ** OrganizationS3LogsConfigurationResult
+    OrganizationS3LogsConfigurationResult (OrganizationS3LogsConfigurationResult'),
+    newOrganizationS3LogsConfigurationResult,
+
+    -- ** OrganizationScanEc2InstanceWithFindings
+    OrganizationScanEc2InstanceWithFindings (OrganizationScanEc2InstanceWithFindings'),
+    newOrganizationScanEc2InstanceWithFindings,
+
+    -- ** OrganizationScanEc2InstanceWithFindingsResult
+    OrganizationScanEc2InstanceWithFindingsResult (OrganizationScanEc2InstanceWithFindingsResult'),
+    newOrganizationScanEc2InstanceWithFindingsResult,
+
+    -- ** Owner
+    Owner (Owner'),
+    newOwner,
+
+    -- ** PermissionConfiguration
+    PermissionConfiguration (PermissionConfiguration'),
+    newPermissionConfiguration,
+
+    -- ** PortProbeAction
+    PortProbeAction (PortProbeAction'),
+    newPortProbeAction,
+
+    -- ** PortProbeDetail
+    PortProbeDetail (PortProbeDetail'),
+    newPortProbeDetail,
+
+    -- ** PrivateIpAddressDetails
+    PrivateIpAddressDetails (PrivateIpAddressDetails'),
+    newPrivateIpAddressDetails,
+
+    -- ** ProductCode
+    ProductCode (ProductCode'),
+    newProductCode,
+
+    -- ** PublicAccess
+    PublicAccess (PublicAccess'),
+    newPublicAccess,
+
+    -- ** RemoteAccountDetails
+    RemoteAccountDetails (RemoteAccountDetails'),
+    newRemoteAccountDetails,
+
+    -- ** RemoteIpDetails
+    RemoteIpDetails (RemoteIpDetails'),
+    newRemoteIpDetails,
+
+    -- ** RemotePortDetails
+    RemotePortDetails (RemotePortDetails'),
+    newRemotePortDetails,
+
+    -- ** Resource
+    Resource (Resource'),
+    newResource,
+
+    -- ** ResourceDetails
+    ResourceDetails (ResourceDetails'),
+    newResourceDetails,
+
+    -- ** S3BucketDetail
+    S3BucketDetail (S3BucketDetail'),
+    newS3BucketDetail,
+
+    -- ** S3LogsConfiguration
+    S3LogsConfiguration (S3LogsConfiguration'),
+    newS3LogsConfiguration,
+
+    -- ** S3LogsConfigurationResult
+    S3LogsConfigurationResult (S3LogsConfigurationResult'),
+    newS3LogsConfigurationResult,
+
+    -- ** Scan
+    Scan (Scan'),
+    newScan,
+
+    -- ** ScanCondition
+    ScanCondition (ScanCondition'),
+    newScanCondition,
+
+    -- ** ScanConditionPair
+    ScanConditionPair (ScanConditionPair'),
+    newScanConditionPair,
+
+    -- ** ScanDetections
+    ScanDetections (ScanDetections'),
+    newScanDetections,
+
+    -- ** ScanEc2InstanceWithFindings
+    ScanEc2InstanceWithFindings (ScanEc2InstanceWithFindings'),
+    newScanEc2InstanceWithFindings,
+
+    -- ** ScanEc2InstanceWithFindingsResult
+    ScanEc2InstanceWithFindingsResult (ScanEc2InstanceWithFindingsResult'),
+    newScanEc2InstanceWithFindingsResult,
+
+    -- ** ScanFilePath
+    ScanFilePath (ScanFilePath'),
+    newScanFilePath,
+
+    -- ** ScanResourceCriteria
+    ScanResourceCriteria (ScanResourceCriteria'),
+    newScanResourceCriteria,
+
+    -- ** ScanResultDetails
+    ScanResultDetails (ScanResultDetails'),
+    newScanResultDetails,
+
+    -- ** ScanThreatName
+    ScanThreatName (ScanThreatName'),
+    newScanThreatName,
+
+    -- ** ScannedItemCount
+    ScannedItemCount (ScannedItemCount'),
+    newScannedItemCount,
+
+    -- ** SecurityContext
+    SecurityContext (SecurityContext'),
+    newSecurityContext,
+
+    -- ** SecurityGroup
+    SecurityGroup (SecurityGroup'),
+    newSecurityGroup,
+
+    -- ** ServiceAdditionalInfo
+    ServiceAdditionalInfo (ServiceAdditionalInfo'),
+    newServiceAdditionalInfo,
+
+    -- ** ServiceInfo
+    ServiceInfo (ServiceInfo'),
+    newServiceInfo,
+
+    -- ** SortCriteria
+    SortCriteria (SortCriteria'),
+    newSortCriteria,
+
+    -- ** Tag
+    Tag (Tag'),
+    newTag,
+
+    -- ** ThreatDetectedByName
+    ThreatDetectedByName (ThreatDetectedByName'),
+    newThreatDetectedByName,
+
+    -- ** ThreatIntelligenceDetail
+    ThreatIntelligenceDetail (ThreatIntelligenceDetail'),
+    newThreatIntelligenceDetail,
+
+    -- ** ThreatsDetectedItemCount
+    ThreatsDetectedItemCount (ThreatsDetectedItemCount'),
+    newThreatsDetectedItemCount,
+
+    -- ** Total
+    Total (Total'),
+    newTotal,
+
+    -- ** TriggerDetails
+    TriggerDetails (TriggerDetails'),
+    newTriggerDetails,
+
+    -- ** UnprocessedAccount
+    UnprocessedAccount (UnprocessedAccount'),
+    newUnprocessedAccount,
+
+    -- ** UnprocessedDataSourcesResult
+    UnprocessedDataSourcesResult (UnprocessedDataSourcesResult'),
+    newUnprocessedDataSourcesResult,
+
+    -- ** UsageAccountResult
+    UsageAccountResult (UsageAccountResult'),
+    newUsageAccountResult,
+
+    -- ** UsageCriteria
+    UsageCriteria (UsageCriteria'),
+    newUsageCriteria,
+
+    -- ** UsageDataSourceResult
+    UsageDataSourceResult (UsageDataSourceResult'),
+    newUsageDataSourceResult,
+
+    -- ** UsageResourceResult
+    UsageResourceResult (UsageResourceResult'),
+    newUsageResourceResult,
+
+    -- ** UsageStatistics
+    UsageStatistics (UsageStatistics'),
+    newUsageStatistics,
+
+    -- ** Volume
+    Volume (Volume'),
+    newVolume,
+
+    -- ** VolumeDetail
+    VolumeDetail (VolumeDetail'),
+    newVolumeDetail,
+
+    -- ** VolumeMount
+    VolumeMount (VolumeMount'),
+    newVolumeMount,
+  )
+where
+
+import Amazonka.GuardDuty.AcceptAdministratorInvitation
+import Amazonka.GuardDuty.ArchiveFindings
+import Amazonka.GuardDuty.CreateDetector
+import Amazonka.GuardDuty.CreateFilter
+import Amazonka.GuardDuty.CreateIPSet
+import Amazonka.GuardDuty.CreateMembers
+import Amazonka.GuardDuty.CreatePublishingDestination
+import Amazonka.GuardDuty.CreateSampleFindings
+import Amazonka.GuardDuty.CreateThreatIntelSet
+import Amazonka.GuardDuty.DeclineInvitations
+import Amazonka.GuardDuty.DeleteDetector
+import Amazonka.GuardDuty.DeleteFilter
+import Amazonka.GuardDuty.DeleteIPSet
+import Amazonka.GuardDuty.DeleteInvitations
+import Amazonka.GuardDuty.DeleteMembers
+import Amazonka.GuardDuty.DeletePublishingDestination
+import Amazonka.GuardDuty.DeleteThreatIntelSet
+import Amazonka.GuardDuty.DescribeMalwareScans
+import Amazonka.GuardDuty.DescribeOrganizationConfiguration
+import Amazonka.GuardDuty.DescribePublishingDestination
+import Amazonka.GuardDuty.DisableOrganizationAdminAccount
+import Amazonka.GuardDuty.DisassociateFromAdministratorAccount
+import Amazonka.GuardDuty.DisassociateMembers
+import Amazonka.GuardDuty.EnableOrganizationAdminAccount
+import Amazonka.GuardDuty.GetAdministratorAccount
+import Amazonka.GuardDuty.GetDetector
+import Amazonka.GuardDuty.GetFilter
+import Amazonka.GuardDuty.GetFindings
+import Amazonka.GuardDuty.GetFindingsStatistics
+import Amazonka.GuardDuty.GetIPSet
+import Amazonka.GuardDuty.GetInvitationsCount
+import Amazonka.GuardDuty.GetMalwareScanSettings
+import Amazonka.GuardDuty.GetMemberDetectors
+import Amazonka.GuardDuty.GetMembers
+import Amazonka.GuardDuty.GetRemainingFreeTrialDays
+import Amazonka.GuardDuty.GetThreatIntelSet
+import Amazonka.GuardDuty.GetUsageStatistics
+import Amazonka.GuardDuty.InviteMembers
+import Amazonka.GuardDuty.Lens
+import Amazonka.GuardDuty.ListDetectors
+import Amazonka.GuardDuty.ListFilters
+import Amazonka.GuardDuty.ListFindings
+import Amazonka.GuardDuty.ListIPSets
+import Amazonka.GuardDuty.ListInvitations
+import Amazonka.GuardDuty.ListMembers
+import Amazonka.GuardDuty.ListOrganizationAdminAccounts
+import Amazonka.GuardDuty.ListPublishingDestinations
+import Amazonka.GuardDuty.ListTagsForResource
+import Amazonka.GuardDuty.ListThreatIntelSets
+import Amazonka.GuardDuty.StartMonitoringMembers
+import Amazonka.GuardDuty.StopMonitoringMembers
+import Amazonka.GuardDuty.TagResource
+import Amazonka.GuardDuty.Types
+import Amazonka.GuardDuty.UnarchiveFindings
+import Amazonka.GuardDuty.UntagResource
+import Amazonka.GuardDuty.UpdateDetector
+import Amazonka.GuardDuty.UpdateFilter
+import Amazonka.GuardDuty.UpdateFindingsFeedback
+import Amazonka.GuardDuty.UpdateIPSet
+import Amazonka.GuardDuty.UpdateMalwareScanSettings
+import Amazonka.GuardDuty.UpdateMemberDetectors
+import Amazonka.GuardDuty.UpdateOrganizationConfiguration
+import Amazonka.GuardDuty.UpdatePublishingDestination
+import Amazonka.GuardDuty.UpdateThreatIntelSet
+import Amazonka.GuardDuty.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'GuardDuty'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/GuardDuty/AcceptAdministratorInvitation.hs b/gen/Amazonka/GuardDuty/AcceptAdministratorInvitation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/AcceptAdministratorInvitation.hs
@@ -0,0 +1,212 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.AcceptAdministratorInvitation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Accepts the invitation to be a member account and get monitored by a
+-- GuardDuty administrator account that sent the invitation.
+module Amazonka.GuardDuty.AcceptAdministratorInvitation
+  ( -- * Creating a Request
+    AcceptAdministratorInvitation (..),
+    newAcceptAdministratorInvitation,
+
+    -- * Request Lenses
+    acceptAdministratorInvitation_detectorId,
+    acceptAdministratorInvitation_administratorId,
+    acceptAdministratorInvitation_invitationId,
+
+    -- * Destructuring the Response
+    AcceptAdministratorInvitationResponse (..),
+    newAcceptAdministratorInvitationResponse,
+
+    -- * Response Lenses
+    acceptAdministratorInvitationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newAcceptAdministratorInvitation' smart constructor.
+data AcceptAdministratorInvitation = AcceptAdministratorInvitation'
+  { -- | The unique ID of the detector of the GuardDuty member account.
+    detectorId :: Prelude.Text,
+    -- | The account ID of the GuardDuty administrator account whose invitation
+    -- you\'re accepting.
+    administratorId :: Prelude.Text,
+    -- | The value that is used to validate the administrator account to the
+    -- member account.
+    invitationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AcceptAdministratorInvitation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'acceptAdministratorInvitation_detectorId' - The unique ID of the detector of the GuardDuty member account.
+--
+-- 'administratorId', 'acceptAdministratorInvitation_administratorId' - The account ID of the GuardDuty administrator account whose invitation
+-- you\'re accepting.
+--
+-- 'invitationId', 'acceptAdministratorInvitation_invitationId' - The value that is used to validate the administrator account to the
+-- member account.
+newAcceptAdministratorInvitation ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'administratorId'
+  Prelude.Text ->
+  -- | 'invitationId'
+  Prelude.Text ->
+  AcceptAdministratorInvitation
+newAcceptAdministratorInvitation
+  pDetectorId_
+  pAdministratorId_
+  pInvitationId_ =
+    AcceptAdministratorInvitation'
+      { detectorId =
+          pDetectorId_,
+        administratorId = pAdministratorId_,
+        invitationId = pInvitationId_
+      }
+
+-- | The unique ID of the detector of the GuardDuty member account.
+acceptAdministratorInvitation_detectorId :: Lens.Lens' AcceptAdministratorInvitation Prelude.Text
+acceptAdministratorInvitation_detectorId = Lens.lens (\AcceptAdministratorInvitation' {detectorId} -> detectorId) (\s@AcceptAdministratorInvitation' {} a -> s {detectorId = a} :: AcceptAdministratorInvitation)
+
+-- | The account ID of the GuardDuty administrator account whose invitation
+-- you\'re accepting.
+acceptAdministratorInvitation_administratorId :: Lens.Lens' AcceptAdministratorInvitation Prelude.Text
+acceptAdministratorInvitation_administratorId = Lens.lens (\AcceptAdministratorInvitation' {administratorId} -> administratorId) (\s@AcceptAdministratorInvitation' {} a -> s {administratorId = a} :: AcceptAdministratorInvitation)
+
+-- | The value that is used to validate the administrator account to the
+-- member account.
+acceptAdministratorInvitation_invitationId :: Lens.Lens' AcceptAdministratorInvitation Prelude.Text
+acceptAdministratorInvitation_invitationId = Lens.lens (\AcceptAdministratorInvitation' {invitationId} -> invitationId) (\s@AcceptAdministratorInvitation' {} a -> s {invitationId = a} :: AcceptAdministratorInvitation)
+
+instance
+  Core.AWSRequest
+    AcceptAdministratorInvitation
+  where
+  type
+    AWSResponse AcceptAdministratorInvitation =
+      AcceptAdministratorInvitationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AcceptAdministratorInvitationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    AcceptAdministratorInvitation
+  where
+  hashWithSalt _salt AcceptAdministratorInvitation' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` administratorId
+      `Prelude.hashWithSalt` invitationId
+
+instance Prelude.NFData AcceptAdministratorInvitation where
+  rnf AcceptAdministratorInvitation' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf administratorId
+      `Prelude.seq` Prelude.rnf invitationId
+
+instance Data.ToHeaders AcceptAdministratorInvitation where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AcceptAdministratorInvitation where
+  toJSON AcceptAdministratorInvitation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("administratorId" Data..= administratorId),
+            Prelude.Just ("invitationId" Data..= invitationId)
+          ]
+      )
+
+instance Data.ToPath AcceptAdministratorInvitation where
+  toPath AcceptAdministratorInvitation' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/administrator"
+      ]
+
+instance Data.ToQuery AcceptAdministratorInvitation where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAcceptAdministratorInvitationResponse' smart constructor.
+data AcceptAdministratorInvitationResponse = AcceptAdministratorInvitationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AcceptAdministratorInvitationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'acceptAdministratorInvitationResponse_httpStatus' - The response's http status code.
+newAcceptAdministratorInvitationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AcceptAdministratorInvitationResponse
+newAcceptAdministratorInvitationResponse pHttpStatus_ =
+  AcceptAdministratorInvitationResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+acceptAdministratorInvitationResponse_httpStatus :: Lens.Lens' AcceptAdministratorInvitationResponse Prelude.Int
+acceptAdministratorInvitationResponse_httpStatus = Lens.lens (\AcceptAdministratorInvitationResponse' {httpStatus} -> httpStatus) (\s@AcceptAdministratorInvitationResponse' {} a -> s {httpStatus = a} :: AcceptAdministratorInvitationResponse)
+
+instance
+  Prelude.NFData
+    AcceptAdministratorInvitationResponse
+  where
+  rnf AcceptAdministratorInvitationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/ArchiveFindings.hs b/gen/Amazonka/GuardDuty/ArchiveFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ArchiveFindings.hs
@@ -0,0 +1,177 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ArchiveFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Archives GuardDuty findings that are specified by the list of finding
+-- IDs.
+--
+-- Only the administrator account can archive findings. Member accounts
+-- don\'t have permission to archive findings from their accounts.
+module Amazonka.GuardDuty.ArchiveFindings
+  ( -- * Creating a Request
+    ArchiveFindings (..),
+    newArchiveFindings,
+
+    -- * Request Lenses
+    archiveFindings_detectorId,
+    archiveFindings_findingIds,
+
+    -- * Destructuring the Response
+    ArchiveFindingsResponse (..),
+    newArchiveFindingsResponse,
+
+    -- * Response Lenses
+    archiveFindingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newArchiveFindings' smart constructor.
+data ArchiveFindings = ArchiveFindings'
+  { -- | The ID of the detector that specifies the GuardDuty service whose
+    -- findings you want to archive.
+    detectorId :: Prelude.Text,
+    -- | The IDs of the findings that you want to archive.
+    findingIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ArchiveFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'archiveFindings_detectorId' - The ID of the detector that specifies the GuardDuty service whose
+-- findings you want to archive.
+--
+-- 'findingIds', 'archiveFindings_findingIds' - The IDs of the findings that you want to archive.
+newArchiveFindings ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  ArchiveFindings
+newArchiveFindings pDetectorId_ =
+  ArchiveFindings'
+    { detectorId = pDetectorId_,
+      findingIds = Prelude.mempty
+    }
+
+-- | The ID of the detector that specifies the GuardDuty service whose
+-- findings you want to archive.
+archiveFindings_detectorId :: Lens.Lens' ArchiveFindings Prelude.Text
+archiveFindings_detectorId = Lens.lens (\ArchiveFindings' {detectorId} -> detectorId) (\s@ArchiveFindings' {} a -> s {detectorId = a} :: ArchiveFindings)
+
+-- | The IDs of the findings that you want to archive.
+archiveFindings_findingIds :: Lens.Lens' ArchiveFindings [Prelude.Text]
+archiveFindings_findingIds = Lens.lens (\ArchiveFindings' {findingIds} -> findingIds) (\s@ArchiveFindings' {} a -> s {findingIds = a} :: ArchiveFindings) Prelude.. Lens.coerced
+
+instance Core.AWSRequest ArchiveFindings where
+  type
+    AWSResponse ArchiveFindings =
+      ArchiveFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          ArchiveFindingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ArchiveFindings where
+  hashWithSalt _salt ArchiveFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` findingIds
+
+instance Prelude.NFData ArchiveFindings where
+  rnf ArchiveFindings' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf findingIds
+
+instance Data.ToHeaders ArchiveFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ArchiveFindings where
+  toJSON ArchiveFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("findingIds" Data..= findingIds)]
+      )
+
+instance Data.ToPath ArchiveFindings where
+  toPath ArchiveFindings' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/findings/archive"
+      ]
+
+instance Data.ToQuery ArchiveFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newArchiveFindingsResponse' smart constructor.
+data ArchiveFindingsResponse = ArchiveFindingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ArchiveFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'archiveFindingsResponse_httpStatus' - The response's http status code.
+newArchiveFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ArchiveFindingsResponse
+newArchiveFindingsResponse pHttpStatus_ =
+  ArchiveFindingsResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+archiveFindingsResponse_httpStatus :: Lens.Lens' ArchiveFindingsResponse Prelude.Int
+archiveFindingsResponse_httpStatus = Lens.lens (\ArchiveFindingsResponse' {httpStatus} -> httpStatus) (\s@ArchiveFindingsResponse' {} a -> s {httpStatus = a} :: ArchiveFindingsResponse)
+
+instance Prelude.NFData ArchiveFindingsResponse where
+  rnf ArchiveFindingsResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/CreateDetector.hs b/gen/Amazonka/GuardDuty/CreateDetector.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/CreateDetector.hs
@@ -0,0 +1,241 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.CreateDetector
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a single Amazon GuardDuty detector. A detector is a resource
+-- that represents the GuardDuty service. To start using GuardDuty, you
+-- must create a detector in each Region where you enable the service. You
+-- can have only one detector per account per Region. All data sources are
+-- enabled in a new detector by default.
+module Amazonka.GuardDuty.CreateDetector
+  ( -- * Creating a Request
+    CreateDetector (..),
+    newCreateDetector,
+
+    -- * Request Lenses
+    createDetector_clientToken,
+    createDetector_dataSources,
+    createDetector_findingPublishingFrequency,
+    createDetector_tags,
+    createDetector_enable,
+
+    -- * Destructuring the Response
+    CreateDetectorResponse (..),
+    newCreateDetectorResponse,
+
+    -- * Response Lenses
+    createDetectorResponse_detectorId,
+    createDetectorResponse_unprocessedDataSources,
+    createDetectorResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateDetector' smart constructor.
+data CreateDetector = CreateDetector'
+  { -- | The idempotency token for the create request.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | Describes which data sources will be enabled for the detector.
+    dataSources :: Prelude.Maybe DataSourceConfigurations,
+    -- | A value that specifies how frequently updated findings are exported.
+    findingPublishingFrequency :: Prelude.Maybe FindingPublishingFrequency,
+    -- | The tags to be added to a new detector resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | A Boolean value that specifies whether the detector is to be enabled.
+    enable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateDetector' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'createDetector_clientToken' - The idempotency token for the create request.
+--
+-- 'dataSources', 'createDetector_dataSources' - Describes which data sources will be enabled for the detector.
+--
+-- 'findingPublishingFrequency', 'createDetector_findingPublishingFrequency' - A value that specifies how frequently updated findings are exported.
+--
+-- 'tags', 'createDetector_tags' - The tags to be added to a new detector resource.
+--
+-- 'enable', 'createDetector_enable' - A Boolean value that specifies whether the detector is to be enabled.
+newCreateDetector ::
+  -- | 'enable'
+  Prelude.Bool ->
+  CreateDetector
+newCreateDetector pEnable_ =
+  CreateDetector'
+    { clientToken = Prelude.Nothing,
+      dataSources = Prelude.Nothing,
+      findingPublishingFrequency = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      enable = pEnable_
+    }
+
+-- | The idempotency token for the create request.
+createDetector_clientToken :: Lens.Lens' CreateDetector (Prelude.Maybe Prelude.Text)
+createDetector_clientToken = Lens.lens (\CreateDetector' {clientToken} -> clientToken) (\s@CreateDetector' {} a -> s {clientToken = a} :: CreateDetector)
+
+-- | Describes which data sources will be enabled for the detector.
+createDetector_dataSources :: Lens.Lens' CreateDetector (Prelude.Maybe DataSourceConfigurations)
+createDetector_dataSources = Lens.lens (\CreateDetector' {dataSources} -> dataSources) (\s@CreateDetector' {} a -> s {dataSources = a} :: CreateDetector)
+
+-- | A value that specifies how frequently updated findings are exported.
+createDetector_findingPublishingFrequency :: Lens.Lens' CreateDetector (Prelude.Maybe FindingPublishingFrequency)
+createDetector_findingPublishingFrequency = Lens.lens (\CreateDetector' {findingPublishingFrequency} -> findingPublishingFrequency) (\s@CreateDetector' {} a -> s {findingPublishingFrequency = a} :: CreateDetector)
+
+-- | The tags to be added to a new detector resource.
+createDetector_tags :: Lens.Lens' CreateDetector (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+createDetector_tags = Lens.lens (\CreateDetector' {tags} -> tags) (\s@CreateDetector' {} a -> s {tags = a} :: CreateDetector) Prelude.. Lens.mapping Lens.coerced
+
+-- | A Boolean value that specifies whether the detector is to be enabled.
+createDetector_enable :: Lens.Lens' CreateDetector Prelude.Bool
+createDetector_enable = Lens.lens (\CreateDetector' {enable} -> enable) (\s@CreateDetector' {} a -> s {enable = a} :: CreateDetector)
+
+instance Core.AWSRequest CreateDetector where
+  type
+    AWSResponse CreateDetector =
+      CreateDetectorResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateDetectorResponse'
+            Prelude.<$> (x Data..?> "detectorId")
+            Prelude.<*> (x Data..?> "unprocessedDataSources")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateDetector where
+  hashWithSalt _salt CreateDetector' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` dataSources
+      `Prelude.hashWithSalt` findingPublishingFrequency
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` enable
+
+instance Prelude.NFData CreateDetector where
+  rnf CreateDetector' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf dataSources
+      `Prelude.seq` Prelude.rnf findingPublishingFrequency
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf enable
+
+instance Data.ToHeaders CreateDetector where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateDetector where
+  toJSON CreateDetector' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("dataSources" Data..=) Prelude.<$> dataSources,
+            ("findingPublishingFrequency" Data..=)
+              Prelude.<$> findingPublishingFrequency,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("enable" Data..= enable)
+          ]
+      )
+
+instance Data.ToPath CreateDetector where
+  toPath = Prelude.const "/detector"
+
+instance Data.ToQuery CreateDetector where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateDetectorResponse' smart constructor.
+data CreateDetectorResponse = CreateDetectorResponse'
+  { -- | The unique ID of the created detector.
+    detectorId :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the data sources that couldn\'t be enabled when GuardDuty was
+    -- enabled for the first time.
+    unprocessedDataSources :: Prelude.Maybe UnprocessedDataSourcesResult,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateDetectorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'createDetectorResponse_detectorId' - The unique ID of the created detector.
+--
+-- 'unprocessedDataSources', 'createDetectorResponse_unprocessedDataSources' - Specifies the data sources that couldn\'t be enabled when GuardDuty was
+-- enabled for the first time.
+--
+-- 'httpStatus', 'createDetectorResponse_httpStatus' - The response's http status code.
+newCreateDetectorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateDetectorResponse
+newCreateDetectorResponse pHttpStatus_ =
+  CreateDetectorResponse'
+    { detectorId =
+        Prelude.Nothing,
+      unprocessedDataSources = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The unique ID of the created detector.
+createDetectorResponse_detectorId :: Lens.Lens' CreateDetectorResponse (Prelude.Maybe Prelude.Text)
+createDetectorResponse_detectorId = Lens.lens (\CreateDetectorResponse' {detectorId} -> detectorId) (\s@CreateDetectorResponse' {} a -> s {detectorId = a} :: CreateDetectorResponse)
+
+-- | Specifies the data sources that couldn\'t be enabled when GuardDuty was
+-- enabled for the first time.
+createDetectorResponse_unprocessedDataSources :: Lens.Lens' CreateDetectorResponse (Prelude.Maybe UnprocessedDataSourcesResult)
+createDetectorResponse_unprocessedDataSources = Lens.lens (\CreateDetectorResponse' {unprocessedDataSources} -> unprocessedDataSources) (\s@CreateDetectorResponse' {} a -> s {unprocessedDataSources = a} :: CreateDetectorResponse)
+
+-- | The response's http status code.
+createDetectorResponse_httpStatus :: Lens.Lens' CreateDetectorResponse Prelude.Int
+createDetectorResponse_httpStatus = Lens.lens (\CreateDetectorResponse' {httpStatus} -> httpStatus) (\s@CreateDetectorResponse' {} a -> s {httpStatus = a} :: CreateDetectorResponse)
+
+instance Prelude.NFData CreateDetectorResponse where
+  rnf CreateDetectorResponse' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf unprocessedDataSources
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/CreateFilter.hs b/gen/Amazonka/GuardDuty/CreateFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/CreateFilter.hs
@@ -0,0 +1,664 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.CreateFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a filter using the specified finding criteria.
+module Amazonka.GuardDuty.CreateFilter
+  ( -- * Creating a Request
+    CreateFilter (..),
+    newCreateFilter,
+
+    -- * Request Lenses
+    createFilter_action,
+    createFilter_clientToken,
+    createFilter_description,
+    createFilter_rank,
+    createFilter_tags,
+    createFilter_detectorId,
+    createFilter_name,
+    createFilter_findingCriteria,
+
+    -- * Destructuring the Response
+    CreateFilterResponse (..),
+    newCreateFilterResponse,
+
+    -- * Response Lenses
+    createFilterResponse_httpStatus,
+    createFilterResponse_name,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateFilter' smart constructor.
+data CreateFilter = CreateFilter'
+  { -- | Specifies the action that is to be applied to the findings that match
+    -- the filter.
+    action :: Prelude.Maybe FilterAction,
+    -- | The idempotency token for the create request.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The description of the filter. Valid special characters include period
+    -- (.), underscore (_), dash (-), and whitespace. The new line character is
+    -- considered to be an invalid input for description.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the position of the filter in the list of current filters.
+    -- Also specifies the order in which this filter is applied to the
+    -- findings.
+    rank :: Prelude.Maybe Prelude.Natural,
+    -- | The tags to be added to a new filter resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The ID of the detector belonging to the GuardDuty account that you want
+    -- to create a filter for.
+    detectorId :: Prelude.Text,
+    -- | The name of the filter. Valid characters include period (.), underscore
+    -- (_), dash (-), and alphanumeric characters. A whitespace is considered
+    -- to be an invalid character.
+    name :: Prelude.Text,
+    -- | Represents the criteria to be used in the filter for querying findings.
+    --
+    -- You can only use the following attributes to query findings:
+    --
+    -- -   accountId
+    --
+    -- -   region
+    --
+    -- -   confidence
+    --
+    -- -   id
+    --
+    -- -   resource.accessKeyDetails.accessKeyId
+    --
+    -- -   resource.accessKeyDetails.principalId
+    --
+    -- -   resource.accessKeyDetails.userName
+    --
+    -- -   resource.accessKeyDetails.userType
+    --
+    -- -   resource.instanceDetails.iamInstanceProfile.id
+    --
+    -- -   resource.instanceDetails.imageId
+    --
+    -- -   resource.instanceDetails.instanceId
+    --
+    -- -   resource.instanceDetails.outpostArn
+    --
+    -- -   resource.instanceDetails.networkInterfaces.ipv6Addresses
+    --
+    -- -   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+    --
+    -- -   resource.instanceDetails.networkInterfaces.publicDnsName
+    --
+    -- -   resource.instanceDetails.networkInterfaces.publicIp
+    --
+    -- -   resource.instanceDetails.networkInterfaces.securityGroups.groupId
+    --
+    -- -   resource.instanceDetails.networkInterfaces.securityGroups.groupName
+    --
+    -- -   resource.instanceDetails.networkInterfaces.subnetId
+    --
+    -- -   resource.instanceDetails.networkInterfaces.vpcId
+    --
+    -- -   resource.instanceDetails.tags.key
+    --
+    -- -   resource.instanceDetails.tags.value
+    --
+    -- -   resource.resourceType
+    --
+    -- -   service.action.actionType
+    --
+    -- -   service.action.awsApiCallAction.api
+    --
+    -- -   service.action.awsApiCallAction.callerType
+    --
+    -- -   service.action.awsApiCallAction.errorCode
+    --
+    -- -   service.action.awsApiCallAction.userAgent
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.city.cityName
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.country.countryName
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.organization.asn
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+    --
+    -- -   service.action.awsApiCallAction.serviceName
+    --
+    -- -   service.action.dnsRequestAction.domain
+    --
+    -- -   service.action.networkConnectionAction.blocked
+    --
+    -- -   service.action.networkConnectionAction.connectionDirection
+    --
+    -- -   service.action.networkConnectionAction.localPortDetails.port
+    --
+    -- -   service.action.networkConnectionAction.protocol
+    --
+    -- -   service.action.networkConnectionAction.localIpDetails.ipAddressV4
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.city.cityName
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.country.countryName
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.organization.asn
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+    --
+    -- -   service.action.networkConnectionAction.remotePortDetails.port
+    --
+    -- -   service.additionalInfo.threatListName
+    --
+    -- -   resource.s3BucketDetails.publicAccess.effectivePermissions
+    --
+    -- -   resource.s3BucketDetails.name
+    --
+    -- -   resource.s3BucketDetails.tags.key
+    --
+    -- -   resource.s3BucketDetails.tags.value
+    --
+    -- -   resource.s3BucketDetails.type
+    --
+    -- -   service.archived
+    --
+    --     When this attribute is set to TRUE, only archived findings are
+    --     listed. When it\'s set to FALSE, only unarchived findings are
+    --     listed. When this attribute is not set, all existing findings are
+    --     listed.
+    --
+    -- -   service.resourceRole
+    --
+    -- -   severity
+    --
+    -- -   type
+    --
+    -- -   updatedAt
+    --
+    --     Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or
+    --     YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains
+    --     milliseconds.
+    findingCriteria :: FindingCriteria
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'createFilter_action' - Specifies the action that is to be applied to the findings that match
+-- the filter.
+--
+-- 'clientToken', 'createFilter_clientToken' - The idempotency token for the create request.
+--
+-- 'description', 'createFilter_description' - The description of the filter. Valid special characters include period
+-- (.), underscore (_), dash (-), and whitespace. The new line character is
+-- considered to be an invalid input for description.
+--
+-- 'rank', 'createFilter_rank' - Specifies the position of the filter in the list of current filters.
+-- Also specifies the order in which this filter is applied to the
+-- findings.
+--
+-- 'tags', 'createFilter_tags' - The tags to be added to a new filter resource.
+--
+-- 'detectorId', 'createFilter_detectorId' - The ID of the detector belonging to the GuardDuty account that you want
+-- to create a filter for.
+--
+-- 'name', 'createFilter_name' - The name of the filter. Valid characters include period (.), underscore
+-- (_), dash (-), and alphanumeric characters. A whitespace is considered
+-- to be an invalid character.
+--
+-- 'findingCriteria', 'createFilter_findingCriteria' - Represents the criteria to be used in the filter for querying findings.
+--
+-- You can only use the following attributes to query findings:
+--
+-- -   accountId
+--
+-- -   region
+--
+-- -   confidence
+--
+-- -   id
+--
+-- -   resource.accessKeyDetails.accessKeyId
+--
+-- -   resource.accessKeyDetails.principalId
+--
+-- -   resource.accessKeyDetails.userName
+--
+-- -   resource.accessKeyDetails.userType
+--
+-- -   resource.instanceDetails.iamInstanceProfile.id
+--
+-- -   resource.instanceDetails.imageId
+--
+-- -   resource.instanceDetails.instanceId
+--
+-- -   resource.instanceDetails.outpostArn
+--
+-- -   resource.instanceDetails.networkInterfaces.ipv6Addresses
+--
+-- -   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+--
+-- -   resource.instanceDetails.networkInterfaces.publicDnsName
+--
+-- -   resource.instanceDetails.networkInterfaces.publicIp
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupId
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupName
+--
+-- -   resource.instanceDetails.networkInterfaces.subnetId
+--
+-- -   resource.instanceDetails.networkInterfaces.vpcId
+--
+-- -   resource.instanceDetails.tags.key
+--
+-- -   resource.instanceDetails.tags.value
+--
+-- -   resource.resourceType
+--
+-- -   service.action.actionType
+--
+-- -   service.action.awsApiCallAction.api
+--
+-- -   service.action.awsApiCallAction.callerType
+--
+-- -   service.action.awsApiCallAction.errorCode
+--
+-- -   service.action.awsApiCallAction.userAgent
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.city.cityName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.awsApiCallAction.serviceName
+--
+-- -   service.action.dnsRequestAction.domain
+--
+-- -   service.action.networkConnectionAction.blocked
+--
+-- -   service.action.networkConnectionAction.connectionDirection
+--
+-- -   service.action.networkConnectionAction.localPortDetails.port
+--
+-- -   service.action.networkConnectionAction.protocol
+--
+-- -   service.action.networkConnectionAction.localIpDetails.ipAddressV4
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.city.cityName
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.networkConnectionAction.remotePortDetails.port
+--
+-- -   service.additionalInfo.threatListName
+--
+-- -   resource.s3BucketDetails.publicAccess.effectivePermissions
+--
+-- -   resource.s3BucketDetails.name
+--
+-- -   resource.s3BucketDetails.tags.key
+--
+-- -   resource.s3BucketDetails.tags.value
+--
+-- -   resource.s3BucketDetails.type
+--
+-- -   service.archived
+--
+--     When this attribute is set to TRUE, only archived findings are
+--     listed. When it\'s set to FALSE, only unarchived findings are
+--     listed. When this attribute is not set, all existing findings are
+--     listed.
+--
+-- -   service.resourceRole
+--
+-- -   severity
+--
+-- -   type
+--
+-- -   updatedAt
+--
+--     Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or
+--     YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains
+--     milliseconds.
+newCreateFilter ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'findingCriteria'
+  FindingCriteria ->
+  CreateFilter
+newCreateFilter pDetectorId_ pName_ pFindingCriteria_ =
+  CreateFilter'
+    { action = Prelude.Nothing,
+      clientToken = Prelude.Nothing,
+      description = Prelude.Nothing,
+      rank = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      detectorId = pDetectorId_,
+      name = pName_,
+      findingCriteria = pFindingCriteria_
+    }
+
+-- | Specifies the action that is to be applied to the findings that match
+-- the filter.
+createFilter_action :: Lens.Lens' CreateFilter (Prelude.Maybe FilterAction)
+createFilter_action = Lens.lens (\CreateFilter' {action} -> action) (\s@CreateFilter' {} a -> s {action = a} :: CreateFilter)
+
+-- | The idempotency token for the create request.
+createFilter_clientToken :: Lens.Lens' CreateFilter (Prelude.Maybe Prelude.Text)
+createFilter_clientToken = Lens.lens (\CreateFilter' {clientToken} -> clientToken) (\s@CreateFilter' {} a -> s {clientToken = a} :: CreateFilter)
+
+-- | The description of the filter. Valid special characters include period
+-- (.), underscore (_), dash (-), and whitespace. The new line character is
+-- considered to be an invalid input for description.
+createFilter_description :: Lens.Lens' CreateFilter (Prelude.Maybe Prelude.Text)
+createFilter_description = Lens.lens (\CreateFilter' {description} -> description) (\s@CreateFilter' {} a -> s {description = a} :: CreateFilter)
+
+-- | Specifies the position of the filter in the list of current filters.
+-- Also specifies the order in which this filter is applied to the
+-- findings.
+createFilter_rank :: Lens.Lens' CreateFilter (Prelude.Maybe Prelude.Natural)
+createFilter_rank = Lens.lens (\CreateFilter' {rank} -> rank) (\s@CreateFilter' {} a -> s {rank = a} :: CreateFilter)
+
+-- | The tags to be added to a new filter resource.
+createFilter_tags :: Lens.Lens' CreateFilter (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+createFilter_tags = Lens.lens (\CreateFilter' {tags} -> tags) (\s@CreateFilter' {} a -> s {tags = a} :: CreateFilter) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the detector belonging to the GuardDuty account that you want
+-- to create a filter for.
+createFilter_detectorId :: Lens.Lens' CreateFilter Prelude.Text
+createFilter_detectorId = Lens.lens (\CreateFilter' {detectorId} -> detectorId) (\s@CreateFilter' {} a -> s {detectorId = a} :: CreateFilter)
+
+-- | The name of the filter. Valid characters include period (.), underscore
+-- (_), dash (-), and alphanumeric characters. A whitespace is considered
+-- to be an invalid character.
+createFilter_name :: Lens.Lens' CreateFilter Prelude.Text
+createFilter_name = Lens.lens (\CreateFilter' {name} -> name) (\s@CreateFilter' {} a -> s {name = a} :: CreateFilter)
+
+-- | Represents the criteria to be used in the filter for querying findings.
+--
+-- You can only use the following attributes to query findings:
+--
+-- -   accountId
+--
+-- -   region
+--
+-- -   confidence
+--
+-- -   id
+--
+-- -   resource.accessKeyDetails.accessKeyId
+--
+-- -   resource.accessKeyDetails.principalId
+--
+-- -   resource.accessKeyDetails.userName
+--
+-- -   resource.accessKeyDetails.userType
+--
+-- -   resource.instanceDetails.iamInstanceProfile.id
+--
+-- -   resource.instanceDetails.imageId
+--
+-- -   resource.instanceDetails.instanceId
+--
+-- -   resource.instanceDetails.outpostArn
+--
+-- -   resource.instanceDetails.networkInterfaces.ipv6Addresses
+--
+-- -   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+--
+-- -   resource.instanceDetails.networkInterfaces.publicDnsName
+--
+-- -   resource.instanceDetails.networkInterfaces.publicIp
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupId
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupName
+--
+-- -   resource.instanceDetails.networkInterfaces.subnetId
+--
+-- -   resource.instanceDetails.networkInterfaces.vpcId
+--
+-- -   resource.instanceDetails.tags.key
+--
+-- -   resource.instanceDetails.tags.value
+--
+-- -   resource.resourceType
+--
+-- -   service.action.actionType
+--
+-- -   service.action.awsApiCallAction.api
+--
+-- -   service.action.awsApiCallAction.callerType
+--
+-- -   service.action.awsApiCallAction.errorCode
+--
+-- -   service.action.awsApiCallAction.userAgent
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.city.cityName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.awsApiCallAction.serviceName
+--
+-- -   service.action.dnsRequestAction.domain
+--
+-- -   service.action.networkConnectionAction.blocked
+--
+-- -   service.action.networkConnectionAction.connectionDirection
+--
+-- -   service.action.networkConnectionAction.localPortDetails.port
+--
+-- -   service.action.networkConnectionAction.protocol
+--
+-- -   service.action.networkConnectionAction.localIpDetails.ipAddressV4
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.city.cityName
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.networkConnectionAction.remotePortDetails.port
+--
+-- -   service.additionalInfo.threatListName
+--
+-- -   resource.s3BucketDetails.publicAccess.effectivePermissions
+--
+-- -   resource.s3BucketDetails.name
+--
+-- -   resource.s3BucketDetails.tags.key
+--
+-- -   resource.s3BucketDetails.tags.value
+--
+-- -   resource.s3BucketDetails.type
+--
+-- -   service.archived
+--
+--     When this attribute is set to TRUE, only archived findings are
+--     listed. When it\'s set to FALSE, only unarchived findings are
+--     listed. When this attribute is not set, all existing findings are
+--     listed.
+--
+-- -   service.resourceRole
+--
+-- -   severity
+--
+-- -   type
+--
+-- -   updatedAt
+--
+--     Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or
+--     YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains
+--     milliseconds.
+createFilter_findingCriteria :: Lens.Lens' CreateFilter FindingCriteria
+createFilter_findingCriteria = Lens.lens (\CreateFilter' {findingCriteria} -> findingCriteria) (\s@CreateFilter' {} a -> s {findingCriteria = a} :: CreateFilter)
+
+instance Core.AWSRequest CreateFilter where
+  type AWSResponse CreateFilter = CreateFilterResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateFilterResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "name")
+      )
+
+instance Prelude.Hashable CreateFilter where
+  hashWithSalt _salt CreateFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` rank
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` findingCriteria
+
+instance Prelude.NFData CreateFilter where
+  rnf CreateFilter' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf rank
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf findingCriteria
+
+instance Data.ToHeaders CreateFilter where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateFilter where
+  toJSON CreateFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("action" Data..=) Prelude.<$> action,
+            ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("description" Data..=) Prelude.<$> description,
+            ("rank" Data..=) Prelude.<$> rank,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("name" Data..= name),
+            Prelude.Just
+              ("findingCriteria" Data..= findingCriteria)
+          ]
+      )
+
+instance Data.ToPath CreateFilter where
+  toPath CreateFilter' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/filter"]
+
+instance Data.ToQuery CreateFilter where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateFilterResponse' smart constructor.
+data CreateFilterResponse = CreateFilterResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The name of the successfully created filter.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFilterResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createFilterResponse_httpStatus' - The response's http status code.
+--
+-- 'name', 'createFilterResponse_name' - The name of the successfully created filter.
+newCreateFilterResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'name'
+  Prelude.Text ->
+  CreateFilterResponse
+newCreateFilterResponse pHttpStatus_ pName_ =
+  CreateFilterResponse'
+    { httpStatus = pHttpStatus_,
+      name = pName_
+    }
+
+-- | The response's http status code.
+createFilterResponse_httpStatus :: Lens.Lens' CreateFilterResponse Prelude.Int
+createFilterResponse_httpStatus = Lens.lens (\CreateFilterResponse' {httpStatus} -> httpStatus) (\s@CreateFilterResponse' {} a -> s {httpStatus = a} :: CreateFilterResponse)
+
+-- | The name of the successfully created filter.
+createFilterResponse_name :: Lens.Lens' CreateFilterResponse Prelude.Text
+createFilterResponse_name = Lens.lens (\CreateFilterResponse' {name} -> name) (\s@CreateFilterResponse' {} a -> s {name = a} :: CreateFilterResponse)
+
+instance Prelude.NFData CreateFilterResponse where
+  rnf CreateFilterResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/GuardDuty/CreateIPSet.hs b/gen/Amazonka/GuardDuty/CreateIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/CreateIPSet.hs
@@ -0,0 +1,280 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.CreateIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a new IPSet, which is called a trusted IP list in the console
+-- user interface. An IPSet is a list of IP addresses that are trusted for
+-- secure communication with Amazon Web Services infrastructure and
+-- applications. GuardDuty doesn\'t generate findings for IP addresses that
+-- are included in IPSets. Only users from the administrator account can
+-- use this operation.
+module Amazonka.GuardDuty.CreateIPSet
+  ( -- * Creating a Request
+    CreateIPSet (..),
+    newCreateIPSet,
+
+    -- * Request Lenses
+    createIPSet_clientToken,
+    createIPSet_tags,
+    createIPSet_detectorId,
+    createIPSet_name,
+    createIPSet_format,
+    createIPSet_location,
+    createIPSet_activate,
+
+    -- * Destructuring the Response
+    CreateIPSetResponse (..),
+    newCreateIPSetResponse,
+
+    -- * Response Lenses
+    createIPSetResponse_httpStatus,
+    createIPSetResponse_ipSetId,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateIPSet' smart constructor.
+data CreateIPSet = CreateIPSet'
+  { -- | The idempotency token for the create request.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The tags to be added to a new IP set resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The unique ID of the detector of the GuardDuty account that you want to
+    -- create an IPSet for.
+    detectorId :: Prelude.Text,
+    -- | The user-friendly name to identify the IPSet.
+    --
+    -- Allowed characters are alphanumerics, spaces, hyphens (-), and
+    -- underscores (_).
+    name :: Prelude.Text,
+    -- | The format of the file that contains the IPSet.
+    format :: IpSetFormat,
+    -- | The URI of the file that contains the IPSet.
+    location :: Prelude.Text,
+    -- | A Boolean value that indicates whether GuardDuty is to start using the
+    -- uploaded IPSet.
+    activate :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'createIPSet_clientToken' - The idempotency token for the create request.
+--
+-- 'tags', 'createIPSet_tags' - The tags to be added to a new IP set resource.
+--
+-- 'detectorId', 'createIPSet_detectorId' - The unique ID of the detector of the GuardDuty account that you want to
+-- create an IPSet for.
+--
+-- 'name', 'createIPSet_name' - The user-friendly name to identify the IPSet.
+--
+-- Allowed characters are alphanumerics, spaces, hyphens (-), and
+-- underscores (_).
+--
+-- 'format', 'createIPSet_format' - The format of the file that contains the IPSet.
+--
+-- 'location', 'createIPSet_location' - The URI of the file that contains the IPSet.
+--
+-- 'activate', 'createIPSet_activate' - A Boolean value that indicates whether GuardDuty is to start using the
+-- uploaded IPSet.
+newCreateIPSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'format'
+  IpSetFormat ->
+  -- | 'location'
+  Prelude.Text ->
+  -- | 'activate'
+  Prelude.Bool ->
+  CreateIPSet
+newCreateIPSet
+  pDetectorId_
+  pName_
+  pFormat_
+  pLocation_
+  pActivate_ =
+    CreateIPSet'
+      { clientToken = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        detectorId = pDetectorId_,
+        name = pName_,
+        format = pFormat_,
+        location = pLocation_,
+        activate = pActivate_
+      }
+
+-- | The idempotency token for the create request.
+createIPSet_clientToken :: Lens.Lens' CreateIPSet (Prelude.Maybe Prelude.Text)
+createIPSet_clientToken = Lens.lens (\CreateIPSet' {clientToken} -> clientToken) (\s@CreateIPSet' {} a -> s {clientToken = a} :: CreateIPSet)
+
+-- | The tags to be added to a new IP set resource.
+createIPSet_tags :: Lens.Lens' CreateIPSet (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+createIPSet_tags = Lens.lens (\CreateIPSet' {tags} -> tags) (\s@CreateIPSet' {} a -> s {tags = a} :: CreateIPSet) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique ID of the detector of the GuardDuty account that you want to
+-- create an IPSet for.
+createIPSet_detectorId :: Lens.Lens' CreateIPSet Prelude.Text
+createIPSet_detectorId = Lens.lens (\CreateIPSet' {detectorId} -> detectorId) (\s@CreateIPSet' {} a -> s {detectorId = a} :: CreateIPSet)
+
+-- | The user-friendly name to identify the IPSet.
+--
+-- Allowed characters are alphanumerics, spaces, hyphens (-), and
+-- underscores (_).
+createIPSet_name :: Lens.Lens' CreateIPSet Prelude.Text
+createIPSet_name = Lens.lens (\CreateIPSet' {name} -> name) (\s@CreateIPSet' {} a -> s {name = a} :: CreateIPSet)
+
+-- | The format of the file that contains the IPSet.
+createIPSet_format :: Lens.Lens' CreateIPSet IpSetFormat
+createIPSet_format = Lens.lens (\CreateIPSet' {format} -> format) (\s@CreateIPSet' {} a -> s {format = a} :: CreateIPSet)
+
+-- | The URI of the file that contains the IPSet.
+createIPSet_location :: Lens.Lens' CreateIPSet Prelude.Text
+createIPSet_location = Lens.lens (\CreateIPSet' {location} -> location) (\s@CreateIPSet' {} a -> s {location = a} :: CreateIPSet)
+
+-- | A Boolean value that indicates whether GuardDuty is to start using the
+-- uploaded IPSet.
+createIPSet_activate :: Lens.Lens' CreateIPSet Prelude.Bool
+createIPSet_activate = Lens.lens (\CreateIPSet' {activate} -> activate) (\s@CreateIPSet' {} a -> s {activate = a} :: CreateIPSet)
+
+instance Core.AWSRequest CreateIPSet where
+  type AWSResponse CreateIPSet = CreateIPSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateIPSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "ipSetId")
+      )
+
+instance Prelude.Hashable CreateIPSet where
+  hashWithSalt _salt CreateIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` format
+      `Prelude.hashWithSalt` location
+      `Prelude.hashWithSalt` activate
+
+instance Prelude.NFData CreateIPSet where
+  rnf CreateIPSet' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf format
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf activate
+
+instance Data.ToHeaders CreateIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateIPSet where
+  toJSON CreateIPSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("name" Data..= name),
+            Prelude.Just ("format" Data..= format),
+            Prelude.Just ("location" Data..= location),
+            Prelude.Just ("activate" Data..= activate)
+          ]
+      )
+
+instance Data.ToPath CreateIPSet where
+  toPath CreateIPSet' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/ipset"]
+
+instance Data.ToQuery CreateIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateIPSetResponse' smart constructor.
+data CreateIPSetResponse = CreateIPSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ID of the IPSet resource.
+    ipSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createIPSetResponse_httpStatus' - The response's http status code.
+--
+-- 'ipSetId', 'createIPSetResponse_ipSetId' - The ID of the IPSet resource.
+newCreateIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'ipSetId'
+  Prelude.Text ->
+  CreateIPSetResponse
+newCreateIPSetResponse pHttpStatus_ pIpSetId_ =
+  CreateIPSetResponse'
+    { httpStatus = pHttpStatus_,
+      ipSetId = pIpSetId_
+    }
+
+-- | The response's http status code.
+createIPSetResponse_httpStatus :: Lens.Lens' CreateIPSetResponse Prelude.Int
+createIPSetResponse_httpStatus = Lens.lens (\CreateIPSetResponse' {httpStatus} -> httpStatus) (\s@CreateIPSetResponse' {} a -> s {httpStatus = a} :: CreateIPSetResponse)
+
+-- | The ID of the IPSet resource.
+createIPSetResponse_ipSetId :: Lens.Lens' CreateIPSetResponse Prelude.Text
+createIPSetResponse_ipSetId = Lens.lens (\CreateIPSetResponse' {ipSetId} -> ipSetId) (\s@CreateIPSetResponse' {} a -> s {ipSetId = a} :: CreateIPSetResponse)
+
+instance Prelude.NFData CreateIPSetResponse where
+  rnf CreateIPSetResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf ipSetId
diff --git a/gen/Amazonka/GuardDuty/CreateMembers.hs b/gen/Amazonka/GuardDuty/CreateMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/CreateMembers.hs
@@ -0,0 +1,211 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.CreateMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates member accounts of the current Amazon Web Services account by
+-- specifying a list of Amazon Web Services account IDs. This step is a
+-- prerequisite for managing the associated member accounts either by
+-- invitation or through an organization.
+--
+-- When using @Create Members@ as an organizations delegated administrator
+-- this action will enable GuardDuty in the added member accounts, with the
+-- exception of the organization delegated administrator account, which
+-- must enable GuardDuty prior to being added as a member.
+--
+-- If you are adding accounts by invitation use this action after GuardDuty
+-- has been enabled in potential member accounts and before using
+-- <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html Invite Members>
+-- .
+module Amazonka.GuardDuty.CreateMembers
+  ( -- * Creating a Request
+    CreateMembers (..),
+    newCreateMembers,
+
+    -- * Request Lenses
+    createMembers_detectorId,
+    createMembers_accountDetails,
+
+    -- * Destructuring the Response
+    CreateMembersResponse (..),
+    newCreateMembersResponse,
+
+    -- * Response Lenses
+    createMembersResponse_httpStatus,
+    createMembersResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateMembers' smart constructor.
+data CreateMembers = CreateMembers'
+  { -- | The unique ID of the detector of the GuardDuty account that you want to
+    -- associate member accounts with.
+    detectorId :: Prelude.Text,
+    -- | A list of account ID and email address pairs of the accounts that you
+    -- want to associate with the GuardDuty administrator account.
+    accountDetails :: Prelude.NonEmpty AccountDetail
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'createMembers_detectorId' - The unique ID of the detector of the GuardDuty account that you want to
+-- associate member accounts with.
+--
+-- 'accountDetails', 'createMembers_accountDetails' - A list of account ID and email address pairs of the accounts that you
+-- want to associate with the GuardDuty administrator account.
+newCreateMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountDetails'
+  Prelude.NonEmpty AccountDetail ->
+  CreateMembers
+newCreateMembers pDetectorId_ pAccountDetails_ =
+  CreateMembers'
+    { detectorId = pDetectorId_,
+      accountDetails =
+        Lens.coerced Lens.# pAccountDetails_
+    }
+
+-- | The unique ID of the detector of the GuardDuty account that you want to
+-- associate member accounts with.
+createMembers_detectorId :: Lens.Lens' CreateMembers Prelude.Text
+createMembers_detectorId = Lens.lens (\CreateMembers' {detectorId} -> detectorId) (\s@CreateMembers' {} a -> s {detectorId = a} :: CreateMembers)
+
+-- | A list of account ID and email address pairs of the accounts that you
+-- want to associate with the GuardDuty administrator account.
+createMembers_accountDetails :: Lens.Lens' CreateMembers (Prelude.NonEmpty AccountDetail)
+createMembers_accountDetails = Lens.lens (\CreateMembers' {accountDetails} -> accountDetails) (\s@CreateMembers' {} a -> s {accountDetails = a} :: CreateMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateMembers where
+  type
+    AWSResponse CreateMembers =
+      CreateMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable CreateMembers where
+  hashWithSalt _salt CreateMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountDetails
+
+instance Prelude.NFData CreateMembers where
+  rnf CreateMembers' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountDetails
+
+instance Data.ToHeaders CreateMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateMembers where
+  toJSON CreateMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("accountDetails" Data..= accountDetails)
+          ]
+      )
+
+instance Data.ToPath CreateMembers where
+  toPath CreateMembers' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/member"]
+
+instance Data.ToQuery CreateMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateMembersResponse' smart constructor.
+data CreateMembersResponse = CreateMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of objects that include the @accountIds@ of the unprocessed
+    -- accounts and a result string that explains why each was unprocessed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createMembersResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'createMembersResponse_unprocessedAccounts' - A list of objects that include the @accountIds@ of the unprocessed
+-- accounts and a result string that explains why each was unprocessed.
+newCreateMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateMembersResponse
+newCreateMembersResponse pHttpStatus_ =
+  CreateMembersResponse'
+    { httpStatus = pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+createMembersResponse_httpStatus :: Lens.Lens' CreateMembersResponse Prelude.Int
+createMembersResponse_httpStatus = Lens.lens (\CreateMembersResponse' {httpStatus} -> httpStatus) (\s@CreateMembersResponse' {} a -> s {httpStatus = a} :: CreateMembersResponse)
+
+-- | A list of objects that include the @accountIds@ of the unprocessed
+-- accounts and a result string that explains why each was unprocessed.
+createMembersResponse_unprocessedAccounts :: Lens.Lens' CreateMembersResponse [UnprocessedAccount]
+createMembersResponse_unprocessedAccounts = Lens.lens (\CreateMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@CreateMembersResponse' {} a -> s {unprocessedAccounts = a} :: CreateMembersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData CreateMembersResponse where
+  rnf CreateMembersResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/CreatePublishingDestination.hs b/gen/Amazonka/GuardDuty/CreatePublishingDestination.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/CreatePublishingDestination.hs
@@ -0,0 +1,242 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.CreatePublishingDestination
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a publishing destination to export findings to. The resource to
+-- export findings to must exist before you use this operation.
+module Amazonka.GuardDuty.CreatePublishingDestination
+  ( -- * Creating a Request
+    CreatePublishingDestination (..),
+    newCreatePublishingDestination,
+
+    -- * Request Lenses
+    createPublishingDestination_clientToken,
+    createPublishingDestination_detectorId,
+    createPublishingDestination_destinationType,
+    createPublishingDestination_destinationProperties,
+
+    -- * Destructuring the Response
+    CreatePublishingDestinationResponse (..),
+    newCreatePublishingDestinationResponse,
+
+    -- * Response Lenses
+    createPublishingDestinationResponse_httpStatus,
+    createPublishingDestinationResponse_destinationId,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreatePublishingDestination' smart constructor.
+data CreatePublishingDestination = CreatePublishingDestination'
+  { -- | The idempotency token for the request.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the GuardDuty detector associated with the publishing
+    -- destination.
+    detectorId :: Prelude.Text,
+    -- | The type of resource for the publishing destination. Currently only
+    -- Amazon S3 buckets are supported.
+    destinationType :: DestinationType,
+    -- | The properties of the publishing destination, including the ARNs for the
+    -- destination and the KMS key used for encryption.
+    destinationProperties :: DestinationProperties
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreatePublishingDestination' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'createPublishingDestination_clientToken' - The idempotency token for the request.
+--
+-- 'detectorId', 'createPublishingDestination_detectorId' - The ID of the GuardDuty detector associated with the publishing
+-- destination.
+--
+-- 'destinationType', 'createPublishingDestination_destinationType' - The type of resource for the publishing destination. Currently only
+-- Amazon S3 buckets are supported.
+--
+-- 'destinationProperties', 'createPublishingDestination_destinationProperties' - The properties of the publishing destination, including the ARNs for the
+-- destination and the KMS key used for encryption.
+newCreatePublishingDestination ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'destinationType'
+  DestinationType ->
+  -- | 'destinationProperties'
+  DestinationProperties ->
+  CreatePublishingDestination
+newCreatePublishingDestination
+  pDetectorId_
+  pDestinationType_
+  pDestinationProperties_ =
+    CreatePublishingDestination'
+      { clientToken =
+          Prelude.Nothing,
+        detectorId = pDetectorId_,
+        destinationType = pDestinationType_,
+        destinationProperties =
+          pDestinationProperties_
+      }
+
+-- | The idempotency token for the request.
+createPublishingDestination_clientToken :: Lens.Lens' CreatePublishingDestination (Prelude.Maybe Prelude.Text)
+createPublishingDestination_clientToken = Lens.lens (\CreatePublishingDestination' {clientToken} -> clientToken) (\s@CreatePublishingDestination' {} a -> s {clientToken = a} :: CreatePublishingDestination)
+
+-- | The ID of the GuardDuty detector associated with the publishing
+-- destination.
+createPublishingDestination_detectorId :: Lens.Lens' CreatePublishingDestination Prelude.Text
+createPublishingDestination_detectorId = Lens.lens (\CreatePublishingDestination' {detectorId} -> detectorId) (\s@CreatePublishingDestination' {} a -> s {detectorId = a} :: CreatePublishingDestination)
+
+-- | The type of resource for the publishing destination. Currently only
+-- Amazon S3 buckets are supported.
+createPublishingDestination_destinationType :: Lens.Lens' CreatePublishingDestination DestinationType
+createPublishingDestination_destinationType = Lens.lens (\CreatePublishingDestination' {destinationType} -> destinationType) (\s@CreatePublishingDestination' {} a -> s {destinationType = a} :: CreatePublishingDestination)
+
+-- | The properties of the publishing destination, including the ARNs for the
+-- destination and the KMS key used for encryption.
+createPublishingDestination_destinationProperties :: Lens.Lens' CreatePublishingDestination DestinationProperties
+createPublishingDestination_destinationProperties = Lens.lens (\CreatePublishingDestination' {destinationProperties} -> destinationProperties) (\s@CreatePublishingDestination' {} a -> s {destinationProperties = a} :: CreatePublishingDestination)
+
+instance Core.AWSRequest CreatePublishingDestination where
+  type
+    AWSResponse CreatePublishingDestination =
+      CreatePublishingDestinationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreatePublishingDestinationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "destinationId")
+      )
+
+instance Prelude.Hashable CreatePublishingDestination where
+  hashWithSalt _salt CreatePublishingDestination' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` destinationType
+      `Prelude.hashWithSalt` destinationProperties
+
+instance Prelude.NFData CreatePublishingDestination where
+  rnf CreatePublishingDestination' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf destinationType
+      `Prelude.seq` Prelude.rnf destinationProperties
+
+instance Data.ToHeaders CreatePublishingDestination where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreatePublishingDestination where
+  toJSON CreatePublishingDestination' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            Prelude.Just
+              ("destinationType" Data..= destinationType),
+            Prelude.Just
+              ( "destinationProperties"
+                  Data..= destinationProperties
+              )
+          ]
+      )
+
+instance Data.ToPath CreatePublishingDestination where
+  toPath CreatePublishingDestination' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/publishingDestination"
+      ]
+
+instance Data.ToQuery CreatePublishingDestination where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreatePublishingDestinationResponse' smart constructor.
+data CreatePublishingDestinationResponse = CreatePublishingDestinationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ID of the publishing destination that is created.
+    destinationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreatePublishingDestinationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createPublishingDestinationResponse_httpStatus' - The response's http status code.
+--
+-- 'destinationId', 'createPublishingDestinationResponse_destinationId' - The ID of the publishing destination that is created.
+newCreatePublishingDestinationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'destinationId'
+  Prelude.Text ->
+  CreatePublishingDestinationResponse
+newCreatePublishingDestinationResponse
+  pHttpStatus_
+  pDestinationId_ =
+    CreatePublishingDestinationResponse'
+      { httpStatus =
+          pHttpStatus_,
+        destinationId = pDestinationId_
+      }
+
+-- | The response's http status code.
+createPublishingDestinationResponse_httpStatus :: Lens.Lens' CreatePublishingDestinationResponse Prelude.Int
+createPublishingDestinationResponse_httpStatus = Lens.lens (\CreatePublishingDestinationResponse' {httpStatus} -> httpStatus) (\s@CreatePublishingDestinationResponse' {} a -> s {httpStatus = a} :: CreatePublishingDestinationResponse)
+
+-- | The ID of the publishing destination that is created.
+createPublishingDestinationResponse_destinationId :: Lens.Lens' CreatePublishingDestinationResponse Prelude.Text
+createPublishingDestinationResponse_destinationId = Lens.lens (\CreatePublishingDestinationResponse' {destinationId} -> destinationId) (\s@CreatePublishingDestinationResponse' {} a -> s {destinationId = a} :: CreatePublishingDestinationResponse)
+
+instance
+  Prelude.NFData
+    CreatePublishingDestinationResponse
+  where
+  rnf CreatePublishingDestinationResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf destinationId
diff --git a/gen/Amazonka/GuardDuty/CreateSampleFindings.hs b/gen/Amazonka/GuardDuty/CreateSampleFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/CreateSampleFindings.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.CreateSampleFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Generates example findings of types specified by the list of finding
+-- types. If \'NULL\' is specified for @findingTypes@, the API generates
+-- example findings of all supported finding types.
+module Amazonka.GuardDuty.CreateSampleFindings
+  ( -- * Creating a Request
+    CreateSampleFindings (..),
+    newCreateSampleFindings,
+
+    -- * Request Lenses
+    createSampleFindings_findingTypes,
+    createSampleFindings_detectorId,
+
+    -- * Destructuring the Response
+    CreateSampleFindingsResponse (..),
+    newCreateSampleFindingsResponse,
+
+    -- * Response Lenses
+    createSampleFindingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateSampleFindings' smart constructor.
+data CreateSampleFindings = CreateSampleFindings'
+  { -- | The types of sample findings to generate.
+    findingTypes :: Prelude.Maybe [Prelude.Text],
+    -- | The ID of the detector to create sample findings for.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateSampleFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingTypes', 'createSampleFindings_findingTypes' - The types of sample findings to generate.
+--
+-- 'detectorId', 'createSampleFindings_detectorId' - The ID of the detector to create sample findings for.
+newCreateSampleFindings ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  CreateSampleFindings
+newCreateSampleFindings pDetectorId_ =
+  CreateSampleFindings'
+    { findingTypes =
+        Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | The types of sample findings to generate.
+createSampleFindings_findingTypes :: Lens.Lens' CreateSampleFindings (Prelude.Maybe [Prelude.Text])
+createSampleFindings_findingTypes = Lens.lens (\CreateSampleFindings' {findingTypes} -> findingTypes) (\s@CreateSampleFindings' {} a -> s {findingTypes = a} :: CreateSampleFindings) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the detector to create sample findings for.
+createSampleFindings_detectorId :: Lens.Lens' CreateSampleFindings Prelude.Text
+createSampleFindings_detectorId = Lens.lens (\CreateSampleFindings' {detectorId} -> detectorId) (\s@CreateSampleFindings' {} a -> s {detectorId = a} :: CreateSampleFindings)
+
+instance Core.AWSRequest CreateSampleFindings where
+  type
+    AWSResponse CreateSampleFindings =
+      CreateSampleFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          CreateSampleFindingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateSampleFindings where
+  hashWithSalt _salt CreateSampleFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` findingTypes
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData CreateSampleFindings where
+  rnf CreateSampleFindings' {..} =
+    Prelude.rnf findingTypes
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders CreateSampleFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateSampleFindings where
+  toJSON CreateSampleFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("findingTypes" Data..=) Prelude.<$> findingTypes]
+      )
+
+instance Data.ToPath CreateSampleFindings where
+  toPath CreateSampleFindings' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/findings/create"
+      ]
+
+instance Data.ToQuery CreateSampleFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateSampleFindingsResponse' smart constructor.
+data CreateSampleFindingsResponse = CreateSampleFindingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateSampleFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createSampleFindingsResponse_httpStatus' - The response's http status code.
+newCreateSampleFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateSampleFindingsResponse
+newCreateSampleFindingsResponse pHttpStatus_ =
+  CreateSampleFindingsResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+createSampleFindingsResponse_httpStatus :: Lens.Lens' CreateSampleFindingsResponse Prelude.Int
+createSampleFindingsResponse_httpStatus = Lens.lens (\CreateSampleFindingsResponse' {httpStatus} -> httpStatus) (\s@CreateSampleFindingsResponse' {} a -> s {httpStatus = a} :: CreateSampleFindingsResponse)
+
+instance Prelude.NFData CreateSampleFindingsResponse where
+  rnf CreateSampleFindingsResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/CreateThreatIntelSet.hs b/gen/Amazonka/GuardDuty/CreateThreatIntelSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/CreateThreatIntelSet.hs
@@ -0,0 +1,283 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.CreateThreatIntelSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious
+-- IP addresses. GuardDuty generates findings based on ThreatIntelSets.
+-- Only users of the administrator account can use this operation.
+module Amazonka.GuardDuty.CreateThreatIntelSet
+  ( -- * Creating a Request
+    CreateThreatIntelSet (..),
+    newCreateThreatIntelSet,
+
+    -- * Request Lenses
+    createThreatIntelSet_clientToken,
+    createThreatIntelSet_tags,
+    createThreatIntelSet_detectorId,
+    createThreatIntelSet_name,
+    createThreatIntelSet_format,
+    createThreatIntelSet_location,
+    createThreatIntelSet_activate,
+
+    -- * Destructuring the Response
+    CreateThreatIntelSetResponse (..),
+    newCreateThreatIntelSetResponse,
+
+    -- * Response Lenses
+    createThreatIntelSetResponse_httpStatus,
+    createThreatIntelSetResponse_threatIntelSetId,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newCreateThreatIntelSet' smart constructor.
+data CreateThreatIntelSet = CreateThreatIntelSet'
+  { -- | The idempotency token for the create request.
+    clientToken :: Prelude.Maybe Prelude.Text,
+    -- | The tags to be added to a new threat list resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The unique ID of the detector of the GuardDuty account that you want to
+    -- create a threatIntelSet for.
+    detectorId :: Prelude.Text,
+    -- | A user-friendly ThreatIntelSet name displayed in all findings that are
+    -- generated by activity that involves IP addresses included in this
+    -- ThreatIntelSet.
+    name :: Prelude.Text,
+    -- | The format of the file that contains the ThreatIntelSet.
+    format :: ThreatIntelSetFormat,
+    -- | The URI of the file that contains the ThreatIntelSet.
+    location :: Prelude.Text,
+    -- | A Boolean value that indicates whether GuardDuty is to start using the
+    -- uploaded ThreatIntelSet.
+    activate :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateThreatIntelSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientToken', 'createThreatIntelSet_clientToken' - The idempotency token for the create request.
+--
+-- 'tags', 'createThreatIntelSet_tags' - The tags to be added to a new threat list resource.
+--
+-- 'detectorId', 'createThreatIntelSet_detectorId' - The unique ID of the detector of the GuardDuty account that you want to
+-- create a threatIntelSet for.
+--
+-- 'name', 'createThreatIntelSet_name' - A user-friendly ThreatIntelSet name displayed in all findings that are
+-- generated by activity that involves IP addresses included in this
+-- ThreatIntelSet.
+--
+-- 'format', 'createThreatIntelSet_format' - The format of the file that contains the ThreatIntelSet.
+--
+-- 'location', 'createThreatIntelSet_location' - The URI of the file that contains the ThreatIntelSet.
+--
+-- 'activate', 'createThreatIntelSet_activate' - A Boolean value that indicates whether GuardDuty is to start using the
+-- uploaded ThreatIntelSet.
+newCreateThreatIntelSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'format'
+  ThreatIntelSetFormat ->
+  -- | 'location'
+  Prelude.Text ->
+  -- | 'activate'
+  Prelude.Bool ->
+  CreateThreatIntelSet
+newCreateThreatIntelSet
+  pDetectorId_
+  pName_
+  pFormat_
+  pLocation_
+  pActivate_ =
+    CreateThreatIntelSet'
+      { clientToken =
+          Prelude.Nothing,
+        tags = Prelude.Nothing,
+        detectorId = pDetectorId_,
+        name = pName_,
+        format = pFormat_,
+        location = pLocation_,
+        activate = pActivate_
+      }
+
+-- | The idempotency token for the create request.
+createThreatIntelSet_clientToken :: Lens.Lens' CreateThreatIntelSet (Prelude.Maybe Prelude.Text)
+createThreatIntelSet_clientToken = Lens.lens (\CreateThreatIntelSet' {clientToken} -> clientToken) (\s@CreateThreatIntelSet' {} a -> s {clientToken = a} :: CreateThreatIntelSet)
+
+-- | The tags to be added to a new threat list resource.
+createThreatIntelSet_tags :: Lens.Lens' CreateThreatIntelSet (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+createThreatIntelSet_tags = Lens.lens (\CreateThreatIntelSet' {tags} -> tags) (\s@CreateThreatIntelSet' {} a -> s {tags = a} :: CreateThreatIntelSet) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique ID of the detector of the GuardDuty account that you want to
+-- create a threatIntelSet for.
+createThreatIntelSet_detectorId :: Lens.Lens' CreateThreatIntelSet Prelude.Text
+createThreatIntelSet_detectorId = Lens.lens (\CreateThreatIntelSet' {detectorId} -> detectorId) (\s@CreateThreatIntelSet' {} a -> s {detectorId = a} :: CreateThreatIntelSet)
+
+-- | A user-friendly ThreatIntelSet name displayed in all findings that are
+-- generated by activity that involves IP addresses included in this
+-- ThreatIntelSet.
+createThreatIntelSet_name :: Lens.Lens' CreateThreatIntelSet Prelude.Text
+createThreatIntelSet_name = Lens.lens (\CreateThreatIntelSet' {name} -> name) (\s@CreateThreatIntelSet' {} a -> s {name = a} :: CreateThreatIntelSet)
+
+-- | The format of the file that contains the ThreatIntelSet.
+createThreatIntelSet_format :: Lens.Lens' CreateThreatIntelSet ThreatIntelSetFormat
+createThreatIntelSet_format = Lens.lens (\CreateThreatIntelSet' {format} -> format) (\s@CreateThreatIntelSet' {} a -> s {format = a} :: CreateThreatIntelSet)
+
+-- | The URI of the file that contains the ThreatIntelSet.
+createThreatIntelSet_location :: Lens.Lens' CreateThreatIntelSet Prelude.Text
+createThreatIntelSet_location = Lens.lens (\CreateThreatIntelSet' {location} -> location) (\s@CreateThreatIntelSet' {} a -> s {location = a} :: CreateThreatIntelSet)
+
+-- | A Boolean value that indicates whether GuardDuty is to start using the
+-- uploaded ThreatIntelSet.
+createThreatIntelSet_activate :: Lens.Lens' CreateThreatIntelSet Prelude.Bool
+createThreatIntelSet_activate = Lens.lens (\CreateThreatIntelSet' {activate} -> activate) (\s@CreateThreatIntelSet' {} a -> s {activate = a} :: CreateThreatIntelSet)
+
+instance Core.AWSRequest CreateThreatIntelSet where
+  type
+    AWSResponse CreateThreatIntelSet =
+      CreateThreatIntelSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateThreatIntelSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "threatIntelSetId")
+      )
+
+instance Prelude.Hashable CreateThreatIntelSet where
+  hashWithSalt _salt CreateThreatIntelSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientToken
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` format
+      `Prelude.hashWithSalt` location
+      `Prelude.hashWithSalt` activate
+
+instance Prelude.NFData CreateThreatIntelSet where
+  rnf CreateThreatIntelSet' {..} =
+    Prelude.rnf clientToken
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf format
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf activate
+
+instance Data.ToHeaders CreateThreatIntelSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateThreatIntelSet where
+  toJSON CreateThreatIntelSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("clientToken" Data..=) Prelude.<$> clientToken,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("name" Data..= name),
+            Prelude.Just ("format" Data..= format),
+            Prelude.Just ("location" Data..= location),
+            Prelude.Just ("activate" Data..= activate)
+          ]
+      )
+
+instance Data.ToPath CreateThreatIntelSet where
+  toPath CreateThreatIntelSet' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/threatintelset"
+      ]
+
+instance Data.ToQuery CreateThreatIntelSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateThreatIntelSetResponse' smart constructor.
+data CreateThreatIntelSetResponse = CreateThreatIntelSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ID of the ThreatIntelSet resource.
+    threatIntelSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateThreatIntelSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createThreatIntelSetResponse_httpStatus' - The response's http status code.
+--
+-- 'threatIntelSetId', 'createThreatIntelSetResponse_threatIntelSetId' - The ID of the ThreatIntelSet resource.
+newCreateThreatIntelSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'threatIntelSetId'
+  Prelude.Text ->
+  CreateThreatIntelSetResponse
+newCreateThreatIntelSetResponse
+  pHttpStatus_
+  pThreatIntelSetId_ =
+    CreateThreatIntelSetResponse'
+      { httpStatus =
+          pHttpStatus_,
+        threatIntelSetId = pThreatIntelSetId_
+      }
+
+-- | The response's http status code.
+createThreatIntelSetResponse_httpStatus :: Lens.Lens' CreateThreatIntelSetResponse Prelude.Int
+createThreatIntelSetResponse_httpStatus = Lens.lens (\CreateThreatIntelSetResponse' {httpStatus} -> httpStatus) (\s@CreateThreatIntelSetResponse' {} a -> s {httpStatus = a} :: CreateThreatIntelSetResponse)
+
+-- | The ID of the ThreatIntelSet resource.
+createThreatIntelSetResponse_threatIntelSetId :: Lens.Lens' CreateThreatIntelSetResponse Prelude.Text
+createThreatIntelSetResponse_threatIntelSetId = Lens.lens (\CreateThreatIntelSetResponse' {threatIntelSetId} -> threatIntelSetId) (\s@CreateThreatIntelSetResponse' {} a -> s {threatIntelSetId = a} :: CreateThreatIntelSetResponse)
+
+instance Prelude.NFData CreateThreatIntelSetResponse where
+  rnf CreateThreatIntelSetResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf threatIntelSetId
diff --git a/gen/Amazonka/GuardDuty/DeclineInvitations.hs b/gen/Amazonka/GuardDuty/DeclineInvitations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeclineInvitations.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeclineInvitations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Declines invitations sent to the current member account by Amazon Web
+-- Services accounts specified by their account IDs.
+module Amazonka.GuardDuty.DeclineInvitations
+  ( -- * Creating a Request
+    DeclineInvitations (..),
+    newDeclineInvitations,
+
+    -- * Request Lenses
+    declineInvitations_accountIds,
+
+    -- * Destructuring the Response
+    DeclineInvitationsResponse (..),
+    newDeclineInvitationsResponse,
+
+    -- * Response Lenses
+    declineInvitationsResponse_httpStatus,
+    declineInvitationsResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeclineInvitations' smart constructor.
+data DeclineInvitations = DeclineInvitations'
+  { -- | A list of account IDs of the Amazon Web Services accounts that sent
+    -- invitations to the current member account that you want to decline
+    -- invitations from.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeclineInvitations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'declineInvitations_accountIds' - A list of account IDs of the Amazon Web Services accounts that sent
+-- invitations to the current member account that you want to decline
+-- invitations from.
+newDeclineInvitations ::
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  DeclineInvitations
+newDeclineInvitations pAccountIds_ =
+  DeclineInvitations'
+    { accountIds =
+        Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | A list of account IDs of the Amazon Web Services accounts that sent
+-- invitations to the current member account that you want to decline
+-- invitations from.
+declineInvitations_accountIds :: Lens.Lens' DeclineInvitations (Prelude.NonEmpty Prelude.Text)
+declineInvitations_accountIds = Lens.lens (\DeclineInvitations' {accountIds} -> accountIds) (\s@DeclineInvitations' {} a -> s {accountIds = a} :: DeclineInvitations) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DeclineInvitations where
+  type
+    AWSResponse DeclineInvitations =
+      DeclineInvitationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeclineInvitationsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable DeclineInvitations where
+  hashWithSalt _salt DeclineInvitations' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DeclineInvitations where
+  rnf DeclineInvitations' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders DeclineInvitations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeclineInvitations where
+  toJSON DeclineInvitations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DeclineInvitations where
+  toPath = Prelude.const "/invitation/decline"
+
+instance Data.ToQuery DeclineInvitations where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeclineInvitationsResponse' smart constructor.
+data DeclineInvitationsResponse = DeclineInvitationsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of objects that contain the unprocessed account and a result
+    -- string that explains why it was unprocessed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeclineInvitationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'declineInvitationsResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'declineInvitationsResponse_unprocessedAccounts' - A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+newDeclineInvitationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeclineInvitationsResponse
+newDeclineInvitationsResponse pHttpStatus_ =
+  DeclineInvitationsResponse'
+    { httpStatus =
+        pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+declineInvitationsResponse_httpStatus :: Lens.Lens' DeclineInvitationsResponse Prelude.Int
+declineInvitationsResponse_httpStatus = Lens.lens (\DeclineInvitationsResponse' {httpStatus} -> httpStatus) (\s@DeclineInvitationsResponse' {} a -> s {httpStatus = a} :: DeclineInvitationsResponse)
+
+-- | A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+declineInvitationsResponse_unprocessedAccounts :: Lens.Lens' DeclineInvitationsResponse [UnprocessedAccount]
+declineInvitationsResponse_unprocessedAccounts = Lens.lens (\DeclineInvitationsResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@DeclineInvitationsResponse' {} a -> s {unprocessedAccounts = a} :: DeclineInvitationsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData DeclineInvitationsResponse where
+  rnf DeclineInvitationsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/DeleteDetector.hs b/gen/Amazonka/GuardDuty/DeleteDetector.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeleteDetector.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeleteDetector
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes an Amazon GuardDuty detector that is specified by the detector
+-- ID.
+module Amazonka.GuardDuty.DeleteDetector
+  ( -- * Creating a Request
+    DeleteDetector (..),
+    newDeleteDetector,
+
+    -- * Request Lenses
+    deleteDetector_detectorId,
+
+    -- * Destructuring the Response
+    DeleteDetectorResponse (..),
+    newDeleteDetectorResponse,
+
+    -- * Response Lenses
+    deleteDetectorResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteDetector' smart constructor.
+data DeleteDetector = DeleteDetector'
+  { -- | The unique ID of the detector that you want to delete.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteDetector' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'deleteDetector_detectorId' - The unique ID of the detector that you want to delete.
+newDeleteDetector ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  DeleteDetector
+newDeleteDetector pDetectorId_ =
+  DeleteDetector' {detectorId = pDetectorId_}
+
+-- | The unique ID of the detector that you want to delete.
+deleteDetector_detectorId :: Lens.Lens' DeleteDetector Prelude.Text
+deleteDetector_detectorId = Lens.lens (\DeleteDetector' {detectorId} -> detectorId) (\s@DeleteDetector' {} a -> s {detectorId = a} :: DeleteDetector)
+
+instance Core.AWSRequest DeleteDetector where
+  type
+    AWSResponse DeleteDetector =
+      DeleteDetectorResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteDetectorResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteDetector where
+  hashWithSalt _salt DeleteDetector' {..} =
+    _salt `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData DeleteDetector where
+  rnf DeleteDetector' {..} = Prelude.rnf detectorId
+
+instance Data.ToHeaders DeleteDetector where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteDetector where
+  toPath DeleteDetector' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId]
+
+instance Data.ToQuery DeleteDetector where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteDetectorResponse' smart constructor.
+data DeleteDetectorResponse = DeleteDetectorResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteDetectorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteDetectorResponse_httpStatus' - The response's http status code.
+newDeleteDetectorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteDetectorResponse
+newDeleteDetectorResponse pHttpStatus_ =
+  DeleteDetectorResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+deleteDetectorResponse_httpStatus :: Lens.Lens' DeleteDetectorResponse Prelude.Int
+deleteDetectorResponse_httpStatus = Lens.lens (\DeleteDetectorResponse' {httpStatus} -> httpStatus) (\s@DeleteDetectorResponse' {} a -> s {httpStatus = a} :: DeleteDetectorResponse)
+
+instance Prelude.NFData DeleteDetectorResponse where
+  rnf DeleteDetectorResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/DeleteFilter.hs b/gen/Amazonka/GuardDuty/DeleteFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeleteFilter.hs
@@ -0,0 +1,164 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeleteFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the filter specified by the filter name.
+module Amazonka.GuardDuty.DeleteFilter
+  ( -- * Creating a Request
+    DeleteFilter (..),
+    newDeleteFilter,
+
+    -- * Request Lenses
+    deleteFilter_detectorId,
+    deleteFilter_filterName,
+
+    -- * Destructuring the Response
+    DeleteFilterResponse (..),
+    newDeleteFilterResponse,
+
+    -- * Response Lenses
+    deleteFilterResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteFilter' smart constructor.
+data DeleteFilter = DeleteFilter'
+  { -- | The unique ID of the detector that the filter is associated with.
+    detectorId :: Prelude.Text,
+    -- | The name of the filter that you want to delete.
+    filterName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'deleteFilter_detectorId' - The unique ID of the detector that the filter is associated with.
+--
+-- 'filterName', 'deleteFilter_filterName' - The name of the filter that you want to delete.
+newDeleteFilter ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'filterName'
+  Prelude.Text ->
+  DeleteFilter
+newDeleteFilter pDetectorId_ pFilterName_ =
+  DeleteFilter'
+    { detectorId = pDetectorId_,
+      filterName = pFilterName_
+    }
+
+-- | The unique ID of the detector that the filter is associated with.
+deleteFilter_detectorId :: Lens.Lens' DeleteFilter Prelude.Text
+deleteFilter_detectorId = Lens.lens (\DeleteFilter' {detectorId} -> detectorId) (\s@DeleteFilter' {} a -> s {detectorId = a} :: DeleteFilter)
+
+-- | The name of the filter that you want to delete.
+deleteFilter_filterName :: Lens.Lens' DeleteFilter Prelude.Text
+deleteFilter_filterName = Lens.lens (\DeleteFilter' {filterName} -> filterName) (\s@DeleteFilter' {} a -> s {filterName = a} :: DeleteFilter)
+
+instance Core.AWSRequest DeleteFilter where
+  type AWSResponse DeleteFilter = DeleteFilterResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteFilterResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteFilter where
+  hashWithSalt _salt DeleteFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` filterName
+
+instance Prelude.NFData DeleteFilter where
+  rnf DeleteFilter' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf filterName
+
+instance Data.ToHeaders DeleteFilter where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteFilter where
+  toPath DeleteFilter' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/filter/",
+        Data.toBS filterName
+      ]
+
+instance Data.ToQuery DeleteFilter where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteFilterResponse' smart constructor.
+data DeleteFilterResponse = DeleteFilterResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFilterResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteFilterResponse_httpStatus' - The response's http status code.
+newDeleteFilterResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteFilterResponse
+newDeleteFilterResponse pHttpStatus_ =
+  DeleteFilterResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+deleteFilterResponse_httpStatus :: Lens.Lens' DeleteFilterResponse Prelude.Int
+deleteFilterResponse_httpStatus = Lens.lens (\DeleteFilterResponse' {httpStatus} -> httpStatus) (\s@DeleteFilterResponse' {} a -> s {httpStatus = a} :: DeleteFilterResponse)
+
+instance Prelude.NFData DeleteFilterResponse where
+  rnf DeleteFilterResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/DeleteIPSet.hs b/gen/Amazonka/GuardDuty/DeleteIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeleteIPSet.hs
@@ -0,0 +1,164 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeleteIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the IPSet specified by the @ipSetId@. IPSets are called trusted
+-- IP lists in the console user interface.
+module Amazonka.GuardDuty.DeleteIPSet
+  ( -- * Creating a Request
+    DeleteIPSet (..),
+    newDeleteIPSet,
+
+    -- * Request Lenses
+    deleteIPSet_detectorId,
+    deleteIPSet_ipSetId,
+
+    -- * Destructuring the Response
+    DeleteIPSetResponse (..),
+    newDeleteIPSetResponse,
+
+    -- * Response Lenses
+    deleteIPSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteIPSet' smart constructor.
+data DeleteIPSet = DeleteIPSet'
+  { -- | The unique ID of the detector associated with the IPSet.
+    detectorId :: Prelude.Text,
+    -- | The unique ID of the IPSet to delete.
+    ipSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'deleteIPSet_detectorId' - The unique ID of the detector associated with the IPSet.
+--
+-- 'ipSetId', 'deleteIPSet_ipSetId' - The unique ID of the IPSet to delete.
+newDeleteIPSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'ipSetId'
+  Prelude.Text ->
+  DeleteIPSet
+newDeleteIPSet pDetectorId_ pIpSetId_ =
+  DeleteIPSet'
+    { detectorId = pDetectorId_,
+      ipSetId = pIpSetId_
+    }
+
+-- | The unique ID of the detector associated with the IPSet.
+deleteIPSet_detectorId :: Lens.Lens' DeleteIPSet Prelude.Text
+deleteIPSet_detectorId = Lens.lens (\DeleteIPSet' {detectorId} -> detectorId) (\s@DeleteIPSet' {} a -> s {detectorId = a} :: DeleteIPSet)
+
+-- | The unique ID of the IPSet to delete.
+deleteIPSet_ipSetId :: Lens.Lens' DeleteIPSet Prelude.Text
+deleteIPSet_ipSetId = Lens.lens (\DeleteIPSet' {ipSetId} -> ipSetId) (\s@DeleteIPSet' {} a -> s {ipSetId = a} :: DeleteIPSet)
+
+instance Core.AWSRequest DeleteIPSet where
+  type AWSResponse DeleteIPSet = DeleteIPSetResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteIPSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteIPSet where
+  hashWithSalt _salt DeleteIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` ipSetId
+
+instance Prelude.NFData DeleteIPSet where
+  rnf DeleteIPSet' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf ipSetId
+
+instance Data.ToHeaders DeleteIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteIPSet where
+  toPath DeleteIPSet' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/ipset/",
+        Data.toBS ipSetId
+      ]
+
+instance Data.ToQuery DeleteIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteIPSetResponse' smart constructor.
+data DeleteIPSetResponse = DeleteIPSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteIPSetResponse_httpStatus' - The response's http status code.
+newDeleteIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteIPSetResponse
+newDeleteIPSetResponse pHttpStatus_ =
+  DeleteIPSetResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+deleteIPSetResponse_httpStatus :: Lens.Lens' DeleteIPSetResponse Prelude.Int
+deleteIPSetResponse_httpStatus = Lens.lens (\DeleteIPSetResponse' {httpStatus} -> httpStatus) (\s@DeleteIPSetResponse' {} a -> s {httpStatus = a} :: DeleteIPSetResponse)
+
+instance Prelude.NFData DeleteIPSetResponse where
+  rnf DeleteIPSetResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/DeleteInvitations.hs b/gen/Amazonka/GuardDuty/DeleteInvitations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeleteInvitations.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeleteInvitations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes invitations sent to the current member account by Amazon Web
+-- Services accounts specified by their account IDs.
+module Amazonka.GuardDuty.DeleteInvitations
+  ( -- * Creating a Request
+    DeleteInvitations (..),
+    newDeleteInvitations,
+
+    -- * Request Lenses
+    deleteInvitations_accountIds,
+
+    -- * Destructuring the Response
+    DeleteInvitationsResponse (..),
+    newDeleteInvitationsResponse,
+
+    -- * Response Lenses
+    deleteInvitationsResponse_httpStatus,
+    deleteInvitationsResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteInvitations' smart constructor.
+data DeleteInvitations = DeleteInvitations'
+  { -- | A list of account IDs of the Amazon Web Services accounts that sent
+    -- invitations to the current member account that you want to delete
+    -- invitations from.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInvitations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'deleteInvitations_accountIds' - A list of account IDs of the Amazon Web Services accounts that sent
+-- invitations to the current member account that you want to delete
+-- invitations from.
+newDeleteInvitations ::
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  DeleteInvitations
+newDeleteInvitations pAccountIds_ =
+  DeleteInvitations'
+    { accountIds =
+        Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | A list of account IDs of the Amazon Web Services accounts that sent
+-- invitations to the current member account that you want to delete
+-- invitations from.
+deleteInvitations_accountIds :: Lens.Lens' DeleteInvitations (Prelude.NonEmpty Prelude.Text)
+deleteInvitations_accountIds = Lens.lens (\DeleteInvitations' {accountIds} -> accountIds) (\s@DeleteInvitations' {} a -> s {accountIds = a} :: DeleteInvitations) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DeleteInvitations where
+  type
+    AWSResponse DeleteInvitations =
+      DeleteInvitationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteInvitationsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable DeleteInvitations where
+  hashWithSalt _salt DeleteInvitations' {..} =
+    _salt `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DeleteInvitations where
+  rnf DeleteInvitations' {..} = Prelude.rnf accountIds
+
+instance Data.ToHeaders DeleteInvitations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteInvitations where
+  toJSON DeleteInvitations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DeleteInvitations where
+  toPath = Prelude.const "/invitation/delete"
+
+instance Data.ToQuery DeleteInvitations where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteInvitationsResponse' smart constructor.
+data DeleteInvitationsResponse = DeleteInvitationsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of objects that contain the unprocessed account and a result
+    -- string that explains why it was unprocessed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInvitationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteInvitationsResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'deleteInvitationsResponse_unprocessedAccounts' - A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+newDeleteInvitationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteInvitationsResponse
+newDeleteInvitationsResponse pHttpStatus_ =
+  DeleteInvitationsResponse'
+    { httpStatus =
+        pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+deleteInvitationsResponse_httpStatus :: Lens.Lens' DeleteInvitationsResponse Prelude.Int
+deleteInvitationsResponse_httpStatus = Lens.lens (\DeleteInvitationsResponse' {httpStatus} -> httpStatus) (\s@DeleteInvitationsResponse' {} a -> s {httpStatus = a} :: DeleteInvitationsResponse)
+
+-- | A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+deleteInvitationsResponse_unprocessedAccounts :: Lens.Lens' DeleteInvitationsResponse [UnprocessedAccount]
+deleteInvitationsResponse_unprocessedAccounts = Lens.lens (\DeleteInvitationsResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@DeleteInvitationsResponse' {} a -> s {unprocessedAccounts = a} :: DeleteInvitationsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData DeleteInvitationsResponse where
+  rnf DeleteInvitationsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/DeleteMembers.hs b/gen/Amazonka/GuardDuty/DeleteMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeleteMembers.hs
@@ -0,0 +1,196 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeleteMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes GuardDuty member accounts (to the current GuardDuty
+-- administrator account) specified by the account IDs.
+module Amazonka.GuardDuty.DeleteMembers
+  ( -- * Creating a Request
+    DeleteMembers (..),
+    newDeleteMembers,
+
+    -- * Request Lenses
+    deleteMembers_detectorId,
+    deleteMembers_accountIds,
+
+    -- * Destructuring the Response
+    DeleteMembersResponse (..),
+    newDeleteMembersResponse,
+
+    -- * Response Lenses
+    deleteMembersResponse_httpStatus,
+    deleteMembersResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteMembers' smart constructor.
+data DeleteMembers = DeleteMembers'
+  { -- | The unique ID of the detector of the GuardDuty account whose members you
+    -- want to delete.
+    detectorId :: Prelude.Text,
+    -- | A list of account IDs of the GuardDuty member accounts that you want to
+    -- delete.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'deleteMembers_detectorId' - The unique ID of the detector of the GuardDuty account whose members you
+-- want to delete.
+--
+-- 'accountIds', 'deleteMembers_accountIds' - A list of account IDs of the GuardDuty member accounts that you want to
+-- delete.
+newDeleteMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  DeleteMembers
+newDeleteMembers pDetectorId_ pAccountIds_ =
+  DeleteMembers'
+    { detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | The unique ID of the detector of the GuardDuty account whose members you
+-- want to delete.
+deleteMembers_detectorId :: Lens.Lens' DeleteMembers Prelude.Text
+deleteMembers_detectorId = Lens.lens (\DeleteMembers' {detectorId} -> detectorId) (\s@DeleteMembers' {} a -> s {detectorId = a} :: DeleteMembers)
+
+-- | A list of account IDs of the GuardDuty member accounts that you want to
+-- delete.
+deleteMembers_accountIds :: Lens.Lens' DeleteMembers (Prelude.NonEmpty Prelude.Text)
+deleteMembers_accountIds = Lens.lens (\DeleteMembers' {accountIds} -> accountIds) (\s@DeleteMembers' {} a -> s {accountIds = a} :: DeleteMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DeleteMembers where
+  type
+    AWSResponse DeleteMembers =
+      DeleteMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable DeleteMembers where
+  hashWithSalt _salt DeleteMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DeleteMembers where
+  rnf DeleteMembers' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders DeleteMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteMembers where
+  toJSON DeleteMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DeleteMembers where
+  toPath DeleteMembers' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/member/delete"
+      ]
+
+instance Data.ToQuery DeleteMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteMembersResponse' smart constructor.
+data DeleteMembersResponse = DeleteMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The accounts that could not be processed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteMembersResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'deleteMembersResponse_unprocessedAccounts' - The accounts that could not be processed.
+newDeleteMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteMembersResponse
+newDeleteMembersResponse pHttpStatus_ =
+  DeleteMembersResponse'
+    { httpStatus = pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+deleteMembersResponse_httpStatus :: Lens.Lens' DeleteMembersResponse Prelude.Int
+deleteMembersResponse_httpStatus = Lens.lens (\DeleteMembersResponse' {httpStatus} -> httpStatus) (\s@DeleteMembersResponse' {} a -> s {httpStatus = a} :: DeleteMembersResponse)
+
+-- | The accounts that could not be processed.
+deleteMembersResponse_unprocessedAccounts :: Lens.Lens' DeleteMembersResponse [UnprocessedAccount]
+deleteMembersResponse_unprocessedAccounts = Lens.lens (\DeleteMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@DeleteMembersResponse' {} a -> s {unprocessedAccounts = a} :: DeleteMembersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData DeleteMembersResponse where
+  rnf DeleteMembersResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/DeletePublishingDestination.hs b/gen/Amazonka/GuardDuty/DeletePublishingDestination.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeletePublishingDestination.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeletePublishingDestination
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the publishing definition with the specified @destinationId@.
+module Amazonka.GuardDuty.DeletePublishingDestination
+  ( -- * Creating a Request
+    DeletePublishingDestination (..),
+    newDeletePublishingDestination,
+
+    -- * Request Lenses
+    deletePublishingDestination_detectorId,
+    deletePublishingDestination_destinationId,
+
+    -- * Destructuring the Response
+    DeletePublishingDestinationResponse (..),
+    newDeletePublishingDestinationResponse,
+
+    -- * Response Lenses
+    deletePublishingDestinationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeletePublishingDestination' smart constructor.
+data DeletePublishingDestination = DeletePublishingDestination'
+  { -- | The unique ID of the detector associated with the publishing destination
+    -- to delete.
+    detectorId :: Prelude.Text,
+    -- | The ID of the publishing destination to delete.
+    destinationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePublishingDestination' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'deletePublishingDestination_detectorId' - The unique ID of the detector associated with the publishing destination
+-- to delete.
+--
+-- 'destinationId', 'deletePublishingDestination_destinationId' - The ID of the publishing destination to delete.
+newDeletePublishingDestination ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'destinationId'
+  Prelude.Text ->
+  DeletePublishingDestination
+newDeletePublishingDestination
+  pDetectorId_
+  pDestinationId_ =
+    DeletePublishingDestination'
+      { detectorId =
+          pDetectorId_,
+        destinationId = pDestinationId_
+      }
+
+-- | The unique ID of the detector associated with the publishing destination
+-- to delete.
+deletePublishingDestination_detectorId :: Lens.Lens' DeletePublishingDestination Prelude.Text
+deletePublishingDestination_detectorId = Lens.lens (\DeletePublishingDestination' {detectorId} -> detectorId) (\s@DeletePublishingDestination' {} a -> s {detectorId = a} :: DeletePublishingDestination)
+
+-- | The ID of the publishing destination to delete.
+deletePublishingDestination_destinationId :: Lens.Lens' DeletePublishingDestination Prelude.Text
+deletePublishingDestination_destinationId = Lens.lens (\DeletePublishingDestination' {destinationId} -> destinationId) (\s@DeletePublishingDestination' {} a -> s {destinationId = a} :: DeletePublishingDestination)
+
+instance Core.AWSRequest DeletePublishingDestination where
+  type
+    AWSResponse DeletePublishingDestination =
+      DeletePublishingDestinationResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeletePublishingDestinationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeletePublishingDestination where
+  hashWithSalt _salt DeletePublishingDestination' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` destinationId
+
+instance Prelude.NFData DeletePublishingDestination where
+  rnf DeletePublishingDestination' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf destinationId
+
+instance Data.ToHeaders DeletePublishingDestination where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeletePublishingDestination where
+  toPath DeletePublishingDestination' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/publishingDestination/",
+        Data.toBS destinationId
+      ]
+
+instance Data.ToQuery DeletePublishingDestination where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeletePublishingDestinationResponse' smart constructor.
+data DeletePublishingDestinationResponse = DeletePublishingDestinationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePublishingDestinationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deletePublishingDestinationResponse_httpStatus' - The response's http status code.
+newDeletePublishingDestinationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeletePublishingDestinationResponse
+newDeletePublishingDestinationResponse pHttpStatus_ =
+  DeletePublishingDestinationResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deletePublishingDestinationResponse_httpStatus :: Lens.Lens' DeletePublishingDestinationResponse Prelude.Int
+deletePublishingDestinationResponse_httpStatus = Lens.lens (\DeletePublishingDestinationResponse' {httpStatus} -> httpStatus) (\s@DeletePublishingDestinationResponse' {} a -> s {httpStatus = a} :: DeletePublishingDestinationResponse)
+
+instance
+  Prelude.NFData
+    DeletePublishingDestinationResponse
+  where
+  rnf DeletePublishingDestinationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/DeleteThreatIntelSet.hs b/gen/Amazonka/GuardDuty/DeleteThreatIntelSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DeleteThreatIntelSet.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DeleteThreatIntelSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
+module Amazonka.GuardDuty.DeleteThreatIntelSet
+  ( -- * Creating a Request
+    DeleteThreatIntelSet (..),
+    newDeleteThreatIntelSet,
+
+    -- * Request Lenses
+    deleteThreatIntelSet_detectorId,
+    deleteThreatIntelSet_threatIntelSetId,
+
+    -- * Destructuring the Response
+    DeleteThreatIntelSetResponse (..),
+    newDeleteThreatIntelSetResponse,
+
+    -- * Response Lenses
+    deleteThreatIntelSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDeleteThreatIntelSet' smart constructor.
+data DeleteThreatIntelSet = DeleteThreatIntelSet'
+  { -- | The unique ID of the detector that the threatIntelSet is associated
+    -- with.
+    detectorId :: Prelude.Text,
+    -- | The unique ID of the threatIntelSet that you want to delete.
+    threatIntelSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteThreatIntelSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'deleteThreatIntelSet_detectorId' - The unique ID of the detector that the threatIntelSet is associated
+-- with.
+--
+-- 'threatIntelSetId', 'deleteThreatIntelSet_threatIntelSetId' - The unique ID of the threatIntelSet that you want to delete.
+newDeleteThreatIntelSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'threatIntelSetId'
+  Prelude.Text ->
+  DeleteThreatIntelSet
+newDeleteThreatIntelSet
+  pDetectorId_
+  pThreatIntelSetId_ =
+    DeleteThreatIntelSet'
+      { detectorId = pDetectorId_,
+        threatIntelSetId = pThreatIntelSetId_
+      }
+
+-- | The unique ID of the detector that the threatIntelSet is associated
+-- with.
+deleteThreatIntelSet_detectorId :: Lens.Lens' DeleteThreatIntelSet Prelude.Text
+deleteThreatIntelSet_detectorId = Lens.lens (\DeleteThreatIntelSet' {detectorId} -> detectorId) (\s@DeleteThreatIntelSet' {} a -> s {detectorId = a} :: DeleteThreatIntelSet)
+
+-- | The unique ID of the threatIntelSet that you want to delete.
+deleteThreatIntelSet_threatIntelSetId :: Lens.Lens' DeleteThreatIntelSet Prelude.Text
+deleteThreatIntelSet_threatIntelSetId = Lens.lens (\DeleteThreatIntelSet' {threatIntelSetId} -> threatIntelSetId) (\s@DeleteThreatIntelSet' {} a -> s {threatIntelSetId = a} :: DeleteThreatIntelSet)
+
+instance Core.AWSRequest DeleteThreatIntelSet where
+  type
+    AWSResponse DeleteThreatIntelSet =
+      DeleteThreatIntelSetResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteThreatIntelSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteThreatIntelSet where
+  hashWithSalt _salt DeleteThreatIntelSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` threatIntelSetId
+
+instance Prelude.NFData DeleteThreatIntelSet where
+  rnf DeleteThreatIntelSet' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf threatIntelSetId
+
+instance Data.ToHeaders DeleteThreatIntelSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteThreatIntelSet where
+  toPath DeleteThreatIntelSet' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/threatintelset/",
+        Data.toBS threatIntelSetId
+      ]
+
+instance Data.ToQuery DeleteThreatIntelSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteThreatIntelSetResponse' smart constructor.
+data DeleteThreatIntelSetResponse = DeleteThreatIntelSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteThreatIntelSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteThreatIntelSetResponse_httpStatus' - The response's http status code.
+newDeleteThreatIntelSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteThreatIntelSetResponse
+newDeleteThreatIntelSetResponse pHttpStatus_ =
+  DeleteThreatIntelSetResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deleteThreatIntelSetResponse_httpStatus :: Lens.Lens' DeleteThreatIntelSetResponse Prelude.Int
+deleteThreatIntelSetResponse_httpStatus = Lens.lens (\DeleteThreatIntelSetResponse' {httpStatus} -> httpStatus) (\s@DeleteThreatIntelSetResponse' {} a -> s {httpStatus = a} :: DeleteThreatIntelSetResponse)
+
+instance Prelude.NFData DeleteThreatIntelSetResponse where
+  rnf DeleteThreatIntelSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/DescribeMalwareScans.hs b/gen/Amazonka/GuardDuty/DescribeMalwareScans.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DescribeMalwareScans.hs
@@ -0,0 +1,283 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DescribeMalwareScans
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of malware scans. Each member account can view the
+-- malware scans for their own accounts. An administrator can view the
+-- malware scans for all the member accounts.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.DescribeMalwareScans
+  ( -- * Creating a Request
+    DescribeMalwareScans (..),
+    newDescribeMalwareScans,
+
+    -- * Request Lenses
+    describeMalwareScans_filterCriteria,
+    describeMalwareScans_maxResults,
+    describeMalwareScans_nextToken,
+    describeMalwareScans_sortCriteria,
+    describeMalwareScans_detectorId,
+
+    -- * Destructuring the Response
+    DescribeMalwareScansResponse (..),
+    newDescribeMalwareScansResponse,
+
+    -- * Response Lenses
+    describeMalwareScansResponse_nextToken,
+    describeMalwareScansResponse_httpStatus,
+    describeMalwareScansResponse_scans,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDescribeMalwareScans' smart constructor.
+data DescribeMalwareScans = DescribeMalwareScans'
+  { -- | Represents the criteria to be used in the filter for describing scan
+    -- entries.
+    filterCriteria :: Prelude.Maybe FilterCriteria,
+    -- | You can use this parameter to indicate the maximum number of items that
+    -- you want in the response. The default value is 50. The maximum value is
+    -- 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter when paginating results. Set the value of
+    -- this parameter to null on your first call to the list action. For
+    -- subsequent calls to the action, fill nextToken in the request with the
+    -- value of NextToken from the previous response to continue listing data.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | Represents the criteria used for sorting scan entries.
+    sortCriteria :: Prelude.Maybe SortCriteria,
+    -- | The unique ID of the detector that the request is associated with.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeMalwareScans' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filterCriteria', 'describeMalwareScans_filterCriteria' - Represents the criteria to be used in the filter for describing scan
+-- entries.
+--
+-- 'maxResults', 'describeMalwareScans_maxResults' - You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+--
+-- 'nextToken', 'describeMalwareScans_nextToken' - You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+--
+-- 'sortCriteria', 'describeMalwareScans_sortCriteria' - Represents the criteria used for sorting scan entries.
+--
+-- 'detectorId', 'describeMalwareScans_detectorId' - The unique ID of the detector that the request is associated with.
+newDescribeMalwareScans ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  DescribeMalwareScans
+newDescribeMalwareScans pDetectorId_ =
+  DescribeMalwareScans'
+    { filterCriteria =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      sortCriteria = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | Represents the criteria to be used in the filter for describing scan
+-- entries.
+describeMalwareScans_filterCriteria :: Lens.Lens' DescribeMalwareScans (Prelude.Maybe FilterCriteria)
+describeMalwareScans_filterCriteria = Lens.lens (\DescribeMalwareScans' {filterCriteria} -> filterCriteria) (\s@DescribeMalwareScans' {} a -> s {filterCriteria = a} :: DescribeMalwareScans)
+
+-- | You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+describeMalwareScans_maxResults :: Lens.Lens' DescribeMalwareScans (Prelude.Maybe Prelude.Natural)
+describeMalwareScans_maxResults = Lens.lens (\DescribeMalwareScans' {maxResults} -> maxResults) (\s@DescribeMalwareScans' {} a -> s {maxResults = a} :: DescribeMalwareScans)
+
+-- | You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+describeMalwareScans_nextToken :: Lens.Lens' DescribeMalwareScans (Prelude.Maybe Prelude.Text)
+describeMalwareScans_nextToken = Lens.lens (\DescribeMalwareScans' {nextToken} -> nextToken) (\s@DescribeMalwareScans' {} a -> s {nextToken = a} :: DescribeMalwareScans)
+
+-- | Represents the criteria used for sorting scan entries.
+describeMalwareScans_sortCriteria :: Lens.Lens' DescribeMalwareScans (Prelude.Maybe SortCriteria)
+describeMalwareScans_sortCriteria = Lens.lens (\DescribeMalwareScans' {sortCriteria} -> sortCriteria) (\s@DescribeMalwareScans' {} a -> s {sortCriteria = a} :: DescribeMalwareScans)
+
+-- | The unique ID of the detector that the request is associated with.
+describeMalwareScans_detectorId :: Lens.Lens' DescribeMalwareScans Prelude.Text
+describeMalwareScans_detectorId = Lens.lens (\DescribeMalwareScans' {detectorId} -> detectorId) (\s@DescribeMalwareScans' {} a -> s {detectorId = a} :: DescribeMalwareScans)
+
+instance Core.AWSPager DescribeMalwareScans where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? describeMalwareScansResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. describeMalwareScansResponse_scans) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& describeMalwareScans_nextToken
+          Lens..~ rs
+          Lens.^? describeMalwareScansResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest DescribeMalwareScans where
+  type
+    AWSResponse DescribeMalwareScans =
+      DescribeMalwareScansResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeMalwareScansResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "scans" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable DescribeMalwareScans where
+  hashWithSalt _salt DescribeMalwareScans' {..} =
+    _salt
+      `Prelude.hashWithSalt` filterCriteria
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` sortCriteria
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData DescribeMalwareScans where
+  rnf DescribeMalwareScans' {..} =
+    Prelude.rnf filterCriteria
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf sortCriteria
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders DescribeMalwareScans where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeMalwareScans where
+  toJSON DescribeMalwareScans' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("filterCriteria" Data..=)
+              Prelude.<$> filterCriteria,
+            ("maxResults" Data..=) Prelude.<$> maxResults,
+            ("nextToken" Data..=) Prelude.<$> nextToken,
+            ("sortCriteria" Data..=) Prelude.<$> sortCriteria
+          ]
+      )
+
+instance Data.ToPath DescribeMalwareScans where
+  toPath DescribeMalwareScans' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/malware-scans"
+      ]
+
+instance Data.ToQuery DescribeMalwareScans where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeMalwareScansResponse' smart constructor.
+data DescribeMalwareScansResponse = DescribeMalwareScansResponse'
+  { -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | Contains information about malware scans.
+    scans :: [Scan]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeMalwareScansResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'describeMalwareScansResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'describeMalwareScansResponse_httpStatus' - The response's http status code.
+--
+-- 'scans', 'describeMalwareScansResponse_scans' - Contains information about malware scans.
+newDescribeMalwareScansResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeMalwareScansResponse
+newDescribeMalwareScansResponse pHttpStatus_ =
+  DescribeMalwareScansResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      scans = Prelude.mempty
+    }
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+describeMalwareScansResponse_nextToken :: Lens.Lens' DescribeMalwareScansResponse (Prelude.Maybe Prelude.Text)
+describeMalwareScansResponse_nextToken = Lens.lens (\DescribeMalwareScansResponse' {nextToken} -> nextToken) (\s@DescribeMalwareScansResponse' {} a -> s {nextToken = a} :: DescribeMalwareScansResponse)
+
+-- | The response's http status code.
+describeMalwareScansResponse_httpStatus :: Lens.Lens' DescribeMalwareScansResponse Prelude.Int
+describeMalwareScansResponse_httpStatus = Lens.lens (\DescribeMalwareScansResponse' {httpStatus} -> httpStatus) (\s@DescribeMalwareScansResponse' {} a -> s {httpStatus = a} :: DescribeMalwareScansResponse)
+
+-- | Contains information about malware scans.
+describeMalwareScansResponse_scans :: Lens.Lens' DescribeMalwareScansResponse [Scan]
+describeMalwareScansResponse_scans = Lens.lens (\DescribeMalwareScansResponse' {scans} -> scans) (\s@DescribeMalwareScansResponse' {} a -> s {scans = a} :: DescribeMalwareScansResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData DescribeMalwareScansResponse where
+  rnf DescribeMalwareScansResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf scans
diff --git a/gen/Amazonka/GuardDuty/DescribeOrganizationConfiguration.hs b/gen/Amazonka/GuardDuty/DescribeOrganizationConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DescribeOrganizationConfiguration.hs
@@ -0,0 +1,234 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DescribeOrganizationConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns information about the account selected as the delegated
+-- administrator for GuardDuty.
+module Amazonka.GuardDuty.DescribeOrganizationConfiguration
+  ( -- * Creating a Request
+    DescribeOrganizationConfiguration (..),
+    newDescribeOrganizationConfiguration,
+
+    -- * Request Lenses
+    describeOrganizationConfiguration_detectorId,
+
+    -- * Destructuring the Response
+    DescribeOrganizationConfigurationResponse (..),
+    newDescribeOrganizationConfigurationResponse,
+
+    -- * Response Lenses
+    describeOrganizationConfigurationResponse_dataSources,
+    describeOrganizationConfigurationResponse_httpStatus,
+    describeOrganizationConfigurationResponse_autoEnable,
+    describeOrganizationConfigurationResponse_memberAccountLimitReached,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDescribeOrganizationConfiguration' smart constructor.
+data DescribeOrganizationConfiguration = DescribeOrganizationConfiguration'
+  { -- | The ID of the detector to retrieve information about the delegated
+    -- administrator from.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeOrganizationConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'describeOrganizationConfiguration_detectorId' - The ID of the detector to retrieve information about the delegated
+-- administrator from.
+newDescribeOrganizationConfiguration ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  DescribeOrganizationConfiguration
+newDescribeOrganizationConfiguration pDetectorId_ =
+  DescribeOrganizationConfiguration'
+    { detectorId =
+        pDetectorId_
+    }
+
+-- | The ID of the detector to retrieve information about the delegated
+-- administrator from.
+describeOrganizationConfiguration_detectorId :: Lens.Lens' DescribeOrganizationConfiguration Prelude.Text
+describeOrganizationConfiguration_detectorId = Lens.lens (\DescribeOrganizationConfiguration' {detectorId} -> detectorId) (\s@DescribeOrganizationConfiguration' {} a -> s {detectorId = a} :: DescribeOrganizationConfiguration)
+
+instance
+  Core.AWSRequest
+    DescribeOrganizationConfiguration
+  where
+  type
+    AWSResponse DescribeOrganizationConfiguration =
+      DescribeOrganizationConfigurationResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeOrganizationConfigurationResponse'
+            Prelude.<$> (x Data..?> "dataSources")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "autoEnable")
+            Prelude.<*> (x Data..:> "memberAccountLimitReached")
+      )
+
+instance
+  Prelude.Hashable
+    DescribeOrganizationConfiguration
+  where
+  hashWithSalt
+    _salt
+    DescribeOrganizationConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` detectorId
+
+instance
+  Prelude.NFData
+    DescribeOrganizationConfiguration
+  where
+  rnf DescribeOrganizationConfiguration' {..} =
+    Prelude.rnf detectorId
+
+instance
+  Data.ToHeaders
+    DescribeOrganizationConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToPath
+    DescribeOrganizationConfiguration
+  where
+  toPath DescribeOrganizationConfiguration' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/admin"]
+
+instance
+  Data.ToQuery
+    DescribeOrganizationConfiguration
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeOrganizationConfigurationResponse' smart constructor.
+data DescribeOrganizationConfigurationResponse = DescribeOrganizationConfigurationResponse'
+  { -- | Describes which data sources are enabled automatically for member
+    -- accounts.
+    dataSources :: Prelude.Maybe OrganizationDataSourceConfigurationsResult,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | Indicates whether GuardDuty is automatically enabled for accounts added
+    -- to the organization.
+    autoEnable :: Prelude.Bool,
+    -- | Indicates whether the maximum number of allowed member accounts are
+    -- already associated with the delegated administrator account for your
+    -- organization.
+    memberAccountLimitReached :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeOrganizationConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataSources', 'describeOrganizationConfigurationResponse_dataSources' - Describes which data sources are enabled automatically for member
+-- accounts.
+--
+-- 'httpStatus', 'describeOrganizationConfigurationResponse_httpStatus' - The response's http status code.
+--
+-- 'autoEnable', 'describeOrganizationConfigurationResponse_autoEnable' - Indicates whether GuardDuty is automatically enabled for accounts added
+-- to the organization.
+--
+-- 'memberAccountLimitReached', 'describeOrganizationConfigurationResponse_memberAccountLimitReached' - Indicates whether the maximum number of allowed member accounts are
+-- already associated with the delegated administrator account for your
+-- organization.
+newDescribeOrganizationConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'autoEnable'
+  Prelude.Bool ->
+  -- | 'memberAccountLimitReached'
+  Prelude.Bool ->
+  DescribeOrganizationConfigurationResponse
+newDescribeOrganizationConfigurationResponse
+  pHttpStatus_
+  pAutoEnable_
+  pMemberAccountLimitReached_ =
+    DescribeOrganizationConfigurationResponse'
+      { dataSources =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_,
+        autoEnable = pAutoEnable_,
+        memberAccountLimitReached =
+          pMemberAccountLimitReached_
+      }
+
+-- | Describes which data sources are enabled automatically for member
+-- accounts.
+describeOrganizationConfigurationResponse_dataSources :: Lens.Lens' DescribeOrganizationConfigurationResponse (Prelude.Maybe OrganizationDataSourceConfigurationsResult)
+describeOrganizationConfigurationResponse_dataSources = Lens.lens (\DescribeOrganizationConfigurationResponse' {dataSources} -> dataSources) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {dataSources = a} :: DescribeOrganizationConfigurationResponse)
+
+-- | The response's http status code.
+describeOrganizationConfigurationResponse_httpStatus :: Lens.Lens' DescribeOrganizationConfigurationResponse Prelude.Int
+describeOrganizationConfigurationResponse_httpStatus = Lens.lens (\DescribeOrganizationConfigurationResponse' {httpStatus} -> httpStatus) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {httpStatus = a} :: DescribeOrganizationConfigurationResponse)
+
+-- | Indicates whether GuardDuty is automatically enabled for accounts added
+-- to the organization.
+describeOrganizationConfigurationResponse_autoEnable :: Lens.Lens' DescribeOrganizationConfigurationResponse Prelude.Bool
+describeOrganizationConfigurationResponse_autoEnable = Lens.lens (\DescribeOrganizationConfigurationResponse' {autoEnable} -> autoEnable) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {autoEnable = a} :: DescribeOrganizationConfigurationResponse)
+
+-- | Indicates whether the maximum number of allowed member accounts are
+-- already associated with the delegated administrator account for your
+-- organization.
+describeOrganizationConfigurationResponse_memberAccountLimitReached :: Lens.Lens' DescribeOrganizationConfigurationResponse Prelude.Bool
+describeOrganizationConfigurationResponse_memberAccountLimitReached = Lens.lens (\DescribeOrganizationConfigurationResponse' {memberAccountLimitReached} -> memberAccountLimitReached) (\s@DescribeOrganizationConfigurationResponse' {} a -> s {memberAccountLimitReached = a} :: DescribeOrganizationConfigurationResponse)
+
+instance
+  Prelude.NFData
+    DescribeOrganizationConfigurationResponse
+  where
+  rnf DescribeOrganizationConfigurationResponse' {..} =
+    Prelude.rnf dataSources
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf autoEnable
+      `Prelude.seq` Prelude.rnf memberAccountLimitReached
diff --git a/gen/Amazonka/GuardDuty/DescribePublishingDestination.hs b/gen/Amazonka/GuardDuty/DescribePublishingDestination.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DescribePublishingDestination.hs
@@ -0,0 +1,272 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DescribePublishingDestination
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns information about the publishing destination specified by the
+-- provided @destinationId@.
+module Amazonka.GuardDuty.DescribePublishingDestination
+  ( -- * Creating a Request
+    DescribePublishingDestination (..),
+    newDescribePublishingDestination,
+
+    -- * Request Lenses
+    describePublishingDestination_detectorId,
+    describePublishingDestination_destinationId,
+
+    -- * Destructuring the Response
+    DescribePublishingDestinationResponse (..),
+    newDescribePublishingDestinationResponse,
+
+    -- * Response Lenses
+    describePublishingDestinationResponse_httpStatus,
+    describePublishingDestinationResponse_destinationId,
+    describePublishingDestinationResponse_destinationType,
+    describePublishingDestinationResponse_status,
+    describePublishingDestinationResponse_publishingFailureStartTimestamp,
+    describePublishingDestinationResponse_destinationProperties,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDescribePublishingDestination' smart constructor.
+data DescribePublishingDestination = DescribePublishingDestination'
+  { -- | The unique ID of the detector associated with the publishing destination
+    -- to retrieve.
+    detectorId :: Prelude.Text,
+    -- | The ID of the publishing destination to retrieve.
+    destinationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribePublishingDestination' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'describePublishingDestination_detectorId' - The unique ID of the detector associated with the publishing destination
+-- to retrieve.
+--
+-- 'destinationId', 'describePublishingDestination_destinationId' - The ID of the publishing destination to retrieve.
+newDescribePublishingDestination ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'destinationId'
+  Prelude.Text ->
+  DescribePublishingDestination
+newDescribePublishingDestination
+  pDetectorId_
+  pDestinationId_ =
+    DescribePublishingDestination'
+      { detectorId =
+          pDetectorId_,
+        destinationId = pDestinationId_
+      }
+
+-- | The unique ID of the detector associated with the publishing destination
+-- to retrieve.
+describePublishingDestination_detectorId :: Lens.Lens' DescribePublishingDestination Prelude.Text
+describePublishingDestination_detectorId = Lens.lens (\DescribePublishingDestination' {detectorId} -> detectorId) (\s@DescribePublishingDestination' {} a -> s {detectorId = a} :: DescribePublishingDestination)
+
+-- | The ID of the publishing destination to retrieve.
+describePublishingDestination_destinationId :: Lens.Lens' DescribePublishingDestination Prelude.Text
+describePublishingDestination_destinationId = Lens.lens (\DescribePublishingDestination' {destinationId} -> destinationId) (\s@DescribePublishingDestination' {} a -> s {destinationId = a} :: DescribePublishingDestination)
+
+instance
+  Core.AWSRequest
+    DescribePublishingDestination
+  where
+  type
+    AWSResponse DescribePublishingDestination =
+      DescribePublishingDestinationResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribePublishingDestinationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "destinationId")
+            Prelude.<*> (x Data..:> "destinationType")
+            Prelude.<*> (x Data..:> "status")
+            Prelude.<*> (x Data..:> "publishingFailureStartTimestamp")
+            Prelude.<*> (x Data..:> "destinationProperties")
+      )
+
+instance
+  Prelude.Hashable
+    DescribePublishingDestination
+  where
+  hashWithSalt _salt DescribePublishingDestination' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` destinationId
+
+instance Prelude.NFData DescribePublishingDestination where
+  rnf DescribePublishingDestination' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf destinationId
+
+instance Data.ToHeaders DescribePublishingDestination where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DescribePublishingDestination where
+  toPath DescribePublishingDestination' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/publishingDestination/",
+        Data.toBS destinationId
+      ]
+
+instance Data.ToQuery DescribePublishingDestination where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribePublishingDestinationResponse' smart constructor.
+data DescribePublishingDestinationResponse = DescribePublishingDestinationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The ID of the publishing destination.
+    destinationId :: Prelude.Text,
+    -- | The type of publishing destination. Currently, only Amazon S3 buckets
+    -- are supported.
+    destinationType :: DestinationType,
+    -- | The status of the publishing destination.
+    status :: PublishingStatus,
+    -- | The time, in epoch millisecond format, at which GuardDuty was first
+    -- unable to publish findings to the destination.
+    publishingFailureStartTimestamp :: Prelude.Integer,
+    -- | A @DestinationProperties@ object that includes the @DestinationArn@ and
+    -- @KmsKeyArn@ of the publishing destination.
+    destinationProperties :: DestinationProperties
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribePublishingDestinationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'describePublishingDestinationResponse_httpStatus' - The response's http status code.
+--
+-- 'destinationId', 'describePublishingDestinationResponse_destinationId' - The ID of the publishing destination.
+--
+-- 'destinationType', 'describePublishingDestinationResponse_destinationType' - The type of publishing destination. Currently, only Amazon S3 buckets
+-- are supported.
+--
+-- 'status', 'describePublishingDestinationResponse_status' - The status of the publishing destination.
+--
+-- 'publishingFailureStartTimestamp', 'describePublishingDestinationResponse_publishingFailureStartTimestamp' - The time, in epoch millisecond format, at which GuardDuty was first
+-- unable to publish findings to the destination.
+--
+-- 'destinationProperties', 'describePublishingDestinationResponse_destinationProperties' - A @DestinationProperties@ object that includes the @DestinationArn@ and
+-- @KmsKeyArn@ of the publishing destination.
+newDescribePublishingDestinationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'destinationId'
+  Prelude.Text ->
+  -- | 'destinationType'
+  DestinationType ->
+  -- | 'status'
+  PublishingStatus ->
+  -- | 'publishingFailureStartTimestamp'
+  Prelude.Integer ->
+  -- | 'destinationProperties'
+  DestinationProperties ->
+  DescribePublishingDestinationResponse
+newDescribePublishingDestinationResponse
+  pHttpStatus_
+  pDestinationId_
+  pDestinationType_
+  pStatus_
+  pPublishingFailureStartTimestamp_
+  pDestinationProperties_ =
+    DescribePublishingDestinationResponse'
+      { httpStatus =
+          pHttpStatus_,
+        destinationId = pDestinationId_,
+        destinationType = pDestinationType_,
+        status = pStatus_,
+        publishingFailureStartTimestamp =
+          pPublishingFailureStartTimestamp_,
+        destinationProperties =
+          pDestinationProperties_
+      }
+
+-- | The response's http status code.
+describePublishingDestinationResponse_httpStatus :: Lens.Lens' DescribePublishingDestinationResponse Prelude.Int
+describePublishingDestinationResponse_httpStatus = Lens.lens (\DescribePublishingDestinationResponse' {httpStatus} -> httpStatus) (\s@DescribePublishingDestinationResponse' {} a -> s {httpStatus = a} :: DescribePublishingDestinationResponse)
+
+-- | The ID of the publishing destination.
+describePublishingDestinationResponse_destinationId :: Lens.Lens' DescribePublishingDestinationResponse Prelude.Text
+describePublishingDestinationResponse_destinationId = Lens.lens (\DescribePublishingDestinationResponse' {destinationId} -> destinationId) (\s@DescribePublishingDestinationResponse' {} a -> s {destinationId = a} :: DescribePublishingDestinationResponse)
+
+-- | The type of publishing destination. Currently, only Amazon S3 buckets
+-- are supported.
+describePublishingDestinationResponse_destinationType :: Lens.Lens' DescribePublishingDestinationResponse DestinationType
+describePublishingDestinationResponse_destinationType = Lens.lens (\DescribePublishingDestinationResponse' {destinationType} -> destinationType) (\s@DescribePublishingDestinationResponse' {} a -> s {destinationType = a} :: DescribePublishingDestinationResponse)
+
+-- | The status of the publishing destination.
+describePublishingDestinationResponse_status :: Lens.Lens' DescribePublishingDestinationResponse PublishingStatus
+describePublishingDestinationResponse_status = Lens.lens (\DescribePublishingDestinationResponse' {status} -> status) (\s@DescribePublishingDestinationResponse' {} a -> s {status = a} :: DescribePublishingDestinationResponse)
+
+-- | The time, in epoch millisecond format, at which GuardDuty was first
+-- unable to publish findings to the destination.
+describePublishingDestinationResponse_publishingFailureStartTimestamp :: Lens.Lens' DescribePublishingDestinationResponse Prelude.Integer
+describePublishingDestinationResponse_publishingFailureStartTimestamp = Lens.lens (\DescribePublishingDestinationResponse' {publishingFailureStartTimestamp} -> publishingFailureStartTimestamp) (\s@DescribePublishingDestinationResponse' {} a -> s {publishingFailureStartTimestamp = a} :: DescribePublishingDestinationResponse)
+
+-- | A @DestinationProperties@ object that includes the @DestinationArn@ and
+-- @KmsKeyArn@ of the publishing destination.
+describePublishingDestinationResponse_destinationProperties :: Lens.Lens' DescribePublishingDestinationResponse DestinationProperties
+describePublishingDestinationResponse_destinationProperties = Lens.lens (\DescribePublishingDestinationResponse' {destinationProperties} -> destinationProperties) (\s@DescribePublishingDestinationResponse' {} a -> s {destinationProperties = a} :: DescribePublishingDestinationResponse)
+
+instance
+  Prelude.NFData
+    DescribePublishingDestinationResponse
+  where
+  rnf DescribePublishingDestinationResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf destinationId
+      `Prelude.seq` Prelude.rnf destinationType
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf publishingFailureStartTimestamp
+      `Prelude.seq` Prelude.rnf destinationProperties
diff --git a/gen/Amazonka/GuardDuty/DisableOrganizationAdminAccount.hs b/gen/Amazonka/GuardDuty/DisableOrganizationAdminAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DisableOrganizationAdminAccount.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DisableOrganizationAdminAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables an Amazon Web Services account within the Organization as the
+-- GuardDuty delegated administrator.
+module Amazonka.GuardDuty.DisableOrganizationAdminAccount
+  ( -- * Creating a Request
+    DisableOrganizationAdminAccount (..),
+    newDisableOrganizationAdminAccount,
+
+    -- * Request Lenses
+    disableOrganizationAdminAccount_adminAccountId,
+
+    -- * Destructuring the Response
+    DisableOrganizationAdminAccountResponse (..),
+    newDisableOrganizationAdminAccountResponse,
+
+    -- * Response Lenses
+    disableOrganizationAdminAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDisableOrganizationAdminAccount' smart constructor.
+data DisableOrganizationAdminAccount = DisableOrganizationAdminAccount'
+  { -- | The Amazon Web Services Account ID for the organizations account to be
+    -- disabled as a GuardDuty delegated administrator.
+    adminAccountId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableOrganizationAdminAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adminAccountId', 'disableOrganizationAdminAccount_adminAccountId' - The Amazon Web Services Account ID for the organizations account to be
+-- disabled as a GuardDuty delegated administrator.
+newDisableOrganizationAdminAccount ::
+  -- | 'adminAccountId'
+  Prelude.Text ->
+  DisableOrganizationAdminAccount
+newDisableOrganizationAdminAccount pAdminAccountId_ =
+  DisableOrganizationAdminAccount'
+    { adminAccountId =
+        pAdminAccountId_
+    }
+
+-- | The Amazon Web Services Account ID for the organizations account to be
+-- disabled as a GuardDuty delegated administrator.
+disableOrganizationAdminAccount_adminAccountId :: Lens.Lens' DisableOrganizationAdminAccount Prelude.Text
+disableOrganizationAdminAccount_adminAccountId = Lens.lens (\DisableOrganizationAdminAccount' {adminAccountId} -> adminAccountId) (\s@DisableOrganizationAdminAccount' {} a -> s {adminAccountId = a} :: DisableOrganizationAdminAccount)
+
+instance
+  Core.AWSRequest
+    DisableOrganizationAdminAccount
+  where
+  type
+    AWSResponse DisableOrganizationAdminAccount =
+      DisableOrganizationAdminAccountResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisableOrganizationAdminAccountResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisableOrganizationAdminAccount
+  where
+  hashWithSalt
+    _salt
+    DisableOrganizationAdminAccount' {..} =
+      _salt `Prelude.hashWithSalt` adminAccountId
+
+instance
+  Prelude.NFData
+    DisableOrganizationAdminAccount
+  where
+  rnf DisableOrganizationAdminAccount' {..} =
+    Prelude.rnf adminAccountId
+
+instance
+  Data.ToHeaders
+    DisableOrganizationAdminAccount
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisableOrganizationAdminAccount where
+  toJSON DisableOrganizationAdminAccount' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("adminAccountId" Data..= adminAccountId)
+          ]
+      )
+
+instance Data.ToPath DisableOrganizationAdminAccount where
+  toPath = Prelude.const "/admin/disable"
+
+instance Data.ToQuery DisableOrganizationAdminAccount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisableOrganizationAdminAccountResponse' smart constructor.
+data DisableOrganizationAdminAccountResponse = DisableOrganizationAdminAccountResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableOrganizationAdminAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disableOrganizationAdminAccountResponse_httpStatus' - The response's http status code.
+newDisableOrganizationAdminAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisableOrganizationAdminAccountResponse
+newDisableOrganizationAdminAccountResponse
+  pHttpStatus_ =
+    DisableOrganizationAdminAccountResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+disableOrganizationAdminAccountResponse_httpStatus :: Lens.Lens' DisableOrganizationAdminAccountResponse Prelude.Int
+disableOrganizationAdminAccountResponse_httpStatus = Lens.lens (\DisableOrganizationAdminAccountResponse' {httpStatus} -> httpStatus) (\s@DisableOrganizationAdminAccountResponse' {} a -> s {httpStatus = a} :: DisableOrganizationAdminAccountResponse)
+
+instance
+  Prelude.NFData
+    DisableOrganizationAdminAccountResponse
+  where
+  rnf DisableOrganizationAdminAccountResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/DisassociateFromAdministratorAccount.hs b/gen/Amazonka/GuardDuty/DisassociateFromAdministratorAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DisassociateFromAdministratorAccount.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DisassociateFromAdministratorAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates the current GuardDuty member account from its
+-- administrator account.
+module Amazonka.GuardDuty.DisassociateFromAdministratorAccount
+  ( -- * Creating a Request
+    DisassociateFromAdministratorAccount (..),
+    newDisassociateFromAdministratorAccount,
+
+    -- * Request Lenses
+    disassociateFromAdministratorAccount_detectorId,
+
+    -- * Destructuring the Response
+    DisassociateFromAdministratorAccountResponse (..),
+    newDisassociateFromAdministratorAccountResponse,
+
+    -- * Response Lenses
+    disassociateFromAdministratorAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDisassociateFromAdministratorAccount' smart constructor.
+data DisassociateFromAdministratorAccount = DisassociateFromAdministratorAccount'
+  { -- | The unique ID of the detector of the GuardDuty member account.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateFromAdministratorAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'disassociateFromAdministratorAccount_detectorId' - The unique ID of the detector of the GuardDuty member account.
+newDisassociateFromAdministratorAccount ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  DisassociateFromAdministratorAccount
+newDisassociateFromAdministratorAccount pDetectorId_ =
+  DisassociateFromAdministratorAccount'
+    { detectorId =
+        pDetectorId_
+    }
+
+-- | The unique ID of the detector of the GuardDuty member account.
+disassociateFromAdministratorAccount_detectorId :: Lens.Lens' DisassociateFromAdministratorAccount Prelude.Text
+disassociateFromAdministratorAccount_detectorId = Lens.lens (\DisassociateFromAdministratorAccount' {detectorId} -> detectorId) (\s@DisassociateFromAdministratorAccount' {} a -> s {detectorId = a} :: DisassociateFromAdministratorAccount)
+
+instance
+  Core.AWSRequest
+    DisassociateFromAdministratorAccount
+  where
+  type
+    AWSResponse DisassociateFromAdministratorAccount =
+      DisassociateFromAdministratorAccountResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisassociateFromAdministratorAccountResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisassociateFromAdministratorAccount
+  where
+  hashWithSalt
+    _salt
+    DisassociateFromAdministratorAccount' {..} =
+      _salt `Prelude.hashWithSalt` detectorId
+
+instance
+  Prelude.NFData
+    DisassociateFromAdministratorAccount
+  where
+  rnf DisassociateFromAdministratorAccount' {..} =
+    Prelude.rnf detectorId
+
+instance
+  Data.ToHeaders
+    DisassociateFromAdministratorAccount
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DisassociateFromAdministratorAccount
+  where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance
+  Data.ToPath
+    DisassociateFromAdministratorAccount
+  where
+  toPath DisassociateFromAdministratorAccount' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/administrator/disassociate"
+      ]
+
+instance
+  Data.ToQuery
+    DisassociateFromAdministratorAccount
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateFromAdministratorAccountResponse' smart constructor.
+data DisassociateFromAdministratorAccountResponse = DisassociateFromAdministratorAccountResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateFromAdministratorAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateFromAdministratorAccountResponse_httpStatus' - The response's http status code.
+newDisassociateFromAdministratorAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateFromAdministratorAccountResponse
+newDisassociateFromAdministratorAccountResponse
+  pHttpStatus_ =
+    DisassociateFromAdministratorAccountResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+disassociateFromAdministratorAccountResponse_httpStatus :: Lens.Lens' DisassociateFromAdministratorAccountResponse Prelude.Int
+disassociateFromAdministratorAccountResponse_httpStatus = Lens.lens (\DisassociateFromAdministratorAccountResponse' {httpStatus} -> httpStatus) (\s@DisassociateFromAdministratorAccountResponse' {} a -> s {httpStatus = a} :: DisassociateFromAdministratorAccountResponse)
+
+instance
+  Prelude.NFData
+    DisassociateFromAdministratorAccountResponse
+  where
+  rnf DisassociateFromAdministratorAccountResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/DisassociateMembers.hs b/gen/Amazonka/GuardDuty/DisassociateMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/DisassociateMembers.hs
@@ -0,0 +1,200 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.DisassociateMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates GuardDuty member accounts (to the current administrator
+-- account) specified by the account IDs.
+module Amazonka.GuardDuty.DisassociateMembers
+  ( -- * Creating a Request
+    DisassociateMembers (..),
+    newDisassociateMembers,
+
+    -- * Request Lenses
+    disassociateMembers_detectorId,
+    disassociateMembers_accountIds,
+
+    -- * Destructuring the Response
+    DisassociateMembersResponse (..),
+    newDisassociateMembersResponse,
+
+    -- * Response Lenses
+    disassociateMembersResponse_httpStatus,
+    disassociateMembersResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newDisassociateMembers' smart constructor.
+data DisassociateMembers = DisassociateMembers'
+  { -- | The unique ID of the detector of the GuardDuty account whose members you
+    -- want to disassociate from the administrator account.
+    detectorId :: Prelude.Text,
+    -- | A list of account IDs of the GuardDuty member accounts that you want to
+    -- disassociate from the administrator account.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'disassociateMembers_detectorId' - The unique ID of the detector of the GuardDuty account whose members you
+-- want to disassociate from the administrator account.
+--
+-- 'accountIds', 'disassociateMembers_accountIds' - A list of account IDs of the GuardDuty member accounts that you want to
+-- disassociate from the administrator account.
+newDisassociateMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  DisassociateMembers
+newDisassociateMembers pDetectorId_ pAccountIds_ =
+  DisassociateMembers'
+    { detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | The unique ID of the detector of the GuardDuty account whose members you
+-- want to disassociate from the administrator account.
+disassociateMembers_detectorId :: Lens.Lens' DisassociateMembers Prelude.Text
+disassociateMembers_detectorId = Lens.lens (\DisassociateMembers' {detectorId} -> detectorId) (\s@DisassociateMembers' {} a -> s {detectorId = a} :: DisassociateMembers)
+
+-- | A list of account IDs of the GuardDuty member accounts that you want to
+-- disassociate from the administrator account.
+disassociateMembers_accountIds :: Lens.Lens' DisassociateMembers (Prelude.NonEmpty Prelude.Text)
+disassociateMembers_accountIds = Lens.lens (\DisassociateMembers' {accountIds} -> accountIds) (\s@DisassociateMembers' {} a -> s {accountIds = a} :: DisassociateMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest DisassociateMembers where
+  type
+    AWSResponse DisassociateMembers =
+      DisassociateMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DisassociateMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable DisassociateMembers where
+  hashWithSalt _salt DisassociateMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData DisassociateMembers where
+  rnf DisassociateMembers' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders DisassociateMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateMembers where
+  toJSON DisassociateMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath DisassociateMembers where
+  toPath DisassociateMembers' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/member/disassociate"
+      ]
+
+instance Data.ToQuery DisassociateMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateMembersResponse' smart constructor.
+data DisassociateMembersResponse = DisassociateMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of objects that contain the unprocessed account and a result
+    -- string that explains why it was unprocessed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateMembersResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'disassociateMembersResponse_unprocessedAccounts' - A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+newDisassociateMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateMembersResponse
+newDisassociateMembersResponse pHttpStatus_ =
+  DisassociateMembersResponse'
+    { httpStatus =
+        pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+disassociateMembersResponse_httpStatus :: Lens.Lens' DisassociateMembersResponse Prelude.Int
+disassociateMembersResponse_httpStatus = Lens.lens (\DisassociateMembersResponse' {httpStatus} -> httpStatus) (\s@DisassociateMembersResponse' {} a -> s {httpStatus = a} :: DisassociateMembersResponse)
+
+-- | A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+disassociateMembersResponse_unprocessedAccounts :: Lens.Lens' DisassociateMembersResponse [UnprocessedAccount]
+disassociateMembersResponse_unprocessedAccounts = Lens.lens (\DisassociateMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@DisassociateMembersResponse' {} a -> s {unprocessedAccounts = a} :: DisassociateMembersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData DisassociateMembersResponse where
+  rnf DisassociateMembersResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/EnableOrganizationAdminAccount.hs b/gen/Amazonka/GuardDuty/EnableOrganizationAdminAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/EnableOrganizationAdminAccount.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.EnableOrganizationAdminAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables an Amazon Web Services account within the organization as the
+-- GuardDuty delegated administrator.
+module Amazonka.GuardDuty.EnableOrganizationAdminAccount
+  ( -- * Creating a Request
+    EnableOrganizationAdminAccount (..),
+    newEnableOrganizationAdminAccount,
+
+    -- * Request Lenses
+    enableOrganizationAdminAccount_adminAccountId,
+
+    -- * Destructuring the Response
+    EnableOrganizationAdminAccountResponse (..),
+    newEnableOrganizationAdminAccountResponse,
+
+    -- * Response Lenses
+    enableOrganizationAdminAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newEnableOrganizationAdminAccount' smart constructor.
+data EnableOrganizationAdminAccount = EnableOrganizationAdminAccount'
+  { -- | The Amazon Web Services Account ID for the organization account to be
+    -- enabled as a GuardDuty delegated administrator.
+    adminAccountId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableOrganizationAdminAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adminAccountId', 'enableOrganizationAdminAccount_adminAccountId' - The Amazon Web Services Account ID for the organization account to be
+-- enabled as a GuardDuty delegated administrator.
+newEnableOrganizationAdminAccount ::
+  -- | 'adminAccountId'
+  Prelude.Text ->
+  EnableOrganizationAdminAccount
+newEnableOrganizationAdminAccount pAdminAccountId_ =
+  EnableOrganizationAdminAccount'
+    { adminAccountId =
+        pAdminAccountId_
+    }
+
+-- | The Amazon Web Services Account ID for the organization account to be
+-- enabled as a GuardDuty delegated administrator.
+enableOrganizationAdminAccount_adminAccountId :: Lens.Lens' EnableOrganizationAdminAccount Prelude.Text
+enableOrganizationAdminAccount_adminAccountId = Lens.lens (\EnableOrganizationAdminAccount' {adminAccountId} -> adminAccountId) (\s@EnableOrganizationAdminAccount' {} a -> s {adminAccountId = a} :: EnableOrganizationAdminAccount)
+
+instance
+  Core.AWSRequest
+    EnableOrganizationAdminAccount
+  where
+  type
+    AWSResponse EnableOrganizationAdminAccount =
+      EnableOrganizationAdminAccountResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          EnableOrganizationAdminAccountResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    EnableOrganizationAdminAccount
+  where
+  hashWithSalt
+    _salt
+    EnableOrganizationAdminAccount' {..} =
+      _salt `Prelude.hashWithSalt` adminAccountId
+
+instance
+  Prelude.NFData
+    EnableOrganizationAdminAccount
+  where
+  rnf EnableOrganizationAdminAccount' {..} =
+    Prelude.rnf adminAccountId
+
+instance
+  Data.ToHeaders
+    EnableOrganizationAdminAccount
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableOrganizationAdminAccount where
+  toJSON EnableOrganizationAdminAccount' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("adminAccountId" Data..= adminAccountId)
+          ]
+      )
+
+instance Data.ToPath EnableOrganizationAdminAccount where
+  toPath = Prelude.const "/admin/enable"
+
+instance Data.ToQuery EnableOrganizationAdminAccount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newEnableOrganizationAdminAccountResponse' smart constructor.
+data EnableOrganizationAdminAccountResponse = EnableOrganizationAdminAccountResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableOrganizationAdminAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'enableOrganizationAdminAccountResponse_httpStatus' - The response's http status code.
+newEnableOrganizationAdminAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  EnableOrganizationAdminAccountResponse
+newEnableOrganizationAdminAccountResponse
+  pHttpStatus_ =
+    EnableOrganizationAdminAccountResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+enableOrganizationAdminAccountResponse_httpStatus :: Lens.Lens' EnableOrganizationAdminAccountResponse Prelude.Int
+enableOrganizationAdminAccountResponse_httpStatus = Lens.lens (\EnableOrganizationAdminAccountResponse' {httpStatus} -> httpStatus) (\s@EnableOrganizationAdminAccountResponse' {} a -> s {httpStatus = a} :: EnableOrganizationAdminAccountResponse)
+
+instance
+  Prelude.NFData
+    EnableOrganizationAdminAccountResponse
+  where
+  rnf EnableOrganizationAdminAccountResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/GetAdministratorAccount.hs b/gen/Amazonka/GuardDuty/GetAdministratorAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetAdministratorAccount.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetAdministratorAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Provides the details for the GuardDuty administrator account associated
+-- with the current GuardDuty member account.
+module Amazonka.GuardDuty.GetAdministratorAccount
+  ( -- * Creating a Request
+    GetAdministratorAccount (..),
+    newGetAdministratorAccount,
+
+    -- * Request Lenses
+    getAdministratorAccount_detectorId,
+
+    -- * Destructuring the Response
+    GetAdministratorAccountResponse (..),
+    newGetAdministratorAccountResponse,
+
+    -- * Response Lenses
+    getAdministratorAccountResponse_httpStatus,
+    getAdministratorAccountResponse_administrator,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetAdministratorAccount' smart constructor.
+data GetAdministratorAccount = GetAdministratorAccount'
+  { -- | The unique ID of the detector of the GuardDuty member account.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAdministratorAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getAdministratorAccount_detectorId' - The unique ID of the detector of the GuardDuty member account.
+newGetAdministratorAccount ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  GetAdministratorAccount
+newGetAdministratorAccount pDetectorId_ =
+  GetAdministratorAccount' {detectorId = pDetectorId_}
+
+-- | The unique ID of the detector of the GuardDuty member account.
+getAdministratorAccount_detectorId :: Lens.Lens' GetAdministratorAccount Prelude.Text
+getAdministratorAccount_detectorId = Lens.lens (\GetAdministratorAccount' {detectorId} -> detectorId) (\s@GetAdministratorAccount' {} a -> s {detectorId = a} :: GetAdministratorAccount)
+
+instance Core.AWSRequest GetAdministratorAccount where
+  type
+    AWSResponse GetAdministratorAccount =
+      GetAdministratorAccountResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetAdministratorAccountResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "administrator")
+      )
+
+instance Prelude.Hashable GetAdministratorAccount where
+  hashWithSalt _salt GetAdministratorAccount' {..} =
+    _salt `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData GetAdministratorAccount where
+  rnf GetAdministratorAccount' {..} =
+    Prelude.rnf detectorId
+
+instance Data.ToHeaders GetAdministratorAccount where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetAdministratorAccount where
+  toPath GetAdministratorAccount' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/administrator"
+      ]
+
+instance Data.ToQuery GetAdministratorAccount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetAdministratorAccountResponse' smart constructor.
+data GetAdministratorAccountResponse = GetAdministratorAccountResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The administrator account details.
+    administrator :: Administrator
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetAdministratorAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getAdministratorAccountResponse_httpStatus' - The response's http status code.
+--
+-- 'administrator', 'getAdministratorAccountResponse_administrator' - The administrator account details.
+newGetAdministratorAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'administrator'
+  Administrator ->
+  GetAdministratorAccountResponse
+newGetAdministratorAccountResponse
+  pHttpStatus_
+  pAdministrator_ =
+    GetAdministratorAccountResponse'
+      { httpStatus =
+          pHttpStatus_,
+        administrator = pAdministrator_
+      }
+
+-- | The response's http status code.
+getAdministratorAccountResponse_httpStatus :: Lens.Lens' GetAdministratorAccountResponse Prelude.Int
+getAdministratorAccountResponse_httpStatus = Lens.lens (\GetAdministratorAccountResponse' {httpStatus} -> httpStatus) (\s@GetAdministratorAccountResponse' {} a -> s {httpStatus = a} :: GetAdministratorAccountResponse)
+
+-- | The administrator account details.
+getAdministratorAccountResponse_administrator :: Lens.Lens' GetAdministratorAccountResponse Administrator
+getAdministratorAccountResponse_administrator = Lens.lens (\GetAdministratorAccountResponse' {administrator} -> administrator) (\s@GetAdministratorAccountResponse' {} a -> s {administrator = a} :: GetAdministratorAccountResponse)
+
+instance
+  Prelude.NFData
+    GetAdministratorAccountResponse
+  where
+  rnf GetAdministratorAccountResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf administrator
diff --git a/gen/Amazonka/GuardDuty/GetDetector.hs b/gen/Amazonka/GuardDuty/GetDetector.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetDetector.hs
@@ -0,0 +1,235 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetDetector
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an Amazon GuardDuty detector specified by the detectorId.
+module Amazonka.GuardDuty.GetDetector
+  ( -- * Creating a Request
+    GetDetector (..),
+    newGetDetector,
+
+    -- * Request Lenses
+    getDetector_detectorId,
+
+    -- * Destructuring the Response
+    GetDetectorResponse (..),
+    newGetDetectorResponse,
+
+    -- * Response Lenses
+    getDetectorResponse_createdAt,
+    getDetectorResponse_dataSources,
+    getDetectorResponse_findingPublishingFrequency,
+    getDetectorResponse_tags,
+    getDetectorResponse_updatedAt,
+    getDetectorResponse_httpStatus,
+    getDetectorResponse_serviceRole,
+    getDetectorResponse_status,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetDetector' smart constructor.
+data GetDetector = GetDetector'
+  { -- | The unique ID of the detector that you want to get.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetDetector' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getDetector_detectorId' - The unique ID of the detector that you want to get.
+newGetDetector ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  GetDetector
+newGetDetector pDetectorId_ =
+  GetDetector' {detectorId = pDetectorId_}
+
+-- | The unique ID of the detector that you want to get.
+getDetector_detectorId :: Lens.Lens' GetDetector Prelude.Text
+getDetector_detectorId = Lens.lens (\GetDetector' {detectorId} -> detectorId) (\s@GetDetector' {} a -> s {detectorId = a} :: GetDetector)
+
+instance Core.AWSRequest GetDetector where
+  type AWSResponse GetDetector = GetDetectorResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetDetectorResponse'
+            Prelude.<$> (x Data..?> "createdAt")
+            Prelude.<*> (x Data..?> "dataSources")
+            Prelude.<*> (x Data..?> "findingPublishingFrequency")
+            Prelude.<*> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "updatedAt")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "serviceRole")
+            Prelude.<*> (x Data..:> "status")
+      )
+
+instance Prelude.Hashable GetDetector where
+  hashWithSalt _salt GetDetector' {..} =
+    _salt `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData GetDetector where
+  rnf GetDetector' {..} = Prelude.rnf detectorId
+
+instance Data.ToHeaders GetDetector where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetDetector where
+  toPath GetDetector' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId]
+
+instance Data.ToQuery GetDetector where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetDetectorResponse' smart constructor.
+data GetDetectorResponse = GetDetectorResponse'
+  { -- | The timestamp of when the detector was created.
+    createdAt :: Prelude.Maybe Prelude.Text,
+    -- | Describes which data sources are enabled for the detector.
+    dataSources :: Prelude.Maybe DataSourceConfigurationsResult,
+    -- | The publishing frequency of the finding.
+    findingPublishingFrequency :: Prelude.Maybe FindingPublishingFrequency,
+    -- | The tags of the detector resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The last-updated timestamp for the detector.
+    updatedAt :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The GuardDuty service role.
+    serviceRole :: Prelude.Text,
+    -- | The detector status.
+    status :: DetectorStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetDetectorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdAt', 'getDetectorResponse_createdAt' - The timestamp of when the detector was created.
+--
+-- 'dataSources', 'getDetectorResponse_dataSources' - Describes which data sources are enabled for the detector.
+--
+-- 'findingPublishingFrequency', 'getDetectorResponse_findingPublishingFrequency' - The publishing frequency of the finding.
+--
+-- 'tags', 'getDetectorResponse_tags' - The tags of the detector resource.
+--
+-- 'updatedAt', 'getDetectorResponse_updatedAt' - The last-updated timestamp for the detector.
+--
+-- 'httpStatus', 'getDetectorResponse_httpStatus' - The response's http status code.
+--
+-- 'serviceRole', 'getDetectorResponse_serviceRole' - The GuardDuty service role.
+--
+-- 'status', 'getDetectorResponse_status' - The detector status.
+newGetDetectorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'serviceRole'
+  Prelude.Text ->
+  -- | 'status'
+  DetectorStatus ->
+  GetDetectorResponse
+newGetDetectorResponse
+  pHttpStatus_
+  pServiceRole_
+  pStatus_ =
+    GetDetectorResponse'
+      { createdAt = Prelude.Nothing,
+        dataSources = Prelude.Nothing,
+        findingPublishingFrequency = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        updatedAt = Prelude.Nothing,
+        httpStatus = pHttpStatus_,
+        serviceRole = pServiceRole_,
+        status = pStatus_
+      }
+
+-- | The timestamp of when the detector was created.
+getDetectorResponse_createdAt :: Lens.Lens' GetDetectorResponse (Prelude.Maybe Prelude.Text)
+getDetectorResponse_createdAt = Lens.lens (\GetDetectorResponse' {createdAt} -> createdAt) (\s@GetDetectorResponse' {} a -> s {createdAt = a} :: GetDetectorResponse)
+
+-- | Describes which data sources are enabled for the detector.
+getDetectorResponse_dataSources :: Lens.Lens' GetDetectorResponse (Prelude.Maybe DataSourceConfigurationsResult)
+getDetectorResponse_dataSources = Lens.lens (\GetDetectorResponse' {dataSources} -> dataSources) (\s@GetDetectorResponse' {} a -> s {dataSources = a} :: GetDetectorResponse)
+
+-- | The publishing frequency of the finding.
+getDetectorResponse_findingPublishingFrequency :: Lens.Lens' GetDetectorResponse (Prelude.Maybe FindingPublishingFrequency)
+getDetectorResponse_findingPublishingFrequency = Lens.lens (\GetDetectorResponse' {findingPublishingFrequency} -> findingPublishingFrequency) (\s@GetDetectorResponse' {} a -> s {findingPublishingFrequency = a} :: GetDetectorResponse)
+
+-- | The tags of the detector resource.
+getDetectorResponse_tags :: Lens.Lens' GetDetectorResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+getDetectorResponse_tags = Lens.lens (\GetDetectorResponse' {tags} -> tags) (\s@GetDetectorResponse' {} a -> s {tags = a} :: GetDetectorResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The last-updated timestamp for the detector.
+getDetectorResponse_updatedAt :: Lens.Lens' GetDetectorResponse (Prelude.Maybe Prelude.Text)
+getDetectorResponse_updatedAt = Lens.lens (\GetDetectorResponse' {updatedAt} -> updatedAt) (\s@GetDetectorResponse' {} a -> s {updatedAt = a} :: GetDetectorResponse)
+
+-- | The response's http status code.
+getDetectorResponse_httpStatus :: Lens.Lens' GetDetectorResponse Prelude.Int
+getDetectorResponse_httpStatus = Lens.lens (\GetDetectorResponse' {httpStatus} -> httpStatus) (\s@GetDetectorResponse' {} a -> s {httpStatus = a} :: GetDetectorResponse)
+
+-- | The GuardDuty service role.
+getDetectorResponse_serviceRole :: Lens.Lens' GetDetectorResponse Prelude.Text
+getDetectorResponse_serviceRole = Lens.lens (\GetDetectorResponse' {serviceRole} -> serviceRole) (\s@GetDetectorResponse' {} a -> s {serviceRole = a} :: GetDetectorResponse)
+
+-- | The detector status.
+getDetectorResponse_status :: Lens.Lens' GetDetectorResponse DetectorStatus
+getDetectorResponse_status = Lens.lens (\GetDetectorResponse' {status} -> status) (\s@GetDetectorResponse' {} a -> s {status = a} :: GetDetectorResponse)
+
+instance Prelude.NFData GetDetectorResponse where
+  rnf GetDetectorResponse' {..} =
+    Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf dataSources
+      `Prelude.seq` Prelude.rnf findingPublishingFrequency
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf updatedAt
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf serviceRole
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/GetFilter.hs b/gen/Amazonka/GuardDuty/GetFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetFilter.hs
@@ -0,0 +1,257 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the details of the filter specified by the filter name.
+module Amazonka.GuardDuty.GetFilter
+  ( -- * Creating a Request
+    GetFilter (..),
+    newGetFilter,
+
+    -- * Request Lenses
+    getFilter_detectorId,
+    getFilter_filterName,
+
+    -- * Destructuring the Response
+    GetFilterResponse (..),
+    newGetFilterResponse,
+
+    -- * Response Lenses
+    getFilterResponse_description,
+    getFilterResponse_rank,
+    getFilterResponse_tags,
+    getFilterResponse_httpStatus,
+    getFilterResponse_name,
+    getFilterResponse_action,
+    getFilterResponse_findingCriteria,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetFilter' smart constructor.
+data GetFilter = GetFilter'
+  { -- | The unique ID of the detector that the filter is associated with.
+    detectorId :: Prelude.Text,
+    -- | The name of the filter you want to get.
+    filterName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getFilter_detectorId' - The unique ID of the detector that the filter is associated with.
+--
+-- 'filterName', 'getFilter_filterName' - The name of the filter you want to get.
+newGetFilter ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'filterName'
+  Prelude.Text ->
+  GetFilter
+newGetFilter pDetectorId_ pFilterName_ =
+  GetFilter'
+    { detectorId = pDetectorId_,
+      filterName = pFilterName_
+    }
+
+-- | The unique ID of the detector that the filter is associated with.
+getFilter_detectorId :: Lens.Lens' GetFilter Prelude.Text
+getFilter_detectorId = Lens.lens (\GetFilter' {detectorId} -> detectorId) (\s@GetFilter' {} a -> s {detectorId = a} :: GetFilter)
+
+-- | The name of the filter you want to get.
+getFilter_filterName :: Lens.Lens' GetFilter Prelude.Text
+getFilter_filterName = Lens.lens (\GetFilter' {filterName} -> filterName) (\s@GetFilter' {} a -> s {filterName = a} :: GetFilter)
+
+instance Core.AWSRequest GetFilter where
+  type AWSResponse GetFilter = GetFilterResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFilterResponse'
+            Prelude.<$> (x Data..?> "description")
+            Prelude.<*> (x Data..?> "rank")
+            Prelude.<*> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "name")
+            Prelude.<*> (x Data..:> "action")
+            Prelude.<*> (x Data..:> "findingCriteria")
+      )
+
+instance Prelude.Hashable GetFilter where
+  hashWithSalt _salt GetFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` filterName
+
+instance Prelude.NFData GetFilter where
+  rnf GetFilter' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf filterName
+
+instance Data.ToHeaders GetFilter where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetFilter where
+  toPath GetFilter' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/filter/",
+        Data.toBS filterName
+      ]
+
+instance Data.ToQuery GetFilter where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFilterResponse' smart constructor.
+data GetFilterResponse = GetFilterResponse'
+  { -- | The description of the filter.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Specifies the position of the filter in the list of current filters.
+    -- Also specifies the order in which this filter is applied to the
+    -- findings.
+    rank :: Prelude.Maybe Prelude.Natural,
+    -- | The tags of the filter resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The name of the filter.
+    name :: Prelude.Text,
+    -- | Specifies the action that is to be applied to the findings that match
+    -- the filter.
+    action :: FilterAction,
+    -- | Represents the criteria to be used in the filter for querying findings.
+    findingCriteria :: FindingCriteria
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFilterResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'getFilterResponse_description' - The description of the filter.
+--
+-- 'rank', 'getFilterResponse_rank' - Specifies the position of the filter in the list of current filters.
+-- Also specifies the order in which this filter is applied to the
+-- findings.
+--
+-- 'tags', 'getFilterResponse_tags' - The tags of the filter resource.
+--
+-- 'httpStatus', 'getFilterResponse_httpStatus' - The response's http status code.
+--
+-- 'name', 'getFilterResponse_name' - The name of the filter.
+--
+-- 'action', 'getFilterResponse_action' - Specifies the action that is to be applied to the findings that match
+-- the filter.
+--
+-- 'findingCriteria', 'getFilterResponse_findingCriteria' - Represents the criteria to be used in the filter for querying findings.
+newGetFilterResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'action'
+  FilterAction ->
+  -- | 'findingCriteria'
+  FindingCriteria ->
+  GetFilterResponse
+newGetFilterResponse
+  pHttpStatus_
+  pName_
+  pAction_
+  pFindingCriteria_ =
+    GetFilterResponse'
+      { description = Prelude.Nothing,
+        rank = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        httpStatus = pHttpStatus_,
+        name = pName_,
+        action = pAction_,
+        findingCriteria = pFindingCriteria_
+      }
+
+-- | The description of the filter.
+getFilterResponse_description :: Lens.Lens' GetFilterResponse (Prelude.Maybe Prelude.Text)
+getFilterResponse_description = Lens.lens (\GetFilterResponse' {description} -> description) (\s@GetFilterResponse' {} a -> s {description = a} :: GetFilterResponse)
+
+-- | Specifies the position of the filter in the list of current filters.
+-- Also specifies the order in which this filter is applied to the
+-- findings.
+getFilterResponse_rank :: Lens.Lens' GetFilterResponse (Prelude.Maybe Prelude.Natural)
+getFilterResponse_rank = Lens.lens (\GetFilterResponse' {rank} -> rank) (\s@GetFilterResponse' {} a -> s {rank = a} :: GetFilterResponse)
+
+-- | The tags of the filter resource.
+getFilterResponse_tags :: Lens.Lens' GetFilterResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+getFilterResponse_tags = Lens.lens (\GetFilterResponse' {tags} -> tags) (\s@GetFilterResponse' {} a -> s {tags = a} :: GetFilterResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+getFilterResponse_httpStatus :: Lens.Lens' GetFilterResponse Prelude.Int
+getFilterResponse_httpStatus = Lens.lens (\GetFilterResponse' {httpStatus} -> httpStatus) (\s@GetFilterResponse' {} a -> s {httpStatus = a} :: GetFilterResponse)
+
+-- | The name of the filter.
+getFilterResponse_name :: Lens.Lens' GetFilterResponse Prelude.Text
+getFilterResponse_name = Lens.lens (\GetFilterResponse' {name} -> name) (\s@GetFilterResponse' {} a -> s {name = a} :: GetFilterResponse)
+
+-- | Specifies the action that is to be applied to the findings that match
+-- the filter.
+getFilterResponse_action :: Lens.Lens' GetFilterResponse FilterAction
+getFilterResponse_action = Lens.lens (\GetFilterResponse' {action} -> action) (\s@GetFilterResponse' {} a -> s {action = a} :: GetFilterResponse)
+
+-- | Represents the criteria to be used in the filter for querying findings.
+getFilterResponse_findingCriteria :: Lens.Lens' GetFilterResponse FindingCriteria
+getFilterResponse_findingCriteria = Lens.lens (\GetFilterResponse' {findingCriteria} -> findingCriteria) (\s@GetFilterResponse' {} a -> s {findingCriteria = a} :: GetFilterResponse)
+
+instance Prelude.NFData GetFilterResponse where
+  rnf GetFilterResponse' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf rank
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf action
+      `Prelude.seq` Prelude.rnf findingCriteria
diff --git a/gen/Amazonka/GuardDuty/GetFindings.hs b/gen/Amazonka/GuardDuty/GetFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetFindings.hs
@@ -0,0 +1,196 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Describes Amazon GuardDuty findings specified by finding IDs.
+module Amazonka.GuardDuty.GetFindings
+  ( -- * Creating a Request
+    GetFindings (..),
+    newGetFindings,
+
+    -- * Request Lenses
+    getFindings_sortCriteria,
+    getFindings_detectorId,
+    getFindings_findingIds,
+
+    -- * Destructuring the Response
+    GetFindingsResponse (..),
+    newGetFindingsResponse,
+
+    -- * Response Lenses
+    getFindingsResponse_httpStatus,
+    getFindingsResponse_findings,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetFindings' smart constructor.
+data GetFindings = GetFindings'
+  { -- | Represents the criteria used for sorting findings.
+    sortCriteria :: Prelude.Maybe SortCriteria,
+    -- | The ID of the detector that specifies the GuardDuty service whose
+    -- findings you want to retrieve.
+    detectorId :: Prelude.Text,
+    -- | The IDs of the findings that you want to retrieve.
+    findingIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'sortCriteria', 'getFindings_sortCriteria' - Represents the criteria used for sorting findings.
+--
+-- 'detectorId', 'getFindings_detectorId' - The ID of the detector that specifies the GuardDuty service whose
+-- findings you want to retrieve.
+--
+-- 'findingIds', 'getFindings_findingIds' - The IDs of the findings that you want to retrieve.
+newGetFindings ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  GetFindings
+newGetFindings pDetectorId_ =
+  GetFindings'
+    { sortCriteria = Prelude.Nothing,
+      detectorId = pDetectorId_,
+      findingIds = Prelude.mempty
+    }
+
+-- | Represents the criteria used for sorting findings.
+getFindings_sortCriteria :: Lens.Lens' GetFindings (Prelude.Maybe SortCriteria)
+getFindings_sortCriteria = Lens.lens (\GetFindings' {sortCriteria} -> sortCriteria) (\s@GetFindings' {} a -> s {sortCriteria = a} :: GetFindings)
+
+-- | The ID of the detector that specifies the GuardDuty service whose
+-- findings you want to retrieve.
+getFindings_detectorId :: Lens.Lens' GetFindings Prelude.Text
+getFindings_detectorId = Lens.lens (\GetFindings' {detectorId} -> detectorId) (\s@GetFindings' {} a -> s {detectorId = a} :: GetFindings)
+
+-- | The IDs of the findings that you want to retrieve.
+getFindings_findingIds :: Lens.Lens' GetFindings [Prelude.Text]
+getFindings_findingIds = Lens.lens (\GetFindings' {findingIds} -> findingIds) (\s@GetFindings' {} a -> s {findingIds = a} :: GetFindings) Prelude.. Lens.coerced
+
+instance Core.AWSRequest GetFindings where
+  type AWSResponse GetFindings = GetFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFindingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "findings" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable GetFindings where
+  hashWithSalt _salt GetFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` sortCriteria
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` findingIds
+
+instance Prelude.NFData GetFindings where
+  rnf GetFindings' {..} =
+    Prelude.rnf sortCriteria
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf findingIds
+
+instance Data.ToHeaders GetFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFindings where
+  toJSON GetFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("sortCriteria" Data..=) Prelude.<$> sortCriteria,
+            Prelude.Just ("findingIds" Data..= findingIds)
+          ]
+      )
+
+instance Data.ToPath GetFindings where
+  toPath GetFindings' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/findings/get"]
+
+instance Data.ToQuery GetFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFindingsResponse' smart constructor.
+data GetFindingsResponse = GetFindingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of findings.
+    findings :: [Finding]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getFindingsResponse_httpStatus' - The response's http status code.
+--
+-- 'findings', 'getFindingsResponse_findings' - A list of findings.
+newGetFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFindingsResponse
+newGetFindingsResponse pHttpStatus_ =
+  GetFindingsResponse'
+    { httpStatus = pHttpStatus_,
+      findings = Prelude.mempty
+    }
+
+-- | The response's http status code.
+getFindingsResponse_httpStatus :: Lens.Lens' GetFindingsResponse Prelude.Int
+getFindingsResponse_httpStatus = Lens.lens (\GetFindingsResponse' {httpStatus} -> httpStatus) (\s@GetFindingsResponse' {} a -> s {httpStatus = a} :: GetFindingsResponse)
+
+-- | A list of findings.
+getFindingsResponse_findings :: Lens.Lens' GetFindingsResponse [Finding]
+getFindingsResponse_findings = Lens.lens (\GetFindingsResponse' {findings} -> findings) (\s@GetFindingsResponse' {} a -> s {findings = a} :: GetFindingsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData GetFindingsResponse where
+  rnf GetFindingsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf findings
diff --git a/gen/Amazonka/GuardDuty/GetFindingsStatistics.hs b/gen/Amazonka/GuardDuty/GetFindingsStatistics.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetFindingsStatistics.hs
@@ -0,0 +1,212 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetFindingsStatistics
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists Amazon GuardDuty findings statistics for the specified detector
+-- ID.
+module Amazonka.GuardDuty.GetFindingsStatistics
+  ( -- * Creating a Request
+    GetFindingsStatistics (..),
+    newGetFindingsStatistics,
+
+    -- * Request Lenses
+    getFindingsStatistics_findingCriteria,
+    getFindingsStatistics_detectorId,
+    getFindingsStatistics_findingStatisticTypes,
+
+    -- * Destructuring the Response
+    GetFindingsStatisticsResponse (..),
+    newGetFindingsStatisticsResponse,
+
+    -- * Response Lenses
+    getFindingsStatisticsResponse_httpStatus,
+    getFindingsStatisticsResponse_findingStatistics,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetFindingsStatistics' smart constructor.
+data GetFindingsStatistics = GetFindingsStatistics'
+  { -- | Represents the criteria that is used for querying findings.
+    findingCriteria :: Prelude.Maybe FindingCriteria,
+    -- | The ID of the detector that specifies the GuardDuty service whose
+    -- findings\' statistics you want to retrieve.
+    detectorId :: Prelude.Text,
+    -- | The types of finding statistics to retrieve.
+    findingStatisticTypes :: [FindingStatisticType]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindingsStatistics' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingCriteria', 'getFindingsStatistics_findingCriteria' - Represents the criteria that is used for querying findings.
+--
+-- 'detectorId', 'getFindingsStatistics_detectorId' - The ID of the detector that specifies the GuardDuty service whose
+-- findings\' statistics you want to retrieve.
+--
+-- 'findingStatisticTypes', 'getFindingsStatistics_findingStatisticTypes' - The types of finding statistics to retrieve.
+newGetFindingsStatistics ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  GetFindingsStatistics
+newGetFindingsStatistics pDetectorId_ =
+  GetFindingsStatistics'
+    { findingCriteria =
+        Prelude.Nothing,
+      detectorId = pDetectorId_,
+      findingStatisticTypes = Prelude.mempty
+    }
+
+-- | Represents the criteria that is used for querying findings.
+getFindingsStatistics_findingCriteria :: Lens.Lens' GetFindingsStatistics (Prelude.Maybe FindingCriteria)
+getFindingsStatistics_findingCriteria = Lens.lens (\GetFindingsStatistics' {findingCriteria} -> findingCriteria) (\s@GetFindingsStatistics' {} a -> s {findingCriteria = a} :: GetFindingsStatistics)
+
+-- | The ID of the detector that specifies the GuardDuty service whose
+-- findings\' statistics you want to retrieve.
+getFindingsStatistics_detectorId :: Lens.Lens' GetFindingsStatistics Prelude.Text
+getFindingsStatistics_detectorId = Lens.lens (\GetFindingsStatistics' {detectorId} -> detectorId) (\s@GetFindingsStatistics' {} a -> s {detectorId = a} :: GetFindingsStatistics)
+
+-- | The types of finding statistics to retrieve.
+getFindingsStatistics_findingStatisticTypes :: Lens.Lens' GetFindingsStatistics [FindingStatisticType]
+getFindingsStatistics_findingStatisticTypes = Lens.lens (\GetFindingsStatistics' {findingStatisticTypes} -> findingStatisticTypes) (\s@GetFindingsStatistics' {} a -> s {findingStatisticTypes = a} :: GetFindingsStatistics) Prelude.. Lens.coerced
+
+instance Core.AWSRequest GetFindingsStatistics where
+  type
+    AWSResponse GetFindingsStatistics =
+      GetFindingsStatisticsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFindingsStatisticsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "findingStatistics")
+      )
+
+instance Prelude.Hashable GetFindingsStatistics where
+  hashWithSalt _salt GetFindingsStatistics' {..} =
+    _salt
+      `Prelude.hashWithSalt` findingCriteria
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` findingStatisticTypes
+
+instance Prelude.NFData GetFindingsStatistics where
+  rnf GetFindingsStatistics' {..} =
+    Prelude.rnf findingCriteria
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf findingStatisticTypes
+
+instance Data.ToHeaders GetFindingsStatistics where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFindingsStatistics where
+  toJSON GetFindingsStatistics' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("findingCriteria" Data..=)
+              Prelude.<$> findingCriteria,
+            Prelude.Just
+              ( "findingStatisticTypes"
+                  Data..= findingStatisticTypes
+              )
+          ]
+      )
+
+instance Data.ToPath GetFindingsStatistics where
+  toPath GetFindingsStatistics' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/findings/statistics"
+      ]
+
+instance Data.ToQuery GetFindingsStatistics where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFindingsStatisticsResponse' smart constructor.
+data GetFindingsStatisticsResponse = GetFindingsStatisticsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The finding statistics object.
+    findingStatistics :: FindingStatistics
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFindingsStatisticsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getFindingsStatisticsResponse_httpStatus' - The response's http status code.
+--
+-- 'findingStatistics', 'getFindingsStatisticsResponse_findingStatistics' - The finding statistics object.
+newGetFindingsStatisticsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'findingStatistics'
+  FindingStatistics ->
+  GetFindingsStatisticsResponse
+newGetFindingsStatisticsResponse
+  pHttpStatus_
+  pFindingStatistics_ =
+    GetFindingsStatisticsResponse'
+      { httpStatus =
+          pHttpStatus_,
+        findingStatistics = pFindingStatistics_
+      }
+
+-- | The response's http status code.
+getFindingsStatisticsResponse_httpStatus :: Lens.Lens' GetFindingsStatisticsResponse Prelude.Int
+getFindingsStatisticsResponse_httpStatus = Lens.lens (\GetFindingsStatisticsResponse' {httpStatus} -> httpStatus) (\s@GetFindingsStatisticsResponse' {} a -> s {httpStatus = a} :: GetFindingsStatisticsResponse)
+
+-- | The finding statistics object.
+getFindingsStatisticsResponse_findingStatistics :: Lens.Lens' GetFindingsStatisticsResponse FindingStatistics
+getFindingsStatisticsResponse_findingStatistics = Lens.lens (\GetFindingsStatisticsResponse' {findingStatistics} -> findingStatistics) (\s@GetFindingsStatisticsResponse' {} a -> s {findingStatistics = a} :: GetFindingsStatisticsResponse)
+
+instance Prelude.NFData GetFindingsStatisticsResponse where
+  rnf GetFindingsStatisticsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf findingStatistics
diff --git a/gen/Amazonka/GuardDuty/GetIPSet.hs b/gen/Amazonka/GuardDuty/GetIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetIPSet.hs
@@ -0,0 +1,239 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the IPSet specified by the @ipSetId@.
+module Amazonka.GuardDuty.GetIPSet
+  ( -- * Creating a Request
+    GetIPSet (..),
+    newGetIPSet,
+
+    -- * Request Lenses
+    getIPSet_detectorId,
+    getIPSet_ipSetId,
+
+    -- * Destructuring the Response
+    GetIPSetResponse (..),
+    newGetIPSetResponse,
+
+    -- * Response Lenses
+    getIPSetResponse_tags,
+    getIPSetResponse_httpStatus,
+    getIPSetResponse_name,
+    getIPSetResponse_format,
+    getIPSetResponse_location,
+    getIPSetResponse_status,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetIPSet' smart constructor.
+data GetIPSet = GetIPSet'
+  { -- | The unique ID of the detector that the IPSet is associated with.
+    detectorId :: Prelude.Text,
+    -- | The unique ID of the IPSet to retrieve.
+    ipSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getIPSet_detectorId' - The unique ID of the detector that the IPSet is associated with.
+--
+-- 'ipSetId', 'getIPSet_ipSetId' - The unique ID of the IPSet to retrieve.
+newGetIPSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'ipSetId'
+  Prelude.Text ->
+  GetIPSet
+newGetIPSet pDetectorId_ pIpSetId_ =
+  GetIPSet'
+    { detectorId = pDetectorId_,
+      ipSetId = pIpSetId_
+    }
+
+-- | The unique ID of the detector that the IPSet is associated with.
+getIPSet_detectorId :: Lens.Lens' GetIPSet Prelude.Text
+getIPSet_detectorId = Lens.lens (\GetIPSet' {detectorId} -> detectorId) (\s@GetIPSet' {} a -> s {detectorId = a} :: GetIPSet)
+
+-- | The unique ID of the IPSet to retrieve.
+getIPSet_ipSetId :: Lens.Lens' GetIPSet Prelude.Text
+getIPSet_ipSetId = Lens.lens (\GetIPSet' {ipSetId} -> ipSetId) (\s@GetIPSet' {} a -> s {ipSetId = a} :: GetIPSet)
+
+instance Core.AWSRequest GetIPSet where
+  type AWSResponse GetIPSet = GetIPSetResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetIPSetResponse'
+            Prelude.<$> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "name")
+            Prelude.<*> (x Data..:> "format")
+            Prelude.<*> (x Data..:> "location")
+            Prelude.<*> (x Data..:> "status")
+      )
+
+instance Prelude.Hashable GetIPSet where
+  hashWithSalt _salt GetIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` ipSetId
+
+instance Prelude.NFData GetIPSet where
+  rnf GetIPSet' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf ipSetId
+
+instance Data.ToHeaders GetIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetIPSet where
+  toPath GetIPSet' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/ipset/",
+        Data.toBS ipSetId
+      ]
+
+instance Data.ToQuery GetIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetIPSetResponse' smart constructor.
+data GetIPSetResponse = GetIPSetResponse'
+  { -- | The tags of the IPSet resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The user-friendly name for the IPSet.
+    name :: Prelude.Text,
+    -- | The format of the file that contains the IPSet.
+    format :: IpSetFormat,
+    -- | The URI of the file that contains the IPSet.
+    location :: Prelude.Text,
+    -- | The status of IPSet file that was uploaded.
+    status :: IpSetStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'getIPSetResponse_tags' - The tags of the IPSet resource.
+--
+-- 'httpStatus', 'getIPSetResponse_httpStatus' - The response's http status code.
+--
+-- 'name', 'getIPSetResponse_name' - The user-friendly name for the IPSet.
+--
+-- 'format', 'getIPSetResponse_format' - The format of the file that contains the IPSet.
+--
+-- 'location', 'getIPSetResponse_location' - The URI of the file that contains the IPSet.
+--
+-- 'status', 'getIPSetResponse_status' - The status of IPSet file that was uploaded.
+newGetIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'format'
+  IpSetFormat ->
+  -- | 'location'
+  Prelude.Text ->
+  -- | 'status'
+  IpSetStatus ->
+  GetIPSetResponse
+newGetIPSetResponse
+  pHttpStatus_
+  pName_
+  pFormat_
+  pLocation_
+  pStatus_ =
+    GetIPSetResponse'
+      { tags = Prelude.Nothing,
+        httpStatus = pHttpStatus_,
+        name = pName_,
+        format = pFormat_,
+        location = pLocation_,
+        status = pStatus_
+      }
+
+-- | The tags of the IPSet resource.
+getIPSetResponse_tags :: Lens.Lens' GetIPSetResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+getIPSetResponse_tags = Lens.lens (\GetIPSetResponse' {tags} -> tags) (\s@GetIPSetResponse' {} a -> s {tags = a} :: GetIPSetResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+getIPSetResponse_httpStatus :: Lens.Lens' GetIPSetResponse Prelude.Int
+getIPSetResponse_httpStatus = Lens.lens (\GetIPSetResponse' {httpStatus} -> httpStatus) (\s@GetIPSetResponse' {} a -> s {httpStatus = a} :: GetIPSetResponse)
+
+-- | The user-friendly name for the IPSet.
+getIPSetResponse_name :: Lens.Lens' GetIPSetResponse Prelude.Text
+getIPSetResponse_name = Lens.lens (\GetIPSetResponse' {name} -> name) (\s@GetIPSetResponse' {} a -> s {name = a} :: GetIPSetResponse)
+
+-- | The format of the file that contains the IPSet.
+getIPSetResponse_format :: Lens.Lens' GetIPSetResponse IpSetFormat
+getIPSetResponse_format = Lens.lens (\GetIPSetResponse' {format} -> format) (\s@GetIPSetResponse' {} a -> s {format = a} :: GetIPSetResponse)
+
+-- | The URI of the file that contains the IPSet.
+getIPSetResponse_location :: Lens.Lens' GetIPSetResponse Prelude.Text
+getIPSetResponse_location = Lens.lens (\GetIPSetResponse' {location} -> location) (\s@GetIPSetResponse' {} a -> s {location = a} :: GetIPSetResponse)
+
+-- | The status of IPSet file that was uploaded.
+getIPSetResponse_status :: Lens.Lens' GetIPSetResponse IpSetStatus
+getIPSetResponse_status = Lens.lens (\GetIPSetResponse' {status} -> status) (\s@GetIPSetResponse' {} a -> s {status = a} :: GetIPSetResponse)
+
+instance Prelude.NFData GetIPSetResponse where
+  rnf GetIPSetResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf format
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/GetInvitationsCount.hs b/gen/Amazonka/GuardDuty/GetInvitationsCount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetInvitationsCount.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetInvitationsCount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the count of all GuardDuty membership invitations that were sent
+-- to the current member account except the currently accepted invitation.
+module Amazonka.GuardDuty.GetInvitationsCount
+  ( -- * Creating a Request
+    GetInvitationsCount (..),
+    newGetInvitationsCount,
+
+    -- * Destructuring the Response
+    GetInvitationsCountResponse (..),
+    newGetInvitationsCountResponse,
+
+    -- * Response Lenses
+    getInvitationsCountResponse_invitationsCount,
+    getInvitationsCountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetInvitationsCount' smart constructor.
+data GetInvitationsCount = GetInvitationsCount'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInvitationsCount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newGetInvitationsCount ::
+  GetInvitationsCount
+newGetInvitationsCount = GetInvitationsCount'
+
+instance Core.AWSRequest GetInvitationsCount where
+  type
+    AWSResponse GetInvitationsCount =
+      GetInvitationsCountResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetInvitationsCountResponse'
+            Prelude.<$> (x Data..?> "invitationsCount")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetInvitationsCount where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData GetInvitationsCount where
+  rnf _ = ()
+
+instance Data.ToHeaders GetInvitationsCount where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetInvitationsCount where
+  toPath = Prelude.const "/invitation/count"
+
+instance Data.ToQuery GetInvitationsCount where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetInvitationsCountResponse' smart constructor.
+data GetInvitationsCountResponse = GetInvitationsCountResponse'
+  { -- | The number of received invitations.
+    invitationsCount :: Prelude.Maybe Prelude.Int,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInvitationsCountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'invitationsCount', 'getInvitationsCountResponse_invitationsCount' - The number of received invitations.
+--
+-- 'httpStatus', 'getInvitationsCountResponse_httpStatus' - The response's http status code.
+newGetInvitationsCountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetInvitationsCountResponse
+newGetInvitationsCountResponse pHttpStatus_ =
+  GetInvitationsCountResponse'
+    { invitationsCount =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The number of received invitations.
+getInvitationsCountResponse_invitationsCount :: Lens.Lens' GetInvitationsCountResponse (Prelude.Maybe Prelude.Int)
+getInvitationsCountResponse_invitationsCount = Lens.lens (\GetInvitationsCountResponse' {invitationsCount} -> invitationsCount) (\s@GetInvitationsCountResponse' {} a -> s {invitationsCount = a} :: GetInvitationsCountResponse)
+
+-- | The response's http status code.
+getInvitationsCountResponse_httpStatus :: Lens.Lens' GetInvitationsCountResponse Prelude.Int
+getInvitationsCountResponse_httpStatus = Lens.lens (\GetInvitationsCountResponse' {httpStatus} -> httpStatus) (\s@GetInvitationsCountResponse' {} a -> s {httpStatus = a} :: GetInvitationsCountResponse)
+
+instance Prelude.NFData GetInvitationsCountResponse where
+  rnf GetInvitationsCountResponse' {..} =
+    Prelude.rnf invitationsCount
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/GetMalwareScanSettings.hs b/gen/Amazonka/GuardDuty/GetMalwareScanSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetMalwareScanSettings.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetMalwareScanSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the details of the malware scan settings.
+module Amazonka.GuardDuty.GetMalwareScanSettings
+  ( -- * Creating a Request
+    GetMalwareScanSettings (..),
+    newGetMalwareScanSettings,
+
+    -- * Request Lenses
+    getMalwareScanSettings_detectorId,
+
+    -- * Destructuring the Response
+    GetMalwareScanSettingsResponse (..),
+    newGetMalwareScanSettingsResponse,
+
+    -- * Response Lenses
+    getMalwareScanSettingsResponse_ebsSnapshotPreservation,
+    getMalwareScanSettingsResponse_scanResourceCriteria,
+    getMalwareScanSettingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetMalwareScanSettings' smart constructor.
+data GetMalwareScanSettings = GetMalwareScanSettings'
+  { -- | The unique ID of the detector that the scan setting is associated with.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMalwareScanSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getMalwareScanSettings_detectorId' - The unique ID of the detector that the scan setting is associated with.
+newGetMalwareScanSettings ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  GetMalwareScanSettings
+newGetMalwareScanSettings pDetectorId_ =
+  GetMalwareScanSettings' {detectorId = pDetectorId_}
+
+-- | The unique ID of the detector that the scan setting is associated with.
+getMalwareScanSettings_detectorId :: Lens.Lens' GetMalwareScanSettings Prelude.Text
+getMalwareScanSettings_detectorId = Lens.lens (\GetMalwareScanSettings' {detectorId} -> detectorId) (\s@GetMalwareScanSettings' {} a -> s {detectorId = a} :: GetMalwareScanSettings)
+
+instance Core.AWSRequest GetMalwareScanSettings where
+  type
+    AWSResponse GetMalwareScanSettings =
+      GetMalwareScanSettingsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetMalwareScanSettingsResponse'
+            Prelude.<$> (x Data..?> "ebsSnapshotPreservation")
+            Prelude.<*> (x Data..?> "scanResourceCriteria")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetMalwareScanSettings where
+  hashWithSalt _salt GetMalwareScanSettings' {..} =
+    _salt `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData GetMalwareScanSettings where
+  rnf GetMalwareScanSettings' {..} =
+    Prelude.rnf detectorId
+
+instance Data.ToHeaders GetMalwareScanSettings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetMalwareScanSettings where
+  toPath GetMalwareScanSettings' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/malware-scan-settings"
+      ]
+
+instance Data.ToQuery GetMalwareScanSettings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetMalwareScanSettingsResponse' smart constructor.
+data GetMalwareScanSettingsResponse = GetMalwareScanSettingsResponse'
+  { -- | An enum value representing possible snapshot preservation settings.
+    ebsSnapshotPreservation :: Prelude.Maybe EbsSnapshotPreservation,
+    -- | Represents the criteria to be used in the filter for scanning resources.
+    scanResourceCriteria :: Prelude.Maybe ScanResourceCriteria,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMalwareScanSettingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ebsSnapshotPreservation', 'getMalwareScanSettingsResponse_ebsSnapshotPreservation' - An enum value representing possible snapshot preservation settings.
+--
+-- 'scanResourceCriteria', 'getMalwareScanSettingsResponse_scanResourceCriteria' - Represents the criteria to be used in the filter for scanning resources.
+--
+-- 'httpStatus', 'getMalwareScanSettingsResponse_httpStatus' - The response's http status code.
+newGetMalwareScanSettingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetMalwareScanSettingsResponse
+newGetMalwareScanSettingsResponse pHttpStatus_ =
+  GetMalwareScanSettingsResponse'
+    { ebsSnapshotPreservation =
+        Prelude.Nothing,
+      scanResourceCriteria = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | An enum value representing possible snapshot preservation settings.
+getMalwareScanSettingsResponse_ebsSnapshotPreservation :: Lens.Lens' GetMalwareScanSettingsResponse (Prelude.Maybe EbsSnapshotPreservation)
+getMalwareScanSettingsResponse_ebsSnapshotPreservation = Lens.lens (\GetMalwareScanSettingsResponse' {ebsSnapshotPreservation} -> ebsSnapshotPreservation) (\s@GetMalwareScanSettingsResponse' {} a -> s {ebsSnapshotPreservation = a} :: GetMalwareScanSettingsResponse)
+
+-- | Represents the criteria to be used in the filter for scanning resources.
+getMalwareScanSettingsResponse_scanResourceCriteria :: Lens.Lens' GetMalwareScanSettingsResponse (Prelude.Maybe ScanResourceCriteria)
+getMalwareScanSettingsResponse_scanResourceCriteria = Lens.lens (\GetMalwareScanSettingsResponse' {scanResourceCriteria} -> scanResourceCriteria) (\s@GetMalwareScanSettingsResponse' {} a -> s {scanResourceCriteria = a} :: GetMalwareScanSettingsResponse)
+
+-- | The response's http status code.
+getMalwareScanSettingsResponse_httpStatus :: Lens.Lens' GetMalwareScanSettingsResponse Prelude.Int
+getMalwareScanSettingsResponse_httpStatus = Lens.lens (\GetMalwareScanSettingsResponse' {httpStatus} -> httpStatus) (\s@GetMalwareScanSettingsResponse' {} a -> s {httpStatus = a} :: GetMalwareScanSettingsResponse)
+
+instance
+  Prelude.NFData
+    GetMalwareScanSettingsResponse
+  where
+  rnf GetMalwareScanSettingsResponse' {..} =
+    Prelude.rnf ebsSnapshotPreservation
+      `Prelude.seq` Prelude.rnf scanResourceCriteria
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/GetMemberDetectors.hs b/gen/Amazonka/GuardDuty/GetMemberDetectors.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetMemberDetectors.hs
@@ -0,0 +1,215 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetMemberDetectors
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Describes which data sources are enabled for the member account\'s
+-- detector.
+module Amazonka.GuardDuty.GetMemberDetectors
+  ( -- * Creating a Request
+    GetMemberDetectors (..),
+    newGetMemberDetectors,
+
+    -- * Request Lenses
+    getMemberDetectors_detectorId,
+    getMemberDetectors_accountIds,
+
+    -- * Destructuring the Response
+    GetMemberDetectorsResponse (..),
+    newGetMemberDetectorsResponse,
+
+    -- * Response Lenses
+    getMemberDetectorsResponse_httpStatus,
+    getMemberDetectorsResponse_memberDataSourceConfigurations,
+    getMemberDetectorsResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetMemberDetectors' smart constructor.
+data GetMemberDetectors = GetMemberDetectors'
+  { -- | The detector ID for the administrator account.
+    detectorId :: Prelude.Text,
+    -- | The account ID of the member account.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMemberDetectors' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getMemberDetectors_detectorId' - The detector ID for the administrator account.
+--
+-- 'accountIds', 'getMemberDetectors_accountIds' - The account ID of the member account.
+newGetMemberDetectors ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  GetMemberDetectors
+newGetMemberDetectors pDetectorId_ pAccountIds_ =
+  GetMemberDetectors'
+    { detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | The detector ID for the administrator account.
+getMemberDetectors_detectorId :: Lens.Lens' GetMemberDetectors Prelude.Text
+getMemberDetectors_detectorId = Lens.lens (\GetMemberDetectors' {detectorId} -> detectorId) (\s@GetMemberDetectors' {} a -> s {detectorId = a} :: GetMemberDetectors)
+
+-- | The account ID of the member account.
+getMemberDetectors_accountIds :: Lens.Lens' GetMemberDetectors (Prelude.NonEmpty Prelude.Text)
+getMemberDetectors_accountIds = Lens.lens (\GetMemberDetectors' {accountIds} -> accountIds) (\s@GetMemberDetectors' {} a -> s {accountIds = a} :: GetMemberDetectors) Prelude.. Lens.coerced
+
+instance Core.AWSRequest GetMemberDetectors where
+  type
+    AWSResponse GetMemberDetectors =
+      GetMemberDetectorsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetMemberDetectorsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "members")
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable GetMemberDetectors where
+  hashWithSalt _salt GetMemberDetectors' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData GetMemberDetectors where
+  rnf GetMemberDetectors' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders GetMemberDetectors where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetMemberDetectors where
+  toJSON GetMemberDetectors' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath GetMemberDetectors where
+  toPath GetMemberDetectors' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/member/detector/get"
+      ]
+
+instance Data.ToQuery GetMemberDetectors where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetMemberDetectorsResponse' smart constructor.
+data GetMemberDetectorsResponse = GetMemberDetectorsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | An object that describes which data sources are enabled for a member
+    -- account.
+    memberDataSourceConfigurations :: Prelude.NonEmpty MemberDataSourceConfiguration,
+    -- | A list of member account IDs that were unable to be processed along with
+    -- an explanation for why they were not processed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMemberDetectorsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getMemberDetectorsResponse_httpStatus' - The response's http status code.
+--
+-- 'memberDataSourceConfigurations', 'getMemberDetectorsResponse_memberDataSourceConfigurations' - An object that describes which data sources are enabled for a member
+-- account.
+--
+-- 'unprocessedAccounts', 'getMemberDetectorsResponse_unprocessedAccounts' - A list of member account IDs that were unable to be processed along with
+-- an explanation for why they were not processed.
+newGetMemberDetectorsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'memberDataSourceConfigurations'
+  Prelude.NonEmpty MemberDataSourceConfiguration ->
+  GetMemberDetectorsResponse
+newGetMemberDetectorsResponse
+  pHttpStatus_
+  pMemberDataSourceConfigurations_ =
+    GetMemberDetectorsResponse'
+      { httpStatus =
+          pHttpStatus_,
+        memberDataSourceConfigurations =
+          Lens.coerced
+            Lens.# pMemberDataSourceConfigurations_,
+        unprocessedAccounts = Prelude.mempty
+      }
+
+-- | The response's http status code.
+getMemberDetectorsResponse_httpStatus :: Lens.Lens' GetMemberDetectorsResponse Prelude.Int
+getMemberDetectorsResponse_httpStatus = Lens.lens (\GetMemberDetectorsResponse' {httpStatus} -> httpStatus) (\s@GetMemberDetectorsResponse' {} a -> s {httpStatus = a} :: GetMemberDetectorsResponse)
+
+-- | An object that describes which data sources are enabled for a member
+-- account.
+getMemberDetectorsResponse_memberDataSourceConfigurations :: Lens.Lens' GetMemberDetectorsResponse (Prelude.NonEmpty MemberDataSourceConfiguration)
+getMemberDetectorsResponse_memberDataSourceConfigurations = Lens.lens (\GetMemberDetectorsResponse' {memberDataSourceConfigurations} -> memberDataSourceConfigurations) (\s@GetMemberDetectorsResponse' {} a -> s {memberDataSourceConfigurations = a} :: GetMemberDetectorsResponse) Prelude.. Lens.coerced
+
+-- | A list of member account IDs that were unable to be processed along with
+-- an explanation for why they were not processed.
+getMemberDetectorsResponse_unprocessedAccounts :: Lens.Lens' GetMemberDetectorsResponse [UnprocessedAccount]
+getMemberDetectorsResponse_unprocessedAccounts = Lens.lens (\GetMemberDetectorsResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@GetMemberDetectorsResponse' {} a -> s {unprocessedAccounts = a} :: GetMemberDetectorsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData GetMemberDetectorsResponse where
+  rnf GetMemberDetectorsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf memberDataSourceConfigurations
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/GetMembers.hs b/gen/Amazonka/GuardDuty/GetMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetMembers.hs
@@ -0,0 +1,206 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves GuardDuty member accounts (of the current GuardDuty
+-- administrator account) specified by the account IDs.
+module Amazonka.GuardDuty.GetMembers
+  ( -- * Creating a Request
+    GetMembers (..),
+    newGetMembers,
+
+    -- * Request Lenses
+    getMembers_detectorId,
+    getMembers_accountIds,
+
+    -- * Destructuring the Response
+    GetMembersResponse (..),
+    newGetMembersResponse,
+
+    -- * Response Lenses
+    getMembersResponse_httpStatus,
+    getMembersResponse_members,
+    getMembersResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetMembers' smart constructor.
+data GetMembers = GetMembers'
+  { -- | The unique ID of the detector of the GuardDuty account whose members you
+    -- want to retrieve.
+    detectorId :: Prelude.Text,
+    -- | A list of account IDs of the GuardDuty member accounts that you want to
+    -- describe.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getMembers_detectorId' - The unique ID of the detector of the GuardDuty account whose members you
+-- want to retrieve.
+--
+-- 'accountIds', 'getMembers_accountIds' - A list of account IDs of the GuardDuty member accounts that you want to
+-- describe.
+newGetMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  GetMembers
+newGetMembers pDetectorId_ pAccountIds_ =
+  GetMembers'
+    { detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | The unique ID of the detector of the GuardDuty account whose members you
+-- want to retrieve.
+getMembers_detectorId :: Lens.Lens' GetMembers Prelude.Text
+getMembers_detectorId = Lens.lens (\GetMembers' {detectorId} -> detectorId) (\s@GetMembers' {} a -> s {detectorId = a} :: GetMembers)
+
+-- | A list of account IDs of the GuardDuty member accounts that you want to
+-- describe.
+getMembers_accountIds :: Lens.Lens' GetMembers (Prelude.NonEmpty Prelude.Text)
+getMembers_accountIds = Lens.lens (\GetMembers' {accountIds} -> accountIds) (\s@GetMembers' {} a -> s {accountIds = a} :: GetMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest GetMembers where
+  type AWSResponse GetMembers = GetMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "members" Core..!@ Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable GetMembers where
+  hashWithSalt _salt GetMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData GetMembers where
+  rnf GetMembers' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders GetMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetMembers where
+  toJSON GetMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath GetMembers where
+  toPath GetMembers' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/member/get"]
+
+instance Data.ToQuery GetMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetMembersResponse' smart constructor.
+data GetMembersResponse = GetMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of members.
+    members :: [Member],
+    -- | A list of objects that contain the unprocessed account and a result
+    -- string that explains why it was unprocessed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getMembersResponse_httpStatus' - The response's http status code.
+--
+-- 'members', 'getMembersResponse_members' - A list of members.
+--
+-- 'unprocessedAccounts', 'getMembersResponse_unprocessedAccounts' - A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+newGetMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetMembersResponse
+newGetMembersResponse pHttpStatus_ =
+  GetMembersResponse'
+    { httpStatus = pHttpStatus_,
+      members = Prelude.mempty,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+getMembersResponse_httpStatus :: Lens.Lens' GetMembersResponse Prelude.Int
+getMembersResponse_httpStatus = Lens.lens (\GetMembersResponse' {httpStatus} -> httpStatus) (\s@GetMembersResponse' {} a -> s {httpStatus = a} :: GetMembersResponse)
+
+-- | A list of members.
+getMembersResponse_members :: Lens.Lens' GetMembersResponse [Member]
+getMembersResponse_members = Lens.lens (\GetMembersResponse' {members} -> members) (\s@GetMembersResponse' {} a -> s {members = a} :: GetMembersResponse) Prelude.. Lens.coerced
+
+-- | A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+getMembersResponse_unprocessedAccounts :: Lens.Lens' GetMembersResponse [UnprocessedAccount]
+getMembersResponse_unprocessedAccounts = Lens.lens (\GetMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@GetMembersResponse' {} a -> s {unprocessedAccounts = a} :: GetMembersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData GetMembersResponse where
+  rnf GetMembersResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf members
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/GetRemainingFreeTrialDays.hs b/gen/Amazonka/GuardDuty/GetRemainingFreeTrialDays.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetRemainingFreeTrialDays.hs
@@ -0,0 +1,211 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetRemainingFreeTrialDays
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Provides the number of days left for each data source used in the free
+-- trial period.
+module Amazonka.GuardDuty.GetRemainingFreeTrialDays
+  ( -- * Creating a Request
+    GetRemainingFreeTrialDays (..),
+    newGetRemainingFreeTrialDays,
+
+    -- * Request Lenses
+    getRemainingFreeTrialDays_accountIds,
+    getRemainingFreeTrialDays_detectorId,
+
+    -- * Destructuring the Response
+    GetRemainingFreeTrialDaysResponse (..),
+    newGetRemainingFreeTrialDaysResponse,
+
+    -- * Response Lenses
+    getRemainingFreeTrialDaysResponse_accounts,
+    getRemainingFreeTrialDaysResponse_unprocessedAccounts,
+    getRemainingFreeTrialDaysResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetRemainingFreeTrialDays' smart constructor.
+data GetRemainingFreeTrialDays = GetRemainingFreeTrialDays'
+  { -- | A list of account identifiers of the GuardDuty member account.
+    accountIds :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The unique ID of the detector of the GuardDuty member account.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRemainingFreeTrialDays' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'getRemainingFreeTrialDays_accountIds' - A list of account identifiers of the GuardDuty member account.
+--
+-- 'detectorId', 'getRemainingFreeTrialDays_detectorId' - The unique ID of the detector of the GuardDuty member account.
+newGetRemainingFreeTrialDays ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  GetRemainingFreeTrialDays
+newGetRemainingFreeTrialDays pDetectorId_ =
+  GetRemainingFreeTrialDays'
+    { accountIds =
+        Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | A list of account identifiers of the GuardDuty member account.
+getRemainingFreeTrialDays_accountIds :: Lens.Lens' GetRemainingFreeTrialDays (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+getRemainingFreeTrialDays_accountIds = Lens.lens (\GetRemainingFreeTrialDays' {accountIds} -> accountIds) (\s@GetRemainingFreeTrialDays' {} a -> s {accountIds = a} :: GetRemainingFreeTrialDays) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique ID of the detector of the GuardDuty member account.
+getRemainingFreeTrialDays_detectorId :: Lens.Lens' GetRemainingFreeTrialDays Prelude.Text
+getRemainingFreeTrialDays_detectorId = Lens.lens (\GetRemainingFreeTrialDays' {detectorId} -> detectorId) (\s@GetRemainingFreeTrialDays' {} a -> s {detectorId = a} :: GetRemainingFreeTrialDays)
+
+instance Core.AWSRequest GetRemainingFreeTrialDays where
+  type
+    AWSResponse GetRemainingFreeTrialDays =
+      GetRemainingFreeTrialDaysResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetRemainingFreeTrialDaysResponse'
+            Prelude.<$> (x Data..?> "accounts" Core..!@ Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetRemainingFreeTrialDays where
+  hashWithSalt _salt GetRemainingFreeTrialDays' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountIds
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData GetRemainingFreeTrialDays where
+  rnf GetRemainingFreeTrialDays' {..} =
+    Prelude.rnf accountIds
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders GetRemainingFreeTrialDays where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetRemainingFreeTrialDays where
+  toJSON GetRemainingFreeTrialDays' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("accountIds" Data..=) Prelude.<$> accountIds]
+      )
+
+instance Data.ToPath GetRemainingFreeTrialDays where
+  toPath GetRemainingFreeTrialDays' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/freeTrial/daysRemaining"
+      ]
+
+instance Data.ToQuery GetRemainingFreeTrialDays where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetRemainingFreeTrialDaysResponse' smart constructor.
+data GetRemainingFreeTrialDaysResponse = GetRemainingFreeTrialDaysResponse'
+  { -- | The member accounts which were included in a request and were processed
+    -- successfully.
+    accounts :: Prelude.Maybe [AccountFreeTrialInfo],
+    -- | The member account that was included in a request but for which the
+    -- request could not be processed.
+    unprocessedAccounts :: Prelude.Maybe [UnprocessedAccount],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRemainingFreeTrialDaysResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accounts', 'getRemainingFreeTrialDaysResponse_accounts' - The member accounts which were included in a request and were processed
+-- successfully.
+--
+-- 'unprocessedAccounts', 'getRemainingFreeTrialDaysResponse_unprocessedAccounts' - The member account that was included in a request but for which the
+-- request could not be processed.
+--
+-- 'httpStatus', 'getRemainingFreeTrialDaysResponse_httpStatus' - The response's http status code.
+newGetRemainingFreeTrialDaysResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetRemainingFreeTrialDaysResponse
+newGetRemainingFreeTrialDaysResponse pHttpStatus_ =
+  GetRemainingFreeTrialDaysResponse'
+    { accounts =
+        Prelude.Nothing,
+      unprocessedAccounts = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The member accounts which were included in a request and were processed
+-- successfully.
+getRemainingFreeTrialDaysResponse_accounts :: Lens.Lens' GetRemainingFreeTrialDaysResponse (Prelude.Maybe [AccountFreeTrialInfo])
+getRemainingFreeTrialDaysResponse_accounts = Lens.lens (\GetRemainingFreeTrialDaysResponse' {accounts} -> accounts) (\s@GetRemainingFreeTrialDaysResponse' {} a -> s {accounts = a} :: GetRemainingFreeTrialDaysResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The member account that was included in a request but for which the
+-- request could not be processed.
+getRemainingFreeTrialDaysResponse_unprocessedAccounts :: Lens.Lens' GetRemainingFreeTrialDaysResponse (Prelude.Maybe [UnprocessedAccount])
+getRemainingFreeTrialDaysResponse_unprocessedAccounts = Lens.lens (\GetRemainingFreeTrialDaysResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@GetRemainingFreeTrialDaysResponse' {} a -> s {unprocessedAccounts = a} :: GetRemainingFreeTrialDaysResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+getRemainingFreeTrialDaysResponse_httpStatus :: Lens.Lens' GetRemainingFreeTrialDaysResponse Prelude.Int
+getRemainingFreeTrialDaysResponse_httpStatus = Lens.lens (\GetRemainingFreeTrialDaysResponse' {httpStatus} -> httpStatus) (\s@GetRemainingFreeTrialDaysResponse' {} a -> s {httpStatus = a} :: GetRemainingFreeTrialDaysResponse)
+
+instance
+  Prelude.NFData
+    GetRemainingFreeTrialDaysResponse
+  where
+  rnf GetRemainingFreeTrialDaysResponse' {..} =
+    Prelude.rnf accounts
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/GetThreatIntelSet.hs b/gen/Amazonka/GuardDuty/GetThreatIntelSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetThreatIntelSet.hs
@@ -0,0 +1,250 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetThreatIntelSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
+module Amazonka.GuardDuty.GetThreatIntelSet
+  ( -- * Creating a Request
+    GetThreatIntelSet (..),
+    newGetThreatIntelSet,
+
+    -- * Request Lenses
+    getThreatIntelSet_detectorId,
+    getThreatIntelSet_threatIntelSetId,
+
+    -- * Destructuring the Response
+    GetThreatIntelSetResponse (..),
+    newGetThreatIntelSetResponse,
+
+    -- * Response Lenses
+    getThreatIntelSetResponse_tags,
+    getThreatIntelSetResponse_httpStatus,
+    getThreatIntelSetResponse_name,
+    getThreatIntelSetResponse_format,
+    getThreatIntelSetResponse_location,
+    getThreatIntelSetResponse_status,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetThreatIntelSet' smart constructor.
+data GetThreatIntelSet = GetThreatIntelSet'
+  { -- | The unique ID of the detector that the threatIntelSet is associated
+    -- with.
+    detectorId :: Prelude.Text,
+    -- | The unique ID of the threatIntelSet that you want to get.
+    threatIntelSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetThreatIntelSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'getThreatIntelSet_detectorId' - The unique ID of the detector that the threatIntelSet is associated
+-- with.
+--
+-- 'threatIntelSetId', 'getThreatIntelSet_threatIntelSetId' - The unique ID of the threatIntelSet that you want to get.
+newGetThreatIntelSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'threatIntelSetId'
+  Prelude.Text ->
+  GetThreatIntelSet
+newGetThreatIntelSet pDetectorId_ pThreatIntelSetId_ =
+  GetThreatIntelSet'
+    { detectorId = pDetectorId_,
+      threatIntelSetId = pThreatIntelSetId_
+    }
+
+-- | The unique ID of the detector that the threatIntelSet is associated
+-- with.
+getThreatIntelSet_detectorId :: Lens.Lens' GetThreatIntelSet Prelude.Text
+getThreatIntelSet_detectorId = Lens.lens (\GetThreatIntelSet' {detectorId} -> detectorId) (\s@GetThreatIntelSet' {} a -> s {detectorId = a} :: GetThreatIntelSet)
+
+-- | The unique ID of the threatIntelSet that you want to get.
+getThreatIntelSet_threatIntelSetId :: Lens.Lens' GetThreatIntelSet Prelude.Text
+getThreatIntelSet_threatIntelSetId = Lens.lens (\GetThreatIntelSet' {threatIntelSetId} -> threatIntelSetId) (\s@GetThreatIntelSet' {} a -> s {threatIntelSetId = a} :: GetThreatIntelSet)
+
+instance Core.AWSRequest GetThreatIntelSet where
+  type
+    AWSResponse GetThreatIntelSet =
+      GetThreatIntelSetResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetThreatIntelSetResponse'
+            Prelude.<$> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "name")
+            Prelude.<*> (x Data..:> "format")
+            Prelude.<*> (x Data..:> "location")
+            Prelude.<*> (x Data..:> "status")
+      )
+
+instance Prelude.Hashable GetThreatIntelSet where
+  hashWithSalt _salt GetThreatIntelSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` threatIntelSetId
+
+instance Prelude.NFData GetThreatIntelSet where
+  rnf GetThreatIntelSet' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf threatIntelSetId
+
+instance Data.ToHeaders GetThreatIntelSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetThreatIntelSet where
+  toPath GetThreatIntelSet' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/threatintelset/",
+        Data.toBS threatIntelSetId
+      ]
+
+instance Data.ToQuery GetThreatIntelSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetThreatIntelSetResponse' smart constructor.
+data GetThreatIntelSetResponse = GetThreatIntelSetResponse'
+  { -- | The tags of the threat list resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A user-friendly ThreatIntelSet name displayed in all findings that are
+    -- generated by activity that involves IP addresses included in this
+    -- ThreatIntelSet.
+    name :: Prelude.Text,
+    -- | The format of the threatIntelSet.
+    format :: ThreatIntelSetFormat,
+    -- | The URI of the file that contains the ThreatIntelSet.
+    location :: Prelude.Text,
+    -- | The status of threatIntelSet file uploaded.
+    status :: ThreatIntelSetStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetThreatIntelSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'getThreatIntelSetResponse_tags' - The tags of the threat list resource.
+--
+-- 'httpStatus', 'getThreatIntelSetResponse_httpStatus' - The response's http status code.
+--
+-- 'name', 'getThreatIntelSetResponse_name' - A user-friendly ThreatIntelSet name displayed in all findings that are
+-- generated by activity that involves IP addresses included in this
+-- ThreatIntelSet.
+--
+-- 'format', 'getThreatIntelSetResponse_format' - The format of the threatIntelSet.
+--
+-- 'location', 'getThreatIntelSetResponse_location' - The URI of the file that contains the ThreatIntelSet.
+--
+-- 'status', 'getThreatIntelSetResponse_status' - The status of threatIntelSet file uploaded.
+newGetThreatIntelSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'format'
+  ThreatIntelSetFormat ->
+  -- | 'location'
+  Prelude.Text ->
+  -- | 'status'
+  ThreatIntelSetStatus ->
+  GetThreatIntelSetResponse
+newGetThreatIntelSetResponse
+  pHttpStatus_
+  pName_
+  pFormat_
+  pLocation_
+  pStatus_ =
+    GetThreatIntelSetResponse'
+      { tags = Prelude.Nothing,
+        httpStatus = pHttpStatus_,
+        name = pName_,
+        format = pFormat_,
+        location = pLocation_,
+        status = pStatus_
+      }
+
+-- | The tags of the threat list resource.
+getThreatIntelSetResponse_tags :: Lens.Lens' GetThreatIntelSetResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+getThreatIntelSetResponse_tags = Lens.lens (\GetThreatIntelSetResponse' {tags} -> tags) (\s@GetThreatIntelSetResponse' {} a -> s {tags = a} :: GetThreatIntelSetResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+getThreatIntelSetResponse_httpStatus :: Lens.Lens' GetThreatIntelSetResponse Prelude.Int
+getThreatIntelSetResponse_httpStatus = Lens.lens (\GetThreatIntelSetResponse' {httpStatus} -> httpStatus) (\s@GetThreatIntelSetResponse' {} a -> s {httpStatus = a} :: GetThreatIntelSetResponse)
+
+-- | A user-friendly ThreatIntelSet name displayed in all findings that are
+-- generated by activity that involves IP addresses included in this
+-- ThreatIntelSet.
+getThreatIntelSetResponse_name :: Lens.Lens' GetThreatIntelSetResponse Prelude.Text
+getThreatIntelSetResponse_name = Lens.lens (\GetThreatIntelSetResponse' {name} -> name) (\s@GetThreatIntelSetResponse' {} a -> s {name = a} :: GetThreatIntelSetResponse)
+
+-- | The format of the threatIntelSet.
+getThreatIntelSetResponse_format :: Lens.Lens' GetThreatIntelSetResponse ThreatIntelSetFormat
+getThreatIntelSetResponse_format = Lens.lens (\GetThreatIntelSetResponse' {format} -> format) (\s@GetThreatIntelSetResponse' {} a -> s {format = a} :: GetThreatIntelSetResponse)
+
+-- | The URI of the file that contains the ThreatIntelSet.
+getThreatIntelSetResponse_location :: Lens.Lens' GetThreatIntelSetResponse Prelude.Text
+getThreatIntelSetResponse_location = Lens.lens (\GetThreatIntelSetResponse' {location} -> location) (\s@GetThreatIntelSetResponse' {} a -> s {location = a} :: GetThreatIntelSetResponse)
+
+-- | The status of threatIntelSet file uploaded.
+getThreatIntelSetResponse_status :: Lens.Lens' GetThreatIntelSetResponse ThreatIntelSetStatus
+getThreatIntelSetResponse_status = Lens.lens (\GetThreatIntelSetResponse' {status} -> status) (\s@GetThreatIntelSetResponse' {} a -> s {status = a} :: GetThreatIntelSetResponse)
+
+instance Prelude.NFData GetThreatIntelSetResponse where
+  rnf GetThreatIntelSetResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf format
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/GetUsageStatistics.hs b/gen/Amazonka/GuardDuty/GetUsageStatistics.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/GetUsageStatistics.hs
@@ -0,0 +1,285 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.GetUsageStatistics
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists Amazon GuardDuty usage statistics over the last 30 days for the
+-- specified detector ID. For newly enabled detectors or data sources, the
+-- cost returned will include only the usage so far under 30 days. This may
+-- differ from the cost metrics in the console, which project usage over 30
+-- days to provide a monthly cost estimate. For more information, see
+-- <https://docs.aws.amazon.com/guardduty/latest/ug/monitoring_costs.html#usage-calculations Understanding How Usage Costs are Calculated>.
+module Amazonka.GuardDuty.GetUsageStatistics
+  ( -- * Creating a Request
+    GetUsageStatistics (..),
+    newGetUsageStatistics,
+
+    -- * Request Lenses
+    getUsageStatistics_maxResults,
+    getUsageStatistics_nextToken,
+    getUsageStatistics_unit,
+    getUsageStatistics_detectorId,
+    getUsageStatistics_usageStatisticType,
+    getUsageStatistics_usageCriteria,
+
+    -- * Destructuring the Response
+    GetUsageStatisticsResponse (..),
+    newGetUsageStatisticsResponse,
+
+    -- * Response Lenses
+    getUsageStatisticsResponse_nextToken,
+    getUsageStatisticsResponse_usageStatistics,
+    getUsageStatisticsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newGetUsageStatistics' smart constructor.
+data GetUsageStatistics = GetUsageStatistics'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | A token to use for paginating results that are returned in the response.
+    -- Set the value of this parameter to null for the first request to a list
+    -- action. For subsequent calls, use the NextToken value returned from the
+    -- previous request to continue listing results after the first page.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The currency unit you would like to view your usage statistics in.
+    -- Current valid values are USD.
+    unit :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the detector that specifies the GuardDuty service whose usage
+    -- statistics you want to retrieve.
+    detectorId :: Prelude.Text,
+    -- | The type of usage statistics to retrieve.
+    usageStatisticType :: UsageStatisticType,
+    -- | Represents the criteria used for querying usage.
+    usageCriteria :: UsageCriteria
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetUsageStatistics' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'getUsageStatistics_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'getUsageStatistics_nextToken' - A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the NextToken value returned from the
+-- previous request to continue listing results after the first page.
+--
+-- 'unit', 'getUsageStatistics_unit' - The currency unit you would like to view your usage statistics in.
+-- Current valid values are USD.
+--
+-- 'detectorId', 'getUsageStatistics_detectorId' - The ID of the detector that specifies the GuardDuty service whose usage
+-- statistics you want to retrieve.
+--
+-- 'usageStatisticType', 'getUsageStatistics_usageStatisticType' - The type of usage statistics to retrieve.
+--
+-- 'usageCriteria', 'getUsageStatistics_usageCriteria' - Represents the criteria used for querying usage.
+newGetUsageStatistics ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'usageStatisticType'
+  UsageStatisticType ->
+  -- | 'usageCriteria'
+  UsageCriteria ->
+  GetUsageStatistics
+newGetUsageStatistics
+  pDetectorId_
+  pUsageStatisticType_
+  pUsageCriteria_ =
+    GetUsageStatistics'
+      { maxResults = Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        unit = Prelude.Nothing,
+        detectorId = pDetectorId_,
+        usageStatisticType = pUsageStatisticType_,
+        usageCriteria = pUsageCriteria_
+      }
+
+-- | The maximum number of results to return in the response.
+getUsageStatistics_maxResults :: Lens.Lens' GetUsageStatistics (Prelude.Maybe Prelude.Natural)
+getUsageStatistics_maxResults = Lens.lens (\GetUsageStatistics' {maxResults} -> maxResults) (\s@GetUsageStatistics' {} a -> s {maxResults = a} :: GetUsageStatistics)
+
+-- | A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the NextToken value returned from the
+-- previous request to continue listing results after the first page.
+getUsageStatistics_nextToken :: Lens.Lens' GetUsageStatistics (Prelude.Maybe Prelude.Text)
+getUsageStatistics_nextToken = Lens.lens (\GetUsageStatistics' {nextToken} -> nextToken) (\s@GetUsageStatistics' {} a -> s {nextToken = a} :: GetUsageStatistics)
+
+-- | The currency unit you would like to view your usage statistics in.
+-- Current valid values are USD.
+getUsageStatistics_unit :: Lens.Lens' GetUsageStatistics (Prelude.Maybe Prelude.Text)
+getUsageStatistics_unit = Lens.lens (\GetUsageStatistics' {unit} -> unit) (\s@GetUsageStatistics' {} a -> s {unit = a} :: GetUsageStatistics)
+
+-- | The ID of the detector that specifies the GuardDuty service whose usage
+-- statistics you want to retrieve.
+getUsageStatistics_detectorId :: Lens.Lens' GetUsageStatistics Prelude.Text
+getUsageStatistics_detectorId = Lens.lens (\GetUsageStatistics' {detectorId} -> detectorId) (\s@GetUsageStatistics' {} a -> s {detectorId = a} :: GetUsageStatistics)
+
+-- | The type of usage statistics to retrieve.
+getUsageStatistics_usageStatisticType :: Lens.Lens' GetUsageStatistics UsageStatisticType
+getUsageStatistics_usageStatisticType = Lens.lens (\GetUsageStatistics' {usageStatisticType} -> usageStatisticType) (\s@GetUsageStatistics' {} a -> s {usageStatisticType = a} :: GetUsageStatistics)
+
+-- | Represents the criteria used for querying usage.
+getUsageStatistics_usageCriteria :: Lens.Lens' GetUsageStatistics UsageCriteria
+getUsageStatistics_usageCriteria = Lens.lens (\GetUsageStatistics' {usageCriteria} -> usageCriteria) (\s@GetUsageStatistics' {} a -> s {usageCriteria = a} :: GetUsageStatistics)
+
+instance Core.AWSRequest GetUsageStatistics where
+  type
+    AWSResponse GetUsageStatistics =
+      GetUsageStatisticsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetUsageStatisticsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (x Data..?> "usageStatistics")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetUsageStatistics where
+  hashWithSalt _salt GetUsageStatistics' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` unit
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` usageStatisticType
+      `Prelude.hashWithSalt` usageCriteria
+
+instance Prelude.NFData GetUsageStatistics where
+  rnf GetUsageStatistics' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf unit
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf usageStatisticType
+      `Prelude.seq` Prelude.rnf usageCriteria
+
+instance Data.ToHeaders GetUsageStatistics where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetUsageStatistics where
+  toJSON GetUsageStatistics' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("maxResults" Data..=) Prelude.<$> maxResults,
+            ("nextToken" Data..=) Prelude.<$> nextToken,
+            ("unit" Data..=) Prelude.<$> unit,
+            Prelude.Just
+              ("usageStatisticsType" Data..= usageStatisticType),
+            Prelude.Just
+              ("usageCriteria" Data..= usageCriteria)
+          ]
+      )
+
+instance Data.ToPath GetUsageStatistics where
+  toPath GetUsageStatistics' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/usage/statistics"
+      ]
+
+instance Data.ToQuery GetUsageStatistics where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetUsageStatisticsResponse' smart constructor.
+data GetUsageStatisticsResponse = GetUsageStatisticsResponse'
+  { -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The usage statistics object. If a UsageStatisticType was provided, the
+    -- objects representing other types will be null.
+    usageStatistics :: Prelude.Maybe UsageStatistics,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetUsageStatisticsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'getUsageStatisticsResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'usageStatistics', 'getUsageStatisticsResponse_usageStatistics' - The usage statistics object. If a UsageStatisticType was provided, the
+-- objects representing other types will be null.
+--
+-- 'httpStatus', 'getUsageStatisticsResponse_httpStatus' - The response's http status code.
+newGetUsageStatisticsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetUsageStatisticsResponse
+newGetUsageStatisticsResponse pHttpStatus_ =
+  GetUsageStatisticsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      usageStatistics = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+getUsageStatisticsResponse_nextToken :: Lens.Lens' GetUsageStatisticsResponse (Prelude.Maybe Prelude.Text)
+getUsageStatisticsResponse_nextToken = Lens.lens (\GetUsageStatisticsResponse' {nextToken} -> nextToken) (\s@GetUsageStatisticsResponse' {} a -> s {nextToken = a} :: GetUsageStatisticsResponse)
+
+-- | The usage statistics object. If a UsageStatisticType was provided, the
+-- objects representing other types will be null.
+getUsageStatisticsResponse_usageStatistics :: Lens.Lens' GetUsageStatisticsResponse (Prelude.Maybe UsageStatistics)
+getUsageStatisticsResponse_usageStatistics = Lens.lens (\GetUsageStatisticsResponse' {usageStatistics} -> usageStatistics) (\s@GetUsageStatisticsResponse' {} a -> s {usageStatistics = a} :: GetUsageStatisticsResponse)
+
+-- | The response's http status code.
+getUsageStatisticsResponse_httpStatus :: Lens.Lens' GetUsageStatisticsResponse Prelude.Int
+getUsageStatisticsResponse_httpStatus = Lens.lens (\GetUsageStatisticsResponse' {httpStatus} -> httpStatus) (\s@GetUsageStatisticsResponse' {} a -> s {httpStatus = a} :: GetUsageStatisticsResponse)
+
+instance Prelude.NFData GetUsageStatisticsResponse where
+  rnf GetUsageStatisticsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf usageStatistics
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/InviteMembers.hs b/gen/Amazonka/GuardDuty/InviteMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/InviteMembers.hs
@@ -0,0 +1,240 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.InviteMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Invites other Amazon Web Services accounts (created as members of the
+-- current Amazon Web Services account by CreateMembers) to enable
+-- GuardDuty, and allow the current Amazon Web Services account to view and
+-- manage these accounts\' findings on their behalf as the GuardDuty
+-- administrator account.
+module Amazonka.GuardDuty.InviteMembers
+  ( -- * Creating a Request
+    InviteMembers (..),
+    newInviteMembers,
+
+    -- * Request Lenses
+    inviteMembers_disableEmailNotification,
+    inviteMembers_message,
+    inviteMembers_detectorId,
+    inviteMembers_accountIds,
+
+    -- * Destructuring the Response
+    InviteMembersResponse (..),
+    newInviteMembersResponse,
+
+    -- * Response Lenses
+    inviteMembersResponse_httpStatus,
+    inviteMembersResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newInviteMembers' smart constructor.
+data InviteMembers = InviteMembers'
+  { -- | A Boolean value that specifies whether you want to disable email
+    -- notification to the accounts that you are inviting to GuardDuty as
+    -- members.
+    disableEmailNotification :: Prelude.Maybe Prelude.Bool,
+    -- | The invitation message that you want to send to the accounts that
+    -- you\'re inviting to GuardDuty as members.
+    message :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID of the detector of the GuardDuty account that you want to
+    -- invite members with.
+    detectorId :: Prelude.Text,
+    -- | A list of account IDs of the accounts that you want to invite to
+    -- GuardDuty as members.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InviteMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'disableEmailNotification', 'inviteMembers_disableEmailNotification' - A Boolean value that specifies whether you want to disable email
+-- notification to the accounts that you are inviting to GuardDuty as
+-- members.
+--
+-- 'message', 'inviteMembers_message' - The invitation message that you want to send to the accounts that
+-- you\'re inviting to GuardDuty as members.
+--
+-- 'detectorId', 'inviteMembers_detectorId' - The unique ID of the detector of the GuardDuty account that you want to
+-- invite members with.
+--
+-- 'accountIds', 'inviteMembers_accountIds' - A list of account IDs of the accounts that you want to invite to
+-- GuardDuty as members.
+newInviteMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  InviteMembers
+newInviteMembers pDetectorId_ pAccountIds_ =
+  InviteMembers'
+    { disableEmailNotification =
+        Prelude.Nothing,
+      message = Prelude.Nothing,
+      detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | A Boolean value that specifies whether you want to disable email
+-- notification to the accounts that you are inviting to GuardDuty as
+-- members.
+inviteMembers_disableEmailNotification :: Lens.Lens' InviteMembers (Prelude.Maybe Prelude.Bool)
+inviteMembers_disableEmailNotification = Lens.lens (\InviteMembers' {disableEmailNotification} -> disableEmailNotification) (\s@InviteMembers' {} a -> s {disableEmailNotification = a} :: InviteMembers)
+
+-- | The invitation message that you want to send to the accounts that
+-- you\'re inviting to GuardDuty as members.
+inviteMembers_message :: Lens.Lens' InviteMembers (Prelude.Maybe Prelude.Text)
+inviteMembers_message = Lens.lens (\InviteMembers' {message} -> message) (\s@InviteMembers' {} a -> s {message = a} :: InviteMembers)
+
+-- | The unique ID of the detector of the GuardDuty account that you want to
+-- invite members with.
+inviteMembers_detectorId :: Lens.Lens' InviteMembers Prelude.Text
+inviteMembers_detectorId = Lens.lens (\InviteMembers' {detectorId} -> detectorId) (\s@InviteMembers' {} a -> s {detectorId = a} :: InviteMembers)
+
+-- | A list of account IDs of the accounts that you want to invite to
+-- GuardDuty as members.
+inviteMembers_accountIds :: Lens.Lens' InviteMembers (Prelude.NonEmpty Prelude.Text)
+inviteMembers_accountIds = Lens.lens (\InviteMembers' {accountIds} -> accountIds) (\s@InviteMembers' {} a -> s {accountIds = a} :: InviteMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest InviteMembers where
+  type
+    AWSResponse InviteMembers =
+      InviteMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          InviteMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable InviteMembers where
+  hashWithSalt _salt InviteMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` disableEmailNotification
+      `Prelude.hashWithSalt` message
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData InviteMembers where
+  rnf InviteMembers' {..} =
+    Prelude.rnf disableEmailNotification
+      `Prelude.seq` Prelude.rnf message
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders InviteMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON InviteMembers where
+  toJSON InviteMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("disableEmailNotification" Data..=)
+              Prelude.<$> disableEmailNotification,
+            ("message" Data..=) Prelude.<$> message,
+            Prelude.Just ("accountIds" Data..= accountIds)
+          ]
+      )
+
+instance Data.ToPath InviteMembers where
+  toPath InviteMembers' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/member/invite"
+      ]
+
+instance Data.ToQuery InviteMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newInviteMembersResponse' smart constructor.
+data InviteMembersResponse = InviteMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of objects that contain the unprocessed account and a result
+    -- string that explains why it was unprocessed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InviteMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'inviteMembersResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'inviteMembersResponse_unprocessedAccounts' - A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+newInviteMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  InviteMembersResponse
+newInviteMembersResponse pHttpStatus_ =
+  InviteMembersResponse'
+    { httpStatus = pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+inviteMembersResponse_httpStatus :: Lens.Lens' InviteMembersResponse Prelude.Int
+inviteMembersResponse_httpStatus = Lens.lens (\InviteMembersResponse' {httpStatus} -> httpStatus) (\s@InviteMembersResponse' {} a -> s {httpStatus = a} :: InviteMembersResponse)
+
+-- | A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+inviteMembersResponse_unprocessedAccounts :: Lens.Lens' InviteMembersResponse [UnprocessedAccount]
+inviteMembersResponse_unprocessedAccounts = Lens.lens (\InviteMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@InviteMembersResponse' {} a -> s {unprocessedAccounts = a} :: InviteMembersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData InviteMembersResponse where
+  rnf InviteMembersResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/Lens.hs b/gen/Amazonka/GuardDuty/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Lens.hs
@@ -0,0 +1,1298 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Lens
+  ( -- * Operations
+
+    -- ** AcceptAdministratorInvitation
+    acceptAdministratorInvitation_detectorId,
+    acceptAdministratorInvitation_administratorId,
+    acceptAdministratorInvitation_invitationId,
+    acceptAdministratorInvitationResponse_httpStatus,
+
+    -- ** ArchiveFindings
+    archiveFindings_detectorId,
+    archiveFindings_findingIds,
+    archiveFindingsResponse_httpStatus,
+
+    -- ** CreateDetector
+    createDetector_clientToken,
+    createDetector_dataSources,
+    createDetector_findingPublishingFrequency,
+    createDetector_tags,
+    createDetector_enable,
+    createDetectorResponse_detectorId,
+    createDetectorResponse_unprocessedDataSources,
+    createDetectorResponse_httpStatus,
+
+    -- ** CreateFilter
+    createFilter_action,
+    createFilter_clientToken,
+    createFilter_description,
+    createFilter_rank,
+    createFilter_tags,
+    createFilter_detectorId,
+    createFilter_name,
+    createFilter_findingCriteria,
+    createFilterResponse_httpStatus,
+    createFilterResponse_name,
+
+    -- ** CreateIPSet
+    createIPSet_clientToken,
+    createIPSet_tags,
+    createIPSet_detectorId,
+    createIPSet_name,
+    createIPSet_format,
+    createIPSet_location,
+    createIPSet_activate,
+    createIPSetResponse_httpStatus,
+    createIPSetResponse_ipSetId,
+
+    -- ** CreateMembers
+    createMembers_detectorId,
+    createMembers_accountDetails,
+    createMembersResponse_httpStatus,
+    createMembersResponse_unprocessedAccounts,
+
+    -- ** CreatePublishingDestination
+    createPublishingDestination_clientToken,
+    createPublishingDestination_detectorId,
+    createPublishingDestination_destinationType,
+    createPublishingDestination_destinationProperties,
+    createPublishingDestinationResponse_httpStatus,
+    createPublishingDestinationResponse_destinationId,
+
+    -- ** CreateSampleFindings
+    createSampleFindings_findingTypes,
+    createSampleFindings_detectorId,
+    createSampleFindingsResponse_httpStatus,
+
+    -- ** CreateThreatIntelSet
+    createThreatIntelSet_clientToken,
+    createThreatIntelSet_tags,
+    createThreatIntelSet_detectorId,
+    createThreatIntelSet_name,
+    createThreatIntelSet_format,
+    createThreatIntelSet_location,
+    createThreatIntelSet_activate,
+    createThreatIntelSetResponse_httpStatus,
+    createThreatIntelSetResponse_threatIntelSetId,
+
+    -- ** DeclineInvitations
+    declineInvitations_accountIds,
+    declineInvitationsResponse_httpStatus,
+    declineInvitationsResponse_unprocessedAccounts,
+
+    -- ** DeleteDetector
+    deleteDetector_detectorId,
+    deleteDetectorResponse_httpStatus,
+
+    -- ** DeleteFilter
+    deleteFilter_detectorId,
+    deleteFilter_filterName,
+    deleteFilterResponse_httpStatus,
+
+    -- ** DeleteIPSet
+    deleteIPSet_detectorId,
+    deleteIPSet_ipSetId,
+    deleteIPSetResponse_httpStatus,
+
+    -- ** DeleteInvitations
+    deleteInvitations_accountIds,
+    deleteInvitationsResponse_httpStatus,
+    deleteInvitationsResponse_unprocessedAccounts,
+
+    -- ** DeleteMembers
+    deleteMembers_detectorId,
+    deleteMembers_accountIds,
+    deleteMembersResponse_httpStatus,
+    deleteMembersResponse_unprocessedAccounts,
+
+    -- ** DeletePublishingDestination
+    deletePublishingDestination_detectorId,
+    deletePublishingDestination_destinationId,
+    deletePublishingDestinationResponse_httpStatus,
+
+    -- ** DeleteThreatIntelSet
+    deleteThreatIntelSet_detectorId,
+    deleteThreatIntelSet_threatIntelSetId,
+    deleteThreatIntelSetResponse_httpStatus,
+
+    -- ** DescribeMalwareScans
+    describeMalwareScans_filterCriteria,
+    describeMalwareScans_maxResults,
+    describeMalwareScans_nextToken,
+    describeMalwareScans_sortCriteria,
+    describeMalwareScans_detectorId,
+    describeMalwareScansResponse_nextToken,
+    describeMalwareScansResponse_httpStatus,
+    describeMalwareScansResponse_scans,
+
+    -- ** DescribeOrganizationConfiguration
+    describeOrganizationConfiguration_detectorId,
+    describeOrganizationConfigurationResponse_dataSources,
+    describeOrganizationConfigurationResponse_httpStatus,
+    describeOrganizationConfigurationResponse_autoEnable,
+    describeOrganizationConfigurationResponse_memberAccountLimitReached,
+
+    -- ** DescribePublishingDestination
+    describePublishingDestination_detectorId,
+    describePublishingDestination_destinationId,
+    describePublishingDestinationResponse_httpStatus,
+    describePublishingDestinationResponse_destinationId,
+    describePublishingDestinationResponse_destinationType,
+    describePublishingDestinationResponse_status,
+    describePublishingDestinationResponse_publishingFailureStartTimestamp,
+    describePublishingDestinationResponse_destinationProperties,
+
+    -- ** DisableOrganizationAdminAccount
+    disableOrganizationAdminAccount_adminAccountId,
+    disableOrganizationAdminAccountResponse_httpStatus,
+
+    -- ** DisassociateFromAdministratorAccount
+    disassociateFromAdministratorAccount_detectorId,
+    disassociateFromAdministratorAccountResponse_httpStatus,
+
+    -- ** DisassociateMembers
+    disassociateMembers_detectorId,
+    disassociateMembers_accountIds,
+    disassociateMembersResponse_httpStatus,
+    disassociateMembersResponse_unprocessedAccounts,
+
+    -- ** EnableOrganizationAdminAccount
+    enableOrganizationAdminAccount_adminAccountId,
+    enableOrganizationAdminAccountResponse_httpStatus,
+
+    -- ** GetAdministratorAccount
+    getAdministratorAccount_detectorId,
+    getAdministratorAccountResponse_httpStatus,
+    getAdministratorAccountResponse_administrator,
+
+    -- ** GetDetector
+    getDetector_detectorId,
+    getDetectorResponse_createdAt,
+    getDetectorResponse_dataSources,
+    getDetectorResponse_findingPublishingFrequency,
+    getDetectorResponse_tags,
+    getDetectorResponse_updatedAt,
+    getDetectorResponse_httpStatus,
+    getDetectorResponse_serviceRole,
+    getDetectorResponse_status,
+
+    -- ** GetFilter
+    getFilter_detectorId,
+    getFilter_filterName,
+    getFilterResponse_description,
+    getFilterResponse_rank,
+    getFilterResponse_tags,
+    getFilterResponse_httpStatus,
+    getFilterResponse_name,
+    getFilterResponse_action,
+    getFilterResponse_findingCriteria,
+
+    -- ** GetFindings
+    getFindings_sortCriteria,
+    getFindings_detectorId,
+    getFindings_findingIds,
+    getFindingsResponse_httpStatus,
+    getFindingsResponse_findings,
+
+    -- ** GetFindingsStatistics
+    getFindingsStatistics_findingCriteria,
+    getFindingsStatistics_detectorId,
+    getFindingsStatistics_findingStatisticTypes,
+    getFindingsStatisticsResponse_httpStatus,
+    getFindingsStatisticsResponse_findingStatistics,
+
+    -- ** GetIPSet
+    getIPSet_detectorId,
+    getIPSet_ipSetId,
+    getIPSetResponse_tags,
+    getIPSetResponse_httpStatus,
+    getIPSetResponse_name,
+    getIPSetResponse_format,
+    getIPSetResponse_location,
+    getIPSetResponse_status,
+
+    -- ** GetInvitationsCount
+    getInvitationsCountResponse_invitationsCount,
+    getInvitationsCountResponse_httpStatus,
+
+    -- ** GetMalwareScanSettings
+    getMalwareScanSettings_detectorId,
+    getMalwareScanSettingsResponse_ebsSnapshotPreservation,
+    getMalwareScanSettingsResponse_scanResourceCriteria,
+    getMalwareScanSettingsResponse_httpStatus,
+
+    -- ** GetMemberDetectors
+    getMemberDetectors_detectorId,
+    getMemberDetectors_accountIds,
+    getMemberDetectorsResponse_httpStatus,
+    getMemberDetectorsResponse_memberDataSourceConfigurations,
+    getMemberDetectorsResponse_unprocessedAccounts,
+
+    -- ** GetMembers
+    getMembers_detectorId,
+    getMembers_accountIds,
+    getMembersResponse_httpStatus,
+    getMembersResponse_members,
+    getMembersResponse_unprocessedAccounts,
+
+    -- ** GetRemainingFreeTrialDays
+    getRemainingFreeTrialDays_accountIds,
+    getRemainingFreeTrialDays_detectorId,
+    getRemainingFreeTrialDaysResponse_accounts,
+    getRemainingFreeTrialDaysResponse_unprocessedAccounts,
+    getRemainingFreeTrialDaysResponse_httpStatus,
+
+    -- ** GetThreatIntelSet
+    getThreatIntelSet_detectorId,
+    getThreatIntelSet_threatIntelSetId,
+    getThreatIntelSetResponse_tags,
+    getThreatIntelSetResponse_httpStatus,
+    getThreatIntelSetResponse_name,
+    getThreatIntelSetResponse_format,
+    getThreatIntelSetResponse_location,
+    getThreatIntelSetResponse_status,
+
+    -- ** GetUsageStatistics
+    getUsageStatistics_maxResults,
+    getUsageStatistics_nextToken,
+    getUsageStatistics_unit,
+    getUsageStatistics_detectorId,
+    getUsageStatistics_usageStatisticType,
+    getUsageStatistics_usageCriteria,
+    getUsageStatisticsResponse_nextToken,
+    getUsageStatisticsResponse_usageStatistics,
+    getUsageStatisticsResponse_httpStatus,
+
+    -- ** InviteMembers
+    inviteMembers_disableEmailNotification,
+    inviteMembers_message,
+    inviteMembers_detectorId,
+    inviteMembers_accountIds,
+    inviteMembersResponse_httpStatus,
+    inviteMembersResponse_unprocessedAccounts,
+
+    -- ** ListDetectors
+    listDetectors_maxResults,
+    listDetectors_nextToken,
+    listDetectorsResponse_nextToken,
+    listDetectorsResponse_httpStatus,
+    listDetectorsResponse_detectorIds,
+
+    -- ** ListFilters
+    listFilters_maxResults,
+    listFilters_nextToken,
+    listFilters_detectorId,
+    listFiltersResponse_nextToken,
+    listFiltersResponse_httpStatus,
+    listFiltersResponse_filterNames,
+
+    -- ** ListFindings
+    listFindings_findingCriteria,
+    listFindings_maxResults,
+    listFindings_nextToken,
+    listFindings_sortCriteria,
+    listFindings_detectorId,
+    listFindingsResponse_nextToken,
+    listFindingsResponse_httpStatus,
+    listFindingsResponse_findingIds,
+
+    -- ** ListIPSets
+    listIPSets_maxResults,
+    listIPSets_nextToken,
+    listIPSets_detectorId,
+    listIPSetsResponse_nextToken,
+    listIPSetsResponse_httpStatus,
+    listIPSetsResponse_ipSetIds,
+
+    -- ** ListInvitations
+    listInvitations_maxResults,
+    listInvitations_nextToken,
+    listInvitationsResponse_invitations,
+    listInvitationsResponse_nextToken,
+    listInvitationsResponse_httpStatus,
+
+    -- ** ListMembers
+    listMembers_maxResults,
+    listMembers_nextToken,
+    listMembers_onlyAssociated,
+    listMembers_detectorId,
+    listMembersResponse_members,
+    listMembersResponse_nextToken,
+    listMembersResponse_httpStatus,
+
+    -- ** ListOrganizationAdminAccounts
+    listOrganizationAdminAccounts_maxResults,
+    listOrganizationAdminAccounts_nextToken,
+    listOrganizationAdminAccountsResponse_adminAccounts,
+    listOrganizationAdminAccountsResponse_nextToken,
+    listOrganizationAdminAccountsResponse_httpStatus,
+
+    -- ** ListPublishingDestinations
+    listPublishingDestinations_maxResults,
+    listPublishingDestinations_nextToken,
+    listPublishingDestinations_detectorId,
+    listPublishingDestinationsResponse_nextToken,
+    listPublishingDestinationsResponse_httpStatus,
+    listPublishingDestinationsResponse_destinations,
+
+    -- ** ListTagsForResource
+    listTagsForResource_resourceArn,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** ListThreatIntelSets
+    listThreatIntelSets_maxResults,
+    listThreatIntelSets_nextToken,
+    listThreatIntelSets_detectorId,
+    listThreatIntelSetsResponse_nextToken,
+    listThreatIntelSetsResponse_httpStatus,
+    listThreatIntelSetsResponse_threatIntelSetIds,
+
+    -- ** StartMonitoringMembers
+    startMonitoringMembers_detectorId,
+    startMonitoringMembers_accountIds,
+    startMonitoringMembersResponse_httpStatus,
+    startMonitoringMembersResponse_unprocessedAccounts,
+
+    -- ** StopMonitoringMembers
+    stopMonitoringMembers_detectorId,
+    stopMonitoringMembers_accountIds,
+    stopMonitoringMembersResponse_httpStatus,
+    stopMonitoringMembersResponse_unprocessedAccounts,
+
+    -- ** TagResource
+    tagResource_resourceArn,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UnarchiveFindings
+    unarchiveFindings_detectorId,
+    unarchiveFindings_findingIds,
+    unarchiveFindingsResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateDetector
+    updateDetector_dataSources,
+    updateDetector_enable,
+    updateDetector_findingPublishingFrequency,
+    updateDetector_detectorId,
+    updateDetectorResponse_httpStatus,
+
+    -- ** UpdateFilter
+    updateFilter_action,
+    updateFilter_description,
+    updateFilter_findingCriteria,
+    updateFilter_rank,
+    updateFilter_detectorId,
+    updateFilter_filterName,
+    updateFilterResponse_httpStatus,
+    updateFilterResponse_name,
+
+    -- ** UpdateFindingsFeedback
+    updateFindingsFeedback_comments,
+    updateFindingsFeedback_detectorId,
+    updateFindingsFeedback_findingIds,
+    updateFindingsFeedback_feedback,
+    updateFindingsFeedbackResponse_httpStatus,
+
+    -- ** UpdateIPSet
+    updateIPSet_activate,
+    updateIPSet_location,
+    updateIPSet_name,
+    updateIPSet_detectorId,
+    updateIPSet_ipSetId,
+    updateIPSetResponse_httpStatus,
+
+    -- ** UpdateMalwareScanSettings
+    updateMalwareScanSettings_ebsSnapshotPreservation,
+    updateMalwareScanSettings_scanResourceCriteria,
+    updateMalwareScanSettings_detectorId,
+    updateMalwareScanSettingsResponse_httpStatus,
+
+    -- ** UpdateMemberDetectors
+    updateMemberDetectors_dataSources,
+    updateMemberDetectors_detectorId,
+    updateMemberDetectors_accountIds,
+    updateMemberDetectorsResponse_httpStatus,
+    updateMemberDetectorsResponse_unprocessedAccounts,
+
+    -- ** UpdateOrganizationConfiguration
+    updateOrganizationConfiguration_dataSources,
+    updateOrganizationConfiguration_detectorId,
+    updateOrganizationConfiguration_autoEnable,
+    updateOrganizationConfigurationResponse_httpStatus,
+
+    -- ** UpdatePublishingDestination
+    updatePublishingDestination_destinationProperties,
+    updatePublishingDestination_detectorId,
+    updatePublishingDestination_destinationId,
+    updatePublishingDestinationResponse_httpStatus,
+
+    -- ** UpdateThreatIntelSet
+    updateThreatIntelSet_activate,
+    updateThreatIntelSet_location,
+    updateThreatIntelSet_name,
+    updateThreatIntelSet_detectorId,
+    updateThreatIntelSet_threatIntelSetId,
+    updateThreatIntelSetResponse_httpStatus,
+
+    -- * Types
+
+    -- ** AccessControlList
+    accessControlList_allowsPublicReadAccess,
+    accessControlList_allowsPublicWriteAccess,
+
+    -- ** AccessKeyDetails
+    accessKeyDetails_accessKeyId,
+    accessKeyDetails_principalId,
+    accessKeyDetails_userName,
+    accessKeyDetails_userType,
+
+    -- ** AccountDetail
+    accountDetail_accountId,
+    accountDetail_email,
+
+    -- ** AccountFreeTrialInfo
+    accountFreeTrialInfo_accountId,
+    accountFreeTrialInfo_dataSources,
+
+    -- ** AccountLevelPermissions
+    accountLevelPermissions_blockPublicAccess,
+
+    -- ** Action
+    action_actionType,
+    action_awsApiCallAction,
+    action_dnsRequestAction,
+    action_kubernetesApiCallAction,
+    action_networkConnectionAction,
+    action_portProbeAction,
+
+    -- ** AdminAccount
+    adminAccount_adminAccountId,
+    adminAccount_adminStatus,
+
+    -- ** Administrator
+    administrator_accountId,
+    administrator_invitationId,
+    administrator_invitedAt,
+    administrator_relationshipStatus,
+
+    -- ** AwsApiCallAction
+    awsApiCallAction_affectedResources,
+    awsApiCallAction_api,
+    awsApiCallAction_callerType,
+    awsApiCallAction_domainDetails,
+    awsApiCallAction_errorCode,
+    awsApiCallAction_remoteAccountDetails,
+    awsApiCallAction_remoteIpDetails,
+    awsApiCallAction_serviceName,
+    awsApiCallAction_userAgent,
+
+    -- ** BlockPublicAccess
+    blockPublicAccess_blockPublicAcls,
+    blockPublicAccess_blockPublicPolicy,
+    blockPublicAccess_ignorePublicAcls,
+    blockPublicAccess_restrictPublicBuckets,
+
+    -- ** BucketLevelPermissions
+    bucketLevelPermissions_accessControlList,
+    bucketLevelPermissions_blockPublicAccess,
+    bucketLevelPermissions_bucketPolicy,
+
+    -- ** BucketPolicy
+    bucketPolicy_allowsPublicReadAccess,
+    bucketPolicy_allowsPublicWriteAccess,
+
+    -- ** City
+    city_cityName,
+
+    -- ** CloudTrailConfigurationResult
+    cloudTrailConfigurationResult_status,
+
+    -- ** Condition
+    condition_eq,
+    condition_equals,
+    condition_greaterThan,
+    condition_greaterThanOrEqual,
+    condition_gt,
+    condition_gte,
+    condition_lessThan,
+    condition_lessThanOrEqual,
+    condition_lt,
+    condition_lte,
+    condition_neq,
+    condition_notEquals,
+
+    -- ** Container
+    container_containerRuntime,
+    container_id,
+    container_image,
+    container_imagePrefix,
+    container_name,
+    container_securityContext,
+    container_volumeMounts,
+
+    -- ** Country
+    country_countryCode,
+    country_countryName,
+
+    -- ** DNSLogsConfigurationResult
+    dNSLogsConfigurationResult_status,
+
+    -- ** DataSourceConfigurations
+    dataSourceConfigurations_kubernetes,
+    dataSourceConfigurations_malwareProtection,
+    dataSourceConfigurations_s3Logs,
+
+    -- ** DataSourceConfigurationsResult
+    dataSourceConfigurationsResult_kubernetes,
+    dataSourceConfigurationsResult_malwareProtection,
+    dataSourceConfigurationsResult_cloudTrail,
+    dataSourceConfigurationsResult_dNSLogs,
+    dataSourceConfigurationsResult_flowLogs,
+    dataSourceConfigurationsResult_s3Logs,
+
+    -- ** DataSourceFreeTrial
+    dataSourceFreeTrial_freeTrialDaysRemaining,
+
+    -- ** DataSourcesFreeTrial
+    dataSourcesFreeTrial_cloudTrail,
+    dataSourcesFreeTrial_dnsLogs,
+    dataSourcesFreeTrial_flowLogs,
+    dataSourcesFreeTrial_kubernetes,
+    dataSourcesFreeTrial_malwareProtection,
+    dataSourcesFreeTrial_s3Logs,
+
+    -- ** DefaultServerSideEncryption
+    defaultServerSideEncryption_encryptionType,
+    defaultServerSideEncryption_kmsMasterKeyArn,
+
+    -- ** Destination
+    destination_destinationId,
+    destination_destinationType,
+    destination_status,
+
+    -- ** DestinationProperties
+    destinationProperties_destinationArn,
+    destinationProperties_kmsKeyArn,
+
+    -- ** DnsRequestAction
+    dnsRequestAction_blocked,
+    dnsRequestAction_domain,
+    dnsRequestAction_protocol,
+
+    -- ** DomainDetails
+    domainDetails_domain,
+
+    -- ** EbsVolumeDetails
+    ebsVolumeDetails_scannedVolumeDetails,
+    ebsVolumeDetails_skippedVolumeDetails,
+
+    -- ** EbsVolumeScanDetails
+    ebsVolumeScanDetails_scanCompletedAt,
+    ebsVolumeScanDetails_scanDetections,
+    ebsVolumeScanDetails_scanId,
+    ebsVolumeScanDetails_scanStartedAt,
+    ebsVolumeScanDetails_sources,
+    ebsVolumeScanDetails_triggerFindingId,
+
+    -- ** EbsVolumesResult
+    ebsVolumesResult_reason,
+    ebsVolumesResult_status,
+
+    -- ** EcsClusterDetails
+    ecsClusterDetails_activeServicesCount,
+    ecsClusterDetails_arn,
+    ecsClusterDetails_name,
+    ecsClusterDetails_registeredContainerInstancesCount,
+    ecsClusterDetails_runningTasksCount,
+    ecsClusterDetails_status,
+    ecsClusterDetails_tags,
+    ecsClusterDetails_taskDetails,
+
+    -- ** EcsTaskDetails
+    ecsTaskDetails_arn,
+    ecsTaskDetails_containers,
+    ecsTaskDetails_definitionArn,
+    ecsTaskDetails_group,
+    ecsTaskDetails_startedAt,
+    ecsTaskDetails_startedBy,
+    ecsTaskDetails_tags,
+    ecsTaskDetails_taskCreatedAt,
+    ecsTaskDetails_version,
+    ecsTaskDetails_volumes,
+
+    -- ** EksClusterDetails
+    eksClusterDetails_arn,
+    eksClusterDetails_createdAt,
+    eksClusterDetails_name,
+    eksClusterDetails_status,
+    eksClusterDetails_tags,
+    eksClusterDetails_vpcId,
+
+    -- ** Evidence
+    evidence_threatIntelligenceDetails,
+
+    -- ** FilterCondition
+    filterCondition_equalsValue,
+    filterCondition_greaterThan,
+    filterCondition_lessThan,
+
+    -- ** FilterCriteria
+    filterCriteria_filterCriterion,
+
+    -- ** FilterCriterion
+    filterCriterion_criterionKey,
+    filterCriterion_filterCondition,
+
+    -- ** Finding
+    finding_confidence,
+    finding_description,
+    finding_partition,
+    finding_service,
+    finding_title,
+    finding_accountId,
+    finding_arn,
+    finding_createdAt,
+    finding_id,
+    finding_region,
+    finding_resource,
+    finding_schemaVersion,
+    finding_severity,
+    finding_type,
+    finding_updatedAt,
+
+    -- ** FindingCriteria
+    findingCriteria_criterion,
+
+    -- ** FindingStatistics
+    findingStatistics_countBySeverity,
+
+    -- ** FlowLogsConfigurationResult
+    flowLogsConfigurationResult_status,
+
+    -- ** GeoLocation
+    geoLocation_lat,
+    geoLocation_lon,
+
+    -- ** HighestSeverityThreatDetails
+    highestSeverityThreatDetails_count,
+    highestSeverityThreatDetails_severity,
+    highestSeverityThreatDetails_threatName,
+
+    -- ** HostPath
+    hostPath_path,
+
+    -- ** IamInstanceProfile
+    iamInstanceProfile_arn,
+    iamInstanceProfile_id,
+
+    -- ** InstanceDetails
+    instanceDetails_availabilityZone,
+    instanceDetails_iamInstanceProfile,
+    instanceDetails_imageDescription,
+    instanceDetails_imageId,
+    instanceDetails_instanceId,
+    instanceDetails_instanceState,
+    instanceDetails_instanceType,
+    instanceDetails_launchTime,
+    instanceDetails_networkInterfaces,
+    instanceDetails_outpostArn,
+    instanceDetails_platform,
+    instanceDetails_productCodes,
+    instanceDetails_tags,
+
+    -- ** Invitation
+    invitation_accountId,
+    invitation_invitationId,
+    invitation_invitedAt,
+    invitation_relationshipStatus,
+
+    -- ** KubernetesApiCallAction
+    kubernetesApiCallAction_parameters,
+    kubernetesApiCallAction_remoteIpDetails,
+    kubernetesApiCallAction_requestUri,
+    kubernetesApiCallAction_sourceIps,
+    kubernetesApiCallAction_statusCode,
+    kubernetesApiCallAction_userAgent,
+    kubernetesApiCallAction_verb,
+
+    -- ** KubernetesAuditLogsConfiguration
+    kubernetesAuditLogsConfiguration_enable,
+
+    -- ** KubernetesAuditLogsConfigurationResult
+    kubernetesAuditLogsConfigurationResult_status,
+
+    -- ** KubernetesConfiguration
+    kubernetesConfiguration_auditLogs,
+
+    -- ** KubernetesConfigurationResult
+    kubernetesConfigurationResult_auditLogs,
+
+    -- ** KubernetesDataSourceFreeTrial
+    kubernetesDataSourceFreeTrial_auditLogs,
+
+    -- ** KubernetesDetails
+    kubernetesDetails_kubernetesUserDetails,
+    kubernetesDetails_kubernetesWorkloadDetails,
+
+    -- ** KubernetesUserDetails
+    kubernetesUserDetails_groups,
+    kubernetesUserDetails_uid,
+    kubernetesUserDetails_username,
+
+    -- ** KubernetesWorkloadDetails
+    kubernetesWorkloadDetails_containers,
+    kubernetesWorkloadDetails_hostNetwork,
+    kubernetesWorkloadDetails_name,
+    kubernetesWorkloadDetails_namespace,
+    kubernetesWorkloadDetails_type,
+    kubernetesWorkloadDetails_uid,
+    kubernetesWorkloadDetails_volumes,
+
+    -- ** LocalIpDetails
+    localIpDetails_ipAddressV4,
+
+    -- ** LocalPortDetails
+    localPortDetails_port,
+    localPortDetails_portName,
+
+    -- ** MalwareProtectionConfiguration
+    malwareProtectionConfiguration_scanEc2InstanceWithFindings,
+
+    -- ** MalwareProtectionConfigurationResult
+    malwareProtectionConfigurationResult_scanEc2InstanceWithFindings,
+    malwareProtectionConfigurationResult_serviceRole,
+
+    -- ** MalwareProtectionDataSourceFreeTrial
+    malwareProtectionDataSourceFreeTrial_scanEc2InstanceWithFindings,
+
+    -- ** Member
+    member_administratorId,
+    member_detectorId,
+    member_invitedAt,
+    member_accountId,
+    member_masterId,
+    member_email,
+    member_relationshipStatus,
+    member_updatedAt,
+
+    -- ** MemberDataSourceConfiguration
+    memberDataSourceConfiguration_accountId,
+    memberDataSourceConfiguration_dataSources,
+
+    -- ** NetworkConnectionAction
+    networkConnectionAction_blocked,
+    networkConnectionAction_connectionDirection,
+    networkConnectionAction_localIpDetails,
+    networkConnectionAction_localPortDetails,
+    networkConnectionAction_protocol,
+    networkConnectionAction_remoteIpDetails,
+    networkConnectionAction_remotePortDetails,
+
+    -- ** NetworkInterface
+    networkInterface_ipv6Addresses,
+    networkInterface_networkInterfaceId,
+    networkInterface_privateDnsName,
+    networkInterface_privateIpAddress,
+    networkInterface_privateIpAddresses,
+    networkInterface_publicDnsName,
+    networkInterface_publicIp,
+    networkInterface_securityGroups,
+    networkInterface_subnetId,
+    networkInterface_vpcId,
+
+    -- ** Organization
+    organization_asn,
+    organization_asnOrg,
+    organization_isp,
+    organization_org,
+
+    -- ** OrganizationDataSourceConfigurations
+    organizationDataSourceConfigurations_kubernetes,
+    organizationDataSourceConfigurations_malwareProtection,
+    organizationDataSourceConfigurations_s3Logs,
+
+    -- ** OrganizationDataSourceConfigurationsResult
+    organizationDataSourceConfigurationsResult_kubernetes,
+    organizationDataSourceConfigurationsResult_malwareProtection,
+    organizationDataSourceConfigurationsResult_s3Logs,
+
+    -- ** OrganizationEbsVolumes
+    organizationEbsVolumes_autoEnable,
+
+    -- ** OrganizationEbsVolumesResult
+    organizationEbsVolumesResult_autoEnable,
+
+    -- ** OrganizationKubernetesAuditLogsConfiguration
+    organizationKubernetesAuditLogsConfiguration_autoEnable,
+
+    -- ** OrganizationKubernetesAuditLogsConfigurationResult
+    organizationKubernetesAuditLogsConfigurationResult_autoEnable,
+
+    -- ** OrganizationKubernetesConfiguration
+    organizationKubernetesConfiguration_auditLogs,
+
+    -- ** OrganizationKubernetesConfigurationResult
+    organizationKubernetesConfigurationResult_auditLogs,
+
+    -- ** OrganizationMalwareProtectionConfiguration
+    organizationMalwareProtectionConfiguration_scanEc2InstanceWithFindings,
+
+    -- ** OrganizationMalwareProtectionConfigurationResult
+    organizationMalwareProtectionConfigurationResult_scanEc2InstanceWithFindings,
+
+    -- ** OrganizationS3LogsConfiguration
+    organizationS3LogsConfiguration_autoEnable,
+
+    -- ** OrganizationS3LogsConfigurationResult
+    organizationS3LogsConfigurationResult_autoEnable,
+
+    -- ** OrganizationScanEc2InstanceWithFindings
+    organizationScanEc2InstanceWithFindings_ebsVolumes,
+
+    -- ** OrganizationScanEc2InstanceWithFindingsResult
+    organizationScanEc2InstanceWithFindingsResult_ebsVolumes,
+
+    -- ** Owner
+    owner_id,
+
+    -- ** PermissionConfiguration
+    permissionConfiguration_accountLevelPermissions,
+    permissionConfiguration_bucketLevelPermissions,
+
+    -- ** PortProbeAction
+    portProbeAction_blocked,
+    portProbeAction_portProbeDetails,
+
+    -- ** PortProbeDetail
+    portProbeDetail_localIpDetails,
+    portProbeDetail_localPortDetails,
+    portProbeDetail_remoteIpDetails,
+
+    -- ** PrivateIpAddressDetails
+    privateIpAddressDetails_privateDnsName,
+    privateIpAddressDetails_privateIpAddress,
+
+    -- ** ProductCode
+    productCode_code,
+    productCode_productType,
+
+    -- ** PublicAccess
+    publicAccess_effectivePermission,
+    publicAccess_permissionConfiguration,
+
+    -- ** RemoteAccountDetails
+    remoteAccountDetails_accountId,
+    remoteAccountDetails_affiliated,
+
+    -- ** RemoteIpDetails
+    remoteIpDetails_city,
+    remoteIpDetails_country,
+    remoteIpDetails_geoLocation,
+    remoteIpDetails_ipAddressV4,
+    remoteIpDetails_organization,
+
+    -- ** RemotePortDetails
+    remotePortDetails_port,
+    remotePortDetails_portName,
+
+    -- ** Resource
+    resource_accessKeyDetails,
+    resource_containerDetails,
+    resource_ebsVolumeDetails,
+    resource_ecsClusterDetails,
+    resource_eksClusterDetails,
+    resource_instanceDetails,
+    resource_kubernetesDetails,
+    resource_resourceType,
+    resource_s3BucketDetails,
+
+    -- ** ResourceDetails
+    resourceDetails_instanceArn,
+
+    -- ** S3BucketDetail
+    s3BucketDetail_arn,
+    s3BucketDetail_createdAt,
+    s3BucketDetail_defaultServerSideEncryption,
+    s3BucketDetail_name,
+    s3BucketDetail_owner,
+    s3BucketDetail_publicAccess,
+    s3BucketDetail_tags,
+    s3BucketDetail_type,
+
+    -- ** S3LogsConfiguration
+    s3LogsConfiguration_enable,
+
+    -- ** S3LogsConfigurationResult
+    s3LogsConfigurationResult_status,
+
+    -- ** Scan
+    scan_accountId,
+    scan_adminDetectorId,
+    scan_attachedVolumes,
+    scan_detectorId,
+    scan_failureReason,
+    scan_fileCount,
+    scan_resourceDetails,
+    scan_scanEndTime,
+    scan_scanId,
+    scan_scanResultDetails,
+    scan_scanStartTime,
+    scan_scanStatus,
+    scan_totalBytes,
+    scan_triggerDetails,
+
+    -- ** ScanCondition
+    scanCondition_mapEquals,
+
+    -- ** ScanConditionPair
+    scanConditionPair_value,
+    scanConditionPair_key,
+
+    -- ** ScanDetections
+    scanDetections_highestSeverityThreatDetails,
+    scanDetections_scannedItemCount,
+    scanDetections_threatDetectedByName,
+    scanDetections_threatsDetectedItemCount,
+
+    -- ** ScanEc2InstanceWithFindings
+    scanEc2InstanceWithFindings_ebsVolumes,
+
+    -- ** ScanEc2InstanceWithFindingsResult
+    scanEc2InstanceWithFindingsResult_ebsVolumes,
+
+    -- ** ScanFilePath
+    scanFilePath_fileName,
+    scanFilePath_filePath,
+    scanFilePath_hash,
+    scanFilePath_volumeArn,
+
+    -- ** ScanResourceCriteria
+    scanResourceCriteria_exclude,
+    scanResourceCriteria_include,
+
+    -- ** ScanResultDetails
+    scanResultDetails_scanResult,
+
+    -- ** ScanThreatName
+    scanThreatName_filePaths,
+    scanThreatName_itemCount,
+    scanThreatName_name,
+    scanThreatName_severity,
+
+    -- ** ScannedItemCount
+    scannedItemCount_files,
+    scannedItemCount_totalGb,
+    scannedItemCount_volumes,
+
+    -- ** SecurityContext
+    securityContext_privileged,
+
+    -- ** SecurityGroup
+    securityGroup_groupId,
+    securityGroup_groupName,
+
+    -- ** ServiceAdditionalInfo
+    serviceAdditionalInfo_type,
+    serviceAdditionalInfo_value,
+
+    -- ** ServiceInfo
+    serviceInfo_action,
+    serviceInfo_additionalInfo,
+    serviceInfo_archived,
+    serviceInfo_count,
+    serviceInfo_detectorId,
+    serviceInfo_ebsVolumeScanDetails,
+    serviceInfo_eventFirstSeen,
+    serviceInfo_eventLastSeen,
+    serviceInfo_evidence,
+    serviceInfo_featureName,
+    serviceInfo_resourceRole,
+    serviceInfo_serviceName,
+    serviceInfo_userFeedback,
+
+    -- ** SortCriteria
+    sortCriteria_attributeName,
+    sortCriteria_orderBy,
+
+    -- ** Tag
+    tag_key,
+    tag_value,
+
+    -- ** ThreatDetectedByName
+    threatDetectedByName_itemCount,
+    threatDetectedByName_shortened,
+    threatDetectedByName_threatNames,
+    threatDetectedByName_uniqueThreatNameCount,
+
+    -- ** ThreatIntelligenceDetail
+    threatIntelligenceDetail_threatListName,
+    threatIntelligenceDetail_threatNames,
+
+    -- ** ThreatsDetectedItemCount
+    threatsDetectedItemCount_files,
+
+    -- ** Total
+    total_amount,
+    total_unit,
+
+    -- ** TriggerDetails
+    triggerDetails_description,
+    triggerDetails_guardDutyFindingId,
+
+    -- ** UnprocessedAccount
+    unprocessedAccount_accountId,
+    unprocessedAccount_result,
+
+    -- ** UnprocessedDataSourcesResult
+    unprocessedDataSourcesResult_malwareProtection,
+
+    -- ** UsageAccountResult
+    usageAccountResult_accountId,
+    usageAccountResult_total,
+
+    -- ** UsageCriteria
+    usageCriteria_accountIds,
+    usageCriteria_resources,
+    usageCriteria_dataSources,
+
+    -- ** UsageDataSourceResult
+    usageDataSourceResult_dataSource,
+    usageDataSourceResult_total,
+
+    -- ** UsageResourceResult
+    usageResourceResult_resource,
+    usageResourceResult_total,
+
+    -- ** UsageStatistics
+    usageStatistics_sumByAccount,
+    usageStatistics_sumByDataSource,
+    usageStatistics_sumByResource,
+    usageStatistics_topResources,
+
+    -- ** Volume
+    volume_hostPath,
+    volume_name,
+
+    -- ** VolumeDetail
+    volumeDetail_deviceName,
+    volumeDetail_encryptionType,
+    volumeDetail_kmsKeyArn,
+    volumeDetail_snapshotArn,
+    volumeDetail_volumeArn,
+    volumeDetail_volumeSizeInGB,
+    volumeDetail_volumeType,
+
+    -- ** VolumeMount
+    volumeMount_mountPath,
+    volumeMount_name,
+  )
+where
+
+import Amazonka.GuardDuty.AcceptAdministratorInvitation
+import Amazonka.GuardDuty.ArchiveFindings
+import Amazonka.GuardDuty.CreateDetector
+import Amazonka.GuardDuty.CreateFilter
+import Amazonka.GuardDuty.CreateIPSet
+import Amazonka.GuardDuty.CreateMembers
+import Amazonka.GuardDuty.CreatePublishingDestination
+import Amazonka.GuardDuty.CreateSampleFindings
+import Amazonka.GuardDuty.CreateThreatIntelSet
+import Amazonka.GuardDuty.DeclineInvitations
+import Amazonka.GuardDuty.DeleteDetector
+import Amazonka.GuardDuty.DeleteFilter
+import Amazonka.GuardDuty.DeleteIPSet
+import Amazonka.GuardDuty.DeleteInvitations
+import Amazonka.GuardDuty.DeleteMembers
+import Amazonka.GuardDuty.DeletePublishingDestination
+import Amazonka.GuardDuty.DeleteThreatIntelSet
+import Amazonka.GuardDuty.DescribeMalwareScans
+import Amazonka.GuardDuty.DescribeOrganizationConfiguration
+import Amazonka.GuardDuty.DescribePublishingDestination
+import Amazonka.GuardDuty.DisableOrganizationAdminAccount
+import Amazonka.GuardDuty.DisassociateFromAdministratorAccount
+import Amazonka.GuardDuty.DisassociateMembers
+import Amazonka.GuardDuty.EnableOrganizationAdminAccount
+import Amazonka.GuardDuty.GetAdministratorAccount
+import Amazonka.GuardDuty.GetDetector
+import Amazonka.GuardDuty.GetFilter
+import Amazonka.GuardDuty.GetFindings
+import Amazonka.GuardDuty.GetFindingsStatistics
+import Amazonka.GuardDuty.GetIPSet
+import Amazonka.GuardDuty.GetInvitationsCount
+import Amazonka.GuardDuty.GetMalwareScanSettings
+import Amazonka.GuardDuty.GetMemberDetectors
+import Amazonka.GuardDuty.GetMembers
+import Amazonka.GuardDuty.GetRemainingFreeTrialDays
+import Amazonka.GuardDuty.GetThreatIntelSet
+import Amazonka.GuardDuty.GetUsageStatistics
+import Amazonka.GuardDuty.InviteMembers
+import Amazonka.GuardDuty.ListDetectors
+import Amazonka.GuardDuty.ListFilters
+import Amazonka.GuardDuty.ListFindings
+import Amazonka.GuardDuty.ListIPSets
+import Amazonka.GuardDuty.ListInvitations
+import Amazonka.GuardDuty.ListMembers
+import Amazonka.GuardDuty.ListOrganizationAdminAccounts
+import Amazonka.GuardDuty.ListPublishingDestinations
+import Amazonka.GuardDuty.ListTagsForResource
+import Amazonka.GuardDuty.ListThreatIntelSets
+import Amazonka.GuardDuty.StartMonitoringMembers
+import Amazonka.GuardDuty.StopMonitoringMembers
+import Amazonka.GuardDuty.TagResource
+import Amazonka.GuardDuty.Types.AccessControlList
+import Amazonka.GuardDuty.Types.AccessKeyDetails
+import Amazonka.GuardDuty.Types.AccountDetail
+import Amazonka.GuardDuty.Types.AccountFreeTrialInfo
+import Amazonka.GuardDuty.Types.AccountLevelPermissions
+import Amazonka.GuardDuty.Types.Action
+import Amazonka.GuardDuty.Types.AdminAccount
+import Amazonka.GuardDuty.Types.Administrator
+import Amazonka.GuardDuty.Types.AwsApiCallAction
+import Amazonka.GuardDuty.Types.BlockPublicAccess
+import Amazonka.GuardDuty.Types.BucketLevelPermissions
+import Amazonka.GuardDuty.Types.BucketPolicy
+import Amazonka.GuardDuty.Types.City
+import Amazonka.GuardDuty.Types.CloudTrailConfigurationResult
+import Amazonka.GuardDuty.Types.Condition
+import Amazonka.GuardDuty.Types.Container
+import Amazonka.GuardDuty.Types.Country
+import Amazonka.GuardDuty.Types.DNSLogsConfigurationResult
+import Amazonka.GuardDuty.Types.DataSourceConfigurations
+import Amazonka.GuardDuty.Types.DataSourceConfigurationsResult
+import Amazonka.GuardDuty.Types.DataSourceFreeTrial
+import Amazonka.GuardDuty.Types.DataSourcesFreeTrial
+import Amazonka.GuardDuty.Types.DefaultServerSideEncryption
+import Amazonka.GuardDuty.Types.Destination
+import Amazonka.GuardDuty.Types.DestinationProperties
+import Amazonka.GuardDuty.Types.DnsRequestAction
+import Amazonka.GuardDuty.Types.DomainDetails
+import Amazonka.GuardDuty.Types.EbsVolumeDetails
+import Amazonka.GuardDuty.Types.EbsVolumeScanDetails
+import Amazonka.GuardDuty.Types.EbsVolumesResult
+import Amazonka.GuardDuty.Types.EcsClusterDetails
+import Amazonka.GuardDuty.Types.EcsTaskDetails
+import Amazonka.GuardDuty.Types.EksClusterDetails
+import Amazonka.GuardDuty.Types.Evidence
+import Amazonka.GuardDuty.Types.FilterCondition
+import Amazonka.GuardDuty.Types.FilterCriteria
+import Amazonka.GuardDuty.Types.FilterCriterion
+import Amazonka.GuardDuty.Types.Finding
+import Amazonka.GuardDuty.Types.FindingCriteria
+import Amazonka.GuardDuty.Types.FindingStatistics
+import Amazonka.GuardDuty.Types.FlowLogsConfigurationResult
+import Amazonka.GuardDuty.Types.GeoLocation
+import Amazonka.GuardDuty.Types.HighestSeverityThreatDetails
+import Amazonka.GuardDuty.Types.HostPath
+import Amazonka.GuardDuty.Types.IamInstanceProfile
+import Amazonka.GuardDuty.Types.InstanceDetails
+import Amazonka.GuardDuty.Types.Invitation
+import Amazonka.GuardDuty.Types.KubernetesApiCallAction
+import Amazonka.GuardDuty.Types.KubernetesAuditLogsConfiguration
+import Amazonka.GuardDuty.Types.KubernetesAuditLogsConfigurationResult
+import Amazonka.GuardDuty.Types.KubernetesConfiguration
+import Amazonka.GuardDuty.Types.KubernetesConfigurationResult
+import Amazonka.GuardDuty.Types.KubernetesDataSourceFreeTrial
+import Amazonka.GuardDuty.Types.KubernetesDetails
+import Amazonka.GuardDuty.Types.KubernetesUserDetails
+import Amazonka.GuardDuty.Types.KubernetesWorkloadDetails
+import Amazonka.GuardDuty.Types.LocalIpDetails
+import Amazonka.GuardDuty.Types.LocalPortDetails
+import Amazonka.GuardDuty.Types.MalwareProtectionConfiguration
+import Amazonka.GuardDuty.Types.MalwareProtectionConfigurationResult
+import Amazonka.GuardDuty.Types.MalwareProtectionDataSourceFreeTrial
+import Amazonka.GuardDuty.Types.Member
+import Amazonka.GuardDuty.Types.MemberDataSourceConfiguration
+import Amazonka.GuardDuty.Types.NetworkConnectionAction
+import Amazonka.GuardDuty.Types.NetworkInterface
+import Amazonka.GuardDuty.Types.Organization
+import Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurations
+import Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurationsResult
+import Amazonka.GuardDuty.Types.OrganizationEbsVolumes
+import Amazonka.GuardDuty.Types.OrganizationEbsVolumesResult
+import Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfiguration
+import Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationKubernetesConfiguration
+import Amazonka.GuardDuty.Types.OrganizationKubernetesConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfiguration
+import Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationS3LogsConfiguration
+import Amazonka.GuardDuty.Types.OrganizationS3LogsConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindings
+import Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindingsResult
+import Amazonka.GuardDuty.Types.Owner
+import Amazonka.GuardDuty.Types.PermissionConfiguration
+import Amazonka.GuardDuty.Types.PortProbeAction
+import Amazonka.GuardDuty.Types.PortProbeDetail
+import Amazonka.GuardDuty.Types.PrivateIpAddressDetails
+import Amazonka.GuardDuty.Types.ProductCode
+import Amazonka.GuardDuty.Types.PublicAccess
+import Amazonka.GuardDuty.Types.RemoteAccountDetails
+import Amazonka.GuardDuty.Types.RemoteIpDetails
+import Amazonka.GuardDuty.Types.RemotePortDetails
+import Amazonka.GuardDuty.Types.Resource
+import Amazonka.GuardDuty.Types.ResourceDetails
+import Amazonka.GuardDuty.Types.S3BucketDetail
+import Amazonka.GuardDuty.Types.S3LogsConfiguration
+import Amazonka.GuardDuty.Types.S3LogsConfigurationResult
+import Amazonka.GuardDuty.Types.Scan
+import Amazonka.GuardDuty.Types.ScanCondition
+import Amazonka.GuardDuty.Types.ScanConditionPair
+import Amazonka.GuardDuty.Types.ScanDetections
+import Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindings
+import Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindingsResult
+import Amazonka.GuardDuty.Types.ScanFilePath
+import Amazonka.GuardDuty.Types.ScanResourceCriteria
+import Amazonka.GuardDuty.Types.ScanResultDetails
+import Amazonka.GuardDuty.Types.ScanThreatName
+import Amazonka.GuardDuty.Types.ScannedItemCount
+import Amazonka.GuardDuty.Types.SecurityContext
+import Amazonka.GuardDuty.Types.SecurityGroup
+import Amazonka.GuardDuty.Types.ServiceAdditionalInfo
+import Amazonka.GuardDuty.Types.ServiceInfo
+import Amazonka.GuardDuty.Types.SortCriteria
+import Amazonka.GuardDuty.Types.Tag
+import Amazonka.GuardDuty.Types.ThreatDetectedByName
+import Amazonka.GuardDuty.Types.ThreatIntelligenceDetail
+import Amazonka.GuardDuty.Types.ThreatsDetectedItemCount
+import Amazonka.GuardDuty.Types.Total
+import Amazonka.GuardDuty.Types.TriggerDetails
+import Amazonka.GuardDuty.Types.UnprocessedAccount
+import Amazonka.GuardDuty.Types.UnprocessedDataSourcesResult
+import Amazonka.GuardDuty.Types.UsageAccountResult
+import Amazonka.GuardDuty.Types.UsageCriteria
+import Amazonka.GuardDuty.Types.UsageDataSourceResult
+import Amazonka.GuardDuty.Types.UsageResourceResult
+import Amazonka.GuardDuty.Types.UsageStatistics
+import Amazonka.GuardDuty.Types.Volume
+import Amazonka.GuardDuty.Types.VolumeDetail
+import Amazonka.GuardDuty.Types.VolumeMount
+import Amazonka.GuardDuty.UnarchiveFindings
+import Amazonka.GuardDuty.UntagResource
+import Amazonka.GuardDuty.UpdateDetector
+import Amazonka.GuardDuty.UpdateFilter
+import Amazonka.GuardDuty.UpdateFindingsFeedback
+import Amazonka.GuardDuty.UpdateIPSet
+import Amazonka.GuardDuty.UpdateMalwareScanSettings
+import Amazonka.GuardDuty.UpdateMemberDetectors
+import Amazonka.GuardDuty.UpdateOrganizationConfiguration
+import Amazonka.GuardDuty.UpdatePublishingDestination
+import Amazonka.GuardDuty.UpdateThreatIntelSet
diff --git a/gen/Amazonka/GuardDuty/ListDetectors.hs b/gen/Amazonka/GuardDuty/ListDetectors.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListDetectors.hs
@@ -0,0 +1,226 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListDetectors
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists detectorIds of all the existing Amazon GuardDuty detector
+-- resources.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListDetectors
+  ( -- * Creating a Request
+    ListDetectors (..),
+    newListDetectors,
+
+    -- * Request Lenses
+    listDetectors_maxResults,
+    listDetectors_nextToken,
+
+    -- * Destructuring the Response
+    ListDetectorsResponse (..),
+    newListDetectorsResponse,
+
+    -- * Response Lenses
+    listDetectorsResponse_nextToken,
+    listDetectorsResponse_httpStatus,
+    listDetectorsResponse_detectorIds,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListDetectors' smart constructor.
+data ListDetectors = ListDetectors'
+  { -- | You can use this parameter to indicate the maximum number of items that
+    -- you want in the response. The default value is 50. The maximum value is
+    -- 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter when paginating results. Set the value of
+    -- this parameter to null on your first call to the list action. For
+    -- subsequent calls to the action, fill nextToken in the request with the
+    -- value of NextToken from the previous response to continue listing data.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListDetectors' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listDetectors_maxResults' - You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+--
+-- 'nextToken', 'listDetectors_nextToken' - You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+newListDetectors ::
+  ListDetectors
+newListDetectors =
+  ListDetectors'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+listDetectors_maxResults :: Lens.Lens' ListDetectors (Prelude.Maybe Prelude.Natural)
+listDetectors_maxResults = Lens.lens (\ListDetectors' {maxResults} -> maxResults) (\s@ListDetectors' {} a -> s {maxResults = a} :: ListDetectors)
+
+-- | You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+listDetectors_nextToken :: Lens.Lens' ListDetectors (Prelude.Maybe Prelude.Text)
+listDetectors_nextToken = Lens.lens (\ListDetectors' {nextToken} -> nextToken) (\s@ListDetectors' {} a -> s {nextToken = a} :: ListDetectors)
+
+instance Core.AWSPager ListDetectors where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listDetectorsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listDetectorsResponse_detectorIds) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listDetectors_nextToken
+          Lens..~ rs
+          Lens.^? listDetectorsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListDetectors where
+  type
+    AWSResponse ListDetectors =
+      ListDetectorsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListDetectorsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "detectorIds" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListDetectors where
+  hashWithSalt _salt ListDetectors' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListDetectors where
+  rnf ListDetectors' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListDetectors where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListDetectors where
+  toPath = Prelude.const "/detector"
+
+instance Data.ToQuery ListDetectors where
+  toQuery ListDetectors' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListDetectorsResponse' smart constructor.
+data ListDetectorsResponse = ListDetectorsResponse'
+  { -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of detector IDs.
+    detectorIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListDetectorsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listDetectorsResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listDetectorsResponse_httpStatus' - The response's http status code.
+--
+-- 'detectorIds', 'listDetectorsResponse_detectorIds' - A list of detector IDs.
+newListDetectorsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListDetectorsResponse
+newListDetectorsResponse pHttpStatus_ =
+  ListDetectorsResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      detectorIds = Prelude.mempty
+    }
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listDetectorsResponse_nextToken :: Lens.Lens' ListDetectorsResponse (Prelude.Maybe Prelude.Text)
+listDetectorsResponse_nextToken = Lens.lens (\ListDetectorsResponse' {nextToken} -> nextToken) (\s@ListDetectorsResponse' {} a -> s {nextToken = a} :: ListDetectorsResponse)
+
+-- | The response's http status code.
+listDetectorsResponse_httpStatus :: Lens.Lens' ListDetectorsResponse Prelude.Int
+listDetectorsResponse_httpStatus = Lens.lens (\ListDetectorsResponse' {httpStatus} -> httpStatus) (\s@ListDetectorsResponse' {} a -> s {httpStatus = a} :: ListDetectorsResponse)
+
+-- | A list of detector IDs.
+listDetectorsResponse_detectorIds :: Lens.Lens' ListDetectorsResponse [Prelude.Text]
+listDetectorsResponse_detectorIds = Lens.lens (\ListDetectorsResponse' {detectorIds} -> detectorIds) (\s@ListDetectorsResponse' {} a -> s {detectorIds = a} :: ListDetectorsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListDetectorsResponse where
+  rnf ListDetectorsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf detectorIds
diff --git a/gen/Amazonka/GuardDuty/ListFilters.hs b/gen/Amazonka/GuardDuty/ListFilters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListFilters.hs
@@ -0,0 +1,239 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListFilters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a paginated list of the current filters.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListFilters
+  ( -- * Creating a Request
+    ListFilters (..),
+    newListFilters,
+
+    -- * Request Lenses
+    listFilters_maxResults,
+    listFilters_nextToken,
+    listFilters_detectorId,
+
+    -- * Destructuring the Response
+    ListFiltersResponse (..),
+    newListFiltersResponse,
+
+    -- * Response Lenses
+    listFiltersResponse_nextToken,
+    listFiltersResponse_httpStatus,
+    listFiltersResponse_filterNames,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListFilters' smart constructor.
+data ListFilters = ListFilters'
+  { -- | You can use this parameter to indicate the maximum number of items that
+    -- you want in the response. The default value is 50. The maximum value is
+    -- 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter when paginating results. Set the value of
+    -- this parameter to null on your first call to the list action. For
+    -- subsequent calls to the action, fill nextToken in the request with the
+    -- value of NextToken from the previous response to continue listing data.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID of the detector that the filter is associated with.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFilters' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listFilters_maxResults' - You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+--
+-- 'nextToken', 'listFilters_nextToken' - You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+--
+-- 'detectorId', 'listFilters_detectorId' - The unique ID of the detector that the filter is associated with.
+newListFilters ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  ListFilters
+newListFilters pDetectorId_ =
+  ListFilters'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+listFilters_maxResults :: Lens.Lens' ListFilters (Prelude.Maybe Prelude.Natural)
+listFilters_maxResults = Lens.lens (\ListFilters' {maxResults} -> maxResults) (\s@ListFilters' {} a -> s {maxResults = a} :: ListFilters)
+
+-- | You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+listFilters_nextToken :: Lens.Lens' ListFilters (Prelude.Maybe Prelude.Text)
+listFilters_nextToken = Lens.lens (\ListFilters' {nextToken} -> nextToken) (\s@ListFilters' {} a -> s {nextToken = a} :: ListFilters)
+
+-- | The unique ID of the detector that the filter is associated with.
+listFilters_detectorId :: Lens.Lens' ListFilters Prelude.Text
+listFilters_detectorId = Lens.lens (\ListFilters' {detectorId} -> detectorId) (\s@ListFilters' {} a -> s {detectorId = a} :: ListFilters)
+
+instance Core.AWSPager ListFilters where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFiltersResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listFiltersResponse_filterNames) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFilters_nextToken
+          Lens..~ rs
+          Lens.^? listFiltersResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFilters where
+  type AWSResponse ListFilters = ListFiltersResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFiltersResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "filterNames" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListFilters where
+  hashWithSalt _salt ListFilters' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData ListFilters where
+  rnf ListFilters' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders ListFilters where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListFilters where
+  toPath ListFilters' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/filter"]
+
+instance Data.ToQuery ListFilters where
+  toQuery ListFilters' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListFiltersResponse' smart constructor.
+data ListFiltersResponse = ListFiltersResponse'
+  { -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of filter names.
+    filterNames :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFiltersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listFiltersResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listFiltersResponse_httpStatus' - The response's http status code.
+--
+-- 'filterNames', 'listFiltersResponse_filterNames' - A list of filter names.
+newListFiltersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFiltersResponse
+newListFiltersResponse pHttpStatus_ =
+  ListFiltersResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      filterNames = Prelude.mempty
+    }
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listFiltersResponse_nextToken :: Lens.Lens' ListFiltersResponse (Prelude.Maybe Prelude.Text)
+listFiltersResponse_nextToken = Lens.lens (\ListFiltersResponse' {nextToken} -> nextToken) (\s@ListFiltersResponse' {} a -> s {nextToken = a} :: ListFiltersResponse)
+
+-- | The response's http status code.
+listFiltersResponse_httpStatus :: Lens.Lens' ListFiltersResponse Prelude.Int
+listFiltersResponse_httpStatus = Lens.lens (\ListFiltersResponse' {httpStatus} -> httpStatus) (\s@ListFiltersResponse' {} a -> s {httpStatus = a} :: ListFiltersResponse)
+
+-- | A list of filter names.
+listFiltersResponse_filterNames :: Lens.Lens' ListFiltersResponse [Prelude.Text]
+listFiltersResponse_filterNames = Lens.lens (\ListFiltersResponse' {filterNames} -> filterNames) (\s@ListFiltersResponse' {} a -> s {filterNames = a} :: ListFiltersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListFiltersResponse where
+  rnf ListFiltersResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf filterNames
diff --git a/gen/Amazonka/GuardDuty/ListFindings.hs b/gen/Amazonka/GuardDuty/ListFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListFindings.hs
@@ -0,0 +1,583 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists Amazon GuardDuty findings for the specified detector ID.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListFindings
+  ( -- * Creating a Request
+    ListFindings (..),
+    newListFindings,
+
+    -- * Request Lenses
+    listFindings_findingCriteria,
+    listFindings_maxResults,
+    listFindings_nextToken,
+    listFindings_sortCriteria,
+    listFindings_detectorId,
+
+    -- * Destructuring the Response
+    ListFindingsResponse (..),
+    newListFindingsResponse,
+
+    -- * Response Lenses
+    listFindingsResponse_nextToken,
+    listFindingsResponse_httpStatus,
+    listFindingsResponse_findingIds,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListFindings' smart constructor.
+data ListFindings = ListFindings'
+  { -- | Represents the criteria used for querying findings. Valid values
+    -- include:
+    --
+    -- -   JSON field name
+    --
+    -- -   accountId
+    --
+    -- -   region
+    --
+    -- -   confidence
+    --
+    -- -   id
+    --
+    -- -   resource.accessKeyDetails.accessKeyId
+    --
+    -- -   resource.accessKeyDetails.principalId
+    --
+    -- -   resource.accessKeyDetails.userName
+    --
+    -- -   resource.accessKeyDetails.userType
+    --
+    -- -   resource.instanceDetails.iamInstanceProfile.id
+    --
+    -- -   resource.instanceDetails.imageId
+    --
+    -- -   resource.instanceDetails.instanceId
+    --
+    -- -   resource.instanceDetails.networkInterfaces.ipv6Addresses
+    --
+    -- -   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+    --
+    -- -   resource.instanceDetails.networkInterfaces.publicDnsName
+    --
+    -- -   resource.instanceDetails.networkInterfaces.publicIp
+    --
+    -- -   resource.instanceDetails.networkInterfaces.securityGroups.groupId
+    --
+    -- -   resource.instanceDetails.networkInterfaces.securityGroups.groupName
+    --
+    -- -   resource.instanceDetails.networkInterfaces.subnetId
+    --
+    -- -   resource.instanceDetails.networkInterfaces.vpcId
+    --
+    -- -   resource.instanceDetails.tags.key
+    --
+    -- -   resource.instanceDetails.tags.value
+    --
+    -- -   resource.resourceType
+    --
+    -- -   service.action.actionType
+    --
+    -- -   service.action.awsApiCallAction.api
+    --
+    -- -   service.action.awsApiCallAction.callerType
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.city.cityName
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.country.countryName
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.organization.asn
+    --
+    -- -   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+    --
+    -- -   service.action.awsApiCallAction.serviceName
+    --
+    -- -   service.action.dnsRequestAction.domain
+    --
+    -- -   service.action.networkConnectionAction.blocked
+    --
+    -- -   service.action.networkConnectionAction.connectionDirection
+    --
+    -- -   service.action.networkConnectionAction.localPortDetails.port
+    --
+    -- -   service.action.networkConnectionAction.protocol
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.country.countryName
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.organization.asn
+    --
+    -- -   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+    --
+    -- -   service.action.networkConnectionAction.remotePortDetails.port
+    --
+    -- -   service.additionalInfo.threatListName
+    --
+    -- -   service.archived
+    --
+    --     When this attribute is set to \'true\', only archived findings are
+    --     listed. When it\'s set to \'false\', only unarchived findings are
+    --     listed. When this attribute is not set, all existing findings are
+    --     listed.
+    --
+    -- -   service.resourceRole
+    --
+    -- -   severity
+    --
+    -- -   type
+    --
+    -- -   updatedAt
+    --
+    --     Type: Timestamp in Unix Epoch millisecond format: 1486685375000
+    findingCriteria :: Prelude.Maybe FindingCriteria,
+    -- | You can use this parameter to indicate the maximum number of items you
+    -- want in the response. The default value is 50. The maximum value is 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter when paginating results. Set the value of
+    -- this parameter to null on your first call to the list action. For
+    -- subsequent calls to the action, fill nextToken in the request with the
+    -- value of NextToken from the previous response to continue listing data.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | Represents the criteria used for sorting findings.
+    sortCriteria :: Prelude.Maybe SortCriteria,
+    -- | The ID of the detector that specifies the GuardDuty service whose
+    -- findings you want to list.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'findingCriteria', 'listFindings_findingCriteria' - Represents the criteria used for querying findings. Valid values
+-- include:
+--
+-- -   JSON field name
+--
+-- -   accountId
+--
+-- -   region
+--
+-- -   confidence
+--
+-- -   id
+--
+-- -   resource.accessKeyDetails.accessKeyId
+--
+-- -   resource.accessKeyDetails.principalId
+--
+-- -   resource.accessKeyDetails.userName
+--
+-- -   resource.accessKeyDetails.userType
+--
+-- -   resource.instanceDetails.iamInstanceProfile.id
+--
+-- -   resource.instanceDetails.imageId
+--
+-- -   resource.instanceDetails.instanceId
+--
+-- -   resource.instanceDetails.networkInterfaces.ipv6Addresses
+--
+-- -   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+--
+-- -   resource.instanceDetails.networkInterfaces.publicDnsName
+--
+-- -   resource.instanceDetails.networkInterfaces.publicIp
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupId
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupName
+--
+-- -   resource.instanceDetails.networkInterfaces.subnetId
+--
+-- -   resource.instanceDetails.networkInterfaces.vpcId
+--
+-- -   resource.instanceDetails.tags.key
+--
+-- -   resource.instanceDetails.tags.value
+--
+-- -   resource.resourceType
+--
+-- -   service.action.actionType
+--
+-- -   service.action.awsApiCallAction.api
+--
+-- -   service.action.awsApiCallAction.callerType
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.city.cityName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.awsApiCallAction.serviceName
+--
+-- -   service.action.dnsRequestAction.domain
+--
+-- -   service.action.networkConnectionAction.blocked
+--
+-- -   service.action.networkConnectionAction.connectionDirection
+--
+-- -   service.action.networkConnectionAction.localPortDetails.port
+--
+-- -   service.action.networkConnectionAction.protocol
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.networkConnectionAction.remotePortDetails.port
+--
+-- -   service.additionalInfo.threatListName
+--
+-- -   service.archived
+--
+--     When this attribute is set to \'true\', only archived findings are
+--     listed. When it\'s set to \'false\', only unarchived findings are
+--     listed. When this attribute is not set, all existing findings are
+--     listed.
+--
+-- -   service.resourceRole
+--
+-- -   severity
+--
+-- -   type
+--
+-- -   updatedAt
+--
+--     Type: Timestamp in Unix Epoch millisecond format: 1486685375000
+--
+-- 'maxResults', 'listFindings_maxResults' - You can use this parameter to indicate the maximum number of items you
+-- want in the response. The default value is 50. The maximum value is 50.
+--
+-- 'nextToken', 'listFindings_nextToken' - You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+--
+-- 'sortCriteria', 'listFindings_sortCriteria' - Represents the criteria used for sorting findings.
+--
+-- 'detectorId', 'listFindings_detectorId' - The ID of the detector that specifies the GuardDuty service whose
+-- findings you want to list.
+newListFindings ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  ListFindings
+newListFindings pDetectorId_ =
+  ListFindings'
+    { findingCriteria = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      sortCriteria = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | Represents the criteria used for querying findings. Valid values
+-- include:
+--
+-- -   JSON field name
+--
+-- -   accountId
+--
+-- -   region
+--
+-- -   confidence
+--
+-- -   id
+--
+-- -   resource.accessKeyDetails.accessKeyId
+--
+-- -   resource.accessKeyDetails.principalId
+--
+-- -   resource.accessKeyDetails.userName
+--
+-- -   resource.accessKeyDetails.userType
+--
+-- -   resource.instanceDetails.iamInstanceProfile.id
+--
+-- -   resource.instanceDetails.imageId
+--
+-- -   resource.instanceDetails.instanceId
+--
+-- -   resource.instanceDetails.networkInterfaces.ipv6Addresses
+--
+-- -   resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
+--
+-- -   resource.instanceDetails.networkInterfaces.publicDnsName
+--
+-- -   resource.instanceDetails.networkInterfaces.publicIp
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupId
+--
+-- -   resource.instanceDetails.networkInterfaces.securityGroups.groupName
+--
+-- -   resource.instanceDetails.networkInterfaces.subnetId
+--
+-- -   resource.instanceDetails.networkInterfaces.vpcId
+--
+-- -   resource.instanceDetails.tags.key
+--
+-- -   resource.instanceDetails.tags.value
+--
+-- -   resource.resourceType
+--
+-- -   service.action.actionType
+--
+-- -   service.action.awsApiCallAction.api
+--
+-- -   service.action.awsApiCallAction.callerType
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.city.cityName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.awsApiCallAction.serviceName
+--
+-- -   service.action.dnsRequestAction.domain
+--
+-- -   service.action.networkConnectionAction.blocked
+--
+-- -   service.action.networkConnectionAction.connectionDirection
+--
+-- -   service.action.networkConnectionAction.localPortDetails.port
+--
+-- -   service.action.networkConnectionAction.protocol
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.country.countryName
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asn
+--
+-- -   service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
+--
+-- -   service.action.networkConnectionAction.remotePortDetails.port
+--
+-- -   service.additionalInfo.threatListName
+--
+-- -   service.archived
+--
+--     When this attribute is set to \'true\', only archived findings are
+--     listed. When it\'s set to \'false\', only unarchived findings are
+--     listed. When this attribute is not set, all existing findings are
+--     listed.
+--
+-- -   service.resourceRole
+--
+-- -   severity
+--
+-- -   type
+--
+-- -   updatedAt
+--
+--     Type: Timestamp in Unix Epoch millisecond format: 1486685375000
+listFindings_findingCriteria :: Lens.Lens' ListFindings (Prelude.Maybe FindingCriteria)
+listFindings_findingCriteria = Lens.lens (\ListFindings' {findingCriteria} -> findingCriteria) (\s@ListFindings' {} a -> s {findingCriteria = a} :: ListFindings)
+
+-- | You can use this parameter to indicate the maximum number of items you
+-- want in the response. The default value is 50. The maximum value is 50.
+listFindings_maxResults :: Lens.Lens' ListFindings (Prelude.Maybe Prelude.Natural)
+listFindings_maxResults = Lens.lens (\ListFindings' {maxResults} -> maxResults) (\s@ListFindings' {} a -> s {maxResults = a} :: ListFindings)
+
+-- | You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+listFindings_nextToken :: Lens.Lens' ListFindings (Prelude.Maybe Prelude.Text)
+listFindings_nextToken = Lens.lens (\ListFindings' {nextToken} -> nextToken) (\s@ListFindings' {} a -> s {nextToken = a} :: ListFindings)
+
+-- | Represents the criteria used for sorting findings.
+listFindings_sortCriteria :: Lens.Lens' ListFindings (Prelude.Maybe SortCriteria)
+listFindings_sortCriteria = Lens.lens (\ListFindings' {sortCriteria} -> sortCriteria) (\s@ListFindings' {} a -> s {sortCriteria = a} :: ListFindings)
+
+-- | The ID of the detector that specifies the GuardDuty service whose
+-- findings you want to list.
+listFindings_detectorId :: Lens.Lens' ListFindings Prelude.Text
+listFindings_detectorId = Lens.lens (\ListFindings' {detectorId} -> detectorId) (\s@ListFindings' {} a -> s {detectorId = a} :: ListFindings)
+
+instance Core.AWSPager ListFindings where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFindingsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        (rs Lens.^. listFindingsResponse_findingIds) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFindings_nextToken
+          Lens..~ rs
+          Lens.^? listFindingsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFindings where
+  type AWSResponse ListFindings = ListFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFindingsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "findingIds" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListFindings where
+  hashWithSalt _salt ListFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` findingCriteria
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` sortCriteria
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData ListFindings where
+  rnf ListFindings' {..} =
+    Prelude.rnf findingCriteria
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf sortCriteria
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders ListFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListFindings where
+  toJSON ListFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("findingCriteria" Data..=)
+              Prelude.<$> findingCriteria,
+            ("maxResults" Data..=) Prelude.<$> maxResults,
+            ("nextToken" Data..=) Prelude.<$> nextToken,
+            ("sortCriteria" Data..=) Prelude.<$> sortCriteria
+          ]
+      )
+
+instance Data.ToPath ListFindings where
+  toPath ListFindings' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/findings"]
+
+instance Data.ToQuery ListFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListFindingsResponse' smart constructor.
+data ListFindingsResponse = ListFindingsResponse'
+  { -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The IDs of the findings that you\'re listing.
+    findingIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listFindingsResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listFindingsResponse_httpStatus' - The response's http status code.
+--
+-- 'findingIds', 'listFindingsResponse_findingIds' - The IDs of the findings that you\'re listing.
+newListFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFindingsResponse
+newListFindingsResponse pHttpStatus_ =
+  ListFindingsResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      findingIds = Prelude.mempty
+    }
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listFindingsResponse_nextToken :: Lens.Lens' ListFindingsResponse (Prelude.Maybe Prelude.Text)
+listFindingsResponse_nextToken = Lens.lens (\ListFindingsResponse' {nextToken} -> nextToken) (\s@ListFindingsResponse' {} a -> s {nextToken = a} :: ListFindingsResponse)
+
+-- | The response's http status code.
+listFindingsResponse_httpStatus :: Lens.Lens' ListFindingsResponse Prelude.Int
+listFindingsResponse_httpStatus = Lens.lens (\ListFindingsResponse' {httpStatus} -> httpStatus) (\s@ListFindingsResponse' {} a -> s {httpStatus = a} :: ListFindingsResponse)
+
+-- | The IDs of the findings that you\'re listing.
+listFindingsResponse_findingIds :: Lens.Lens' ListFindingsResponse [Prelude.Text]
+listFindingsResponse_findingIds = Lens.lens (\ListFindingsResponse' {findingIds} -> findingIds) (\s@ListFindingsResponse' {} a -> s {findingIds = a} :: ListFindingsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListFindingsResponse where
+  rnf ListFindingsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf findingIds
diff --git a/gen/Amazonka/GuardDuty/ListIPSets.hs b/gen/Amazonka/GuardDuty/ListIPSets.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListIPSets.hs
@@ -0,0 +1,237 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListIPSets
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the IPSets of the GuardDuty service specified by the detector ID.
+-- If you use this operation from a member account, the IPSets returned are
+-- the IPSets from the associated administrator account.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListIPSets
+  ( -- * Creating a Request
+    ListIPSets (..),
+    newListIPSets,
+
+    -- * Request Lenses
+    listIPSets_maxResults,
+    listIPSets_nextToken,
+    listIPSets_detectorId,
+
+    -- * Destructuring the Response
+    ListIPSetsResponse (..),
+    newListIPSetsResponse,
+
+    -- * Response Lenses
+    listIPSetsResponse_nextToken,
+    listIPSetsResponse_httpStatus,
+    listIPSetsResponse_ipSetIds,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListIPSets' smart constructor.
+data ListIPSets = ListIPSets'
+  { -- | You can use this parameter to indicate the maximum number of items you
+    -- want in the response. The default value is 50. The maximum value is 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter when paginating results. Set the value of
+    -- this parameter to null on your first call to the list action. For
+    -- subsequent calls to the action, fill nextToken in the request with the
+    -- value of NextToken from the previous response to continue listing data.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID of the detector that the IPSet is associated with.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListIPSets' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listIPSets_maxResults' - You can use this parameter to indicate the maximum number of items you
+-- want in the response. The default value is 50. The maximum value is 50.
+--
+-- 'nextToken', 'listIPSets_nextToken' - You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+--
+-- 'detectorId', 'listIPSets_detectorId' - The unique ID of the detector that the IPSet is associated with.
+newListIPSets ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  ListIPSets
+newListIPSets pDetectorId_ =
+  ListIPSets'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | You can use this parameter to indicate the maximum number of items you
+-- want in the response. The default value is 50. The maximum value is 50.
+listIPSets_maxResults :: Lens.Lens' ListIPSets (Prelude.Maybe Prelude.Natural)
+listIPSets_maxResults = Lens.lens (\ListIPSets' {maxResults} -> maxResults) (\s@ListIPSets' {} a -> s {maxResults = a} :: ListIPSets)
+
+-- | You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+listIPSets_nextToken :: Lens.Lens' ListIPSets (Prelude.Maybe Prelude.Text)
+listIPSets_nextToken = Lens.lens (\ListIPSets' {nextToken} -> nextToken) (\s@ListIPSets' {} a -> s {nextToken = a} :: ListIPSets)
+
+-- | The unique ID of the detector that the IPSet is associated with.
+listIPSets_detectorId :: Lens.Lens' ListIPSets Prelude.Text
+listIPSets_detectorId = Lens.lens (\ListIPSets' {detectorId} -> detectorId) (\s@ListIPSets' {} a -> s {detectorId = a} :: ListIPSets)
+
+instance Core.AWSPager ListIPSets where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listIPSetsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop (rs Lens.^. listIPSetsResponse_ipSetIds) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listIPSets_nextToken
+          Lens..~ rs
+          Lens.^? listIPSetsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListIPSets where
+  type AWSResponse ListIPSets = ListIPSetsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListIPSetsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "ipSetIds" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListIPSets where
+  hashWithSalt _salt ListIPSets' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData ListIPSets where
+  rnf ListIPSets' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders ListIPSets where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListIPSets where
+  toPath ListIPSets' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/ipset"]
+
+instance Data.ToQuery ListIPSets where
+  toQuery ListIPSets' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListIPSetsResponse' smart constructor.
+data ListIPSetsResponse = ListIPSetsResponse'
+  { -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The IDs of the IPSet resources.
+    ipSetIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListIPSetsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listIPSetsResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listIPSetsResponse_httpStatus' - The response's http status code.
+--
+-- 'ipSetIds', 'listIPSetsResponse_ipSetIds' - The IDs of the IPSet resources.
+newListIPSetsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListIPSetsResponse
+newListIPSetsResponse pHttpStatus_ =
+  ListIPSetsResponse'
+    { nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      ipSetIds = Prelude.mempty
+    }
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listIPSetsResponse_nextToken :: Lens.Lens' ListIPSetsResponse (Prelude.Maybe Prelude.Text)
+listIPSetsResponse_nextToken = Lens.lens (\ListIPSetsResponse' {nextToken} -> nextToken) (\s@ListIPSetsResponse' {} a -> s {nextToken = a} :: ListIPSetsResponse)
+
+-- | The response's http status code.
+listIPSetsResponse_httpStatus :: Lens.Lens' ListIPSetsResponse Prelude.Int
+listIPSetsResponse_httpStatus = Lens.lens (\ListIPSetsResponse' {httpStatus} -> httpStatus) (\s@ListIPSetsResponse' {} a -> s {httpStatus = a} :: ListIPSetsResponse)
+
+-- | The IDs of the IPSet resources.
+listIPSetsResponse_ipSetIds :: Lens.Lens' ListIPSetsResponse [Prelude.Text]
+listIPSetsResponse_ipSetIds = Lens.lens (\ListIPSetsResponse' {ipSetIds} -> ipSetIds) (\s@ListIPSetsResponse' {} a -> s {ipSetIds = a} :: ListIPSetsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListIPSetsResponse where
+  rnf ListIPSetsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf ipSetIds
diff --git a/gen/Amazonka/GuardDuty/ListInvitations.hs b/gen/Amazonka/GuardDuty/ListInvitations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListInvitations.hs
@@ -0,0 +1,230 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListInvitations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all GuardDuty membership invitations that were sent to the current
+-- Amazon Web Services account.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListInvitations
+  ( -- * Creating a Request
+    ListInvitations (..),
+    newListInvitations,
+
+    -- * Request Lenses
+    listInvitations_maxResults,
+    listInvitations_nextToken,
+
+    -- * Destructuring the Response
+    ListInvitationsResponse (..),
+    newListInvitationsResponse,
+
+    -- * Response Lenses
+    listInvitationsResponse_invitations,
+    listInvitationsResponse_nextToken,
+    listInvitationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListInvitations' smart constructor.
+data ListInvitations = ListInvitations'
+  { -- | You can use this parameter to indicate the maximum number of items that
+    -- you want in the response. The default value is 50. The maximum value is
+    -- 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter when paginating results. Set the value of
+    -- this parameter to null on your first call to the list action. For
+    -- subsequent calls to the action, fill nextToken in the request with the
+    -- value of NextToken from the previous response to continue listing data.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListInvitations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listInvitations_maxResults' - You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+--
+-- 'nextToken', 'listInvitations_nextToken' - You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+newListInvitations ::
+  ListInvitations
+newListInvitations =
+  ListInvitations'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+listInvitations_maxResults :: Lens.Lens' ListInvitations (Prelude.Maybe Prelude.Natural)
+listInvitations_maxResults = Lens.lens (\ListInvitations' {maxResults} -> maxResults) (\s@ListInvitations' {} a -> s {maxResults = a} :: ListInvitations)
+
+-- | You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+listInvitations_nextToken :: Lens.Lens' ListInvitations (Prelude.Maybe Prelude.Text)
+listInvitations_nextToken = Lens.lens (\ListInvitations' {nextToken} -> nextToken) (\s@ListInvitations' {} a -> s {nextToken = a} :: ListInvitations)
+
+instance Core.AWSPager ListInvitations where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listInvitationsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listInvitationsResponse_invitations
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listInvitations_nextToken
+          Lens..~ rs
+          Lens.^? listInvitationsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListInvitations where
+  type
+    AWSResponse ListInvitations =
+      ListInvitationsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListInvitationsResponse'
+            Prelude.<$> (x Data..?> "invitations" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListInvitations where
+  hashWithSalt _salt ListInvitations' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListInvitations where
+  rnf ListInvitations' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListInvitations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListInvitations where
+  toPath = Prelude.const "/invitation"
+
+instance Data.ToQuery ListInvitations where
+  toQuery ListInvitations' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListInvitationsResponse' smart constructor.
+data ListInvitationsResponse = ListInvitationsResponse'
+  { -- | A list of invitation descriptions.
+    invitations :: Prelude.Maybe [Invitation],
+    -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListInvitationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'invitations', 'listInvitationsResponse_invitations' - A list of invitation descriptions.
+--
+-- 'nextToken', 'listInvitationsResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listInvitationsResponse_httpStatus' - The response's http status code.
+newListInvitationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListInvitationsResponse
+newListInvitationsResponse pHttpStatus_ =
+  ListInvitationsResponse'
+    { invitations =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of invitation descriptions.
+listInvitationsResponse_invitations :: Lens.Lens' ListInvitationsResponse (Prelude.Maybe [Invitation])
+listInvitationsResponse_invitations = Lens.lens (\ListInvitationsResponse' {invitations} -> invitations) (\s@ListInvitationsResponse' {} a -> s {invitations = a} :: ListInvitationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listInvitationsResponse_nextToken :: Lens.Lens' ListInvitationsResponse (Prelude.Maybe Prelude.Text)
+listInvitationsResponse_nextToken = Lens.lens (\ListInvitationsResponse' {nextToken} -> nextToken) (\s@ListInvitationsResponse' {} a -> s {nextToken = a} :: ListInvitationsResponse)
+
+-- | The response's http status code.
+listInvitationsResponse_httpStatus :: Lens.Lens' ListInvitationsResponse Prelude.Int
+listInvitationsResponse_httpStatus = Lens.lens (\ListInvitationsResponse' {httpStatus} -> httpStatus) (\s@ListInvitationsResponse' {} a -> s {httpStatus = a} :: ListInvitationsResponse)
+
+instance Prelude.NFData ListInvitationsResponse where
+  rnf ListInvitationsResponse' {..} =
+    Prelude.rnf invitations
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/ListMembers.hs b/gen/Amazonka/GuardDuty/ListMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListMembers.hs
@@ -0,0 +1,268 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists details about all member accounts for the current GuardDuty
+-- administrator account.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListMembers
+  ( -- * Creating a Request
+    ListMembers (..),
+    newListMembers,
+
+    -- * Request Lenses
+    listMembers_maxResults,
+    listMembers_nextToken,
+    listMembers_onlyAssociated,
+    listMembers_detectorId,
+
+    -- * Destructuring the Response
+    ListMembersResponse (..),
+    newListMembersResponse,
+
+    -- * Response Lenses
+    listMembersResponse_members,
+    listMembersResponse_nextToken,
+    listMembersResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListMembers' smart constructor.
+data ListMembers = ListMembers'
+  { -- | You can use this parameter to indicate the maximum number of items you
+    -- want in the response. The default value is 50. The maximum value is 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter when paginating results. Set the value of
+    -- this parameter to null on your first call to the list action. For
+    -- subsequent calls to the action, fill nextToken in the request with the
+    -- value of NextToken from the previous response to continue listing data.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether to only return associated members or to return all
+    -- members (including members who haven\'t been invited yet or have been
+    -- disassociated). Member accounts must have been previously associated
+    -- with the GuardDuty administrator account using
+    -- <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html Create Members>
+    -- .
+    onlyAssociated :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID of the detector the member is associated with.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listMembers_maxResults' - You can use this parameter to indicate the maximum number of items you
+-- want in the response. The default value is 50. The maximum value is 50.
+--
+-- 'nextToken', 'listMembers_nextToken' - You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+--
+-- 'onlyAssociated', 'listMembers_onlyAssociated' - Specifies whether to only return associated members or to return all
+-- members (including members who haven\'t been invited yet or have been
+-- disassociated). Member accounts must have been previously associated
+-- with the GuardDuty administrator account using
+-- <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html Create Members>
+-- .
+--
+-- 'detectorId', 'listMembers_detectorId' - The unique ID of the detector the member is associated with.
+newListMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  ListMembers
+newListMembers pDetectorId_ =
+  ListMembers'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      onlyAssociated = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | You can use this parameter to indicate the maximum number of items you
+-- want in the response. The default value is 50. The maximum value is 50.
+listMembers_maxResults :: Lens.Lens' ListMembers (Prelude.Maybe Prelude.Natural)
+listMembers_maxResults = Lens.lens (\ListMembers' {maxResults} -> maxResults) (\s@ListMembers' {} a -> s {maxResults = a} :: ListMembers)
+
+-- | You can use this parameter when paginating results. Set the value of
+-- this parameter to null on your first call to the list action. For
+-- subsequent calls to the action, fill nextToken in the request with the
+-- value of NextToken from the previous response to continue listing data.
+listMembers_nextToken :: Lens.Lens' ListMembers (Prelude.Maybe Prelude.Text)
+listMembers_nextToken = Lens.lens (\ListMembers' {nextToken} -> nextToken) (\s@ListMembers' {} a -> s {nextToken = a} :: ListMembers)
+
+-- | Specifies whether to only return associated members or to return all
+-- members (including members who haven\'t been invited yet or have been
+-- disassociated). Member accounts must have been previously associated
+-- with the GuardDuty administrator account using
+-- <https://docs.aws.amazon.com/guardduty/latest/APIReference/API_CreateMembers.html Create Members>
+-- .
+listMembers_onlyAssociated :: Lens.Lens' ListMembers (Prelude.Maybe Prelude.Text)
+listMembers_onlyAssociated = Lens.lens (\ListMembers' {onlyAssociated} -> onlyAssociated) (\s@ListMembers' {} a -> s {onlyAssociated = a} :: ListMembers)
+
+-- | The unique ID of the detector the member is associated with.
+listMembers_detectorId :: Lens.Lens' ListMembers Prelude.Text
+listMembers_detectorId = Lens.lens (\ListMembers' {detectorId} -> detectorId) (\s@ListMembers' {} a -> s {detectorId = a} :: ListMembers)
+
+instance Core.AWSPager ListMembers where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listMembersResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listMembersResponse_members
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listMembers_nextToken
+          Lens..~ rs
+          Lens.^? listMembersResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListMembers where
+  type AWSResponse ListMembers = ListMembersResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListMembersResponse'
+            Prelude.<$> (x Data..?> "members" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListMembers where
+  hashWithSalt _salt ListMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` onlyAssociated
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData ListMembers where
+  rnf ListMembers' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf onlyAssociated
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders ListMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListMembers where
+  toPath ListMembers' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/member"]
+
+instance Data.ToQuery ListMembers where
+  toQuery ListMembers' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken,
+        "onlyAssociated" Data.=: onlyAssociated
+      ]
+
+-- | /See:/ 'newListMembersResponse' smart constructor.
+data ListMembersResponse = ListMembersResponse'
+  { -- | A list of members.
+    members :: Prelude.Maybe [Member],
+    -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'members', 'listMembersResponse_members' - A list of members.
+--
+-- 'nextToken', 'listMembersResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listMembersResponse_httpStatus' - The response's http status code.
+newListMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListMembersResponse
+newListMembersResponse pHttpStatus_ =
+  ListMembersResponse'
+    { members = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of members.
+listMembersResponse_members :: Lens.Lens' ListMembersResponse (Prelude.Maybe [Member])
+listMembersResponse_members = Lens.lens (\ListMembersResponse' {members} -> members) (\s@ListMembersResponse' {} a -> s {members = a} :: ListMembersResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listMembersResponse_nextToken :: Lens.Lens' ListMembersResponse (Prelude.Maybe Prelude.Text)
+listMembersResponse_nextToken = Lens.lens (\ListMembersResponse' {nextToken} -> nextToken) (\s@ListMembersResponse' {} a -> s {nextToken = a} :: ListMembersResponse)
+
+-- | The response's http status code.
+listMembersResponse_httpStatus :: Lens.Lens' ListMembersResponse Prelude.Int
+listMembersResponse_httpStatus = Lens.lens (\ListMembersResponse' {httpStatus} -> httpStatus) (\s@ListMembersResponse' {} a -> s {httpStatus = a} :: ListMembersResponse)
+
+instance Prelude.NFData ListMembersResponse where
+  rnf ListMembersResponse' {..} =
+    Prelude.rnf members
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/ListOrganizationAdminAccounts.hs b/gen/Amazonka/GuardDuty/ListOrganizationAdminAccounts.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListOrganizationAdminAccounts.hs
@@ -0,0 +1,233 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListOrganizationAdminAccounts
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the accounts configured as GuardDuty delegated administrators.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListOrganizationAdminAccounts
+  ( -- * Creating a Request
+    ListOrganizationAdminAccounts (..),
+    newListOrganizationAdminAccounts,
+
+    -- * Request Lenses
+    listOrganizationAdminAccounts_maxResults,
+    listOrganizationAdminAccounts_nextToken,
+
+    -- * Destructuring the Response
+    ListOrganizationAdminAccountsResponse (..),
+    newListOrganizationAdminAccountsResponse,
+
+    -- * Response Lenses
+    listOrganizationAdminAccountsResponse_adminAccounts,
+    listOrganizationAdminAccountsResponse_nextToken,
+    listOrganizationAdminAccountsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListOrganizationAdminAccounts' smart constructor.
+data ListOrganizationAdminAccounts = ListOrganizationAdminAccounts'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | A token to use for paginating results that are returned in the response.
+    -- Set the value of this parameter to null for the first request to a list
+    -- action. For subsequent calls, use the @NextToken@ value returned from
+    -- the previous request to continue listing results after the first page.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListOrganizationAdminAccounts' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listOrganizationAdminAccounts_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listOrganizationAdminAccounts_nextToken' - A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the @NextToken@ value returned from
+-- the previous request to continue listing results after the first page.
+newListOrganizationAdminAccounts ::
+  ListOrganizationAdminAccounts
+newListOrganizationAdminAccounts =
+  ListOrganizationAdminAccounts'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of results to return in the response.
+listOrganizationAdminAccounts_maxResults :: Lens.Lens' ListOrganizationAdminAccounts (Prelude.Maybe Prelude.Natural)
+listOrganizationAdminAccounts_maxResults = Lens.lens (\ListOrganizationAdminAccounts' {maxResults} -> maxResults) (\s@ListOrganizationAdminAccounts' {} a -> s {maxResults = a} :: ListOrganizationAdminAccounts)
+
+-- | A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the @NextToken@ value returned from
+-- the previous request to continue listing results after the first page.
+listOrganizationAdminAccounts_nextToken :: Lens.Lens' ListOrganizationAdminAccounts (Prelude.Maybe Prelude.Text)
+listOrganizationAdminAccounts_nextToken = Lens.lens (\ListOrganizationAdminAccounts' {nextToken} -> nextToken) (\s@ListOrganizationAdminAccounts' {} a -> s {nextToken = a} :: ListOrganizationAdminAccounts)
+
+instance Core.AWSPager ListOrganizationAdminAccounts where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listOrganizationAdminAccountsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listOrganizationAdminAccountsResponse_adminAccounts
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listOrganizationAdminAccounts_nextToken
+          Lens..~ rs
+          Lens.^? listOrganizationAdminAccountsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListOrganizationAdminAccounts
+  where
+  type
+    AWSResponse ListOrganizationAdminAccounts =
+      ListOrganizationAdminAccountsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListOrganizationAdminAccountsResponse'
+            Prelude.<$> (x Data..?> "adminAccounts" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListOrganizationAdminAccounts
+  where
+  hashWithSalt _salt ListOrganizationAdminAccounts' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListOrganizationAdminAccounts where
+  rnf ListOrganizationAdminAccounts' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListOrganizationAdminAccounts where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListOrganizationAdminAccounts where
+  toPath = Prelude.const "/admin"
+
+instance Data.ToQuery ListOrganizationAdminAccounts where
+  toQuery ListOrganizationAdminAccounts' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListOrganizationAdminAccountsResponse' smart constructor.
+data ListOrganizationAdminAccountsResponse = ListOrganizationAdminAccountsResponse'
+  { -- | A list of accounts configured as GuardDuty delegated administrators.
+    adminAccounts :: Prelude.Maybe [AdminAccount],
+    -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListOrganizationAdminAccountsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adminAccounts', 'listOrganizationAdminAccountsResponse_adminAccounts' - A list of accounts configured as GuardDuty delegated administrators.
+--
+-- 'nextToken', 'listOrganizationAdminAccountsResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listOrganizationAdminAccountsResponse_httpStatus' - The response's http status code.
+newListOrganizationAdminAccountsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListOrganizationAdminAccountsResponse
+newListOrganizationAdminAccountsResponse pHttpStatus_ =
+  ListOrganizationAdminAccountsResponse'
+    { adminAccounts =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of accounts configured as GuardDuty delegated administrators.
+listOrganizationAdminAccountsResponse_adminAccounts :: Lens.Lens' ListOrganizationAdminAccountsResponse (Prelude.Maybe [AdminAccount])
+listOrganizationAdminAccountsResponse_adminAccounts = Lens.lens (\ListOrganizationAdminAccountsResponse' {adminAccounts} -> adminAccounts) (\s@ListOrganizationAdminAccountsResponse' {} a -> s {adminAccounts = a} :: ListOrganizationAdminAccountsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listOrganizationAdminAccountsResponse_nextToken :: Lens.Lens' ListOrganizationAdminAccountsResponse (Prelude.Maybe Prelude.Text)
+listOrganizationAdminAccountsResponse_nextToken = Lens.lens (\ListOrganizationAdminAccountsResponse' {nextToken} -> nextToken) (\s@ListOrganizationAdminAccountsResponse' {} a -> s {nextToken = a} :: ListOrganizationAdminAccountsResponse)
+
+-- | The response's http status code.
+listOrganizationAdminAccountsResponse_httpStatus :: Lens.Lens' ListOrganizationAdminAccountsResponse Prelude.Int
+listOrganizationAdminAccountsResponse_httpStatus = Lens.lens (\ListOrganizationAdminAccountsResponse' {httpStatus} -> httpStatus) (\s@ListOrganizationAdminAccountsResponse' {} a -> s {httpStatus = a} :: ListOrganizationAdminAccountsResponse)
+
+instance
+  Prelude.NFData
+    ListOrganizationAdminAccountsResponse
+  where
+  rnf ListOrganizationAdminAccountsResponse' {..} =
+    Prelude.rnf adminAccounts
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/ListPublishingDestinations.hs b/gen/Amazonka/GuardDuty/ListPublishingDestinations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListPublishingDestinations.hs
@@ -0,0 +1,232 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListPublishingDestinations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of publishing destinations associated with the specified
+-- @detectorId@.
+module Amazonka.GuardDuty.ListPublishingDestinations
+  ( -- * Creating a Request
+    ListPublishingDestinations (..),
+    newListPublishingDestinations,
+
+    -- * Request Lenses
+    listPublishingDestinations_maxResults,
+    listPublishingDestinations_nextToken,
+    listPublishingDestinations_detectorId,
+
+    -- * Destructuring the Response
+    ListPublishingDestinationsResponse (..),
+    newListPublishingDestinationsResponse,
+
+    -- * Response Lenses
+    listPublishingDestinationsResponse_nextToken,
+    listPublishingDestinationsResponse_httpStatus,
+    listPublishingDestinationsResponse_destinations,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListPublishingDestinations' smart constructor.
+data ListPublishingDestinations = ListPublishingDestinations'
+  { -- | The maximum number of results to return in the response.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | A token to use for paginating results that are returned in the response.
+    -- Set the value of this parameter to null for the first request to a list
+    -- action. For subsequent calls, use the @NextToken@ value returned from
+    -- the previous request to continue listing results after the first page.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the detector to retrieve publishing destinations for.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPublishingDestinations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listPublishingDestinations_maxResults' - The maximum number of results to return in the response.
+--
+-- 'nextToken', 'listPublishingDestinations_nextToken' - A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the @NextToken@ value returned from
+-- the previous request to continue listing results after the first page.
+--
+-- 'detectorId', 'listPublishingDestinations_detectorId' - The ID of the detector to retrieve publishing destinations for.
+newListPublishingDestinations ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  ListPublishingDestinations
+newListPublishingDestinations pDetectorId_ =
+  ListPublishingDestinations'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | The maximum number of results to return in the response.
+listPublishingDestinations_maxResults :: Lens.Lens' ListPublishingDestinations (Prelude.Maybe Prelude.Natural)
+listPublishingDestinations_maxResults = Lens.lens (\ListPublishingDestinations' {maxResults} -> maxResults) (\s@ListPublishingDestinations' {} a -> s {maxResults = a} :: ListPublishingDestinations)
+
+-- | A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the @NextToken@ value returned from
+-- the previous request to continue listing results after the first page.
+listPublishingDestinations_nextToken :: Lens.Lens' ListPublishingDestinations (Prelude.Maybe Prelude.Text)
+listPublishingDestinations_nextToken = Lens.lens (\ListPublishingDestinations' {nextToken} -> nextToken) (\s@ListPublishingDestinations' {} a -> s {nextToken = a} :: ListPublishingDestinations)
+
+-- | The ID of the detector to retrieve publishing destinations for.
+listPublishingDestinations_detectorId :: Lens.Lens' ListPublishingDestinations Prelude.Text
+listPublishingDestinations_detectorId = Lens.lens (\ListPublishingDestinations' {detectorId} -> detectorId) (\s@ListPublishingDestinations' {} a -> s {detectorId = a} :: ListPublishingDestinations)
+
+instance Core.AWSRequest ListPublishingDestinations where
+  type
+    AWSResponse ListPublishingDestinations =
+      ListPublishingDestinationsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListPublishingDestinationsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "destinations" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable ListPublishingDestinations where
+  hashWithSalt _salt ListPublishingDestinations' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData ListPublishingDestinations where
+  rnf ListPublishingDestinations' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders ListPublishingDestinations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListPublishingDestinations where
+  toPath ListPublishingDestinations' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/publishingDestination"
+      ]
+
+instance Data.ToQuery ListPublishingDestinations where
+  toQuery ListPublishingDestinations' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListPublishingDestinationsResponse' smart constructor.
+data ListPublishingDestinationsResponse = ListPublishingDestinationsResponse'
+  { -- | A token to use for paginating results that are returned in the response.
+    -- Set the value of this parameter to null for the first request to a list
+    -- action. For subsequent calls, use the @NextToken@ value returned from
+    -- the previous request to continue listing results after the first page.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A @Destinations@ object that includes information about each publishing
+    -- destination returned.
+    destinations :: [Destination]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPublishingDestinationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listPublishingDestinationsResponse_nextToken' - A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the @NextToken@ value returned from
+-- the previous request to continue listing results after the first page.
+--
+-- 'httpStatus', 'listPublishingDestinationsResponse_httpStatus' - The response's http status code.
+--
+-- 'destinations', 'listPublishingDestinationsResponse_destinations' - A @Destinations@ object that includes information about each publishing
+-- destination returned.
+newListPublishingDestinationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListPublishingDestinationsResponse
+newListPublishingDestinationsResponse pHttpStatus_ =
+  ListPublishingDestinationsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      destinations = Prelude.mempty
+    }
+
+-- | A token to use for paginating results that are returned in the response.
+-- Set the value of this parameter to null for the first request to a list
+-- action. For subsequent calls, use the @NextToken@ value returned from
+-- the previous request to continue listing results after the first page.
+listPublishingDestinationsResponse_nextToken :: Lens.Lens' ListPublishingDestinationsResponse (Prelude.Maybe Prelude.Text)
+listPublishingDestinationsResponse_nextToken = Lens.lens (\ListPublishingDestinationsResponse' {nextToken} -> nextToken) (\s@ListPublishingDestinationsResponse' {} a -> s {nextToken = a} :: ListPublishingDestinationsResponse)
+
+-- | The response's http status code.
+listPublishingDestinationsResponse_httpStatus :: Lens.Lens' ListPublishingDestinationsResponse Prelude.Int
+listPublishingDestinationsResponse_httpStatus = Lens.lens (\ListPublishingDestinationsResponse' {httpStatus} -> httpStatus) (\s@ListPublishingDestinationsResponse' {} a -> s {httpStatus = a} :: ListPublishingDestinationsResponse)
+
+-- | A @Destinations@ object that includes information about each publishing
+-- destination returned.
+listPublishingDestinationsResponse_destinations :: Lens.Lens' ListPublishingDestinationsResponse [Destination]
+listPublishingDestinationsResponse_destinations = Lens.lens (\ListPublishingDestinationsResponse' {destinations} -> destinations) (\s@ListPublishingDestinationsResponse' {} a -> s {destinations = a} :: ListPublishingDestinationsResponse) Prelude.. Lens.coerced
+
+instance
+  Prelude.NFData
+    ListPublishingDestinationsResponse
+  where
+  rnf ListPublishingDestinationsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf destinations
diff --git a/gen/Amazonka/GuardDuty/ListTagsForResource.hs b/gen/Amazonka/GuardDuty/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListTagsForResource.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists tags for a resource. Tagging is currently supported for detectors,
+-- finding filters, IP sets, and threat intel sets, with a limit of 50 tags
+-- per resource. When invoked, this operation returns all assigned tags for
+-- a given resource.
+module Amazonka.GuardDuty.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_resourceArn,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The Amazon Resource Name (ARN) for the given GuardDuty resource.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'listTagsForResource_resourceArn' - The Amazon Resource Name (ARN) for the given GuardDuty resource.
+newListTagsForResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceArn_ =
+  ListTagsForResource' {resourceArn = pResourceArn_}
+
+-- | The Amazon Resource Name (ARN) for the given GuardDuty resource.
+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath ListTagsForResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | The tags associated with the resource.
+    tags :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - The tags associated with the resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { tags =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The tags associated with the resource.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/ListThreatIntelSets.hs b/gen/Amazonka/GuardDuty/ListThreatIntelSets.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/ListThreatIntelSets.hs
@@ -0,0 +1,258 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.ListThreatIntelSets
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the ThreatIntelSets of the GuardDuty service specified by the
+-- detector ID. If you use this operation from a member account, the
+-- ThreatIntelSets associated with the administrator account are returned.
+--
+-- This operation returns paginated results.
+module Amazonka.GuardDuty.ListThreatIntelSets
+  ( -- * Creating a Request
+    ListThreatIntelSets (..),
+    newListThreatIntelSets,
+
+    -- * Request Lenses
+    listThreatIntelSets_maxResults,
+    listThreatIntelSets_nextToken,
+    listThreatIntelSets_detectorId,
+
+    -- * Destructuring the Response
+    ListThreatIntelSetsResponse (..),
+    newListThreatIntelSetsResponse,
+
+    -- * Response Lenses
+    listThreatIntelSetsResponse_nextToken,
+    listThreatIntelSetsResponse_httpStatus,
+    listThreatIntelSetsResponse_threatIntelSetIds,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newListThreatIntelSets' smart constructor.
+data ListThreatIntelSets = ListThreatIntelSets'
+  { -- | You can use this parameter to indicate the maximum number of items that
+    -- you want in the response. The default value is 50. The maximum value is
+    -- 50.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | You can use this parameter to paginate results in the response. Set the
+    -- value of this parameter to null on your first call to the list action.
+    -- For subsequent calls to the action, fill nextToken in the request with
+    -- the value of NextToken from the previous response to continue listing
+    -- data.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID of the detector that the threatIntelSet is associated
+    -- with.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListThreatIntelSets' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listThreatIntelSets_maxResults' - You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+--
+-- 'nextToken', 'listThreatIntelSets_nextToken' - You can use this parameter to paginate results in the response. Set the
+-- value of this parameter to null on your first call to the list action.
+-- For subsequent calls to the action, fill nextToken in the request with
+-- the value of NextToken from the previous response to continue listing
+-- data.
+--
+-- 'detectorId', 'listThreatIntelSets_detectorId' - The unique ID of the detector that the threatIntelSet is associated
+-- with.
+newListThreatIntelSets ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  ListThreatIntelSets
+newListThreatIntelSets pDetectorId_ =
+  ListThreatIntelSets'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | You can use this parameter to indicate the maximum number of items that
+-- you want in the response. The default value is 50. The maximum value is
+-- 50.
+listThreatIntelSets_maxResults :: Lens.Lens' ListThreatIntelSets (Prelude.Maybe Prelude.Natural)
+listThreatIntelSets_maxResults = Lens.lens (\ListThreatIntelSets' {maxResults} -> maxResults) (\s@ListThreatIntelSets' {} a -> s {maxResults = a} :: ListThreatIntelSets)
+
+-- | You can use this parameter to paginate results in the response. Set the
+-- value of this parameter to null on your first call to the list action.
+-- For subsequent calls to the action, fill nextToken in the request with
+-- the value of NextToken from the previous response to continue listing
+-- data.
+listThreatIntelSets_nextToken :: Lens.Lens' ListThreatIntelSets (Prelude.Maybe Prelude.Text)
+listThreatIntelSets_nextToken = Lens.lens (\ListThreatIntelSets' {nextToken} -> nextToken) (\s@ListThreatIntelSets' {} a -> s {nextToken = a} :: ListThreatIntelSets)
+
+-- | The unique ID of the detector that the threatIntelSet is associated
+-- with.
+listThreatIntelSets_detectorId :: Lens.Lens' ListThreatIntelSets Prelude.Text
+listThreatIntelSets_detectorId = Lens.lens (\ListThreatIntelSets' {detectorId} -> detectorId) (\s@ListThreatIntelSets' {} a -> s {detectorId = a} :: ListThreatIntelSets)
+
+instance Core.AWSPager ListThreatIntelSets where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listThreatIntelSetsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^. listThreatIntelSetsResponse_threatIntelSetIds
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listThreatIntelSets_nextToken
+          Lens..~ rs
+          Lens.^? listThreatIntelSetsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListThreatIntelSets where
+  type
+    AWSResponse ListThreatIntelSets =
+      ListThreatIntelSetsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListThreatIntelSetsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "threatIntelSetIds"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable ListThreatIntelSets where
+  hashWithSalt _salt ListThreatIntelSets' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData ListThreatIntelSets where
+  rnf ListThreatIntelSets' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders ListThreatIntelSets where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListThreatIntelSets where
+  toPath ListThreatIntelSets' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/threatintelset"
+      ]
+
+instance Data.ToQuery ListThreatIntelSets where
+  toQuery ListThreatIntelSets' {..} =
+    Prelude.mconcat
+      [ "maxResults" Data.=: maxResults,
+        "nextToken" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListThreatIntelSetsResponse' smart constructor.
+data ListThreatIntelSetsResponse = ListThreatIntelSetsResponse'
+  { -- | The pagination parameter to be used on the next list operation to
+    -- retrieve more items.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The IDs of the ThreatIntelSet resources.
+    threatIntelSetIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListThreatIntelSetsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listThreatIntelSetsResponse_nextToken' - The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+--
+-- 'httpStatus', 'listThreatIntelSetsResponse_httpStatus' - The response's http status code.
+--
+-- 'threatIntelSetIds', 'listThreatIntelSetsResponse_threatIntelSetIds' - The IDs of the ThreatIntelSet resources.
+newListThreatIntelSetsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListThreatIntelSetsResponse
+newListThreatIntelSetsResponse pHttpStatus_ =
+  ListThreatIntelSetsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      threatIntelSetIds = Prelude.mempty
+    }
+
+-- | The pagination parameter to be used on the next list operation to
+-- retrieve more items.
+listThreatIntelSetsResponse_nextToken :: Lens.Lens' ListThreatIntelSetsResponse (Prelude.Maybe Prelude.Text)
+listThreatIntelSetsResponse_nextToken = Lens.lens (\ListThreatIntelSetsResponse' {nextToken} -> nextToken) (\s@ListThreatIntelSetsResponse' {} a -> s {nextToken = a} :: ListThreatIntelSetsResponse)
+
+-- | The response's http status code.
+listThreatIntelSetsResponse_httpStatus :: Lens.Lens' ListThreatIntelSetsResponse Prelude.Int
+listThreatIntelSetsResponse_httpStatus = Lens.lens (\ListThreatIntelSetsResponse' {httpStatus} -> httpStatus) (\s@ListThreatIntelSetsResponse' {} a -> s {httpStatus = a} :: ListThreatIntelSetsResponse)
+
+-- | The IDs of the ThreatIntelSet resources.
+listThreatIntelSetsResponse_threatIntelSetIds :: Lens.Lens' ListThreatIntelSetsResponse [Prelude.Text]
+listThreatIntelSetsResponse_threatIntelSetIds = Lens.lens (\ListThreatIntelSetsResponse' {threatIntelSetIds} -> threatIntelSetIds) (\s@ListThreatIntelSetsResponse' {} a -> s {threatIntelSetIds = a} :: ListThreatIntelSetsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListThreatIntelSetsResponse where
+  rnf ListThreatIntelSetsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf threatIntelSetIds
diff --git a/gen/Amazonka/GuardDuty/StartMonitoringMembers.hs b/gen/Amazonka/GuardDuty/StartMonitoringMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/StartMonitoringMembers.hs
@@ -0,0 +1,201 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.StartMonitoringMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Turns on GuardDuty monitoring of the specified member accounts. Use this
+-- operation to restart monitoring of accounts that you stopped monitoring
+-- with the @StopMonitoringMembers@ operation.
+module Amazonka.GuardDuty.StartMonitoringMembers
+  ( -- * Creating a Request
+    StartMonitoringMembers (..),
+    newStartMonitoringMembers,
+
+    -- * Request Lenses
+    startMonitoringMembers_detectorId,
+    startMonitoringMembers_accountIds,
+
+    -- * Destructuring the Response
+    StartMonitoringMembersResponse (..),
+    newStartMonitoringMembersResponse,
+
+    -- * Response Lenses
+    startMonitoringMembersResponse_httpStatus,
+    startMonitoringMembersResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newStartMonitoringMembers' smart constructor.
+data StartMonitoringMembers = StartMonitoringMembers'
+  { -- | The unique ID of the detector of the GuardDuty administrator account
+    -- associated with the member accounts to monitor.
+    detectorId :: Prelude.Text,
+    -- | A list of account IDs of the GuardDuty member accounts to start
+    -- monitoring.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartMonitoringMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'startMonitoringMembers_detectorId' - The unique ID of the detector of the GuardDuty administrator account
+-- associated with the member accounts to monitor.
+--
+-- 'accountIds', 'startMonitoringMembers_accountIds' - A list of account IDs of the GuardDuty member accounts to start
+-- monitoring.
+newStartMonitoringMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  StartMonitoringMembers
+newStartMonitoringMembers pDetectorId_ pAccountIds_ =
+  StartMonitoringMembers'
+    { detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | The unique ID of the detector of the GuardDuty administrator account
+-- associated with the member accounts to monitor.
+startMonitoringMembers_detectorId :: Lens.Lens' StartMonitoringMembers Prelude.Text
+startMonitoringMembers_detectorId = Lens.lens (\StartMonitoringMembers' {detectorId} -> detectorId) (\s@StartMonitoringMembers' {} a -> s {detectorId = a} :: StartMonitoringMembers)
+
+-- | A list of account IDs of the GuardDuty member accounts to start
+-- monitoring.
+startMonitoringMembers_accountIds :: Lens.Lens' StartMonitoringMembers (Prelude.NonEmpty Prelude.Text)
+startMonitoringMembers_accountIds = Lens.lens (\StartMonitoringMembers' {accountIds} -> accountIds) (\s@StartMonitoringMembers' {} a -> s {accountIds = a} :: StartMonitoringMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest StartMonitoringMembers where
+  type
+    AWSResponse StartMonitoringMembers =
+      StartMonitoringMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          StartMonitoringMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable StartMonitoringMembers where
+  hashWithSalt _salt StartMonitoringMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData StartMonitoringMembers where
+  rnf StartMonitoringMembers' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders StartMonitoringMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON StartMonitoringMembers where
+  toJSON StartMonitoringMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath StartMonitoringMembers where
+  toPath StartMonitoringMembers' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/member/start"]
+
+instance Data.ToQuery StartMonitoringMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newStartMonitoringMembersResponse' smart constructor.
+data StartMonitoringMembersResponse = StartMonitoringMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of objects that contain the unprocessed account and a result
+    -- string that explains why it was unprocessed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StartMonitoringMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'startMonitoringMembersResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'startMonitoringMembersResponse_unprocessedAccounts' - A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+newStartMonitoringMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  StartMonitoringMembersResponse
+newStartMonitoringMembersResponse pHttpStatus_ =
+  StartMonitoringMembersResponse'
+    { httpStatus =
+        pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+startMonitoringMembersResponse_httpStatus :: Lens.Lens' StartMonitoringMembersResponse Prelude.Int
+startMonitoringMembersResponse_httpStatus = Lens.lens (\StartMonitoringMembersResponse' {httpStatus} -> httpStatus) (\s@StartMonitoringMembersResponse' {} a -> s {httpStatus = a} :: StartMonitoringMembersResponse)
+
+-- | A list of objects that contain the unprocessed account and a result
+-- string that explains why it was unprocessed.
+startMonitoringMembersResponse_unprocessedAccounts :: Lens.Lens' StartMonitoringMembersResponse [UnprocessedAccount]
+startMonitoringMembersResponse_unprocessedAccounts = Lens.lens (\StartMonitoringMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@StartMonitoringMembersResponse' {} a -> s {unprocessedAccounts = a} :: StartMonitoringMembersResponse) Prelude.. Lens.coerced
+
+instance
+  Prelude.NFData
+    StartMonitoringMembersResponse
+  where
+  rnf StartMonitoringMembersResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/StopMonitoringMembers.hs b/gen/Amazonka/GuardDuty/StopMonitoringMembers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/StopMonitoringMembers.hs
@@ -0,0 +1,198 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.StopMonitoringMembers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Stops GuardDuty monitoring for the specified member accounts. Use the
+-- @StartMonitoringMembers@ operation to restart monitoring for those
+-- accounts.
+module Amazonka.GuardDuty.StopMonitoringMembers
+  ( -- * Creating a Request
+    StopMonitoringMembers (..),
+    newStopMonitoringMembers,
+
+    -- * Request Lenses
+    stopMonitoringMembers_detectorId,
+    stopMonitoringMembers_accountIds,
+
+    -- * Destructuring the Response
+    StopMonitoringMembersResponse (..),
+    newStopMonitoringMembersResponse,
+
+    -- * Response Lenses
+    stopMonitoringMembersResponse_httpStatus,
+    stopMonitoringMembersResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newStopMonitoringMembers' smart constructor.
+data StopMonitoringMembers = StopMonitoringMembers'
+  { -- | The unique ID of the detector associated with the GuardDuty
+    -- administrator account that is monitoring member accounts.
+    detectorId :: Prelude.Text,
+    -- | A list of account IDs for the member accounts to stop monitoring.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StopMonitoringMembers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'stopMonitoringMembers_detectorId' - The unique ID of the detector associated with the GuardDuty
+-- administrator account that is monitoring member accounts.
+--
+-- 'accountIds', 'stopMonitoringMembers_accountIds' - A list of account IDs for the member accounts to stop monitoring.
+newStopMonitoringMembers ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  StopMonitoringMembers
+newStopMonitoringMembers pDetectorId_ pAccountIds_ =
+  StopMonitoringMembers'
+    { detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | The unique ID of the detector associated with the GuardDuty
+-- administrator account that is monitoring member accounts.
+stopMonitoringMembers_detectorId :: Lens.Lens' StopMonitoringMembers Prelude.Text
+stopMonitoringMembers_detectorId = Lens.lens (\StopMonitoringMembers' {detectorId} -> detectorId) (\s@StopMonitoringMembers' {} a -> s {detectorId = a} :: StopMonitoringMembers)
+
+-- | A list of account IDs for the member accounts to stop monitoring.
+stopMonitoringMembers_accountIds :: Lens.Lens' StopMonitoringMembers (Prelude.NonEmpty Prelude.Text)
+stopMonitoringMembers_accountIds = Lens.lens (\StopMonitoringMembers' {accountIds} -> accountIds) (\s@StopMonitoringMembers' {} a -> s {accountIds = a} :: StopMonitoringMembers) Prelude.. Lens.coerced
+
+instance Core.AWSRequest StopMonitoringMembers where
+  type
+    AWSResponse StopMonitoringMembers =
+      StopMonitoringMembersResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          StopMonitoringMembersResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable StopMonitoringMembers where
+  hashWithSalt _salt StopMonitoringMembers' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData StopMonitoringMembers where
+  rnf StopMonitoringMembers' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders StopMonitoringMembers where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON StopMonitoringMembers where
+  toJSON StopMonitoringMembers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("accountIds" Data..= accountIds)]
+      )
+
+instance Data.ToPath StopMonitoringMembers where
+  toPath StopMonitoringMembers' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/member/stop"]
+
+instance Data.ToQuery StopMonitoringMembers where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newStopMonitoringMembersResponse' smart constructor.
+data StopMonitoringMembersResponse = StopMonitoringMembersResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of objects that contain an accountId for each account that could
+    -- not be processed, and a result string that indicates why the account was
+    -- not processed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'StopMonitoringMembersResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'stopMonitoringMembersResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'stopMonitoringMembersResponse_unprocessedAccounts' - A list of objects that contain an accountId for each account that could
+-- not be processed, and a result string that indicates why the account was
+-- not processed.
+newStopMonitoringMembersResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  StopMonitoringMembersResponse
+newStopMonitoringMembersResponse pHttpStatus_ =
+  StopMonitoringMembersResponse'
+    { httpStatus =
+        pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+stopMonitoringMembersResponse_httpStatus :: Lens.Lens' StopMonitoringMembersResponse Prelude.Int
+stopMonitoringMembersResponse_httpStatus = Lens.lens (\StopMonitoringMembersResponse' {httpStatus} -> httpStatus) (\s@StopMonitoringMembersResponse' {} a -> s {httpStatus = a} :: StopMonitoringMembersResponse)
+
+-- | A list of objects that contain an accountId for each account that could
+-- not be processed, and a result string that indicates why the account was
+-- not processed.
+stopMonitoringMembersResponse_unprocessedAccounts :: Lens.Lens' StopMonitoringMembersResponse [UnprocessedAccount]
+stopMonitoringMembersResponse_unprocessedAccounts = Lens.lens (\StopMonitoringMembersResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@StopMonitoringMembersResponse' {} a -> s {unprocessedAccounts = a} :: StopMonitoringMembersResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData StopMonitoringMembersResponse where
+  rnf StopMonitoringMembersResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/TagResource.hs b/gen/Amazonka/GuardDuty/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/TagResource.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds tags to a resource.
+module Amazonka.GuardDuty.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceArn,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag
+    -- to.
+    resourceArn :: Prelude.Text,
+    -- | The tags to be added to a resource.
+    tags :: Prelude.HashMap Prelude.Text Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'tagResource_resourceArn' - The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag
+-- to.
+--
+-- 'tags', 'tagResource_tags' - The tags to be added to a resource.
+newTagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  TagResource
+newTagResource pResourceArn_ =
+  TagResource'
+    { resourceArn = pResourceArn_,
+      tags = Prelude.mempty
+    }
+
+-- | The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag
+-- to.
+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)
+
+-- | The tags to be added to a resource.
+tagResource_tags :: Lens.Lens' TagResource (Prelude.HashMap Prelude.Text Prelude.Text)
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("tags" Data..= tags)]
+      )
+
+instance Data.ToPath TagResource where
+  toPath TagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/Types.hs b/gen/Amazonka/GuardDuty/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types.hs
@@ -0,0 +1,1230 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _BadRequestException,
+    _InternalServerErrorException,
+
+    -- * AdminStatus
+    AdminStatus (..),
+
+    -- * CriterionKey
+    CriterionKey (..),
+
+    -- * DataSource
+    DataSource (..),
+
+    -- * DataSourceStatus
+    DataSourceStatus (..),
+
+    -- * DestinationType
+    DestinationType (..),
+
+    -- * DetectorStatus
+    DetectorStatus (..),
+
+    -- * EbsSnapshotPreservation
+    EbsSnapshotPreservation (..),
+
+    -- * Feedback
+    Feedback (..),
+
+    -- * FilterAction
+    FilterAction (..),
+
+    -- * FindingPublishingFrequency
+    FindingPublishingFrequency (..),
+
+    -- * FindingStatisticType
+    FindingStatisticType (..),
+
+    -- * IpSetFormat
+    IpSetFormat (..),
+
+    -- * IpSetStatus
+    IpSetStatus (..),
+
+    -- * OrderBy
+    OrderBy (..),
+
+    -- * PublishingStatus
+    PublishingStatus (..),
+
+    -- * ScanCriterionKey
+    ScanCriterionKey (..),
+
+    -- * ScanResult
+    ScanResult (..),
+
+    -- * ScanStatus
+    ScanStatus (..),
+
+    -- * ThreatIntelSetFormat
+    ThreatIntelSetFormat (..),
+
+    -- * ThreatIntelSetStatus
+    ThreatIntelSetStatus (..),
+
+    -- * UsageStatisticType
+    UsageStatisticType (..),
+
+    -- * AccessControlList
+    AccessControlList (..),
+    newAccessControlList,
+    accessControlList_allowsPublicReadAccess,
+    accessControlList_allowsPublicWriteAccess,
+
+    -- * AccessKeyDetails
+    AccessKeyDetails (..),
+    newAccessKeyDetails,
+    accessKeyDetails_accessKeyId,
+    accessKeyDetails_principalId,
+    accessKeyDetails_userName,
+    accessKeyDetails_userType,
+
+    -- * AccountDetail
+    AccountDetail (..),
+    newAccountDetail,
+    accountDetail_accountId,
+    accountDetail_email,
+
+    -- * AccountFreeTrialInfo
+    AccountFreeTrialInfo (..),
+    newAccountFreeTrialInfo,
+    accountFreeTrialInfo_accountId,
+    accountFreeTrialInfo_dataSources,
+
+    -- * AccountLevelPermissions
+    AccountLevelPermissions (..),
+    newAccountLevelPermissions,
+    accountLevelPermissions_blockPublicAccess,
+
+    -- * Action
+    Action (..),
+    newAction,
+    action_actionType,
+    action_awsApiCallAction,
+    action_dnsRequestAction,
+    action_kubernetesApiCallAction,
+    action_networkConnectionAction,
+    action_portProbeAction,
+
+    -- * AdminAccount
+    AdminAccount (..),
+    newAdminAccount,
+    adminAccount_adminAccountId,
+    adminAccount_adminStatus,
+
+    -- * Administrator
+    Administrator (..),
+    newAdministrator,
+    administrator_accountId,
+    administrator_invitationId,
+    administrator_invitedAt,
+    administrator_relationshipStatus,
+
+    -- * AwsApiCallAction
+    AwsApiCallAction (..),
+    newAwsApiCallAction,
+    awsApiCallAction_affectedResources,
+    awsApiCallAction_api,
+    awsApiCallAction_callerType,
+    awsApiCallAction_domainDetails,
+    awsApiCallAction_errorCode,
+    awsApiCallAction_remoteAccountDetails,
+    awsApiCallAction_remoteIpDetails,
+    awsApiCallAction_serviceName,
+    awsApiCallAction_userAgent,
+
+    -- * BlockPublicAccess
+    BlockPublicAccess (..),
+    newBlockPublicAccess,
+    blockPublicAccess_blockPublicAcls,
+    blockPublicAccess_blockPublicPolicy,
+    blockPublicAccess_ignorePublicAcls,
+    blockPublicAccess_restrictPublicBuckets,
+
+    -- * BucketLevelPermissions
+    BucketLevelPermissions (..),
+    newBucketLevelPermissions,
+    bucketLevelPermissions_accessControlList,
+    bucketLevelPermissions_blockPublicAccess,
+    bucketLevelPermissions_bucketPolicy,
+
+    -- * BucketPolicy
+    BucketPolicy (..),
+    newBucketPolicy,
+    bucketPolicy_allowsPublicReadAccess,
+    bucketPolicy_allowsPublicWriteAccess,
+
+    -- * City
+    City (..),
+    newCity,
+    city_cityName,
+
+    -- * CloudTrailConfigurationResult
+    CloudTrailConfigurationResult (..),
+    newCloudTrailConfigurationResult,
+    cloudTrailConfigurationResult_status,
+
+    -- * Condition
+    Condition (..),
+    newCondition,
+    condition_eq,
+    condition_equals,
+    condition_greaterThan,
+    condition_greaterThanOrEqual,
+    condition_gt,
+    condition_gte,
+    condition_lessThan,
+    condition_lessThanOrEqual,
+    condition_lt,
+    condition_lte,
+    condition_neq,
+    condition_notEquals,
+
+    -- * Container
+    Container (..),
+    newContainer,
+    container_containerRuntime,
+    container_id,
+    container_image,
+    container_imagePrefix,
+    container_name,
+    container_securityContext,
+    container_volumeMounts,
+
+    -- * Country
+    Country (..),
+    newCountry,
+    country_countryCode,
+    country_countryName,
+
+    -- * DNSLogsConfigurationResult
+    DNSLogsConfigurationResult (..),
+    newDNSLogsConfigurationResult,
+    dNSLogsConfigurationResult_status,
+
+    -- * DataSourceConfigurations
+    DataSourceConfigurations (..),
+    newDataSourceConfigurations,
+    dataSourceConfigurations_kubernetes,
+    dataSourceConfigurations_malwareProtection,
+    dataSourceConfigurations_s3Logs,
+
+    -- * DataSourceConfigurationsResult
+    DataSourceConfigurationsResult (..),
+    newDataSourceConfigurationsResult,
+    dataSourceConfigurationsResult_kubernetes,
+    dataSourceConfigurationsResult_malwareProtection,
+    dataSourceConfigurationsResult_cloudTrail,
+    dataSourceConfigurationsResult_dNSLogs,
+    dataSourceConfigurationsResult_flowLogs,
+    dataSourceConfigurationsResult_s3Logs,
+
+    -- * DataSourceFreeTrial
+    DataSourceFreeTrial (..),
+    newDataSourceFreeTrial,
+    dataSourceFreeTrial_freeTrialDaysRemaining,
+
+    -- * DataSourcesFreeTrial
+    DataSourcesFreeTrial (..),
+    newDataSourcesFreeTrial,
+    dataSourcesFreeTrial_cloudTrail,
+    dataSourcesFreeTrial_dnsLogs,
+    dataSourcesFreeTrial_flowLogs,
+    dataSourcesFreeTrial_kubernetes,
+    dataSourcesFreeTrial_malwareProtection,
+    dataSourcesFreeTrial_s3Logs,
+
+    -- * DefaultServerSideEncryption
+    DefaultServerSideEncryption (..),
+    newDefaultServerSideEncryption,
+    defaultServerSideEncryption_encryptionType,
+    defaultServerSideEncryption_kmsMasterKeyArn,
+
+    -- * Destination
+    Destination (..),
+    newDestination,
+    destination_destinationId,
+    destination_destinationType,
+    destination_status,
+
+    -- * DestinationProperties
+    DestinationProperties (..),
+    newDestinationProperties,
+    destinationProperties_destinationArn,
+    destinationProperties_kmsKeyArn,
+
+    -- * DnsRequestAction
+    DnsRequestAction (..),
+    newDnsRequestAction,
+    dnsRequestAction_blocked,
+    dnsRequestAction_domain,
+    dnsRequestAction_protocol,
+
+    -- * DomainDetails
+    DomainDetails (..),
+    newDomainDetails,
+    domainDetails_domain,
+
+    -- * EbsVolumeDetails
+    EbsVolumeDetails (..),
+    newEbsVolumeDetails,
+    ebsVolumeDetails_scannedVolumeDetails,
+    ebsVolumeDetails_skippedVolumeDetails,
+
+    -- * EbsVolumeScanDetails
+    EbsVolumeScanDetails (..),
+    newEbsVolumeScanDetails,
+    ebsVolumeScanDetails_scanCompletedAt,
+    ebsVolumeScanDetails_scanDetections,
+    ebsVolumeScanDetails_scanId,
+    ebsVolumeScanDetails_scanStartedAt,
+    ebsVolumeScanDetails_sources,
+    ebsVolumeScanDetails_triggerFindingId,
+
+    -- * EbsVolumesResult
+    EbsVolumesResult (..),
+    newEbsVolumesResult,
+    ebsVolumesResult_reason,
+    ebsVolumesResult_status,
+
+    -- * EcsClusterDetails
+    EcsClusterDetails (..),
+    newEcsClusterDetails,
+    ecsClusterDetails_activeServicesCount,
+    ecsClusterDetails_arn,
+    ecsClusterDetails_name,
+    ecsClusterDetails_registeredContainerInstancesCount,
+    ecsClusterDetails_runningTasksCount,
+    ecsClusterDetails_status,
+    ecsClusterDetails_tags,
+    ecsClusterDetails_taskDetails,
+
+    -- * EcsTaskDetails
+    EcsTaskDetails (..),
+    newEcsTaskDetails,
+    ecsTaskDetails_arn,
+    ecsTaskDetails_containers,
+    ecsTaskDetails_definitionArn,
+    ecsTaskDetails_group,
+    ecsTaskDetails_startedAt,
+    ecsTaskDetails_startedBy,
+    ecsTaskDetails_tags,
+    ecsTaskDetails_taskCreatedAt,
+    ecsTaskDetails_version,
+    ecsTaskDetails_volumes,
+
+    -- * EksClusterDetails
+    EksClusterDetails (..),
+    newEksClusterDetails,
+    eksClusterDetails_arn,
+    eksClusterDetails_createdAt,
+    eksClusterDetails_name,
+    eksClusterDetails_status,
+    eksClusterDetails_tags,
+    eksClusterDetails_vpcId,
+
+    -- * Evidence
+    Evidence (..),
+    newEvidence,
+    evidence_threatIntelligenceDetails,
+
+    -- * FilterCondition
+    FilterCondition (..),
+    newFilterCondition,
+    filterCondition_equalsValue,
+    filterCondition_greaterThan,
+    filterCondition_lessThan,
+
+    -- * FilterCriteria
+    FilterCriteria (..),
+    newFilterCriteria,
+    filterCriteria_filterCriterion,
+
+    -- * FilterCriterion
+    FilterCriterion (..),
+    newFilterCriterion,
+    filterCriterion_criterionKey,
+    filterCriterion_filterCondition,
+
+    -- * Finding
+    Finding (..),
+    newFinding,
+    finding_confidence,
+    finding_description,
+    finding_partition,
+    finding_service,
+    finding_title,
+    finding_accountId,
+    finding_arn,
+    finding_createdAt,
+    finding_id,
+    finding_region,
+    finding_resource,
+    finding_schemaVersion,
+    finding_severity,
+    finding_type,
+    finding_updatedAt,
+
+    -- * FindingCriteria
+    FindingCriteria (..),
+    newFindingCriteria,
+    findingCriteria_criterion,
+
+    -- * FindingStatistics
+    FindingStatistics (..),
+    newFindingStatistics,
+    findingStatistics_countBySeverity,
+
+    -- * FlowLogsConfigurationResult
+    FlowLogsConfigurationResult (..),
+    newFlowLogsConfigurationResult,
+    flowLogsConfigurationResult_status,
+
+    -- * GeoLocation
+    GeoLocation (..),
+    newGeoLocation,
+    geoLocation_lat,
+    geoLocation_lon,
+
+    -- * HighestSeverityThreatDetails
+    HighestSeverityThreatDetails (..),
+    newHighestSeverityThreatDetails,
+    highestSeverityThreatDetails_count,
+    highestSeverityThreatDetails_severity,
+    highestSeverityThreatDetails_threatName,
+
+    -- * HostPath
+    HostPath (..),
+    newHostPath,
+    hostPath_path,
+
+    -- * IamInstanceProfile
+    IamInstanceProfile (..),
+    newIamInstanceProfile,
+    iamInstanceProfile_arn,
+    iamInstanceProfile_id,
+
+    -- * InstanceDetails
+    InstanceDetails (..),
+    newInstanceDetails,
+    instanceDetails_availabilityZone,
+    instanceDetails_iamInstanceProfile,
+    instanceDetails_imageDescription,
+    instanceDetails_imageId,
+    instanceDetails_instanceId,
+    instanceDetails_instanceState,
+    instanceDetails_instanceType,
+    instanceDetails_launchTime,
+    instanceDetails_networkInterfaces,
+    instanceDetails_outpostArn,
+    instanceDetails_platform,
+    instanceDetails_productCodes,
+    instanceDetails_tags,
+
+    -- * Invitation
+    Invitation (..),
+    newInvitation,
+    invitation_accountId,
+    invitation_invitationId,
+    invitation_invitedAt,
+    invitation_relationshipStatus,
+
+    -- * KubernetesApiCallAction
+    KubernetesApiCallAction (..),
+    newKubernetesApiCallAction,
+    kubernetesApiCallAction_parameters,
+    kubernetesApiCallAction_remoteIpDetails,
+    kubernetesApiCallAction_requestUri,
+    kubernetesApiCallAction_sourceIps,
+    kubernetesApiCallAction_statusCode,
+    kubernetesApiCallAction_userAgent,
+    kubernetesApiCallAction_verb,
+
+    -- * KubernetesAuditLogsConfiguration
+    KubernetesAuditLogsConfiguration (..),
+    newKubernetesAuditLogsConfiguration,
+    kubernetesAuditLogsConfiguration_enable,
+
+    -- * KubernetesAuditLogsConfigurationResult
+    KubernetesAuditLogsConfigurationResult (..),
+    newKubernetesAuditLogsConfigurationResult,
+    kubernetesAuditLogsConfigurationResult_status,
+
+    -- * KubernetesConfiguration
+    KubernetesConfiguration (..),
+    newKubernetesConfiguration,
+    kubernetesConfiguration_auditLogs,
+
+    -- * KubernetesConfigurationResult
+    KubernetesConfigurationResult (..),
+    newKubernetesConfigurationResult,
+    kubernetesConfigurationResult_auditLogs,
+
+    -- * KubernetesDataSourceFreeTrial
+    KubernetesDataSourceFreeTrial (..),
+    newKubernetesDataSourceFreeTrial,
+    kubernetesDataSourceFreeTrial_auditLogs,
+
+    -- * KubernetesDetails
+    KubernetesDetails (..),
+    newKubernetesDetails,
+    kubernetesDetails_kubernetesUserDetails,
+    kubernetesDetails_kubernetesWorkloadDetails,
+
+    -- * KubernetesUserDetails
+    KubernetesUserDetails (..),
+    newKubernetesUserDetails,
+    kubernetesUserDetails_groups,
+    kubernetesUserDetails_uid,
+    kubernetesUserDetails_username,
+
+    -- * KubernetesWorkloadDetails
+    KubernetesWorkloadDetails (..),
+    newKubernetesWorkloadDetails,
+    kubernetesWorkloadDetails_containers,
+    kubernetesWorkloadDetails_hostNetwork,
+    kubernetesWorkloadDetails_name,
+    kubernetesWorkloadDetails_namespace,
+    kubernetesWorkloadDetails_type,
+    kubernetesWorkloadDetails_uid,
+    kubernetesWorkloadDetails_volumes,
+
+    -- * LocalIpDetails
+    LocalIpDetails (..),
+    newLocalIpDetails,
+    localIpDetails_ipAddressV4,
+
+    -- * LocalPortDetails
+    LocalPortDetails (..),
+    newLocalPortDetails,
+    localPortDetails_port,
+    localPortDetails_portName,
+
+    -- * MalwareProtectionConfiguration
+    MalwareProtectionConfiguration (..),
+    newMalwareProtectionConfiguration,
+    malwareProtectionConfiguration_scanEc2InstanceWithFindings,
+
+    -- * MalwareProtectionConfigurationResult
+    MalwareProtectionConfigurationResult (..),
+    newMalwareProtectionConfigurationResult,
+    malwareProtectionConfigurationResult_scanEc2InstanceWithFindings,
+    malwareProtectionConfigurationResult_serviceRole,
+
+    -- * MalwareProtectionDataSourceFreeTrial
+    MalwareProtectionDataSourceFreeTrial (..),
+    newMalwareProtectionDataSourceFreeTrial,
+    malwareProtectionDataSourceFreeTrial_scanEc2InstanceWithFindings,
+
+    -- * Member
+    Member (..),
+    newMember,
+    member_administratorId,
+    member_detectorId,
+    member_invitedAt,
+    member_accountId,
+    member_masterId,
+    member_email,
+    member_relationshipStatus,
+    member_updatedAt,
+
+    -- * MemberDataSourceConfiguration
+    MemberDataSourceConfiguration (..),
+    newMemberDataSourceConfiguration,
+    memberDataSourceConfiguration_accountId,
+    memberDataSourceConfiguration_dataSources,
+
+    -- * NetworkConnectionAction
+    NetworkConnectionAction (..),
+    newNetworkConnectionAction,
+    networkConnectionAction_blocked,
+    networkConnectionAction_connectionDirection,
+    networkConnectionAction_localIpDetails,
+    networkConnectionAction_localPortDetails,
+    networkConnectionAction_protocol,
+    networkConnectionAction_remoteIpDetails,
+    networkConnectionAction_remotePortDetails,
+
+    -- * NetworkInterface
+    NetworkInterface (..),
+    newNetworkInterface,
+    networkInterface_ipv6Addresses,
+    networkInterface_networkInterfaceId,
+    networkInterface_privateDnsName,
+    networkInterface_privateIpAddress,
+    networkInterface_privateIpAddresses,
+    networkInterface_publicDnsName,
+    networkInterface_publicIp,
+    networkInterface_securityGroups,
+    networkInterface_subnetId,
+    networkInterface_vpcId,
+
+    -- * Organization
+    Organization (..),
+    newOrganization,
+    organization_asn,
+    organization_asnOrg,
+    organization_isp,
+    organization_org,
+
+    -- * OrganizationDataSourceConfigurations
+    OrganizationDataSourceConfigurations (..),
+    newOrganizationDataSourceConfigurations,
+    organizationDataSourceConfigurations_kubernetes,
+    organizationDataSourceConfigurations_malwareProtection,
+    organizationDataSourceConfigurations_s3Logs,
+
+    -- * OrganizationDataSourceConfigurationsResult
+    OrganizationDataSourceConfigurationsResult (..),
+    newOrganizationDataSourceConfigurationsResult,
+    organizationDataSourceConfigurationsResult_kubernetes,
+    organizationDataSourceConfigurationsResult_malwareProtection,
+    organizationDataSourceConfigurationsResult_s3Logs,
+
+    -- * OrganizationEbsVolumes
+    OrganizationEbsVolumes (..),
+    newOrganizationEbsVolumes,
+    organizationEbsVolumes_autoEnable,
+
+    -- * OrganizationEbsVolumesResult
+    OrganizationEbsVolumesResult (..),
+    newOrganizationEbsVolumesResult,
+    organizationEbsVolumesResult_autoEnable,
+
+    -- * OrganizationKubernetesAuditLogsConfiguration
+    OrganizationKubernetesAuditLogsConfiguration (..),
+    newOrganizationKubernetesAuditLogsConfiguration,
+    organizationKubernetesAuditLogsConfiguration_autoEnable,
+
+    -- * OrganizationKubernetesAuditLogsConfigurationResult
+    OrganizationKubernetesAuditLogsConfigurationResult (..),
+    newOrganizationKubernetesAuditLogsConfigurationResult,
+    organizationKubernetesAuditLogsConfigurationResult_autoEnable,
+
+    -- * OrganizationKubernetesConfiguration
+    OrganizationKubernetesConfiguration (..),
+    newOrganizationKubernetesConfiguration,
+    organizationKubernetesConfiguration_auditLogs,
+
+    -- * OrganizationKubernetesConfigurationResult
+    OrganizationKubernetesConfigurationResult (..),
+    newOrganizationKubernetesConfigurationResult,
+    organizationKubernetesConfigurationResult_auditLogs,
+
+    -- * OrganizationMalwareProtectionConfiguration
+    OrganizationMalwareProtectionConfiguration (..),
+    newOrganizationMalwareProtectionConfiguration,
+    organizationMalwareProtectionConfiguration_scanEc2InstanceWithFindings,
+
+    -- * OrganizationMalwareProtectionConfigurationResult
+    OrganizationMalwareProtectionConfigurationResult (..),
+    newOrganizationMalwareProtectionConfigurationResult,
+    organizationMalwareProtectionConfigurationResult_scanEc2InstanceWithFindings,
+
+    -- * OrganizationS3LogsConfiguration
+    OrganizationS3LogsConfiguration (..),
+    newOrganizationS3LogsConfiguration,
+    organizationS3LogsConfiguration_autoEnable,
+
+    -- * OrganizationS3LogsConfigurationResult
+    OrganizationS3LogsConfigurationResult (..),
+    newOrganizationS3LogsConfigurationResult,
+    organizationS3LogsConfigurationResult_autoEnable,
+
+    -- * OrganizationScanEc2InstanceWithFindings
+    OrganizationScanEc2InstanceWithFindings (..),
+    newOrganizationScanEc2InstanceWithFindings,
+    organizationScanEc2InstanceWithFindings_ebsVolumes,
+
+    -- * OrganizationScanEc2InstanceWithFindingsResult
+    OrganizationScanEc2InstanceWithFindingsResult (..),
+    newOrganizationScanEc2InstanceWithFindingsResult,
+    organizationScanEc2InstanceWithFindingsResult_ebsVolumes,
+
+    -- * Owner
+    Owner (..),
+    newOwner,
+    owner_id,
+
+    -- * PermissionConfiguration
+    PermissionConfiguration (..),
+    newPermissionConfiguration,
+    permissionConfiguration_accountLevelPermissions,
+    permissionConfiguration_bucketLevelPermissions,
+
+    -- * PortProbeAction
+    PortProbeAction (..),
+    newPortProbeAction,
+    portProbeAction_blocked,
+    portProbeAction_portProbeDetails,
+
+    -- * PortProbeDetail
+    PortProbeDetail (..),
+    newPortProbeDetail,
+    portProbeDetail_localIpDetails,
+    portProbeDetail_localPortDetails,
+    portProbeDetail_remoteIpDetails,
+
+    -- * PrivateIpAddressDetails
+    PrivateIpAddressDetails (..),
+    newPrivateIpAddressDetails,
+    privateIpAddressDetails_privateDnsName,
+    privateIpAddressDetails_privateIpAddress,
+
+    -- * ProductCode
+    ProductCode (..),
+    newProductCode,
+    productCode_code,
+    productCode_productType,
+
+    -- * PublicAccess
+    PublicAccess (..),
+    newPublicAccess,
+    publicAccess_effectivePermission,
+    publicAccess_permissionConfiguration,
+
+    -- * RemoteAccountDetails
+    RemoteAccountDetails (..),
+    newRemoteAccountDetails,
+    remoteAccountDetails_accountId,
+    remoteAccountDetails_affiliated,
+
+    -- * RemoteIpDetails
+    RemoteIpDetails (..),
+    newRemoteIpDetails,
+    remoteIpDetails_city,
+    remoteIpDetails_country,
+    remoteIpDetails_geoLocation,
+    remoteIpDetails_ipAddressV4,
+    remoteIpDetails_organization,
+
+    -- * RemotePortDetails
+    RemotePortDetails (..),
+    newRemotePortDetails,
+    remotePortDetails_port,
+    remotePortDetails_portName,
+
+    -- * Resource
+    Resource (..),
+    newResource,
+    resource_accessKeyDetails,
+    resource_containerDetails,
+    resource_ebsVolumeDetails,
+    resource_ecsClusterDetails,
+    resource_eksClusterDetails,
+    resource_instanceDetails,
+    resource_kubernetesDetails,
+    resource_resourceType,
+    resource_s3BucketDetails,
+
+    -- * ResourceDetails
+    ResourceDetails (..),
+    newResourceDetails,
+    resourceDetails_instanceArn,
+
+    -- * S3BucketDetail
+    S3BucketDetail (..),
+    newS3BucketDetail,
+    s3BucketDetail_arn,
+    s3BucketDetail_createdAt,
+    s3BucketDetail_defaultServerSideEncryption,
+    s3BucketDetail_name,
+    s3BucketDetail_owner,
+    s3BucketDetail_publicAccess,
+    s3BucketDetail_tags,
+    s3BucketDetail_type,
+
+    -- * S3LogsConfiguration
+    S3LogsConfiguration (..),
+    newS3LogsConfiguration,
+    s3LogsConfiguration_enable,
+
+    -- * S3LogsConfigurationResult
+    S3LogsConfigurationResult (..),
+    newS3LogsConfigurationResult,
+    s3LogsConfigurationResult_status,
+
+    -- * Scan
+    Scan (..),
+    newScan,
+    scan_accountId,
+    scan_adminDetectorId,
+    scan_attachedVolumes,
+    scan_detectorId,
+    scan_failureReason,
+    scan_fileCount,
+    scan_resourceDetails,
+    scan_scanEndTime,
+    scan_scanId,
+    scan_scanResultDetails,
+    scan_scanStartTime,
+    scan_scanStatus,
+    scan_totalBytes,
+    scan_triggerDetails,
+
+    -- * ScanCondition
+    ScanCondition (..),
+    newScanCondition,
+    scanCondition_mapEquals,
+
+    -- * ScanConditionPair
+    ScanConditionPair (..),
+    newScanConditionPair,
+    scanConditionPair_value,
+    scanConditionPair_key,
+
+    -- * ScanDetections
+    ScanDetections (..),
+    newScanDetections,
+    scanDetections_highestSeverityThreatDetails,
+    scanDetections_scannedItemCount,
+    scanDetections_threatDetectedByName,
+    scanDetections_threatsDetectedItemCount,
+
+    -- * ScanEc2InstanceWithFindings
+    ScanEc2InstanceWithFindings (..),
+    newScanEc2InstanceWithFindings,
+    scanEc2InstanceWithFindings_ebsVolumes,
+
+    -- * ScanEc2InstanceWithFindingsResult
+    ScanEc2InstanceWithFindingsResult (..),
+    newScanEc2InstanceWithFindingsResult,
+    scanEc2InstanceWithFindingsResult_ebsVolumes,
+
+    -- * ScanFilePath
+    ScanFilePath (..),
+    newScanFilePath,
+    scanFilePath_fileName,
+    scanFilePath_filePath,
+    scanFilePath_hash,
+    scanFilePath_volumeArn,
+
+    -- * ScanResourceCriteria
+    ScanResourceCriteria (..),
+    newScanResourceCriteria,
+    scanResourceCriteria_exclude,
+    scanResourceCriteria_include,
+
+    -- * ScanResultDetails
+    ScanResultDetails (..),
+    newScanResultDetails,
+    scanResultDetails_scanResult,
+
+    -- * ScanThreatName
+    ScanThreatName (..),
+    newScanThreatName,
+    scanThreatName_filePaths,
+    scanThreatName_itemCount,
+    scanThreatName_name,
+    scanThreatName_severity,
+
+    -- * ScannedItemCount
+    ScannedItemCount (..),
+    newScannedItemCount,
+    scannedItemCount_files,
+    scannedItemCount_totalGb,
+    scannedItemCount_volumes,
+
+    -- * SecurityContext
+    SecurityContext (..),
+    newSecurityContext,
+    securityContext_privileged,
+
+    -- * SecurityGroup
+    SecurityGroup (..),
+    newSecurityGroup,
+    securityGroup_groupId,
+    securityGroup_groupName,
+
+    -- * ServiceAdditionalInfo
+    ServiceAdditionalInfo (..),
+    newServiceAdditionalInfo,
+    serviceAdditionalInfo_type,
+    serviceAdditionalInfo_value,
+
+    -- * ServiceInfo
+    ServiceInfo (..),
+    newServiceInfo,
+    serviceInfo_action,
+    serviceInfo_additionalInfo,
+    serviceInfo_archived,
+    serviceInfo_count,
+    serviceInfo_detectorId,
+    serviceInfo_ebsVolumeScanDetails,
+    serviceInfo_eventFirstSeen,
+    serviceInfo_eventLastSeen,
+    serviceInfo_evidence,
+    serviceInfo_featureName,
+    serviceInfo_resourceRole,
+    serviceInfo_serviceName,
+    serviceInfo_userFeedback,
+
+    -- * SortCriteria
+    SortCriteria (..),
+    newSortCriteria,
+    sortCriteria_attributeName,
+    sortCriteria_orderBy,
+
+    -- * Tag
+    Tag (..),
+    newTag,
+    tag_key,
+    tag_value,
+
+    -- * ThreatDetectedByName
+    ThreatDetectedByName (..),
+    newThreatDetectedByName,
+    threatDetectedByName_itemCount,
+    threatDetectedByName_shortened,
+    threatDetectedByName_threatNames,
+    threatDetectedByName_uniqueThreatNameCount,
+
+    -- * ThreatIntelligenceDetail
+    ThreatIntelligenceDetail (..),
+    newThreatIntelligenceDetail,
+    threatIntelligenceDetail_threatListName,
+    threatIntelligenceDetail_threatNames,
+
+    -- * ThreatsDetectedItemCount
+    ThreatsDetectedItemCount (..),
+    newThreatsDetectedItemCount,
+    threatsDetectedItemCount_files,
+
+    -- * Total
+    Total (..),
+    newTotal,
+    total_amount,
+    total_unit,
+
+    -- * TriggerDetails
+    TriggerDetails (..),
+    newTriggerDetails,
+    triggerDetails_description,
+    triggerDetails_guardDutyFindingId,
+
+    -- * UnprocessedAccount
+    UnprocessedAccount (..),
+    newUnprocessedAccount,
+    unprocessedAccount_accountId,
+    unprocessedAccount_result,
+
+    -- * UnprocessedDataSourcesResult
+    UnprocessedDataSourcesResult (..),
+    newUnprocessedDataSourcesResult,
+    unprocessedDataSourcesResult_malwareProtection,
+
+    -- * UsageAccountResult
+    UsageAccountResult (..),
+    newUsageAccountResult,
+    usageAccountResult_accountId,
+    usageAccountResult_total,
+
+    -- * UsageCriteria
+    UsageCriteria (..),
+    newUsageCriteria,
+    usageCriteria_accountIds,
+    usageCriteria_resources,
+    usageCriteria_dataSources,
+
+    -- * UsageDataSourceResult
+    UsageDataSourceResult (..),
+    newUsageDataSourceResult,
+    usageDataSourceResult_dataSource,
+    usageDataSourceResult_total,
+
+    -- * UsageResourceResult
+    UsageResourceResult (..),
+    newUsageResourceResult,
+    usageResourceResult_resource,
+    usageResourceResult_total,
+
+    -- * UsageStatistics
+    UsageStatistics (..),
+    newUsageStatistics,
+    usageStatistics_sumByAccount,
+    usageStatistics_sumByDataSource,
+    usageStatistics_sumByResource,
+    usageStatistics_topResources,
+
+    -- * Volume
+    Volume (..),
+    newVolume,
+    volume_hostPath,
+    volume_name,
+
+    -- * VolumeDetail
+    VolumeDetail (..),
+    newVolumeDetail,
+    volumeDetail_deviceName,
+    volumeDetail_encryptionType,
+    volumeDetail_kmsKeyArn,
+    volumeDetail_snapshotArn,
+    volumeDetail_volumeArn,
+    volumeDetail_volumeSizeInGB,
+    volumeDetail_volumeType,
+
+    -- * VolumeMount
+    VolumeMount (..),
+    newVolumeMount,
+    volumeMount_mountPath,
+    volumeMount_name,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import Amazonka.GuardDuty.Types.AccessControlList
+import Amazonka.GuardDuty.Types.AccessKeyDetails
+import Amazonka.GuardDuty.Types.AccountDetail
+import Amazonka.GuardDuty.Types.AccountFreeTrialInfo
+import Amazonka.GuardDuty.Types.AccountLevelPermissions
+import Amazonka.GuardDuty.Types.Action
+import Amazonka.GuardDuty.Types.AdminAccount
+import Amazonka.GuardDuty.Types.AdminStatus
+import Amazonka.GuardDuty.Types.Administrator
+import Amazonka.GuardDuty.Types.AwsApiCallAction
+import Amazonka.GuardDuty.Types.BlockPublicAccess
+import Amazonka.GuardDuty.Types.BucketLevelPermissions
+import Amazonka.GuardDuty.Types.BucketPolicy
+import Amazonka.GuardDuty.Types.City
+import Amazonka.GuardDuty.Types.CloudTrailConfigurationResult
+import Amazonka.GuardDuty.Types.Condition
+import Amazonka.GuardDuty.Types.Container
+import Amazonka.GuardDuty.Types.Country
+import Amazonka.GuardDuty.Types.CriterionKey
+import Amazonka.GuardDuty.Types.DNSLogsConfigurationResult
+import Amazonka.GuardDuty.Types.DataSource
+import Amazonka.GuardDuty.Types.DataSourceConfigurations
+import Amazonka.GuardDuty.Types.DataSourceConfigurationsResult
+import Amazonka.GuardDuty.Types.DataSourceFreeTrial
+import Amazonka.GuardDuty.Types.DataSourceStatus
+import Amazonka.GuardDuty.Types.DataSourcesFreeTrial
+import Amazonka.GuardDuty.Types.DefaultServerSideEncryption
+import Amazonka.GuardDuty.Types.Destination
+import Amazonka.GuardDuty.Types.DestinationProperties
+import Amazonka.GuardDuty.Types.DestinationType
+import Amazonka.GuardDuty.Types.DetectorStatus
+import Amazonka.GuardDuty.Types.DnsRequestAction
+import Amazonka.GuardDuty.Types.DomainDetails
+import Amazonka.GuardDuty.Types.EbsSnapshotPreservation
+import Amazonka.GuardDuty.Types.EbsVolumeDetails
+import Amazonka.GuardDuty.Types.EbsVolumeScanDetails
+import Amazonka.GuardDuty.Types.EbsVolumesResult
+import Amazonka.GuardDuty.Types.EcsClusterDetails
+import Amazonka.GuardDuty.Types.EcsTaskDetails
+import Amazonka.GuardDuty.Types.EksClusterDetails
+import Amazonka.GuardDuty.Types.Evidence
+import Amazonka.GuardDuty.Types.Feedback
+import Amazonka.GuardDuty.Types.FilterAction
+import Amazonka.GuardDuty.Types.FilterCondition
+import Amazonka.GuardDuty.Types.FilterCriteria
+import Amazonka.GuardDuty.Types.FilterCriterion
+import Amazonka.GuardDuty.Types.Finding
+import Amazonka.GuardDuty.Types.FindingCriteria
+import Amazonka.GuardDuty.Types.FindingPublishingFrequency
+import Amazonka.GuardDuty.Types.FindingStatisticType
+import Amazonka.GuardDuty.Types.FindingStatistics
+import Amazonka.GuardDuty.Types.FlowLogsConfigurationResult
+import Amazonka.GuardDuty.Types.GeoLocation
+import Amazonka.GuardDuty.Types.HighestSeverityThreatDetails
+import Amazonka.GuardDuty.Types.HostPath
+import Amazonka.GuardDuty.Types.IamInstanceProfile
+import Amazonka.GuardDuty.Types.InstanceDetails
+import Amazonka.GuardDuty.Types.Invitation
+import Amazonka.GuardDuty.Types.IpSetFormat
+import Amazonka.GuardDuty.Types.IpSetStatus
+import Amazonka.GuardDuty.Types.KubernetesApiCallAction
+import Amazonka.GuardDuty.Types.KubernetesAuditLogsConfiguration
+import Amazonka.GuardDuty.Types.KubernetesAuditLogsConfigurationResult
+import Amazonka.GuardDuty.Types.KubernetesConfiguration
+import Amazonka.GuardDuty.Types.KubernetesConfigurationResult
+import Amazonka.GuardDuty.Types.KubernetesDataSourceFreeTrial
+import Amazonka.GuardDuty.Types.KubernetesDetails
+import Amazonka.GuardDuty.Types.KubernetesUserDetails
+import Amazonka.GuardDuty.Types.KubernetesWorkloadDetails
+import Amazonka.GuardDuty.Types.LocalIpDetails
+import Amazonka.GuardDuty.Types.LocalPortDetails
+import Amazonka.GuardDuty.Types.MalwareProtectionConfiguration
+import Amazonka.GuardDuty.Types.MalwareProtectionConfigurationResult
+import Amazonka.GuardDuty.Types.MalwareProtectionDataSourceFreeTrial
+import Amazonka.GuardDuty.Types.Member
+import Amazonka.GuardDuty.Types.MemberDataSourceConfiguration
+import Amazonka.GuardDuty.Types.NetworkConnectionAction
+import Amazonka.GuardDuty.Types.NetworkInterface
+import Amazonka.GuardDuty.Types.OrderBy
+import Amazonka.GuardDuty.Types.Organization
+import Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurations
+import Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurationsResult
+import Amazonka.GuardDuty.Types.OrganizationEbsVolumes
+import Amazonka.GuardDuty.Types.OrganizationEbsVolumesResult
+import Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfiguration
+import Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationKubernetesConfiguration
+import Amazonka.GuardDuty.Types.OrganizationKubernetesConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfiguration
+import Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationS3LogsConfiguration
+import Amazonka.GuardDuty.Types.OrganizationS3LogsConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindings
+import Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindingsResult
+import Amazonka.GuardDuty.Types.Owner
+import Amazonka.GuardDuty.Types.PermissionConfiguration
+import Amazonka.GuardDuty.Types.PortProbeAction
+import Amazonka.GuardDuty.Types.PortProbeDetail
+import Amazonka.GuardDuty.Types.PrivateIpAddressDetails
+import Amazonka.GuardDuty.Types.ProductCode
+import Amazonka.GuardDuty.Types.PublicAccess
+import Amazonka.GuardDuty.Types.PublishingStatus
+import Amazonka.GuardDuty.Types.RemoteAccountDetails
+import Amazonka.GuardDuty.Types.RemoteIpDetails
+import Amazonka.GuardDuty.Types.RemotePortDetails
+import Amazonka.GuardDuty.Types.Resource
+import Amazonka.GuardDuty.Types.ResourceDetails
+import Amazonka.GuardDuty.Types.S3BucketDetail
+import Amazonka.GuardDuty.Types.S3LogsConfiguration
+import Amazonka.GuardDuty.Types.S3LogsConfigurationResult
+import Amazonka.GuardDuty.Types.Scan
+import Amazonka.GuardDuty.Types.ScanCondition
+import Amazonka.GuardDuty.Types.ScanConditionPair
+import Amazonka.GuardDuty.Types.ScanCriterionKey
+import Amazonka.GuardDuty.Types.ScanDetections
+import Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindings
+import Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindingsResult
+import Amazonka.GuardDuty.Types.ScanFilePath
+import Amazonka.GuardDuty.Types.ScanResourceCriteria
+import Amazonka.GuardDuty.Types.ScanResult
+import Amazonka.GuardDuty.Types.ScanResultDetails
+import Amazonka.GuardDuty.Types.ScanStatus
+import Amazonka.GuardDuty.Types.ScanThreatName
+import Amazonka.GuardDuty.Types.ScannedItemCount
+import Amazonka.GuardDuty.Types.SecurityContext
+import Amazonka.GuardDuty.Types.SecurityGroup
+import Amazonka.GuardDuty.Types.ServiceAdditionalInfo
+import Amazonka.GuardDuty.Types.ServiceInfo
+import Amazonka.GuardDuty.Types.SortCriteria
+import Amazonka.GuardDuty.Types.Tag
+import Amazonka.GuardDuty.Types.ThreatDetectedByName
+import Amazonka.GuardDuty.Types.ThreatIntelSetFormat
+import Amazonka.GuardDuty.Types.ThreatIntelSetStatus
+import Amazonka.GuardDuty.Types.ThreatIntelligenceDetail
+import Amazonka.GuardDuty.Types.ThreatsDetectedItemCount
+import Amazonka.GuardDuty.Types.Total
+import Amazonka.GuardDuty.Types.TriggerDetails
+import Amazonka.GuardDuty.Types.UnprocessedAccount
+import Amazonka.GuardDuty.Types.UnprocessedDataSourcesResult
+import Amazonka.GuardDuty.Types.UsageAccountResult
+import Amazonka.GuardDuty.Types.UsageCriteria
+import Amazonka.GuardDuty.Types.UsageDataSourceResult
+import Amazonka.GuardDuty.Types.UsageResourceResult
+import Amazonka.GuardDuty.Types.UsageStatisticType
+import Amazonka.GuardDuty.Types.UsageStatistics
+import Amazonka.GuardDuty.Types.Volume
+import Amazonka.GuardDuty.Types.VolumeDetail
+import Amazonka.GuardDuty.Types.VolumeMount
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2017-11-28@ of the Amazon GuardDuty SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "GuardDuty",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "guardduty",
+      Core.signingName = "guardduty",
+      Core.version = "2017-11-28",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "GuardDuty",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | A bad request exception object.
+_BadRequestException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_BadRequestException =
+  Core._MatchServiceError
+    defaultService
+    "BadRequestException"
+    Prelude.. Core.hasStatus 400
+
+-- | An internal server error exception object.
+_InternalServerErrorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalServerErrorException =
+  Core._MatchServiceError
+    defaultService
+    "InternalServerErrorException"
+    Prelude.. Core.hasStatus 500
diff --git a/gen/Amazonka/GuardDuty/Types/AccessControlList.hs b/gen/Amazonka/GuardDuty/Types/AccessControlList.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AccessControlList.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AccessControlList
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AccessControlList where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the current access control policies for the
+-- bucket.
+--
+-- /See:/ 'newAccessControlList' smart constructor.
+data AccessControlList = AccessControlList'
+  { -- | A value that indicates whether public read access for the bucket is
+    -- enabled through an Access Control List (ACL).
+    allowsPublicReadAccess :: Prelude.Maybe Prelude.Bool,
+    -- | A value that indicates whether public write access for the bucket is
+    -- enabled through an Access Control List (ACL).
+    allowsPublicWriteAccess :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessControlList' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allowsPublicReadAccess', 'accessControlList_allowsPublicReadAccess' - A value that indicates whether public read access for the bucket is
+-- enabled through an Access Control List (ACL).
+--
+-- 'allowsPublicWriteAccess', 'accessControlList_allowsPublicWriteAccess' - A value that indicates whether public write access for the bucket is
+-- enabled through an Access Control List (ACL).
+newAccessControlList ::
+  AccessControlList
+newAccessControlList =
+  AccessControlList'
+    { allowsPublicReadAccess =
+        Prelude.Nothing,
+      allowsPublicWriteAccess = Prelude.Nothing
+    }
+
+-- | A value that indicates whether public read access for the bucket is
+-- enabled through an Access Control List (ACL).
+accessControlList_allowsPublicReadAccess :: Lens.Lens' AccessControlList (Prelude.Maybe Prelude.Bool)
+accessControlList_allowsPublicReadAccess = Lens.lens (\AccessControlList' {allowsPublicReadAccess} -> allowsPublicReadAccess) (\s@AccessControlList' {} a -> s {allowsPublicReadAccess = a} :: AccessControlList)
+
+-- | A value that indicates whether public write access for the bucket is
+-- enabled through an Access Control List (ACL).
+accessControlList_allowsPublicWriteAccess :: Lens.Lens' AccessControlList (Prelude.Maybe Prelude.Bool)
+accessControlList_allowsPublicWriteAccess = Lens.lens (\AccessControlList' {allowsPublicWriteAccess} -> allowsPublicWriteAccess) (\s@AccessControlList' {} a -> s {allowsPublicWriteAccess = a} :: AccessControlList)
+
+instance Data.FromJSON AccessControlList where
+  parseJSON =
+    Data.withObject
+      "AccessControlList"
+      ( \x ->
+          AccessControlList'
+            Prelude.<$> (x Data..:? "allowsPublicReadAccess")
+            Prelude.<*> (x Data..:? "allowsPublicWriteAccess")
+      )
+
+instance Prelude.Hashable AccessControlList where
+  hashWithSalt _salt AccessControlList' {..} =
+    _salt
+      `Prelude.hashWithSalt` allowsPublicReadAccess
+      `Prelude.hashWithSalt` allowsPublicWriteAccess
+
+instance Prelude.NFData AccessControlList where
+  rnf AccessControlList' {..} =
+    Prelude.rnf allowsPublicReadAccess
+      `Prelude.seq` Prelude.rnf allowsPublicWriteAccess
diff --git a/gen/Amazonka/GuardDuty/Types/AccessKeyDetails.hs b/gen/Amazonka/GuardDuty/Types/AccessKeyDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AccessKeyDetails.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AccessKeyDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AccessKeyDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the access keys.
+--
+-- /See:/ 'newAccessKeyDetails' smart constructor.
+data AccessKeyDetails = AccessKeyDetails'
+  { -- | The access key ID of the user.
+    accessKeyId :: Prelude.Maybe Prelude.Text,
+    -- | The principal ID of the user.
+    principalId :: Prelude.Maybe Prelude.Text,
+    -- | The name of the user.
+    userName :: Prelude.Maybe Prelude.Text,
+    -- | The type of the user.
+    userType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessKeyDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessKeyId', 'accessKeyDetails_accessKeyId' - The access key ID of the user.
+--
+-- 'principalId', 'accessKeyDetails_principalId' - The principal ID of the user.
+--
+-- 'userName', 'accessKeyDetails_userName' - The name of the user.
+--
+-- 'userType', 'accessKeyDetails_userType' - The type of the user.
+newAccessKeyDetails ::
+  AccessKeyDetails
+newAccessKeyDetails =
+  AccessKeyDetails'
+    { accessKeyId = Prelude.Nothing,
+      principalId = Prelude.Nothing,
+      userName = Prelude.Nothing,
+      userType = Prelude.Nothing
+    }
+
+-- | The access key ID of the user.
+accessKeyDetails_accessKeyId :: Lens.Lens' AccessKeyDetails (Prelude.Maybe Prelude.Text)
+accessKeyDetails_accessKeyId = Lens.lens (\AccessKeyDetails' {accessKeyId} -> accessKeyId) (\s@AccessKeyDetails' {} a -> s {accessKeyId = a} :: AccessKeyDetails)
+
+-- | The principal ID of the user.
+accessKeyDetails_principalId :: Lens.Lens' AccessKeyDetails (Prelude.Maybe Prelude.Text)
+accessKeyDetails_principalId = Lens.lens (\AccessKeyDetails' {principalId} -> principalId) (\s@AccessKeyDetails' {} a -> s {principalId = a} :: AccessKeyDetails)
+
+-- | The name of the user.
+accessKeyDetails_userName :: Lens.Lens' AccessKeyDetails (Prelude.Maybe Prelude.Text)
+accessKeyDetails_userName = Lens.lens (\AccessKeyDetails' {userName} -> userName) (\s@AccessKeyDetails' {} a -> s {userName = a} :: AccessKeyDetails)
+
+-- | The type of the user.
+accessKeyDetails_userType :: Lens.Lens' AccessKeyDetails (Prelude.Maybe Prelude.Text)
+accessKeyDetails_userType = Lens.lens (\AccessKeyDetails' {userType} -> userType) (\s@AccessKeyDetails' {} a -> s {userType = a} :: AccessKeyDetails)
+
+instance Data.FromJSON AccessKeyDetails where
+  parseJSON =
+    Data.withObject
+      "AccessKeyDetails"
+      ( \x ->
+          AccessKeyDetails'
+            Prelude.<$> (x Data..:? "accessKeyId")
+            Prelude.<*> (x Data..:? "principalId")
+            Prelude.<*> (x Data..:? "userName")
+            Prelude.<*> (x Data..:? "userType")
+      )
+
+instance Prelude.Hashable AccessKeyDetails where
+  hashWithSalt _salt AccessKeyDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessKeyId
+      `Prelude.hashWithSalt` principalId
+      `Prelude.hashWithSalt` userName
+      `Prelude.hashWithSalt` userType
+
+instance Prelude.NFData AccessKeyDetails where
+  rnf AccessKeyDetails' {..} =
+    Prelude.rnf accessKeyId
+      `Prelude.seq` Prelude.rnf principalId
+      `Prelude.seq` Prelude.rnf userName
+      `Prelude.seq` Prelude.rnf userType
diff --git a/gen/Amazonka/GuardDuty/Types/AccountDetail.hs b/gen/Amazonka/GuardDuty/Types/AccountDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AccountDetail.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AccountDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AccountDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the account.
+--
+-- /See:/ 'newAccountDetail' smart constructor.
+data AccountDetail = AccountDetail'
+  { -- | The member account ID.
+    accountId :: Prelude.Text,
+    -- | The email address of the member account.
+    email :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'accountDetail_accountId' - The member account ID.
+--
+-- 'email', 'accountDetail_email' - The email address of the member account.
+newAccountDetail ::
+  -- | 'accountId'
+  Prelude.Text ->
+  -- | 'email'
+  Prelude.Text ->
+  AccountDetail
+newAccountDetail pAccountId_ pEmail_ =
+  AccountDetail'
+    { accountId = pAccountId_,
+      email = pEmail_
+    }
+
+-- | The member account ID.
+accountDetail_accountId :: Lens.Lens' AccountDetail Prelude.Text
+accountDetail_accountId = Lens.lens (\AccountDetail' {accountId} -> accountId) (\s@AccountDetail' {} a -> s {accountId = a} :: AccountDetail)
+
+-- | The email address of the member account.
+accountDetail_email :: Lens.Lens' AccountDetail Prelude.Text
+accountDetail_email = Lens.lens (\AccountDetail' {email} -> email) (\s@AccountDetail' {} a -> s {email = a} :: AccountDetail)
+
+instance Prelude.Hashable AccountDetail where
+  hashWithSalt _salt AccountDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` email
+
+instance Prelude.NFData AccountDetail where
+  rnf AccountDetail' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf email
+
+instance Data.ToJSON AccountDetail where
+  toJSON AccountDetail' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("accountId" Data..= accountId),
+            Prelude.Just ("email" Data..= email)
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/AccountFreeTrialInfo.hs b/gen/Amazonka/GuardDuty/Types/AccountFreeTrialInfo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AccountFreeTrialInfo.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AccountFreeTrialInfo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AccountFreeTrialInfo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourcesFreeTrial
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details of the GuardDuty member account that uses a free trial
+-- service.
+--
+-- /See:/ 'newAccountFreeTrialInfo' smart constructor.
+data AccountFreeTrialInfo = AccountFreeTrialInfo'
+  { -- | The account identifier of the GuardDuty member account.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | Describes the data source enabled for the GuardDuty member account.
+    dataSources :: Prelude.Maybe DataSourcesFreeTrial
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountFreeTrialInfo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'accountFreeTrialInfo_accountId' - The account identifier of the GuardDuty member account.
+--
+-- 'dataSources', 'accountFreeTrialInfo_dataSources' - Describes the data source enabled for the GuardDuty member account.
+newAccountFreeTrialInfo ::
+  AccountFreeTrialInfo
+newAccountFreeTrialInfo =
+  AccountFreeTrialInfo'
+    { accountId = Prelude.Nothing,
+      dataSources = Prelude.Nothing
+    }
+
+-- | The account identifier of the GuardDuty member account.
+accountFreeTrialInfo_accountId :: Lens.Lens' AccountFreeTrialInfo (Prelude.Maybe Prelude.Text)
+accountFreeTrialInfo_accountId = Lens.lens (\AccountFreeTrialInfo' {accountId} -> accountId) (\s@AccountFreeTrialInfo' {} a -> s {accountId = a} :: AccountFreeTrialInfo)
+
+-- | Describes the data source enabled for the GuardDuty member account.
+accountFreeTrialInfo_dataSources :: Lens.Lens' AccountFreeTrialInfo (Prelude.Maybe DataSourcesFreeTrial)
+accountFreeTrialInfo_dataSources = Lens.lens (\AccountFreeTrialInfo' {dataSources} -> dataSources) (\s@AccountFreeTrialInfo' {} a -> s {dataSources = a} :: AccountFreeTrialInfo)
+
+instance Data.FromJSON AccountFreeTrialInfo where
+  parseJSON =
+    Data.withObject
+      "AccountFreeTrialInfo"
+      ( \x ->
+          AccountFreeTrialInfo'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "dataSources")
+      )
+
+instance Prelude.Hashable AccountFreeTrialInfo where
+  hashWithSalt _salt AccountFreeTrialInfo' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` dataSources
+
+instance Prelude.NFData AccountFreeTrialInfo where
+  rnf AccountFreeTrialInfo' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf dataSources
diff --git a/gen/Amazonka/GuardDuty/Types/AccountLevelPermissions.hs b/gen/Amazonka/GuardDuty/Types/AccountLevelPermissions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AccountLevelPermissions.hs
@@ -0,0 +1,77 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AccountLevelPermissions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AccountLevelPermissions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.BlockPublicAccess
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the account level permissions on the S3
+-- bucket.
+--
+-- /See:/ 'newAccountLevelPermissions' smart constructor.
+data AccountLevelPermissions = AccountLevelPermissions'
+  { -- | Describes the S3 Block Public Access settings of the bucket\'s parent
+    -- account.
+    blockPublicAccess :: Prelude.Maybe BlockPublicAccess
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountLevelPermissions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blockPublicAccess', 'accountLevelPermissions_blockPublicAccess' - Describes the S3 Block Public Access settings of the bucket\'s parent
+-- account.
+newAccountLevelPermissions ::
+  AccountLevelPermissions
+newAccountLevelPermissions =
+  AccountLevelPermissions'
+    { blockPublicAccess =
+        Prelude.Nothing
+    }
+
+-- | Describes the S3 Block Public Access settings of the bucket\'s parent
+-- account.
+accountLevelPermissions_blockPublicAccess :: Lens.Lens' AccountLevelPermissions (Prelude.Maybe BlockPublicAccess)
+accountLevelPermissions_blockPublicAccess = Lens.lens (\AccountLevelPermissions' {blockPublicAccess} -> blockPublicAccess) (\s@AccountLevelPermissions' {} a -> s {blockPublicAccess = a} :: AccountLevelPermissions)
+
+instance Data.FromJSON AccountLevelPermissions where
+  parseJSON =
+    Data.withObject
+      "AccountLevelPermissions"
+      ( \x ->
+          AccountLevelPermissions'
+            Prelude.<$> (x Data..:? "blockPublicAccess")
+      )
+
+instance Prelude.Hashable AccountLevelPermissions where
+  hashWithSalt _salt AccountLevelPermissions' {..} =
+    _salt `Prelude.hashWithSalt` blockPublicAccess
+
+instance Prelude.NFData AccountLevelPermissions where
+  rnf AccountLevelPermissions' {..} =
+    Prelude.rnf blockPublicAccess
diff --git a/gen/Amazonka/GuardDuty/Types/Action.hs b/gen/Amazonka/GuardDuty/Types/Action.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Action.hs
@@ -0,0 +1,143 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Action
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Action where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.AwsApiCallAction
+import Amazonka.GuardDuty.Types.DnsRequestAction
+import Amazonka.GuardDuty.Types.KubernetesApiCallAction
+import Amazonka.GuardDuty.Types.NetworkConnectionAction
+import Amazonka.GuardDuty.Types.PortProbeAction
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about actions.
+--
+-- /See:/ 'newAction' smart constructor.
+data Action = Action'
+  { -- | The GuardDuty finding activity type.
+    actionType :: Prelude.Maybe Prelude.Text,
+    -- | Information about the AWS_API_CALL action described in this finding.
+    awsApiCallAction :: Prelude.Maybe AwsApiCallAction,
+    -- | Information about the DNS_REQUEST action described in this finding.
+    dnsRequestAction :: Prelude.Maybe DnsRequestAction,
+    -- | Information about the Kubernetes API call action described in this
+    -- finding.
+    kubernetesApiCallAction :: Prelude.Maybe KubernetesApiCallAction,
+    -- | Information about the NETWORK_CONNECTION action described in this
+    -- finding.
+    networkConnectionAction :: Prelude.Maybe NetworkConnectionAction,
+    -- | Information about the PORT_PROBE action described in this finding.
+    portProbeAction :: Prelude.Maybe PortProbeAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Action' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionType', 'action_actionType' - The GuardDuty finding activity type.
+--
+-- 'awsApiCallAction', 'action_awsApiCallAction' - Information about the AWS_API_CALL action described in this finding.
+--
+-- 'dnsRequestAction', 'action_dnsRequestAction' - Information about the DNS_REQUEST action described in this finding.
+--
+-- 'kubernetesApiCallAction', 'action_kubernetesApiCallAction' - Information about the Kubernetes API call action described in this
+-- finding.
+--
+-- 'networkConnectionAction', 'action_networkConnectionAction' - Information about the NETWORK_CONNECTION action described in this
+-- finding.
+--
+-- 'portProbeAction', 'action_portProbeAction' - Information about the PORT_PROBE action described in this finding.
+newAction ::
+  Action
+newAction =
+  Action'
+    { actionType = Prelude.Nothing,
+      awsApiCallAction = Prelude.Nothing,
+      dnsRequestAction = Prelude.Nothing,
+      kubernetesApiCallAction = Prelude.Nothing,
+      networkConnectionAction = Prelude.Nothing,
+      portProbeAction = Prelude.Nothing
+    }
+
+-- | The GuardDuty finding activity type.
+action_actionType :: Lens.Lens' Action (Prelude.Maybe Prelude.Text)
+action_actionType = Lens.lens (\Action' {actionType} -> actionType) (\s@Action' {} a -> s {actionType = a} :: Action)
+
+-- | Information about the AWS_API_CALL action described in this finding.
+action_awsApiCallAction :: Lens.Lens' Action (Prelude.Maybe AwsApiCallAction)
+action_awsApiCallAction = Lens.lens (\Action' {awsApiCallAction} -> awsApiCallAction) (\s@Action' {} a -> s {awsApiCallAction = a} :: Action)
+
+-- | Information about the DNS_REQUEST action described in this finding.
+action_dnsRequestAction :: Lens.Lens' Action (Prelude.Maybe DnsRequestAction)
+action_dnsRequestAction = Lens.lens (\Action' {dnsRequestAction} -> dnsRequestAction) (\s@Action' {} a -> s {dnsRequestAction = a} :: Action)
+
+-- | Information about the Kubernetes API call action described in this
+-- finding.
+action_kubernetesApiCallAction :: Lens.Lens' Action (Prelude.Maybe KubernetesApiCallAction)
+action_kubernetesApiCallAction = Lens.lens (\Action' {kubernetesApiCallAction} -> kubernetesApiCallAction) (\s@Action' {} a -> s {kubernetesApiCallAction = a} :: Action)
+
+-- | Information about the NETWORK_CONNECTION action described in this
+-- finding.
+action_networkConnectionAction :: Lens.Lens' Action (Prelude.Maybe NetworkConnectionAction)
+action_networkConnectionAction = Lens.lens (\Action' {networkConnectionAction} -> networkConnectionAction) (\s@Action' {} a -> s {networkConnectionAction = a} :: Action)
+
+-- | Information about the PORT_PROBE action described in this finding.
+action_portProbeAction :: Lens.Lens' Action (Prelude.Maybe PortProbeAction)
+action_portProbeAction = Lens.lens (\Action' {portProbeAction} -> portProbeAction) (\s@Action' {} a -> s {portProbeAction = a} :: Action)
+
+instance Data.FromJSON Action where
+  parseJSON =
+    Data.withObject
+      "Action"
+      ( \x ->
+          Action'
+            Prelude.<$> (x Data..:? "actionType")
+            Prelude.<*> (x Data..:? "awsApiCallAction")
+            Prelude.<*> (x Data..:? "dnsRequestAction")
+            Prelude.<*> (x Data..:? "kubernetesApiCallAction")
+            Prelude.<*> (x Data..:? "networkConnectionAction")
+            Prelude.<*> (x Data..:? "portProbeAction")
+      )
+
+instance Prelude.Hashable Action where
+  hashWithSalt _salt Action' {..} =
+    _salt
+      `Prelude.hashWithSalt` actionType
+      `Prelude.hashWithSalt` awsApiCallAction
+      `Prelude.hashWithSalt` dnsRequestAction
+      `Prelude.hashWithSalt` kubernetesApiCallAction
+      `Prelude.hashWithSalt` networkConnectionAction
+      `Prelude.hashWithSalt` portProbeAction
+
+instance Prelude.NFData Action where
+  rnf Action' {..} =
+    Prelude.rnf actionType
+      `Prelude.seq` Prelude.rnf awsApiCallAction
+      `Prelude.seq` Prelude.rnf dnsRequestAction
+      `Prelude.seq` Prelude.rnf kubernetesApiCallAction
+      `Prelude.seq` Prelude.rnf networkConnectionAction
+      `Prelude.seq` Prelude.rnf portProbeAction
diff --git a/gen/Amazonka/GuardDuty/Types/AdminAccount.hs b/gen/Amazonka/GuardDuty/Types/AdminAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AdminAccount.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AdminAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AdminAccount where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.AdminStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | The account within the organization specified as the GuardDuty delegated
+-- administrator.
+--
+-- /See:/ 'newAdminAccount' smart constructor.
+data AdminAccount = AdminAccount'
+  { -- | The Amazon Web Services account ID for the account.
+    adminAccountId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the account is enabled as the delegated administrator.
+    adminStatus :: Prelude.Maybe AdminStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AdminAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'adminAccountId', 'adminAccount_adminAccountId' - The Amazon Web Services account ID for the account.
+--
+-- 'adminStatus', 'adminAccount_adminStatus' - Indicates whether the account is enabled as the delegated administrator.
+newAdminAccount ::
+  AdminAccount
+newAdminAccount =
+  AdminAccount'
+    { adminAccountId = Prelude.Nothing,
+      adminStatus = Prelude.Nothing
+    }
+
+-- | The Amazon Web Services account ID for the account.
+adminAccount_adminAccountId :: Lens.Lens' AdminAccount (Prelude.Maybe Prelude.Text)
+adminAccount_adminAccountId = Lens.lens (\AdminAccount' {adminAccountId} -> adminAccountId) (\s@AdminAccount' {} a -> s {adminAccountId = a} :: AdminAccount)
+
+-- | Indicates whether the account is enabled as the delegated administrator.
+adminAccount_adminStatus :: Lens.Lens' AdminAccount (Prelude.Maybe AdminStatus)
+adminAccount_adminStatus = Lens.lens (\AdminAccount' {adminStatus} -> adminStatus) (\s@AdminAccount' {} a -> s {adminStatus = a} :: AdminAccount)
+
+instance Data.FromJSON AdminAccount where
+  parseJSON =
+    Data.withObject
+      "AdminAccount"
+      ( \x ->
+          AdminAccount'
+            Prelude.<$> (x Data..:? "adminAccountId")
+            Prelude.<*> (x Data..:? "adminStatus")
+      )
+
+instance Prelude.Hashable AdminAccount where
+  hashWithSalt _salt AdminAccount' {..} =
+    _salt
+      `Prelude.hashWithSalt` adminAccountId
+      `Prelude.hashWithSalt` adminStatus
+
+instance Prelude.NFData AdminAccount where
+  rnf AdminAccount' {..} =
+    Prelude.rnf adminAccountId
+      `Prelude.seq` Prelude.rnf adminStatus
diff --git a/gen/Amazonka/GuardDuty/Types/AdminStatus.hs b/gen/Amazonka/GuardDuty/Types/AdminStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AdminStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AdminStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AdminStatus
+  ( AdminStatus
+      ( ..,
+        AdminStatus_DISABLE_IN_PROGRESS,
+        AdminStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AdminStatus = AdminStatus'
+  { fromAdminStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AdminStatus_DISABLE_IN_PROGRESS :: AdminStatus
+pattern AdminStatus_DISABLE_IN_PROGRESS = AdminStatus' "DISABLE_IN_PROGRESS"
+
+pattern AdminStatus_ENABLED :: AdminStatus
+pattern AdminStatus_ENABLED = AdminStatus' "ENABLED"
+
+{-# COMPLETE
+  AdminStatus_DISABLE_IN_PROGRESS,
+  AdminStatus_ENABLED,
+  AdminStatus'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/Administrator.hs b/gen/Amazonka/GuardDuty/Types/Administrator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Administrator.hs
@@ -0,0 +1,114 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Administrator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Administrator where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the administrator account and invitation.
+--
+-- /See:/ 'newAdministrator' smart constructor.
+data Administrator = Administrator'
+  { -- | The ID of the account used as the administrator account.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The value that is used to validate the administrator account to the
+    -- member account.
+    invitationId :: Prelude.Maybe Prelude.Text,
+    -- | The timestamp when the invitation was sent.
+    invitedAt :: Prelude.Maybe Prelude.Text,
+    -- | The status of the relationship between the administrator and member
+    -- accounts.
+    relationshipStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Administrator' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'administrator_accountId' - The ID of the account used as the administrator account.
+--
+-- 'invitationId', 'administrator_invitationId' - The value that is used to validate the administrator account to the
+-- member account.
+--
+-- 'invitedAt', 'administrator_invitedAt' - The timestamp when the invitation was sent.
+--
+-- 'relationshipStatus', 'administrator_relationshipStatus' - The status of the relationship between the administrator and member
+-- accounts.
+newAdministrator ::
+  Administrator
+newAdministrator =
+  Administrator'
+    { accountId = Prelude.Nothing,
+      invitationId = Prelude.Nothing,
+      invitedAt = Prelude.Nothing,
+      relationshipStatus = Prelude.Nothing
+    }
+
+-- | The ID of the account used as the administrator account.
+administrator_accountId :: Lens.Lens' Administrator (Prelude.Maybe Prelude.Text)
+administrator_accountId = Lens.lens (\Administrator' {accountId} -> accountId) (\s@Administrator' {} a -> s {accountId = a} :: Administrator)
+
+-- | The value that is used to validate the administrator account to the
+-- member account.
+administrator_invitationId :: Lens.Lens' Administrator (Prelude.Maybe Prelude.Text)
+administrator_invitationId = Lens.lens (\Administrator' {invitationId} -> invitationId) (\s@Administrator' {} a -> s {invitationId = a} :: Administrator)
+
+-- | The timestamp when the invitation was sent.
+administrator_invitedAt :: Lens.Lens' Administrator (Prelude.Maybe Prelude.Text)
+administrator_invitedAt = Lens.lens (\Administrator' {invitedAt} -> invitedAt) (\s@Administrator' {} a -> s {invitedAt = a} :: Administrator)
+
+-- | The status of the relationship between the administrator and member
+-- accounts.
+administrator_relationshipStatus :: Lens.Lens' Administrator (Prelude.Maybe Prelude.Text)
+administrator_relationshipStatus = Lens.lens (\Administrator' {relationshipStatus} -> relationshipStatus) (\s@Administrator' {} a -> s {relationshipStatus = a} :: Administrator)
+
+instance Data.FromJSON Administrator where
+  parseJSON =
+    Data.withObject
+      "Administrator"
+      ( \x ->
+          Administrator'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "invitationId")
+            Prelude.<*> (x Data..:? "invitedAt")
+            Prelude.<*> (x Data..:? "relationshipStatus")
+      )
+
+instance Prelude.Hashable Administrator where
+  hashWithSalt _salt Administrator' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` invitationId
+      `Prelude.hashWithSalt` invitedAt
+      `Prelude.hashWithSalt` relationshipStatus
+
+instance Prelude.NFData Administrator where
+  rnf Administrator' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf invitationId
+      `Prelude.seq` Prelude.rnf invitedAt
+      `Prelude.seq` Prelude.rnf relationshipStatus
diff --git a/gen/Amazonka/GuardDuty/Types/AwsApiCallAction.hs b/gen/Amazonka/GuardDuty/Types/AwsApiCallAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/AwsApiCallAction.hs
@@ -0,0 +1,184 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.AwsApiCallAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.AwsApiCallAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DomainDetails
+import Amazonka.GuardDuty.Types.RemoteAccountDetails
+import Amazonka.GuardDuty.Types.RemoteIpDetails
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the API action.
+--
+-- /See:/ 'newAwsApiCallAction' smart constructor.
+data AwsApiCallAction = AwsApiCallAction'
+  { -- | The details of the Amazon Web Services account that made the API call.
+    -- This field identifies the resources that were affected by this API call.
+    affectedResources :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The Amazon Web Services API name.
+    api :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services API caller type.
+    callerType :: Prelude.Maybe Prelude.Text,
+    -- | The domain information for the Amazon Web Services API call.
+    domainDetails :: Prelude.Maybe DomainDetails,
+    -- | The error code of the failed Amazon Web Services API action.
+    errorCode :: Prelude.Maybe Prelude.Text,
+    -- | The details of the Amazon Web Services account that made the API call.
+    -- This field appears if the call was made from outside your account.
+    remoteAccountDetails :: Prelude.Maybe RemoteAccountDetails,
+    -- | The remote IP information of the connection that initiated the Amazon
+    -- Web Services API call.
+    remoteIpDetails :: Prelude.Maybe RemoteIpDetails,
+    -- | The Amazon Web Services service name whose API was invoked.
+    serviceName :: Prelude.Maybe Prelude.Text,
+    -- | The agent through which the API request was made.
+    userAgent :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AwsApiCallAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'affectedResources', 'awsApiCallAction_affectedResources' - The details of the Amazon Web Services account that made the API call.
+-- This field identifies the resources that were affected by this API call.
+--
+-- 'api', 'awsApiCallAction_api' - The Amazon Web Services API name.
+--
+-- 'callerType', 'awsApiCallAction_callerType' - The Amazon Web Services API caller type.
+--
+-- 'domainDetails', 'awsApiCallAction_domainDetails' - The domain information for the Amazon Web Services API call.
+--
+-- 'errorCode', 'awsApiCallAction_errorCode' - The error code of the failed Amazon Web Services API action.
+--
+-- 'remoteAccountDetails', 'awsApiCallAction_remoteAccountDetails' - The details of the Amazon Web Services account that made the API call.
+-- This field appears if the call was made from outside your account.
+--
+-- 'remoteIpDetails', 'awsApiCallAction_remoteIpDetails' - The remote IP information of the connection that initiated the Amazon
+-- Web Services API call.
+--
+-- 'serviceName', 'awsApiCallAction_serviceName' - The Amazon Web Services service name whose API was invoked.
+--
+-- 'userAgent', 'awsApiCallAction_userAgent' - The agent through which the API request was made.
+newAwsApiCallAction ::
+  AwsApiCallAction
+newAwsApiCallAction =
+  AwsApiCallAction'
+    { affectedResources =
+        Prelude.Nothing,
+      api = Prelude.Nothing,
+      callerType = Prelude.Nothing,
+      domainDetails = Prelude.Nothing,
+      errorCode = Prelude.Nothing,
+      remoteAccountDetails = Prelude.Nothing,
+      remoteIpDetails = Prelude.Nothing,
+      serviceName = Prelude.Nothing,
+      userAgent = Prelude.Nothing
+    }
+
+-- | The details of the Amazon Web Services account that made the API call.
+-- This field identifies the resources that were affected by this API call.
+awsApiCallAction_affectedResources :: Lens.Lens' AwsApiCallAction (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+awsApiCallAction_affectedResources = Lens.lens (\AwsApiCallAction' {affectedResources} -> affectedResources) (\s@AwsApiCallAction' {} a -> s {affectedResources = a} :: AwsApiCallAction) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Web Services API name.
+awsApiCallAction_api :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_api = Lens.lens (\AwsApiCallAction' {api} -> api) (\s@AwsApiCallAction' {} a -> s {api = a} :: AwsApiCallAction)
+
+-- | The Amazon Web Services API caller type.
+awsApiCallAction_callerType :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_callerType = Lens.lens (\AwsApiCallAction' {callerType} -> callerType) (\s@AwsApiCallAction' {} a -> s {callerType = a} :: AwsApiCallAction)
+
+-- | The domain information for the Amazon Web Services API call.
+awsApiCallAction_domainDetails :: Lens.Lens' AwsApiCallAction (Prelude.Maybe DomainDetails)
+awsApiCallAction_domainDetails = Lens.lens (\AwsApiCallAction' {domainDetails} -> domainDetails) (\s@AwsApiCallAction' {} a -> s {domainDetails = a} :: AwsApiCallAction)
+
+-- | The error code of the failed Amazon Web Services API action.
+awsApiCallAction_errorCode :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_errorCode = Lens.lens (\AwsApiCallAction' {errorCode} -> errorCode) (\s@AwsApiCallAction' {} a -> s {errorCode = a} :: AwsApiCallAction)
+
+-- | The details of the Amazon Web Services account that made the API call.
+-- This field appears if the call was made from outside your account.
+awsApiCallAction_remoteAccountDetails :: Lens.Lens' AwsApiCallAction (Prelude.Maybe RemoteAccountDetails)
+awsApiCallAction_remoteAccountDetails = Lens.lens (\AwsApiCallAction' {remoteAccountDetails} -> remoteAccountDetails) (\s@AwsApiCallAction' {} a -> s {remoteAccountDetails = a} :: AwsApiCallAction)
+
+-- | The remote IP information of the connection that initiated the Amazon
+-- Web Services API call.
+awsApiCallAction_remoteIpDetails :: Lens.Lens' AwsApiCallAction (Prelude.Maybe RemoteIpDetails)
+awsApiCallAction_remoteIpDetails = Lens.lens (\AwsApiCallAction' {remoteIpDetails} -> remoteIpDetails) (\s@AwsApiCallAction' {} a -> s {remoteIpDetails = a} :: AwsApiCallAction)
+
+-- | The Amazon Web Services service name whose API was invoked.
+awsApiCallAction_serviceName :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_serviceName = Lens.lens (\AwsApiCallAction' {serviceName} -> serviceName) (\s@AwsApiCallAction' {} a -> s {serviceName = a} :: AwsApiCallAction)
+
+-- | The agent through which the API request was made.
+awsApiCallAction_userAgent :: Lens.Lens' AwsApiCallAction (Prelude.Maybe Prelude.Text)
+awsApiCallAction_userAgent = Lens.lens (\AwsApiCallAction' {userAgent} -> userAgent) (\s@AwsApiCallAction' {} a -> s {userAgent = a} :: AwsApiCallAction)
+
+instance Data.FromJSON AwsApiCallAction where
+  parseJSON =
+    Data.withObject
+      "AwsApiCallAction"
+      ( \x ->
+          AwsApiCallAction'
+            Prelude.<$> ( x
+                            Data..:? "affectedResources"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "api")
+            Prelude.<*> (x Data..:? "callerType")
+            Prelude.<*> (x Data..:? "domainDetails")
+            Prelude.<*> (x Data..:? "errorCode")
+            Prelude.<*> (x Data..:? "remoteAccountDetails")
+            Prelude.<*> (x Data..:? "remoteIpDetails")
+            Prelude.<*> (x Data..:? "serviceName")
+            Prelude.<*> (x Data..:? "userAgent")
+      )
+
+instance Prelude.Hashable AwsApiCallAction where
+  hashWithSalt _salt AwsApiCallAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` affectedResources
+      `Prelude.hashWithSalt` api
+      `Prelude.hashWithSalt` callerType
+      `Prelude.hashWithSalt` domainDetails
+      `Prelude.hashWithSalt` errorCode
+      `Prelude.hashWithSalt` remoteAccountDetails
+      `Prelude.hashWithSalt` remoteIpDetails
+      `Prelude.hashWithSalt` serviceName
+      `Prelude.hashWithSalt` userAgent
+
+instance Prelude.NFData AwsApiCallAction where
+  rnf AwsApiCallAction' {..} =
+    Prelude.rnf affectedResources
+      `Prelude.seq` Prelude.rnf api
+      `Prelude.seq` Prelude.rnf callerType
+      `Prelude.seq` Prelude.rnf domainDetails
+      `Prelude.seq` Prelude.rnf errorCode
+      `Prelude.seq` Prelude.rnf remoteAccountDetails
+      `Prelude.seq` Prelude.rnf remoteIpDetails
+      `Prelude.seq` Prelude.rnf serviceName
+      `Prelude.seq` Prelude.rnf userAgent
diff --git a/gen/Amazonka/GuardDuty/Types/BlockPublicAccess.hs b/gen/Amazonka/GuardDuty/Types/BlockPublicAccess.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/BlockPublicAccess.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.BlockPublicAccess
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.BlockPublicAccess where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on how the bucker owner\'s S3 Block Public Access
+-- settings are being applied to the S3 bucket. See
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html S3 Block Public Access>
+-- for more information.
+--
+-- /See:/ 'newBlockPublicAccess' smart constructor.
+data BlockPublicAccess = BlockPublicAccess'
+  { -- | Indicates if S3 Block Public Access is set to @BlockPublicAcls@.
+    blockPublicAcls :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates if S3 Block Public Access is set to @BlockPublicPolicy@.
+    blockPublicPolicy :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates if S3 Block Public Access is set to @IgnorePublicAcls@.
+    ignorePublicAcls :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates if S3 Block Public Access is set to @RestrictPublicBuckets@.
+    restrictPublicBuckets :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BlockPublicAccess' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blockPublicAcls', 'blockPublicAccess_blockPublicAcls' - Indicates if S3 Block Public Access is set to @BlockPublicAcls@.
+--
+-- 'blockPublicPolicy', 'blockPublicAccess_blockPublicPolicy' - Indicates if S3 Block Public Access is set to @BlockPublicPolicy@.
+--
+-- 'ignorePublicAcls', 'blockPublicAccess_ignorePublicAcls' - Indicates if S3 Block Public Access is set to @IgnorePublicAcls@.
+--
+-- 'restrictPublicBuckets', 'blockPublicAccess_restrictPublicBuckets' - Indicates if S3 Block Public Access is set to @RestrictPublicBuckets@.
+newBlockPublicAccess ::
+  BlockPublicAccess
+newBlockPublicAccess =
+  BlockPublicAccess'
+    { blockPublicAcls =
+        Prelude.Nothing,
+      blockPublicPolicy = Prelude.Nothing,
+      ignorePublicAcls = Prelude.Nothing,
+      restrictPublicBuckets = Prelude.Nothing
+    }
+
+-- | Indicates if S3 Block Public Access is set to @BlockPublicAcls@.
+blockPublicAccess_blockPublicAcls :: Lens.Lens' BlockPublicAccess (Prelude.Maybe Prelude.Bool)
+blockPublicAccess_blockPublicAcls = Lens.lens (\BlockPublicAccess' {blockPublicAcls} -> blockPublicAcls) (\s@BlockPublicAccess' {} a -> s {blockPublicAcls = a} :: BlockPublicAccess)
+
+-- | Indicates if S3 Block Public Access is set to @BlockPublicPolicy@.
+blockPublicAccess_blockPublicPolicy :: Lens.Lens' BlockPublicAccess (Prelude.Maybe Prelude.Bool)
+blockPublicAccess_blockPublicPolicy = Lens.lens (\BlockPublicAccess' {blockPublicPolicy} -> blockPublicPolicy) (\s@BlockPublicAccess' {} a -> s {blockPublicPolicy = a} :: BlockPublicAccess)
+
+-- | Indicates if S3 Block Public Access is set to @IgnorePublicAcls@.
+blockPublicAccess_ignorePublicAcls :: Lens.Lens' BlockPublicAccess (Prelude.Maybe Prelude.Bool)
+blockPublicAccess_ignorePublicAcls = Lens.lens (\BlockPublicAccess' {ignorePublicAcls} -> ignorePublicAcls) (\s@BlockPublicAccess' {} a -> s {ignorePublicAcls = a} :: BlockPublicAccess)
+
+-- | Indicates if S3 Block Public Access is set to @RestrictPublicBuckets@.
+blockPublicAccess_restrictPublicBuckets :: Lens.Lens' BlockPublicAccess (Prelude.Maybe Prelude.Bool)
+blockPublicAccess_restrictPublicBuckets = Lens.lens (\BlockPublicAccess' {restrictPublicBuckets} -> restrictPublicBuckets) (\s@BlockPublicAccess' {} a -> s {restrictPublicBuckets = a} :: BlockPublicAccess)
+
+instance Data.FromJSON BlockPublicAccess where
+  parseJSON =
+    Data.withObject
+      "BlockPublicAccess"
+      ( \x ->
+          BlockPublicAccess'
+            Prelude.<$> (x Data..:? "blockPublicAcls")
+            Prelude.<*> (x Data..:? "blockPublicPolicy")
+            Prelude.<*> (x Data..:? "ignorePublicAcls")
+            Prelude.<*> (x Data..:? "restrictPublicBuckets")
+      )
+
+instance Prelude.Hashable BlockPublicAccess where
+  hashWithSalt _salt BlockPublicAccess' {..} =
+    _salt
+      `Prelude.hashWithSalt` blockPublicAcls
+      `Prelude.hashWithSalt` blockPublicPolicy
+      `Prelude.hashWithSalt` ignorePublicAcls
+      `Prelude.hashWithSalt` restrictPublicBuckets
+
+instance Prelude.NFData BlockPublicAccess where
+  rnf BlockPublicAccess' {..} =
+    Prelude.rnf blockPublicAcls
+      `Prelude.seq` Prelude.rnf blockPublicPolicy
+      `Prelude.seq` Prelude.rnf ignorePublicAcls
+      `Prelude.seq` Prelude.rnf restrictPublicBuckets
diff --git a/gen/Amazonka/GuardDuty/Types/BucketLevelPermissions.hs b/gen/Amazonka/GuardDuty/Types/BucketLevelPermissions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/BucketLevelPermissions.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.BucketLevelPermissions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.BucketLevelPermissions where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.AccessControlList
+import Amazonka.GuardDuty.Types.BlockPublicAccess
+import Amazonka.GuardDuty.Types.BucketPolicy
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the bucket level permissions for the S3
+-- bucket.
+--
+-- /See:/ 'newBucketLevelPermissions' smart constructor.
+data BucketLevelPermissions = BucketLevelPermissions'
+  { -- | Contains information on how Access Control Policies are applied to the
+    -- bucket.
+    accessControlList :: Prelude.Maybe AccessControlList,
+    -- | Contains information on which account level S3 Block Public Access
+    -- settings are applied to the S3 bucket.
+    blockPublicAccess :: Prelude.Maybe BlockPublicAccess,
+    -- | Contains information on the bucket policies for the S3 bucket.
+    bucketPolicy :: Prelude.Maybe BucketPolicy
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BucketLevelPermissions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessControlList', 'bucketLevelPermissions_accessControlList' - Contains information on how Access Control Policies are applied to the
+-- bucket.
+--
+-- 'blockPublicAccess', 'bucketLevelPermissions_blockPublicAccess' - Contains information on which account level S3 Block Public Access
+-- settings are applied to the S3 bucket.
+--
+-- 'bucketPolicy', 'bucketLevelPermissions_bucketPolicy' - Contains information on the bucket policies for the S3 bucket.
+newBucketLevelPermissions ::
+  BucketLevelPermissions
+newBucketLevelPermissions =
+  BucketLevelPermissions'
+    { accessControlList =
+        Prelude.Nothing,
+      blockPublicAccess = Prelude.Nothing,
+      bucketPolicy = Prelude.Nothing
+    }
+
+-- | Contains information on how Access Control Policies are applied to the
+-- bucket.
+bucketLevelPermissions_accessControlList :: Lens.Lens' BucketLevelPermissions (Prelude.Maybe AccessControlList)
+bucketLevelPermissions_accessControlList = Lens.lens (\BucketLevelPermissions' {accessControlList} -> accessControlList) (\s@BucketLevelPermissions' {} a -> s {accessControlList = a} :: BucketLevelPermissions)
+
+-- | Contains information on which account level S3 Block Public Access
+-- settings are applied to the S3 bucket.
+bucketLevelPermissions_blockPublicAccess :: Lens.Lens' BucketLevelPermissions (Prelude.Maybe BlockPublicAccess)
+bucketLevelPermissions_blockPublicAccess = Lens.lens (\BucketLevelPermissions' {blockPublicAccess} -> blockPublicAccess) (\s@BucketLevelPermissions' {} a -> s {blockPublicAccess = a} :: BucketLevelPermissions)
+
+-- | Contains information on the bucket policies for the S3 bucket.
+bucketLevelPermissions_bucketPolicy :: Lens.Lens' BucketLevelPermissions (Prelude.Maybe BucketPolicy)
+bucketLevelPermissions_bucketPolicy = Lens.lens (\BucketLevelPermissions' {bucketPolicy} -> bucketPolicy) (\s@BucketLevelPermissions' {} a -> s {bucketPolicy = a} :: BucketLevelPermissions)
+
+instance Data.FromJSON BucketLevelPermissions where
+  parseJSON =
+    Data.withObject
+      "BucketLevelPermissions"
+      ( \x ->
+          BucketLevelPermissions'
+            Prelude.<$> (x Data..:? "accessControlList")
+            Prelude.<*> (x Data..:? "blockPublicAccess")
+            Prelude.<*> (x Data..:? "bucketPolicy")
+      )
+
+instance Prelude.Hashable BucketLevelPermissions where
+  hashWithSalt _salt BucketLevelPermissions' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessControlList
+      `Prelude.hashWithSalt` blockPublicAccess
+      `Prelude.hashWithSalt` bucketPolicy
+
+instance Prelude.NFData BucketLevelPermissions where
+  rnf BucketLevelPermissions' {..} =
+    Prelude.rnf accessControlList
+      `Prelude.seq` Prelude.rnf blockPublicAccess
+      `Prelude.seq` Prelude.rnf bucketPolicy
diff --git a/gen/Amazonka/GuardDuty/Types/BucketPolicy.hs b/gen/Amazonka/GuardDuty/Types/BucketPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/BucketPolicy.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.BucketPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.BucketPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the current bucket policies for the S3 bucket.
+--
+-- /See:/ 'newBucketPolicy' smart constructor.
+data BucketPolicy = BucketPolicy'
+  { -- | A value that indicates whether public read access for the bucket is
+    -- enabled through a bucket policy.
+    allowsPublicReadAccess :: Prelude.Maybe Prelude.Bool,
+    -- | A value that indicates whether public write access for the bucket is
+    -- enabled through a bucket policy.
+    allowsPublicWriteAccess :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BucketPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allowsPublicReadAccess', 'bucketPolicy_allowsPublicReadAccess' - A value that indicates whether public read access for the bucket is
+-- enabled through a bucket policy.
+--
+-- 'allowsPublicWriteAccess', 'bucketPolicy_allowsPublicWriteAccess' - A value that indicates whether public write access for the bucket is
+-- enabled through a bucket policy.
+newBucketPolicy ::
+  BucketPolicy
+newBucketPolicy =
+  BucketPolicy'
+    { allowsPublicReadAccess =
+        Prelude.Nothing,
+      allowsPublicWriteAccess = Prelude.Nothing
+    }
+
+-- | A value that indicates whether public read access for the bucket is
+-- enabled through a bucket policy.
+bucketPolicy_allowsPublicReadAccess :: Lens.Lens' BucketPolicy (Prelude.Maybe Prelude.Bool)
+bucketPolicy_allowsPublicReadAccess = Lens.lens (\BucketPolicy' {allowsPublicReadAccess} -> allowsPublicReadAccess) (\s@BucketPolicy' {} a -> s {allowsPublicReadAccess = a} :: BucketPolicy)
+
+-- | A value that indicates whether public write access for the bucket is
+-- enabled through a bucket policy.
+bucketPolicy_allowsPublicWriteAccess :: Lens.Lens' BucketPolicy (Prelude.Maybe Prelude.Bool)
+bucketPolicy_allowsPublicWriteAccess = Lens.lens (\BucketPolicy' {allowsPublicWriteAccess} -> allowsPublicWriteAccess) (\s@BucketPolicy' {} a -> s {allowsPublicWriteAccess = a} :: BucketPolicy)
+
+instance Data.FromJSON BucketPolicy where
+  parseJSON =
+    Data.withObject
+      "BucketPolicy"
+      ( \x ->
+          BucketPolicy'
+            Prelude.<$> (x Data..:? "allowsPublicReadAccess")
+            Prelude.<*> (x Data..:? "allowsPublicWriteAccess")
+      )
+
+instance Prelude.Hashable BucketPolicy where
+  hashWithSalt _salt BucketPolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` allowsPublicReadAccess
+      `Prelude.hashWithSalt` allowsPublicWriteAccess
+
+instance Prelude.NFData BucketPolicy where
+  rnf BucketPolicy' {..} =
+    Prelude.rnf allowsPublicReadAccess
+      `Prelude.seq` Prelude.rnf allowsPublicWriteAccess
diff --git a/gen/Amazonka/GuardDuty/Types/City.hs b/gen/Amazonka/GuardDuty/Types/City.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/City.hs
@@ -0,0 +1,64 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.City
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.City where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the city associated with the IP address.
+--
+-- /See:/ 'newCity' smart constructor.
+data City = City'
+  { -- | The city name of the remote IP address.
+    cityName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'City' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cityName', 'city_cityName' - The city name of the remote IP address.
+newCity ::
+  City
+newCity = City' {cityName = Prelude.Nothing}
+
+-- | The city name of the remote IP address.
+city_cityName :: Lens.Lens' City (Prelude.Maybe Prelude.Text)
+city_cityName = Lens.lens (\City' {cityName} -> cityName) (\s@City' {} a -> s {cityName = a} :: City)
+
+instance Data.FromJSON City where
+  parseJSON =
+    Data.withObject
+      "City"
+      (\x -> City' Prelude.<$> (x Data..:? "cityName"))
+
+instance Prelude.Hashable City where
+  hashWithSalt _salt City' {..} =
+    _salt `Prelude.hashWithSalt` cityName
+
+instance Prelude.NFData City where
+  rnf City' {..} = Prelude.rnf cityName
diff --git a/gen/Amazonka/GuardDuty/Types/CloudTrailConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/CloudTrailConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/CloudTrailConfigurationResult.hs
@@ -0,0 +1,79 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.CloudTrailConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.CloudTrailConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the status of CloudTrail as a data source for
+-- the detector.
+--
+-- /See:/ 'newCloudTrailConfigurationResult' smart constructor.
+data CloudTrailConfigurationResult = CloudTrailConfigurationResult'
+  { -- | Describes whether CloudTrail is enabled as a data source for the
+    -- detector.
+    status :: DataSourceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CloudTrailConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'cloudTrailConfigurationResult_status' - Describes whether CloudTrail is enabled as a data source for the
+-- detector.
+newCloudTrailConfigurationResult ::
+  -- | 'status'
+  DataSourceStatus ->
+  CloudTrailConfigurationResult
+newCloudTrailConfigurationResult pStatus_ =
+  CloudTrailConfigurationResult' {status = pStatus_}
+
+-- | Describes whether CloudTrail is enabled as a data source for the
+-- detector.
+cloudTrailConfigurationResult_status :: Lens.Lens' CloudTrailConfigurationResult DataSourceStatus
+cloudTrailConfigurationResult_status = Lens.lens (\CloudTrailConfigurationResult' {status} -> status) (\s@CloudTrailConfigurationResult' {} a -> s {status = a} :: CloudTrailConfigurationResult)
+
+instance Data.FromJSON CloudTrailConfigurationResult where
+  parseJSON =
+    Data.withObject
+      "CloudTrailConfigurationResult"
+      ( \x ->
+          CloudTrailConfigurationResult'
+            Prelude.<$> (x Data..: "status")
+      )
+
+instance
+  Prelude.Hashable
+    CloudTrailConfigurationResult
+  where
+  hashWithSalt _salt CloudTrailConfigurationResult' {..} =
+    _salt `Prelude.hashWithSalt` status
+
+instance Prelude.NFData CloudTrailConfigurationResult where
+  rnf CloudTrailConfigurationResult' {..} =
+    Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/Types/Condition.hs b/gen/Amazonka/GuardDuty/Types/Condition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Condition.hs
@@ -0,0 +1,261 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Condition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Condition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the condition.
+--
+-- /See:/ 'newCondition' smart constructor.
+data Condition = Condition'
+  { -- | Represents the /equal/ condition to be applied to a single field when
+    -- querying for findings.
+    eq :: Prelude.Maybe [Prelude.Text],
+    -- | Represents an /equal/ ____ condition to be applied to a single field
+    -- when querying for findings.
+    equals :: Prelude.Maybe [Prelude.Text],
+    -- | Represents a /greater than/ condition to be applied to a single field
+    -- when querying for findings.
+    greaterThan :: Prelude.Maybe Prelude.Integer,
+    -- | Represents a /greater than or equal/ condition to be applied to a single
+    -- field when querying for findings.
+    greaterThanOrEqual :: Prelude.Maybe Prelude.Integer,
+    -- | Represents a /greater than/ condition to be applied to a single field
+    -- when querying for findings.
+    gt :: Prelude.Maybe Prelude.Int,
+    -- | Represents a /greater than or equal/ condition to be applied to a single
+    -- field when querying for findings.
+    gte :: Prelude.Maybe Prelude.Int,
+    -- | Represents a /less than/ condition to be applied to a single field when
+    -- querying for findings.
+    lessThan :: Prelude.Maybe Prelude.Integer,
+    -- | Represents a /less than or equal/ condition to be applied to a single
+    -- field when querying for findings.
+    lessThanOrEqual :: Prelude.Maybe Prelude.Integer,
+    -- | Represents a /less than/ condition to be applied to a single field when
+    -- querying for findings.
+    lt :: Prelude.Maybe Prelude.Int,
+    -- | Represents a /less than or equal/ condition to be applied to a single
+    -- field when querying for findings.
+    lte :: Prelude.Maybe Prelude.Int,
+    -- | Represents the /not equal/ condition to be applied to a single field
+    -- when querying for findings.
+    neq :: Prelude.Maybe [Prelude.Text],
+    -- | Represents a /not equal/ ____ condition to be applied to a single field
+    -- when querying for findings.
+    notEquals :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Condition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'eq', 'condition_eq' - Represents the /equal/ condition to be applied to a single field when
+-- querying for findings.
+--
+-- 'equals', 'condition_equals' - Represents an /equal/ ____ condition to be applied to a single field
+-- when querying for findings.
+--
+-- 'greaterThan', 'condition_greaterThan' - Represents a /greater than/ condition to be applied to a single field
+-- when querying for findings.
+--
+-- 'greaterThanOrEqual', 'condition_greaterThanOrEqual' - Represents a /greater than or equal/ condition to be applied to a single
+-- field when querying for findings.
+--
+-- 'gt', 'condition_gt' - Represents a /greater than/ condition to be applied to a single field
+-- when querying for findings.
+--
+-- 'gte', 'condition_gte' - Represents a /greater than or equal/ condition to be applied to a single
+-- field when querying for findings.
+--
+-- 'lessThan', 'condition_lessThan' - Represents a /less than/ condition to be applied to a single field when
+-- querying for findings.
+--
+-- 'lessThanOrEqual', 'condition_lessThanOrEqual' - Represents a /less than or equal/ condition to be applied to a single
+-- field when querying for findings.
+--
+-- 'lt', 'condition_lt' - Represents a /less than/ condition to be applied to a single field when
+-- querying for findings.
+--
+-- 'lte', 'condition_lte' - Represents a /less than or equal/ condition to be applied to a single
+-- field when querying for findings.
+--
+-- 'neq', 'condition_neq' - Represents the /not equal/ condition to be applied to a single field
+-- when querying for findings.
+--
+-- 'notEquals', 'condition_notEquals' - Represents a /not equal/ ____ condition to be applied to a single field
+-- when querying for findings.
+newCondition ::
+  Condition
+newCondition =
+  Condition'
+    { eq = Prelude.Nothing,
+      equals = Prelude.Nothing,
+      greaterThan = Prelude.Nothing,
+      greaterThanOrEqual = Prelude.Nothing,
+      gt = Prelude.Nothing,
+      gte = Prelude.Nothing,
+      lessThan = Prelude.Nothing,
+      lessThanOrEqual = Prelude.Nothing,
+      lt = Prelude.Nothing,
+      lte = Prelude.Nothing,
+      neq = Prelude.Nothing,
+      notEquals = Prelude.Nothing
+    }
+
+-- | Represents the /equal/ condition to be applied to a single field when
+-- querying for findings.
+condition_eq :: Lens.Lens' Condition (Prelude.Maybe [Prelude.Text])
+condition_eq = Lens.lens (\Condition' {eq} -> eq) (\s@Condition' {} a -> s {eq = a} :: Condition) Prelude.. Lens.mapping Lens.coerced
+
+-- | Represents an /equal/ ____ condition to be applied to a single field
+-- when querying for findings.
+condition_equals :: Lens.Lens' Condition (Prelude.Maybe [Prelude.Text])
+condition_equals = Lens.lens (\Condition' {equals} -> equals) (\s@Condition' {} a -> s {equals = a} :: Condition) Prelude.. Lens.mapping Lens.coerced
+
+-- | Represents a /greater than/ condition to be applied to a single field
+-- when querying for findings.
+condition_greaterThan :: Lens.Lens' Condition (Prelude.Maybe Prelude.Integer)
+condition_greaterThan = Lens.lens (\Condition' {greaterThan} -> greaterThan) (\s@Condition' {} a -> s {greaterThan = a} :: Condition)
+
+-- | Represents a /greater than or equal/ condition to be applied to a single
+-- field when querying for findings.
+condition_greaterThanOrEqual :: Lens.Lens' Condition (Prelude.Maybe Prelude.Integer)
+condition_greaterThanOrEqual = Lens.lens (\Condition' {greaterThanOrEqual} -> greaterThanOrEqual) (\s@Condition' {} a -> s {greaterThanOrEqual = a} :: Condition)
+
+-- | Represents a /greater than/ condition to be applied to a single field
+-- when querying for findings.
+condition_gt :: Lens.Lens' Condition (Prelude.Maybe Prelude.Int)
+condition_gt = Lens.lens (\Condition' {gt} -> gt) (\s@Condition' {} a -> s {gt = a} :: Condition)
+
+-- | Represents a /greater than or equal/ condition to be applied to a single
+-- field when querying for findings.
+condition_gte :: Lens.Lens' Condition (Prelude.Maybe Prelude.Int)
+condition_gte = Lens.lens (\Condition' {gte} -> gte) (\s@Condition' {} a -> s {gte = a} :: Condition)
+
+-- | Represents a /less than/ condition to be applied to a single field when
+-- querying for findings.
+condition_lessThan :: Lens.Lens' Condition (Prelude.Maybe Prelude.Integer)
+condition_lessThan = Lens.lens (\Condition' {lessThan} -> lessThan) (\s@Condition' {} a -> s {lessThan = a} :: Condition)
+
+-- | Represents a /less than or equal/ condition to be applied to a single
+-- field when querying for findings.
+condition_lessThanOrEqual :: Lens.Lens' Condition (Prelude.Maybe Prelude.Integer)
+condition_lessThanOrEqual = Lens.lens (\Condition' {lessThanOrEqual} -> lessThanOrEqual) (\s@Condition' {} a -> s {lessThanOrEqual = a} :: Condition)
+
+-- | Represents a /less than/ condition to be applied to a single field when
+-- querying for findings.
+condition_lt :: Lens.Lens' Condition (Prelude.Maybe Prelude.Int)
+condition_lt = Lens.lens (\Condition' {lt} -> lt) (\s@Condition' {} a -> s {lt = a} :: Condition)
+
+-- | Represents a /less than or equal/ condition to be applied to a single
+-- field when querying for findings.
+condition_lte :: Lens.Lens' Condition (Prelude.Maybe Prelude.Int)
+condition_lte = Lens.lens (\Condition' {lte} -> lte) (\s@Condition' {} a -> s {lte = a} :: Condition)
+
+-- | Represents the /not equal/ condition to be applied to a single field
+-- when querying for findings.
+condition_neq :: Lens.Lens' Condition (Prelude.Maybe [Prelude.Text])
+condition_neq = Lens.lens (\Condition' {neq} -> neq) (\s@Condition' {} a -> s {neq = a} :: Condition) Prelude.. Lens.mapping Lens.coerced
+
+-- | Represents a /not equal/ ____ condition to be applied to a single field
+-- when querying for findings.
+condition_notEquals :: Lens.Lens' Condition (Prelude.Maybe [Prelude.Text])
+condition_notEquals = Lens.lens (\Condition' {notEquals} -> notEquals) (\s@Condition' {} a -> s {notEquals = a} :: Condition) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON Condition where
+  parseJSON =
+    Data.withObject
+      "Condition"
+      ( \x ->
+          Condition'
+            Prelude.<$> (x Data..:? "eq" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "equals" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "greaterThan")
+            Prelude.<*> (x Data..:? "greaterThanOrEqual")
+            Prelude.<*> (x Data..:? "gt")
+            Prelude.<*> (x Data..:? "gte")
+            Prelude.<*> (x Data..:? "lessThan")
+            Prelude.<*> (x Data..:? "lessThanOrEqual")
+            Prelude.<*> (x Data..:? "lt")
+            Prelude.<*> (x Data..:? "lte")
+            Prelude.<*> (x Data..:? "neq" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "notEquals" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable Condition where
+  hashWithSalt _salt Condition' {..} =
+    _salt
+      `Prelude.hashWithSalt` eq
+      `Prelude.hashWithSalt` equals
+      `Prelude.hashWithSalt` greaterThan
+      `Prelude.hashWithSalt` greaterThanOrEqual
+      `Prelude.hashWithSalt` gt
+      `Prelude.hashWithSalt` gte
+      `Prelude.hashWithSalt` lessThan
+      `Prelude.hashWithSalt` lessThanOrEqual
+      `Prelude.hashWithSalt` lt
+      `Prelude.hashWithSalt` lte
+      `Prelude.hashWithSalt` neq
+      `Prelude.hashWithSalt` notEquals
+
+instance Prelude.NFData Condition where
+  rnf Condition' {..} =
+    Prelude.rnf eq
+      `Prelude.seq` Prelude.rnf equals
+      `Prelude.seq` Prelude.rnf greaterThan
+      `Prelude.seq` Prelude.rnf greaterThanOrEqual
+      `Prelude.seq` Prelude.rnf gt
+      `Prelude.seq` Prelude.rnf gte
+      `Prelude.seq` Prelude.rnf lessThan
+      `Prelude.seq` Prelude.rnf lessThanOrEqual
+      `Prelude.seq` Prelude.rnf lt
+      `Prelude.seq` Prelude.rnf lte
+      `Prelude.seq` Prelude.rnf neq
+      `Prelude.seq` Prelude.rnf notEquals
+
+instance Data.ToJSON Condition where
+  toJSON Condition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("eq" Data..=) Prelude.<$> eq,
+            ("equals" Data..=) Prelude.<$> equals,
+            ("greaterThan" Data..=) Prelude.<$> greaterThan,
+            ("greaterThanOrEqual" Data..=)
+              Prelude.<$> greaterThanOrEqual,
+            ("gt" Data..=) Prelude.<$> gt,
+            ("gte" Data..=) Prelude.<$> gte,
+            ("lessThan" Data..=) Prelude.<$> lessThan,
+            ("lessThanOrEqual" Data..=)
+              Prelude.<$> lessThanOrEqual,
+            ("lt" Data..=) Prelude.<$> lt,
+            ("lte" Data..=) Prelude.<$> lte,
+            ("neq" Data..=) Prelude.<$> neq,
+            ("notEquals" Data..=) Prelude.<$> notEquals
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/Container.hs b/gen/Amazonka/GuardDuty/Types/Container.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Container.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Container
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Container where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.SecurityContext
+import Amazonka.GuardDuty.Types.VolumeMount
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details of a container.
+--
+-- /See:/ 'newContainer' smart constructor.
+data Container = Container'
+  { -- | The container runtime (such as, Docker or containerd) used to run the
+    -- container.
+    containerRuntime :: Prelude.Maybe Prelude.Text,
+    -- | Container ID.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | Container image.
+    image :: Prelude.Maybe Prelude.Text,
+    -- | Part of the image name before the last slash. For example, imagePrefix
+    -- for public.ecr.aws\/amazonlinux\/amazonlinux:latest would be
+    -- public.ecr.aws\/amazonlinux. If the image name is relative and does not
+    -- have a slash, this field is empty.
+    imagePrefix :: Prelude.Maybe Prelude.Text,
+    -- | Container name.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Container security context.
+    securityContext :: Prelude.Maybe SecurityContext,
+    -- | Container volume mounts.
+    volumeMounts :: Prelude.Maybe [VolumeMount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Container' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containerRuntime', 'container_containerRuntime' - The container runtime (such as, Docker or containerd) used to run the
+-- container.
+--
+-- 'id', 'container_id' - Container ID.
+--
+-- 'image', 'container_image' - Container image.
+--
+-- 'imagePrefix', 'container_imagePrefix' - Part of the image name before the last slash. For example, imagePrefix
+-- for public.ecr.aws\/amazonlinux\/amazonlinux:latest would be
+-- public.ecr.aws\/amazonlinux. If the image name is relative and does not
+-- have a slash, this field is empty.
+--
+-- 'name', 'container_name' - Container name.
+--
+-- 'securityContext', 'container_securityContext' - Container security context.
+--
+-- 'volumeMounts', 'container_volumeMounts' - Container volume mounts.
+newContainer ::
+  Container
+newContainer =
+  Container'
+    { containerRuntime = Prelude.Nothing,
+      id = Prelude.Nothing,
+      image = Prelude.Nothing,
+      imagePrefix = Prelude.Nothing,
+      name = Prelude.Nothing,
+      securityContext = Prelude.Nothing,
+      volumeMounts = Prelude.Nothing
+    }
+
+-- | The container runtime (such as, Docker or containerd) used to run the
+-- container.
+container_containerRuntime :: Lens.Lens' Container (Prelude.Maybe Prelude.Text)
+container_containerRuntime = Lens.lens (\Container' {containerRuntime} -> containerRuntime) (\s@Container' {} a -> s {containerRuntime = a} :: Container)
+
+-- | Container ID.
+container_id :: Lens.Lens' Container (Prelude.Maybe Prelude.Text)
+container_id = Lens.lens (\Container' {id} -> id) (\s@Container' {} a -> s {id = a} :: Container)
+
+-- | Container image.
+container_image :: Lens.Lens' Container (Prelude.Maybe Prelude.Text)
+container_image = Lens.lens (\Container' {image} -> image) (\s@Container' {} a -> s {image = a} :: Container)
+
+-- | Part of the image name before the last slash. For example, imagePrefix
+-- for public.ecr.aws\/amazonlinux\/amazonlinux:latest would be
+-- public.ecr.aws\/amazonlinux. If the image name is relative and does not
+-- have a slash, this field is empty.
+container_imagePrefix :: Lens.Lens' Container (Prelude.Maybe Prelude.Text)
+container_imagePrefix = Lens.lens (\Container' {imagePrefix} -> imagePrefix) (\s@Container' {} a -> s {imagePrefix = a} :: Container)
+
+-- | Container name.
+container_name :: Lens.Lens' Container (Prelude.Maybe Prelude.Text)
+container_name = Lens.lens (\Container' {name} -> name) (\s@Container' {} a -> s {name = a} :: Container)
+
+-- | Container security context.
+container_securityContext :: Lens.Lens' Container (Prelude.Maybe SecurityContext)
+container_securityContext = Lens.lens (\Container' {securityContext} -> securityContext) (\s@Container' {} a -> s {securityContext = a} :: Container)
+
+-- | Container volume mounts.
+container_volumeMounts :: Lens.Lens' Container (Prelude.Maybe [VolumeMount])
+container_volumeMounts = Lens.lens (\Container' {volumeMounts} -> volumeMounts) (\s@Container' {} a -> s {volumeMounts = a} :: Container) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON Container where
+  parseJSON =
+    Data.withObject
+      "Container"
+      ( \x ->
+          Container'
+            Prelude.<$> (x Data..:? "containerRuntime")
+            Prelude.<*> (x Data..:? "id")
+            Prelude.<*> (x Data..:? "image")
+            Prelude.<*> (x Data..:? "imagePrefix")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "securityContext")
+            Prelude.<*> (x Data..:? "volumeMounts" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable Container where
+  hashWithSalt _salt Container' {..} =
+    _salt
+      `Prelude.hashWithSalt` containerRuntime
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` image
+      `Prelude.hashWithSalt` imagePrefix
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` securityContext
+      `Prelude.hashWithSalt` volumeMounts
+
+instance Prelude.NFData Container where
+  rnf Container' {..} =
+    Prelude.rnf containerRuntime
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf image
+      `Prelude.seq` Prelude.rnf imagePrefix
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf securityContext
+      `Prelude.seq` Prelude.rnf volumeMounts
diff --git a/gen/Amazonka/GuardDuty/Types/Country.hs b/gen/Amazonka/GuardDuty/Types/Country.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Country.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Country
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Country where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the country where the remote IP address is
+-- located.
+--
+-- /See:/ 'newCountry' smart constructor.
+data Country = Country'
+  { -- | The country code of the remote IP address.
+    countryCode :: Prelude.Maybe Prelude.Text,
+    -- | The country name of the remote IP address.
+    countryName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Country' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'countryCode', 'country_countryCode' - The country code of the remote IP address.
+--
+-- 'countryName', 'country_countryName' - The country name of the remote IP address.
+newCountry ::
+  Country
+newCountry =
+  Country'
+    { countryCode = Prelude.Nothing,
+      countryName = Prelude.Nothing
+    }
+
+-- | The country code of the remote IP address.
+country_countryCode :: Lens.Lens' Country (Prelude.Maybe Prelude.Text)
+country_countryCode = Lens.lens (\Country' {countryCode} -> countryCode) (\s@Country' {} a -> s {countryCode = a} :: Country)
+
+-- | The country name of the remote IP address.
+country_countryName :: Lens.Lens' Country (Prelude.Maybe Prelude.Text)
+country_countryName = Lens.lens (\Country' {countryName} -> countryName) (\s@Country' {} a -> s {countryName = a} :: Country)
+
+instance Data.FromJSON Country where
+  parseJSON =
+    Data.withObject
+      "Country"
+      ( \x ->
+          Country'
+            Prelude.<$> (x Data..:? "countryCode")
+            Prelude.<*> (x Data..:? "countryName")
+      )
+
+instance Prelude.Hashable Country where
+  hashWithSalt _salt Country' {..} =
+    _salt
+      `Prelude.hashWithSalt` countryCode
+      `Prelude.hashWithSalt` countryName
+
+instance Prelude.NFData Country where
+  rnf Country' {..} =
+    Prelude.rnf countryCode
+      `Prelude.seq` Prelude.rnf countryName
diff --git a/gen/Amazonka/GuardDuty/Types/CriterionKey.hs b/gen/Amazonka/GuardDuty/Types/CriterionKey.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/CriterionKey.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.CriterionKey
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.CriterionKey
+  ( CriterionKey
+      ( ..,
+        CriterionKey_ACCOUNT_ID,
+        CriterionKey_EC2_INSTANCE_ARN,
+        CriterionKey_GUARDDUTY_FINDING_ID,
+        CriterionKey_SCAN_ID,
+        CriterionKey_SCAN_START_TIME,
+        CriterionKey_SCAN_STATUS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype CriterionKey = CriterionKey'
+  { fromCriterionKey ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern CriterionKey_ACCOUNT_ID :: CriterionKey
+pattern CriterionKey_ACCOUNT_ID = CriterionKey' "ACCOUNT_ID"
+
+pattern CriterionKey_EC2_INSTANCE_ARN :: CriterionKey
+pattern CriterionKey_EC2_INSTANCE_ARN = CriterionKey' "EC2_INSTANCE_ARN"
+
+pattern CriterionKey_GUARDDUTY_FINDING_ID :: CriterionKey
+pattern CriterionKey_GUARDDUTY_FINDING_ID = CriterionKey' "GUARDDUTY_FINDING_ID"
+
+pattern CriterionKey_SCAN_ID :: CriterionKey
+pattern CriterionKey_SCAN_ID = CriterionKey' "SCAN_ID"
+
+pattern CriterionKey_SCAN_START_TIME :: CriterionKey
+pattern CriterionKey_SCAN_START_TIME = CriterionKey' "SCAN_START_TIME"
+
+pattern CriterionKey_SCAN_STATUS :: CriterionKey
+pattern CriterionKey_SCAN_STATUS = CriterionKey' "SCAN_STATUS"
+
+{-# COMPLETE
+  CriterionKey_ACCOUNT_ID,
+  CriterionKey_EC2_INSTANCE_ARN,
+  CriterionKey_GUARDDUTY_FINDING_ID,
+  CriterionKey_SCAN_ID,
+  CriterionKey_SCAN_START_TIME,
+  CriterionKey_SCAN_STATUS,
+  CriterionKey'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/DNSLogsConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/DNSLogsConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DNSLogsConfigurationResult.hs
@@ -0,0 +1,72 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DNSLogsConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DNSLogsConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the status of DNS logs as a data source.
+--
+-- /See:/ 'newDNSLogsConfigurationResult' smart constructor.
+data DNSLogsConfigurationResult = DNSLogsConfigurationResult'
+  { -- | Denotes whether DNS logs is enabled as a data source.
+    status :: DataSourceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DNSLogsConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'dNSLogsConfigurationResult_status' - Denotes whether DNS logs is enabled as a data source.
+newDNSLogsConfigurationResult ::
+  -- | 'status'
+  DataSourceStatus ->
+  DNSLogsConfigurationResult
+newDNSLogsConfigurationResult pStatus_ =
+  DNSLogsConfigurationResult' {status = pStatus_}
+
+-- | Denotes whether DNS logs is enabled as a data source.
+dNSLogsConfigurationResult_status :: Lens.Lens' DNSLogsConfigurationResult DataSourceStatus
+dNSLogsConfigurationResult_status = Lens.lens (\DNSLogsConfigurationResult' {status} -> status) (\s@DNSLogsConfigurationResult' {} a -> s {status = a} :: DNSLogsConfigurationResult)
+
+instance Data.FromJSON DNSLogsConfigurationResult where
+  parseJSON =
+    Data.withObject
+      "DNSLogsConfigurationResult"
+      ( \x ->
+          DNSLogsConfigurationResult'
+            Prelude.<$> (x Data..: "status")
+      )
+
+instance Prelude.Hashable DNSLogsConfigurationResult where
+  hashWithSalt _salt DNSLogsConfigurationResult' {..} =
+    _salt `Prelude.hashWithSalt` status
+
+instance Prelude.NFData DNSLogsConfigurationResult where
+  rnf DNSLogsConfigurationResult' {..} =
+    Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/Types/DataSource.hs b/gen/Amazonka/GuardDuty/Types/DataSource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DataSource.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DataSource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DataSource
+  ( DataSource
+      ( ..,
+        DataSource_CLOUD_TRAIL,
+        DataSource_DNS_LOGS,
+        DataSource_EC2_MALWARE_SCAN,
+        DataSource_FLOW_LOGS,
+        DataSource_KUBERNETES_AUDIT_LOGS,
+        DataSource_S3_LOGS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype DataSource = DataSource'
+  { fromDataSource ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern DataSource_CLOUD_TRAIL :: DataSource
+pattern DataSource_CLOUD_TRAIL = DataSource' "CLOUD_TRAIL"
+
+pattern DataSource_DNS_LOGS :: DataSource
+pattern DataSource_DNS_LOGS = DataSource' "DNS_LOGS"
+
+pattern DataSource_EC2_MALWARE_SCAN :: DataSource
+pattern DataSource_EC2_MALWARE_SCAN = DataSource' "EC2_MALWARE_SCAN"
+
+pattern DataSource_FLOW_LOGS :: DataSource
+pattern DataSource_FLOW_LOGS = DataSource' "FLOW_LOGS"
+
+pattern DataSource_KUBERNETES_AUDIT_LOGS :: DataSource
+pattern DataSource_KUBERNETES_AUDIT_LOGS = DataSource' "KUBERNETES_AUDIT_LOGS"
+
+pattern DataSource_S3_LOGS :: DataSource
+pattern DataSource_S3_LOGS = DataSource' "S3_LOGS"
+
+{-# COMPLETE
+  DataSource_CLOUD_TRAIL,
+  DataSource_DNS_LOGS,
+  DataSource_EC2_MALWARE_SCAN,
+  DataSource_FLOW_LOGS,
+  DataSource_KUBERNETES_AUDIT_LOGS,
+  DataSource_S3_LOGS,
+  DataSource'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/DataSourceConfigurations.hs b/gen/Amazonka/GuardDuty/Types/DataSourceConfigurations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DataSourceConfigurations.hs
@@ -0,0 +1,100 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DataSourceConfigurations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DataSourceConfigurations where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.KubernetesConfiguration
+import Amazonka.GuardDuty.Types.MalwareProtectionConfiguration
+import Amazonka.GuardDuty.Types.S3LogsConfiguration
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about which data sources are enabled.
+--
+-- /See:/ 'newDataSourceConfigurations' smart constructor.
+data DataSourceConfigurations = DataSourceConfigurations'
+  { -- | Describes whether any Kubernetes logs are enabled as data sources.
+    kubernetes :: Prelude.Maybe KubernetesConfiguration,
+    -- | Describes whether Malware Protection is enabled as a data source.
+    malwareProtection :: Prelude.Maybe MalwareProtectionConfiguration,
+    -- | Describes whether S3 data event logs are enabled as a data source.
+    s3Logs :: Prelude.Maybe S3LogsConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DataSourceConfigurations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kubernetes', 'dataSourceConfigurations_kubernetes' - Describes whether any Kubernetes logs are enabled as data sources.
+--
+-- 'malwareProtection', 'dataSourceConfigurations_malwareProtection' - Describes whether Malware Protection is enabled as a data source.
+--
+-- 's3Logs', 'dataSourceConfigurations_s3Logs' - Describes whether S3 data event logs are enabled as a data source.
+newDataSourceConfigurations ::
+  DataSourceConfigurations
+newDataSourceConfigurations =
+  DataSourceConfigurations'
+    { kubernetes =
+        Prelude.Nothing,
+      malwareProtection = Prelude.Nothing,
+      s3Logs = Prelude.Nothing
+    }
+
+-- | Describes whether any Kubernetes logs are enabled as data sources.
+dataSourceConfigurations_kubernetes :: Lens.Lens' DataSourceConfigurations (Prelude.Maybe KubernetesConfiguration)
+dataSourceConfigurations_kubernetes = Lens.lens (\DataSourceConfigurations' {kubernetes} -> kubernetes) (\s@DataSourceConfigurations' {} a -> s {kubernetes = a} :: DataSourceConfigurations)
+
+-- | Describes whether Malware Protection is enabled as a data source.
+dataSourceConfigurations_malwareProtection :: Lens.Lens' DataSourceConfigurations (Prelude.Maybe MalwareProtectionConfiguration)
+dataSourceConfigurations_malwareProtection = Lens.lens (\DataSourceConfigurations' {malwareProtection} -> malwareProtection) (\s@DataSourceConfigurations' {} a -> s {malwareProtection = a} :: DataSourceConfigurations)
+
+-- | Describes whether S3 data event logs are enabled as a data source.
+dataSourceConfigurations_s3Logs :: Lens.Lens' DataSourceConfigurations (Prelude.Maybe S3LogsConfiguration)
+dataSourceConfigurations_s3Logs = Lens.lens (\DataSourceConfigurations' {s3Logs} -> s3Logs) (\s@DataSourceConfigurations' {} a -> s {s3Logs = a} :: DataSourceConfigurations)
+
+instance Prelude.Hashable DataSourceConfigurations where
+  hashWithSalt _salt DataSourceConfigurations' {..} =
+    _salt
+      `Prelude.hashWithSalt` kubernetes
+      `Prelude.hashWithSalt` malwareProtection
+      `Prelude.hashWithSalt` s3Logs
+
+instance Prelude.NFData DataSourceConfigurations where
+  rnf DataSourceConfigurations' {..} =
+    Prelude.rnf kubernetes
+      `Prelude.seq` Prelude.rnf malwareProtection
+      `Prelude.seq` Prelude.rnf s3Logs
+
+instance Data.ToJSON DataSourceConfigurations where
+  toJSON DataSourceConfigurations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("kubernetes" Data..=) Prelude.<$> kubernetes,
+            ("malwareProtection" Data..=)
+              Prelude.<$> malwareProtection,
+            ("s3Logs" Data..=) Prelude.<$> s3Logs
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/DataSourceConfigurationsResult.hs b/gen/Amazonka/GuardDuty/Types/DataSourceConfigurationsResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DataSourceConfigurationsResult.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DataSourceConfigurationsResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DataSourceConfigurationsResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.CloudTrailConfigurationResult
+import Amazonka.GuardDuty.Types.DNSLogsConfigurationResult
+import Amazonka.GuardDuty.Types.FlowLogsConfigurationResult
+import Amazonka.GuardDuty.Types.KubernetesConfigurationResult
+import Amazonka.GuardDuty.Types.MalwareProtectionConfigurationResult
+import Amazonka.GuardDuty.Types.S3LogsConfigurationResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the status of data sources for the detector.
+--
+-- /See:/ 'newDataSourceConfigurationsResult' smart constructor.
+data DataSourceConfigurationsResult = DataSourceConfigurationsResult'
+  { -- | An object that contains information on the status of all Kubernetes data
+    -- sources.
+    kubernetes :: Prelude.Maybe KubernetesConfigurationResult,
+    -- | Describes the configuration of Malware Protection data sources.
+    malwareProtection :: Prelude.Maybe MalwareProtectionConfigurationResult,
+    -- | An object that contains information on the status of CloudTrail as a
+    -- data source.
+    cloudTrail :: CloudTrailConfigurationResult,
+    -- | An object that contains information on the status of DNS logs as a data
+    -- source.
+    dNSLogs :: DNSLogsConfigurationResult,
+    -- | An object that contains information on the status of VPC flow logs as a
+    -- data source.
+    flowLogs :: FlowLogsConfigurationResult,
+    -- | An object that contains information on the status of S3 Data event logs
+    -- as a data source.
+    s3Logs :: S3LogsConfigurationResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DataSourceConfigurationsResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kubernetes', 'dataSourceConfigurationsResult_kubernetes' - An object that contains information on the status of all Kubernetes data
+-- sources.
+--
+-- 'malwareProtection', 'dataSourceConfigurationsResult_malwareProtection' - Describes the configuration of Malware Protection data sources.
+--
+-- 'cloudTrail', 'dataSourceConfigurationsResult_cloudTrail' - An object that contains information on the status of CloudTrail as a
+-- data source.
+--
+-- 'dNSLogs', 'dataSourceConfigurationsResult_dNSLogs' - An object that contains information on the status of DNS logs as a data
+-- source.
+--
+-- 'flowLogs', 'dataSourceConfigurationsResult_flowLogs' - An object that contains information on the status of VPC flow logs as a
+-- data source.
+--
+-- 's3Logs', 'dataSourceConfigurationsResult_s3Logs' - An object that contains information on the status of S3 Data event logs
+-- as a data source.
+newDataSourceConfigurationsResult ::
+  -- | 'cloudTrail'
+  CloudTrailConfigurationResult ->
+  -- | 'dNSLogs'
+  DNSLogsConfigurationResult ->
+  -- | 'flowLogs'
+  FlowLogsConfigurationResult ->
+  -- | 's3Logs'
+  S3LogsConfigurationResult ->
+  DataSourceConfigurationsResult
+newDataSourceConfigurationsResult
+  pCloudTrail_
+  pDNSLogs_
+  pFlowLogs_
+  pS3Logs_ =
+    DataSourceConfigurationsResult'
+      { kubernetes =
+          Prelude.Nothing,
+        malwareProtection = Prelude.Nothing,
+        cloudTrail = pCloudTrail_,
+        dNSLogs = pDNSLogs_,
+        flowLogs = pFlowLogs_,
+        s3Logs = pS3Logs_
+      }
+
+-- | An object that contains information on the status of all Kubernetes data
+-- sources.
+dataSourceConfigurationsResult_kubernetes :: Lens.Lens' DataSourceConfigurationsResult (Prelude.Maybe KubernetesConfigurationResult)
+dataSourceConfigurationsResult_kubernetes = Lens.lens (\DataSourceConfigurationsResult' {kubernetes} -> kubernetes) (\s@DataSourceConfigurationsResult' {} a -> s {kubernetes = a} :: DataSourceConfigurationsResult)
+
+-- | Describes the configuration of Malware Protection data sources.
+dataSourceConfigurationsResult_malwareProtection :: Lens.Lens' DataSourceConfigurationsResult (Prelude.Maybe MalwareProtectionConfigurationResult)
+dataSourceConfigurationsResult_malwareProtection = Lens.lens (\DataSourceConfigurationsResult' {malwareProtection} -> malwareProtection) (\s@DataSourceConfigurationsResult' {} a -> s {malwareProtection = a} :: DataSourceConfigurationsResult)
+
+-- | An object that contains information on the status of CloudTrail as a
+-- data source.
+dataSourceConfigurationsResult_cloudTrail :: Lens.Lens' DataSourceConfigurationsResult CloudTrailConfigurationResult
+dataSourceConfigurationsResult_cloudTrail = Lens.lens (\DataSourceConfigurationsResult' {cloudTrail} -> cloudTrail) (\s@DataSourceConfigurationsResult' {} a -> s {cloudTrail = a} :: DataSourceConfigurationsResult)
+
+-- | An object that contains information on the status of DNS logs as a data
+-- source.
+dataSourceConfigurationsResult_dNSLogs :: Lens.Lens' DataSourceConfigurationsResult DNSLogsConfigurationResult
+dataSourceConfigurationsResult_dNSLogs = Lens.lens (\DataSourceConfigurationsResult' {dNSLogs} -> dNSLogs) (\s@DataSourceConfigurationsResult' {} a -> s {dNSLogs = a} :: DataSourceConfigurationsResult)
+
+-- | An object that contains information on the status of VPC flow logs as a
+-- data source.
+dataSourceConfigurationsResult_flowLogs :: Lens.Lens' DataSourceConfigurationsResult FlowLogsConfigurationResult
+dataSourceConfigurationsResult_flowLogs = Lens.lens (\DataSourceConfigurationsResult' {flowLogs} -> flowLogs) (\s@DataSourceConfigurationsResult' {} a -> s {flowLogs = a} :: DataSourceConfigurationsResult)
+
+-- | An object that contains information on the status of S3 Data event logs
+-- as a data source.
+dataSourceConfigurationsResult_s3Logs :: Lens.Lens' DataSourceConfigurationsResult S3LogsConfigurationResult
+dataSourceConfigurationsResult_s3Logs = Lens.lens (\DataSourceConfigurationsResult' {s3Logs} -> s3Logs) (\s@DataSourceConfigurationsResult' {} a -> s {s3Logs = a} :: DataSourceConfigurationsResult)
+
+instance Data.FromJSON DataSourceConfigurationsResult where
+  parseJSON =
+    Data.withObject
+      "DataSourceConfigurationsResult"
+      ( \x ->
+          DataSourceConfigurationsResult'
+            Prelude.<$> (x Data..:? "kubernetes")
+            Prelude.<*> (x Data..:? "malwareProtection")
+            Prelude.<*> (x Data..: "cloudTrail")
+            Prelude.<*> (x Data..: "dnsLogs")
+            Prelude.<*> (x Data..: "flowLogs")
+            Prelude.<*> (x Data..: "s3Logs")
+      )
+
+instance
+  Prelude.Hashable
+    DataSourceConfigurationsResult
+  where
+  hashWithSalt
+    _salt
+    DataSourceConfigurationsResult' {..} =
+      _salt
+        `Prelude.hashWithSalt` kubernetes
+        `Prelude.hashWithSalt` malwareProtection
+        `Prelude.hashWithSalt` cloudTrail
+        `Prelude.hashWithSalt` dNSLogs
+        `Prelude.hashWithSalt` flowLogs
+        `Prelude.hashWithSalt` s3Logs
+
+instance
+  Prelude.NFData
+    DataSourceConfigurationsResult
+  where
+  rnf DataSourceConfigurationsResult' {..} =
+    Prelude.rnf kubernetes
+      `Prelude.seq` Prelude.rnf malwareProtection
+      `Prelude.seq` Prelude.rnf cloudTrail
+      `Prelude.seq` Prelude.rnf dNSLogs
+      `Prelude.seq` Prelude.rnf flowLogs
+      `Prelude.seq` Prelude.rnf s3Logs
diff --git a/gen/Amazonka/GuardDuty/Types/DataSourceFreeTrial.hs b/gen/Amazonka/GuardDuty/Types/DataSourceFreeTrial.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DataSourceFreeTrial.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DataSourceFreeTrial
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DataSourceFreeTrial where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about which data sources are enabled for the
+-- GuardDuty member account.
+--
+-- /See:/ 'newDataSourceFreeTrial' smart constructor.
+data DataSourceFreeTrial = DataSourceFreeTrial'
+  { -- | A value that specifies the number of days left to use each enabled data
+    -- source.
+    freeTrialDaysRemaining :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DataSourceFreeTrial' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'freeTrialDaysRemaining', 'dataSourceFreeTrial_freeTrialDaysRemaining' - A value that specifies the number of days left to use each enabled data
+-- source.
+newDataSourceFreeTrial ::
+  DataSourceFreeTrial
+newDataSourceFreeTrial =
+  DataSourceFreeTrial'
+    { freeTrialDaysRemaining =
+        Prelude.Nothing
+    }
+
+-- | A value that specifies the number of days left to use each enabled data
+-- source.
+dataSourceFreeTrial_freeTrialDaysRemaining :: Lens.Lens' DataSourceFreeTrial (Prelude.Maybe Prelude.Int)
+dataSourceFreeTrial_freeTrialDaysRemaining = Lens.lens (\DataSourceFreeTrial' {freeTrialDaysRemaining} -> freeTrialDaysRemaining) (\s@DataSourceFreeTrial' {} a -> s {freeTrialDaysRemaining = a} :: DataSourceFreeTrial)
+
+instance Data.FromJSON DataSourceFreeTrial where
+  parseJSON =
+    Data.withObject
+      "DataSourceFreeTrial"
+      ( \x ->
+          DataSourceFreeTrial'
+            Prelude.<$> (x Data..:? "freeTrialDaysRemaining")
+      )
+
+instance Prelude.Hashable DataSourceFreeTrial where
+  hashWithSalt _salt DataSourceFreeTrial' {..} =
+    _salt `Prelude.hashWithSalt` freeTrialDaysRemaining
+
+instance Prelude.NFData DataSourceFreeTrial where
+  rnf DataSourceFreeTrial' {..} =
+    Prelude.rnf freeTrialDaysRemaining
diff --git a/gen/Amazonka/GuardDuty/Types/DataSourceStatus.hs b/gen/Amazonka/GuardDuty/Types/DataSourceStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DataSourceStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DataSourceStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DataSourceStatus
+  ( DataSourceStatus
+      ( ..,
+        DataSourceStatus_DISABLED,
+        DataSourceStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype DataSourceStatus = DataSourceStatus'
+  { fromDataSourceStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern DataSourceStatus_DISABLED :: DataSourceStatus
+pattern DataSourceStatus_DISABLED = DataSourceStatus' "DISABLED"
+
+pattern DataSourceStatus_ENABLED :: DataSourceStatus
+pattern DataSourceStatus_ENABLED = DataSourceStatus' "ENABLED"
+
+{-# COMPLETE
+  DataSourceStatus_DISABLED,
+  DataSourceStatus_ENABLED,
+  DataSourceStatus'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/DataSourcesFreeTrial.hs b/gen/Amazonka/GuardDuty/Types/DataSourcesFreeTrial.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DataSourcesFreeTrial.hs
@@ -0,0 +1,139 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DataSourcesFreeTrial
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DataSourcesFreeTrial where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceFreeTrial
+import Amazonka.GuardDuty.Types.KubernetesDataSourceFreeTrial
+import Amazonka.GuardDuty.Types.MalwareProtectionDataSourceFreeTrial
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about which data sources are enabled for the
+-- GuardDuty member account.
+--
+-- /See:/ 'newDataSourcesFreeTrial' smart constructor.
+data DataSourcesFreeTrial = DataSourcesFreeTrial'
+  { -- | Describes whether any Amazon Web Services CloudTrail management event
+    -- logs are enabled as data sources.
+    cloudTrail :: Prelude.Maybe DataSourceFreeTrial,
+    -- | Describes whether any DNS logs are enabled as data sources.
+    dnsLogs :: Prelude.Maybe DataSourceFreeTrial,
+    -- | Describes whether any VPC Flow logs are enabled as data sources.
+    flowLogs :: Prelude.Maybe DataSourceFreeTrial,
+    -- | Describes whether any Kubernetes logs are enabled as data sources.
+    kubernetes :: Prelude.Maybe KubernetesDataSourceFreeTrial,
+    -- | Describes whether Malware Protection is enabled as a data source.
+    malwareProtection :: Prelude.Maybe MalwareProtectionDataSourceFreeTrial,
+    -- | Describes whether any S3 data event logs are enabled as data sources.
+    s3Logs :: Prelude.Maybe DataSourceFreeTrial
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DataSourcesFreeTrial' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'cloudTrail', 'dataSourcesFreeTrial_cloudTrail' - Describes whether any Amazon Web Services CloudTrail management event
+-- logs are enabled as data sources.
+--
+-- 'dnsLogs', 'dataSourcesFreeTrial_dnsLogs' - Describes whether any DNS logs are enabled as data sources.
+--
+-- 'flowLogs', 'dataSourcesFreeTrial_flowLogs' - Describes whether any VPC Flow logs are enabled as data sources.
+--
+-- 'kubernetes', 'dataSourcesFreeTrial_kubernetes' - Describes whether any Kubernetes logs are enabled as data sources.
+--
+-- 'malwareProtection', 'dataSourcesFreeTrial_malwareProtection' - Describes whether Malware Protection is enabled as a data source.
+--
+-- 's3Logs', 'dataSourcesFreeTrial_s3Logs' - Describes whether any S3 data event logs are enabled as data sources.
+newDataSourcesFreeTrial ::
+  DataSourcesFreeTrial
+newDataSourcesFreeTrial =
+  DataSourcesFreeTrial'
+    { cloudTrail = Prelude.Nothing,
+      dnsLogs = Prelude.Nothing,
+      flowLogs = Prelude.Nothing,
+      kubernetes = Prelude.Nothing,
+      malwareProtection = Prelude.Nothing,
+      s3Logs = Prelude.Nothing
+    }
+
+-- | Describes whether any Amazon Web Services CloudTrail management event
+-- logs are enabled as data sources.
+dataSourcesFreeTrial_cloudTrail :: Lens.Lens' DataSourcesFreeTrial (Prelude.Maybe DataSourceFreeTrial)
+dataSourcesFreeTrial_cloudTrail = Lens.lens (\DataSourcesFreeTrial' {cloudTrail} -> cloudTrail) (\s@DataSourcesFreeTrial' {} a -> s {cloudTrail = a} :: DataSourcesFreeTrial)
+
+-- | Describes whether any DNS logs are enabled as data sources.
+dataSourcesFreeTrial_dnsLogs :: Lens.Lens' DataSourcesFreeTrial (Prelude.Maybe DataSourceFreeTrial)
+dataSourcesFreeTrial_dnsLogs = Lens.lens (\DataSourcesFreeTrial' {dnsLogs} -> dnsLogs) (\s@DataSourcesFreeTrial' {} a -> s {dnsLogs = a} :: DataSourcesFreeTrial)
+
+-- | Describes whether any VPC Flow logs are enabled as data sources.
+dataSourcesFreeTrial_flowLogs :: Lens.Lens' DataSourcesFreeTrial (Prelude.Maybe DataSourceFreeTrial)
+dataSourcesFreeTrial_flowLogs = Lens.lens (\DataSourcesFreeTrial' {flowLogs} -> flowLogs) (\s@DataSourcesFreeTrial' {} a -> s {flowLogs = a} :: DataSourcesFreeTrial)
+
+-- | Describes whether any Kubernetes logs are enabled as data sources.
+dataSourcesFreeTrial_kubernetes :: Lens.Lens' DataSourcesFreeTrial (Prelude.Maybe KubernetesDataSourceFreeTrial)
+dataSourcesFreeTrial_kubernetes = Lens.lens (\DataSourcesFreeTrial' {kubernetes} -> kubernetes) (\s@DataSourcesFreeTrial' {} a -> s {kubernetes = a} :: DataSourcesFreeTrial)
+
+-- | Describes whether Malware Protection is enabled as a data source.
+dataSourcesFreeTrial_malwareProtection :: Lens.Lens' DataSourcesFreeTrial (Prelude.Maybe MalwareProtectionDataSourceFreeTrial)
+dataSourcesFreeTrial_malwareProtection = Lens.lens (\DataSourcesFreeTrial' {malwareProtection} -> malwareProtection) (\s@DataSourcesFreeTrial' {} a -> s {malwareProtection = a} :: DataSourcesFreeTrial)
+
+-- | Describes whether any S3 data event logs are enabled as data sources.
+dataSourcesFreeTrial_s3Logs :: Lens.Lens' DataSourcesFreeTrial (Prelude.Maybe DataSourceFreeTrial)
+dataSourcesFreeTrial_s3Logs = Lens.lens (\DataSourcesFreeTrial' {s3Logs} -> s3Logs) (\s@DataSourcesFreeTrial' {} a -> s {s3Logs = a} :: DataSourcesFreeTrial)
+
+instance Data.FromJSON DataSourcesFreeTrial where
+  parseJSON =
+    Data.withObject
+      "DataSourcesFreeTrial"
+      ( \x ->
+          DataSourcesFreeTrial'
+            Prelude.<$> (x Data..:? "cloudTrail")
+            Prelude.<*> (x Data..:? "dnsLogs")
+            Prelude.<*> (x Data..:? "flowLogs")
+            Prelude.<*> (x Data..:? "kubernetes")
+            Prelude.<*> (x Data..:? "malwareProtection")
+            Prelude.<*> (x Data..:? "s3Logs")
+      )
+
+instance Prelude.Hashable DataSourcesFreeTrial where
+  hashWithSalt _salt DataSourcesFreeTrial' {..} =
+    _salt
+      `Prelude.hashWithSalt` cloudTrail
+      `Prelude.hashWithSalt` dnsLogs
+      `Prelude.hashWithSalt` flowLogs
+      `Prelude.hashWithSalt` kubernetes
+      `Prelude.hashWithSalt` malwareProtection
+      `Prelude.hashWithSalt` s3Logs
+
+instance Prelude.NFData DataSourcesFreeTrial where
+  rnf DataSourcesFreeTrial' {..} =
+    Prelude.rnf cloudTrail
+      `Prelude.seq` Prelude.rnf dnsLogs
+      `Prelude.seq` Prelude.rnf flowLogs
+      `Prelude.seq` Prelude.rnf kubernetes
+      `Prelude.seq` Prelude.rnf malwareProtection
+      `Prelude.seq` Prelude.rnf s3Logs
diff --git a/gen/Amazonka/GuardDuty/Types/DefaultServerSideEncryption.hs b/gen/Amazonka/GuardDuty/Types/DefaultServerSideEncryption.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DefaultServerSideEncryption.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DefaultServerSideEncryption
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DefaultServerSideEncryption where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the server side encryption method used in the S3
+-- bucket. See
+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html S3 Server-Side Encryption>
+-- for more information.
+--
+-- /See:/ 'newDefaultServerSideEncryption' smart constructor.
+data DefaultServerSideEncryption = DefaultServerSideEncryption'
+  { -- | The type of encryption used for objects within the S3 bucket.
+    encryptionType :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the KMS encryption key. Only available
+    -- if the bucket @EncryptionType@ is @aws:kms@.
+    kmsMasterKeyArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DefaultServerSideEncryption' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'encryptionType', 'defaultServerSideEncryption_encryptionType' - The type of encryption used for objects within the S3 bucket.
+--
+-- 'kmsMasterKeyArn', 'defaultServerSideEncryption_kmsMasterKeyArn' - The Amazon Resource Name (ARN) of the KMS encryption key. Only available
+-- if the bucket @EncryptionType@ is @aws:kms@.
+newDefaultServerSideEncryption ::
+  DefaultServerSideEncryption
+newDefaultServerSideEncryption =
+  DefaultServerSideEncryption'
+    { encryptionType =
+        Prelude.Nothing,
+      kmsMasterKeyArn = Prelude.Nothing
+    }
+
+-- | The type of encryption used for objects within the S3 bucket.
+defaultServerSideEncryption_encryptionType :: Lens.Lens' DefaultServerSideEncryption (Prelude.Maybe Prelude.Text)
+defaultServerSideEncryption_encryptionType = Lens.lens (\DefaultServerSideEncryption' {encryptionType} -> encryptionType) (\s@DefaultServerSideEncryption' {} a -> s {encryptionType = a} :: DefaultServerSideEncryption)
+
+-- | The Amazon Resource Name (ARN) of the KMS encryption key. Only available
+-- if the bucket @EncryptionType@ is @aws:kms@.
+defaultServerSideEncryption_kmsMasterKeyArn :: Lens.Lens' DefaultServerSideEncryption (Prelude.Maybe Prelude.Text)
+defaultServerSideEncryption_kmsMasterKeyArn = Lens.lens (\DefaultServerSideEncryption' {kmsMasterKeyArn} -> kmsMasterKeyArn) (\s@DefaultServerSideEncryption' {} a -> s {kmsMasterKeyArn = a} :: DefaultServerSideEncryption)
+
+instance Data.FromJSON DefaultServerSideEncryption where
+  parseJSON =
+    Data.withObject
+      "DefaultServerSideEncryption"
+      ( \x ->
+          DefaultServerSideEncryption'
+            Prelude.<$> (x Data..:? "encryptionType")
+            Prelude.<*> (x Data..:? "kmsMasterKeyArn")
+      )
+
+instance Prelude.Hashable DefaultServerSideEncryption where
+  hashWithSalt _salt DefaultServerSideEncryption' {..} =
+    _salt
+      `Prelude.hashWithSalt` encryptionType
+      `Prelude.hashWithSalt` kmsMasterKeyArn
+
+instance Prelude.NFData DefaultServerSideEncryption where
+  rnf DefaultServerSideEncryption' {..} =
+    Prelude.rnf encryptionType
+      `Prelude.seq` Prelude.rnf kmsMasterKeyArn
diff --git a/gen/Amazonka/GuardDuty/Types/Destination.hs b/gen/Amazonka/GuardDuty/Types/Destination.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Destination.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Destination
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Destination where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DestinationType
+import Amazonka.GuardDuty.Types.PublishingStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the publishing destination, including the ID,
+-- type, and status.
+--
+-- /See:/ 'newDestination' smart constructor.
+data Destination = Destination'
+  { -- | The unique ID of the publishing destination.
+    destinationId :: Prelude.Text,
+    -- | The type of resource used for the publishing destination. Currently,
+    -- only Amazon S3 buckets are supported.
+    destinationType :: DestinationType,
+    -- | The status of the publishing destination.
+    status :: PublishingStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Destination' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationId', 'destination_destinationId' - The unique ID of the publishing destination.
+--
+-- 'destinationType', 'destination_destinationType' - The type of resource used for the publishing destination. Currently,
+-- only Amazon S3 buckets are supported.
+--
+-- 'status', 'destination_status' - The status of the publishing destination.
+newDestination ::
+  -- | 'destinationId'
+  Prelude.Text ->
+  -- | 'destinationType'
+  DestinationType ->
+  -- | 'status'
+  PublishingStatus ->
+  Destination
+newDestination
+  pDestinationId_
+  pDestinationType_
+  pStatus_ =
+    Destination'
+      { destinationId = pDestinationId_,
+        destinationType = pDestinationType_,
+        status = pStatus_
+      }
+
+-- | The unique ID of the publishing destination.
+destination_destinationId :: Lens.Lens' Destination Prelude.Text
+destination_destinationId = Lens.lens (\Destination' {destinationId} -> destinationId) (\s@Destination' {} a -> s {destinationId = a} :: Destination)
+
+-- | The type of resource used for the publishing destination. Currently,
+-- only Amazon S3 buckets are supported.
+destination_destinationType :: Lens.Lens' Destination DestinationType
+destination_destinationType = Lens.lens (\Destination' {destinationType} -> destinationType) (\s@Destination' {} a -> s {destinationType = a} :: Destination)
+
+-- | The status of the publishing destination.
+destination_status :: Lens.Lens' Destination PublishingStatus
+destination_status = Lens.lens (\Destination' {status} -> status) (\s@Destination' {} a -> s {status = a} :: Destination)
+
+instance Data.FromJSON Destination where
+  parseJSON =
+    Data.withObject
+      "Destination"
+      ( \x ->
+          Destination'
+            Prelude.<$> (x Data..: "destinationId")
+            Prelude.<*> (x Data..: "destinationType")
+            Prelude.<*> (x Data..: "status")
+      )
+
+instance Prelude.Hashable Destination where
+  hashWithSalt _salt Destination' {..} =
+    _salt
+      `Prelude.hashWithSalt` destinationId
+      `Prelude.hashWithSalt` destinationType
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData Destination where
+  rnf Destination' {..} =
+    Prelude.rnf destinationId
+      `Prelude.seq` Prelude.rnf destinationType
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/Types/DestinationProperties.hs b/gen/Amazonka/GuardDuty/Types/DestinationProperties.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DestinationProperties.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DestinationProperties
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DestinationProperties where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the Amazon Resource Name (ARN) of the resource to publish to,
+-- such as an S3 bucket, and the ARN of the KMS key to use to encrypt
+-- published findings.
+--
+-- /See:/ 'newDestinationProperties' smart constructor.
+data DestinationProperties = DestinationProperties'
+  { -- | The ARN of the resource to publish to.
+    --
+    -- To specify an S3 bucket folder use the following format:
+    -- @arn:aws:s3:::DOC-EXAMPLE-BUCKET\/myFolder\/@
+    destinationArn :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the KMS key to use for encryption.
+    kmsKeyArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DestinationProperties' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationArn', 'destinationProperties_destinationArn' - The ARN of the resource to publish to.
+--
+-- To specify an S3 bucket folder use the following format:
+-- @arn:aws:s3:::DOC-EXAMPLE-BUCKET\/myFolder\/@
+--
+-- 'kmsKeyArn', 'destinationProperties_kmsKeyArn' - The ARN of the KMS key to use for encryption.
+newDestinationProperties ::
+  DestinationProperties
+newDestinationProperties =
+  DestinationProperties'
+    { destinationArn =
+        Prelude.Nothing,
+      kmsKeyArn = Prelude.Nothing
+    }
+
+-- | The ARN of the resource to publish to.
+--
+-- To specify an S3 bucket folder use the following format:
+-- @arn:aws:s3:::DOC-EXAMPLE-BUCKET\/myFolder\/@
+destinationProperties_destinationArn :: Lens.Lens' DestinationProperties (Prelude.Maybe Prelude.Text)
+destinationProperties_destinationArn = Lens.lens (\DestinationProperties' {destinationArn} -> destinationArn) (\s@DestinationProperties' {} a -> s {destinationArn = a} :: DestinationProperties)
+
+-- | The ARN of the KMS key to use for encryption.
+destinationProperties_kmsKeyArn :: Lens.Lens' DestinationProperties (Prelude.Maybe Prelude.Text)
+destinationProperties_kmsKeyArn = Lens.lens (\DestinationProperties' {kmsKeyArn} -> kmsKeyArn) (\s@DestinationProperties' {} a -> s {kmsKeyArn = a} :: DestinationProperties)
+
+instance Data.FromJSON DestinationProperties where
+  parseJSON =
+    Data.withObject
+      "DestinationProperties"
+      ( \x ->
+          DestinationProperties'
+            Prelude.<$> (x Data..:? "destinationArn")
+            Prelude.<*> (x Data..:? "kmsKeyArn")
+      )
+
+instance Prelude.Hashable DestinationProperties where
+  hashWithSalt _salt DestinationProperties' {..} =
+    _salt
+      `Prelude.hashWithSalt` destinationArn
+      `Prelude.hashWithSalt` kmsKeyArn
+
+instance Prelude.NFData DestinationProperties where
+  rnf DestinationProperties' {..} =
+    Prelude.rnf destinationArn
+      `Prelude.seq` Prelude.rnf kmsKeyArn
+
+instance Data.ToJSON DestinationProperties where
+  toJSON DestinationProperties' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("destinationArn" Data..=)
+              Prelude.<$> destinationArn,
+            ("kmsKeyArn" Data..=) Prelude.<$> kmsKeyArn
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/DestinationType.hs b/gen/Amazonka/GuardDuty/Types/DestinationType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DestinationType.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DestinationType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DestinationType
+  ( DestinationType
+      ( ..,
+        DestinationType_S3
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype DestinationType = DestinationType'
+  { fromDestinationType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern DestinationType_S3 :: DestinationType
+pattern DestinationType_S3 = DestinationType' "S3"
+
+{-# COMPLETE
+  DestinationType_S3,
+  DestinationType'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/DetectorStatus.hs b/gen/Amazonka/GuardDuty/Types/DetectorStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DetectorStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DetectorStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DetectorStatus
+  ( DetectorStatus
+      ( ..,
+        DetectorStatus_DISABLED,
+        DetectorStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype DetectorStatus = DetectorStatus'
+  { fromDetectorStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern DetectorStatus_DISABLED :: DetectorStatus
+pattern DetectorStatus_DISABLED = DetectorStatus' "DISABLED"
+
+pattern DetectorStatus_ENABLED :: DetectorStatus
+pattern DetectorStatus_ENABLED = DetectorStatus' "ENABLED"
+
+{-# COMPLETE
+  DetectorStatus_DISABLED,
+  DetectorStatus_ENABLED,
+  DetectorStatus'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/DnsRequestAction.hs b/gen/Amazonka/GuardDuty/Types/DnsRequestAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DnsRequestAction.hs
@@ -0,0 +1,100 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DnsRequestAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DnsRequestAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the DNS_REQUEST action described in this
+-- finding.
+--
+-- /See:/ 'newDnsRequestAction' smart constructor.
+data DnsRequestAction = DnsRequestAction'
+  { -- | Indicates whether the targeted port is blocked.
+    blocked :: Prelude.Maybe Prelude.Bool,
+    -- | The domain information for the API request.
+    domain :: Prelude.Maybe Prelude.Text,
+    -- | The network connection protocol observed in the activity that prompted
+    -- GuardDuty to generate the finding.
+    protocol :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DnsRequestAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blocked', 'dnsRequestAction_blocked' - Indicates whether the targeted port is blocked.
+--
+-- 'domain', 'dnsRequestAction_domain' - The domain information for the API request.
+--
+-- 'protocol', 'dnsRequestAction_protocol' - The network connection protocol observed in the activity that prompted
+-- GuardDuty to generate the finding.
+newDnsRequestAction ::
+  DnsRequestAction
+newDnsRequestAction =
+  DnsRequestAction'
+    { blocked = Prelude.Nothing,
+      domain = Prelude.Nothing,
+      protocol = Prelude.Nothing
+    }
+
+-- | Indicates whether the targeted port is blocked.
+dnsRequestAction_blocked :: Lens.Lens' DnsRequestAction (Prelude.Maybe Prelude.Bool)
+dnsRequestAction_blocked = Lens.lens (\DnsRequestAction' {blocked} -> blocked) (\s@DnsRequestAction' {} a -> s {blocked = a} :: DnsRequestAction)
+
+-- | The domain information for the API request.
+dnsRequestAction_domain :: Lens.Lens' DnsRequestAction (Prelude.Maybe Prelude.Text)
+dnsRequestAction_domain = Lens.lens (\DnsRequestAction' {domain} -> domain) (\s@DnsRequestAction' {} a -> s {domain = a} :: DnsRequestAction)
+
+-- | The network connection protocol observed in the activity that prompted
+-- GuardDuty to generate the finding.
+dnsRequestAction_protocol :: Lens.Lens' DnsRequestAction (Prelude.Maybe Prelude.Text)
+dnsRequestAction_protocol = Lens.lens (\DnsRequestAction' {protocol} -> protocol) (\s@DnsRequestAction' {} a -> s {protocol = a} :: DnsRequestAction)
+
+instance Data.FromJSON DnsRequestAction where
+  parseJSON =
+    Data.withObject
+      "DnsRequestAction"
+      ( \x ->
+          DnsRequestAction'
+            Prelude.<$> (x Data..:? "blocked")
+            Prelude.<*> (x Data..:? "domain")
+            Prelude.<*> (x Data..:? "protocol")
+      )
+
+instance Prelude.Hashable DnsRequestAction where
+  hashWithSalt _salt DnsRequestAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` blocked
+      `Prelude.hashWithSalt` domain
+      `Prelude.hashWithSalt` protocol
+
+instance Prelude.NFData DnsRequestAction where
+  rnf DnsRequestAction' {..} =
+    Prelude.rnf blocked
+      `Prelude.seq` Prelude.rnf domain
+      `Prelude.seq` Prelude.rnf protocol
diff --git a/gen/Amazonka/GuardDuty/Types/DomainDetails.hs b/gen/Amazonka/GuardDuty/Types/DomainDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/DomainDetails.hs
@@ -0,0 +1,67 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.DomainDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.DomainDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the domain.
+--
+-- /See:/ 'newDomainDetails' smart constructor.
+data DomainDetails = DomainDetails'
+  { -- | The domain information for the Amazon Web Services API call.
+    domain :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DomainDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'domain', 'domainDetails_domain' - The domain information for the Amazon Web Services API call.
+newDomainDetails ::
+  DomainDetails
+newDomainDetails =
+  DomainDetails' {domain = Prelude.Nothing}
+
+-- | The domain information for the Amazon Web Services API call.
+domainDetails_domain :: Lens.Lens' DomainDetails (Prelude.Maybe Prelude.Text)
+domainDetails_domain = Lens.lens (\DomainDetails' {domain} -> domain) (\s@DomainDetails' {} a -> s {domain = a} :: DomainDetails)
+
+instance Data.FromJSON DomainDetails where
+  parseJSON =
+    Data.withObject
+      "DomainDetails"
+      ( \x ->
+          DomainDetails' Prelude.<$> (x Data..:? "domain")
+      )
+
+instance Prelude.Hashable DomainDetails where
+  hashWithSalt _salt DomainDetails' {..} =
+    _salt `Prelude.hashWithSalt` domain
+
+instance Prelude.NFData DomainDetails where
+  rnf DomainDetails' {..} = Prelude.rnf domain
diff --git a/gen/Amazonka/GuardDuty/Types/EbsSnapshotPreservation.hs b/gen/Amazonka/GuardDuty/Types/EbsSnapshotPreservation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/EbsSnapshotPreservation.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.EbsSnapshotPreservation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.EbsSnapshotPreservation
+  ( EbsSnapshotPreservation
+      ( ..,
+        EbsSnapshotPreservation_NO_RETENTION,
+        EbsSnapshotPreservation_RETENTION_WITH_FINDING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype EbsSnapshotPreservation = EbsSnapshotPreservation'
+  { fromEbsSnapshotPreservation ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern EbsSnapshotPreservation_NO_RETENTION :: EbsSnapshotPreservation
+pattern EbsSnapshotPreservation_NO_RETENTION = EbsSnapshotPreservation' "NO_RETENTION"
+
+pattern EbsSnapshotPreservation_RETENTION_WITH_FINDING :: EbsSnapshotPreservation
+pattern EbsSnapshotPreservation_RETENTION_WITH_FINDING = EbsSnapshotPreservation' "RETENTION_WITH_FINDING"
+
+{-# COMPLETE
+  EbsSnapshotPreservation_NO_RETENTION,
+  EbsSnapshotPreservation_RETENTION_WITH_FINDING,
+  EbsSnapshotPreservation'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/EbsVolumeDetails.hs b/gen/Amazonka/GuardDuty/Types/EbsVolumeDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/EbsVolumeDetails.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.EbsVolumeDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.EbsVolumeDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.VolumeDetail
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains list of scanned and skipped EBS volumes with details.
+--
+-- /See:/ 'newEbsVolumeDetails' smart constructor.
+data EbsVolumeDetails = EbsVolumeDetails'
+  { -- | List of EBS volumes that were scanned.
+    scannedVolumeDetails :: Prelude.Maybe [VolumeDetail],
+    -- | List of EBS volumes that were skipped from the malware scan.
+    skippedVolumeDetails :: Prelude.Maybe [VolumeDetail]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EbsVolumeDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scannedVolumeDetails', 'ebsVolumeDetails_scannedVolumeDetails' - List of EBS volumes that were scanned.
+--
+-- 'skippedVolumeDetails', 'ebsVolumeDetails_skippedVolumeDetails' - List of EBS volumes that were skipped from the malware scan.
+newEbsVolumeDetails ::
+  EbsVolumeDetails
+newEbsVolumeDetails =
+  EbsVolumeDetails'
+    { scannedVolumeDetails =
+        Prelude.Nothing,
+      skippedVolumeDetails = Prelude.Nothing
+    }
+
+-- | List of EBS volumes that were scanned.
+ebsVolumeDetails_scannedVolumeDetails :: Lens.Lens' EbsVolumeDetails (Prelude.Maybe [VolumeDetail])
+ebsVolumeDetails_scannedVolumeDetails = Lens.lens (\EbsVolumeDetails' {scannedVolumeDetails} -> scannedVolumeDetails) (\s@EbsVolumeDetails' {} a -> s {scannedVolumeDetails = a} :: EbsVolumeDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | List of EBS volumes that were skipped from the malware scan.
+ebsVolumeDetails_skippedVolumeDetails :: Lens.Lens' EbsVolumeDetails (Prelude.Maybe [VolumeDetail])
+ebsVolumeDetails_skippedVolumeDetails = Lens.lens (\EbsVolumeDetails' {skippedVolumeDetails} -> skippedVolumeDetails) (\s@EbsVolumeDetails' {} a -> s {skippedVolumeDetails = a} :: EbsVolumeDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON EbsVolumeDetails where
+  parseJSON =
+    Data.withObject
+      "EbsVolumeDetails"
+      ( \x ->
+          EbsVolumeDetails'
+            Prelude.<$> ( x
+                            Data..:? "scannedVolumeDetails"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "skippedVolumeDetails"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable EbsVolumeDetails where
+  hashWithSalt _salt EbsVolumeDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` scannedVolumeDetails
+      `Prelude.hashWithSalt` skippedVolumeDetails
+
+instance Prelude.NFData EbsVolumeDetails where
+  rnf EbsVolumeDetails' {..} =
+    Prelude.rnf scannedVolumeDetails
+      `Prelude.seq` Prelude.rnf skippedVolumeDetails
diff --git a/gen/Amazonka/GuardDuty/Types/EbsVolumeScanDetails.hs b/gen/Amazonka/GuardDuty/Types/EbsVolumeScanDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/EbsVolumeScanDetails.hs
@@ -0,0 +1,134 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.EbsVolumeScanDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.EbsVolumeScanDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanDetections
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details from the malware scan that created a finding.
+--
+-- /See:/ 'newEbsVolumeScanDetails' smart constructor.
+data EbsVolumeScanDetails = EbsVolumeScanDetails'
+  { -- | Returns the completion date and time of the malware scan.
+    scanCompletedAt :: Prelude.Maybe Data.POSIX,
+    -- | Contains a complete view providing malware scan result details.
+    scanDetections :: Prelude.Maybe ScanDetections,
+    -- | Unique Id of the malware scan that generated the finding.
+    scanId :: Prelude.Maybe Prelude.Text,
+    -- | Returns the start date and time of the malware scan.
+    scanStartedAt :: Prelude.Maybe Data.POSIX,
+    -- | Contains list of threat intelligence sources used to detect threats.
+    sources :: Prelude.Maybe [Prelude.Text],
+    -- | GuardDuty finding ID that triggered a malware scan.
+    triggerFindingId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EbsVolumeScanDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanCompletedAt', 'ebsVolumeScanDetails_scanCompletedAt' - Returns the completion date and time of the malware scan.
+--
+-- 'scanDetections', 'ebsVolumeScanDetails_scanDetections' - Contains a complete view providing malware scan result details.
+--
+-- 'scanId', 'ebsVolumeScanDetails_scanId' - Unique Id of the malware scan that generated the finding.
+--
+-- 'scanStartedAt', 'ebsVolumeScanDetails_scanStartedAt' - Returns the start date and time of the malware scan.
+--
+-- 'sources', 'ebsVolumeScanDetails_sources' - Contains list of threat intelligence sources used to detect threats.
+--
+-- 'triggerFindingId', 'ebsVolumeScanDetails_triggerFindingId' - GuardDuty finding ID that triggered a malware scan.
+newEbsVolumeScanDetails ::
+  EbsVolumeScanDetails
+newEbsVolumeScanDetails =
+  EbsVolumeScanDetails'
+    { scanCompletedAt =
+        Prelude.Nothing,
+      scanDetections = Prelude.Nothing,
+      scanId = Prelude.Nothing,
+      scanStartedAt = Prelude.Nothing,
+      sources = Prelude.Nothing,
+      triggerFindingId = Prelude.Nothing
+    }
+
+-- | Returns the completion date and time of the malware scan.
+ebsVolumeScanDetails_scanCompletedAt :: Lens.Lens' EbsVolumeScanDetails (Prelude.Maybe Prelude.UTCTime)
+ebsVolumeScanDetails_scanCompletedAt = Lens.lens (\EbsVolumeScanDetails' {scanCompletedAt} -> scanCompletedAt) (\s@EbsVolumeScanDetails' {} a -> s {scanCompletedAt = a} :: EbsVolumeScanDetails) Prelude.. Lens.mapping Data._Time
+
+-- | Contains a complete view providing malware scan result details.
+ebsVolumeScanDetails_scanDetections :: Lens.Lens' EbsVolumeScanDetails (Prelude.Maybe ScanDetections)
+ebsVolumeScanDetails_scanDetections = Lens.lens (\EbsVolumeScanDetails' {scanDetections} -> scanDetections) (\s@EbsVolumeScanDetails' {} a -> s {scanDetections = a} :: EbsVolumeScanDetails)
+
+-- | Unique Id of the malware scan that generated the finding.
+ebsVolumeScanDetails_scanId :: Lens.Lens' EbsVolumeScanDetails (Prelude.Maybe Prelude.Text)
+ebsVolumeScanDetails_scanId = Lens.lens (\EbsVolumeScanDetails' {scanId} -> scanId) (\s@EbsVolumeScanDetails' {} a -> s {scanId = a} :: EbsVolumeScanDetails)
+
+-- | Returns the start date and time of the malware scan.
+ebsVolumeScanDetails_scanStartedAt :: Lens.Lens' EbsVolumeScanDetails (Prelude.Maybe Prelude.UTCTime)
+ebsVolumeScanDetails_scanStartedAt = Lens.lens (\EbsVolumeScanDetails' {scanStartedAt} -> scanStartedAt) (\s@EbsVolumeScanDetails' {} a -> s {scanStartedAt = a} :: EbsVolumeScanDetails) Prelude.. Lens.mapping Data._Time
+
+-- | Contains list of threat intelligence sources used to detect threats.
+ebsVolumeScanDetails_sources :: Lens.Lens' EbsVolumeScanDetails (Prelude.Maybe [Prelude.Text])
+ebsVolumeScanDetails_sources = Lens.lens (\EbsVolumeScanDetails' {sources} -> sources) (\s@EbsVolumeScanDetails' {} a -> s {sources = a} :: EbsVolumeScanDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | GuardDuty finding ID that triggered a malware scan.
+ebsVolumeScanDetails_triggerFindingId :: Lens.Lens' EbsVolumeScanDetails (Prelude.Maybe Prelude.Text)
+ebsVolumeScanDetails_triggerFindingId = Lens.lens (\EbsVolumeScanDetails' {triggerFindingId} -> triggerFindingId) (\s@EbsVolumeScanDetails' {} a -> s {triggerFindingId = a} :: EbsVolumeScanDetails)
+
+instance Data.FromJSON EbsVolumeScanDetails where
+  parseJSON =
+    Data.withObject
+      "EbsVolumeScanDetails"
+      ( \x ->
+          EbsVolumeScanDetails'
+            Prelude.<$> (x Data..:? "scanCompletedAt")
+            Prelude.<*> (x Data..:? "scanDetections")
+            Prelude.<*> (x Data..:? "scanId")
+            Prelude.<*> (x Data..:? "scanStartedAt")
+            Prelude.<*> (x Data..:? "sources" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "triggerFindingId")
+      )
+
+instance Prelude.Hashable EbsVolumeScanDetails where
+  hashWithSalt _salt EbsVolumeScanDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` scanCompletedAt
+      `Prelude.hashWithSalt` scanDetections
+      `Prelude.hashWithSalt` scanId
+      `Prelude.hashWithSalt` scanStartedAt
+      `Prelude.hashWithSalt` sources
+      `Prelude.hashWithSalt` triggerFindingId
+
+instance Prelude.NFData EbsVolumeScanDetails where
+  rnf EbsVolumeScanDetails' {..} =
+    Prelude.rnf scanCompletedAt
+      `Prelude.seq` Prelude.rnf scanDetections
+      `Prelude.seq` Prelude.rnf scanId
+      `Prelude.seq` Prelude.rnf scanStartedAt
+      `Prelude.seq` Prelude.rnf sources
+      `Prelude.seq` Prelude.rnf triggerFindingId
diff --git a/gen/Amazonka/GuardDuty/Types/EbsVolumesResult.hs b/gen/Amazonka/GuardDuty/Types/EbsVolumesResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/EbsVolumesResult.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.EbsVolumesResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.EbsVolumesResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes the configuration of scanning EBS volumes as a data source.
+--
+-- /See:/ 'newEbsVolumesResult' smart constructor.
+data EbsVolumesResult = EbsVolumesResult'
+  { -- | Specifies the reason why scanning EBS volumes (Malware Protection) was
+    -- not enabled as a data source.
+    reason :: Prelude.Maybe Prelude.Text,
+    -- | Describes whether scanning EBS volumes is enabled as a data source.
+    status :: Prelude.Maybe DataSourceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EbsVolumesResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'reason', 'ebsVolumesResult_reason' - Specifies the reason why scanning EBS volumes (Malware Protection) was
+-- not enabled as a data source.
+--
+-- 'status', 'ebsVolumesResult_status' - Describes whether scanning EBS volumes is enabled as a data source.
+newEbsVolumesResult ::
+  EbsVolumesResult
+newEbsVolumesResult =
+  EbsVolumesResult'
+    { reason = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | Specifies the reason why scanning EBS volumes (Malware Protection) was
+-- not enabled as a data source.
+ebsVolumesResult_reason :: Lens.Lens' EbsVolumesResult (Prelude.Maybe Prelude.Text)
+ebsVolumesResult_reason = Lens.lens (\EbsVolumesResult' {reason} -> reason) (\s@EbsVolumesResult' {} a -> s {reason = a} :: EbsVolumesResult)
+
+-- | Describes whether scanning EBS volumes is enabled as a data source.
+ebsVolumesResult_status :: Lens.Lens' EbsVolumesResult (Prelude.Maybe DataSourceStatus)
+ebsVolumesResult_status = Lens.lens (\EbsVolumesResult' {status} -> status) (\s@EbsVolumesResult' {} a -> s {status = a} :: EbsVolumesResult)
+
+instance Data.FromJSON EbsVolumesResult where
+  parseJSON =
+    Data.withObject
+      "EbsVolumesResult"
+      ( \x ->
+          EbsVolumesResult'
+            Prelude.<$> (x Data..:? "reason")
+            Prelude.<*> (x Data..:? "status")
+      )
+
+instance Prelude.Hashable EbsVolumesResult where
+  hashWithSalt _salt EbsVolumesResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` reason
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData EbsVolumesResult where
+  rnf EbsVolumesResult' {..} =
+    Prelude.rnf reason `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/Types/EcsClusterDetails.hs b/gen/Amazonka/GuardDuty/Types/EcsClusterDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/EcsClusterDetails.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.EcsClusterDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.EcsClusterDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.EcsTaskDetails
+import Amazonka.GuardDuty.Types.Tag
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the details of the ECS Cluster.
+--
+-- /See:/ 'newEcsClusterDetails' smart constructor.
+data EcsClusterDetails = EcsClusterDetails'
+  { -- | The number of services that are running on the cluster in an ACTIVE
+    -- state.
+    activeServicesCount :: Prelude.Maybe Prelude.Int,
+    -- | The Amazon Resource Name (ARN) that identifies the cluster.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the ECS Cluster.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The number of container instances registered into the cluster.
+    registeredContainerInstancesCount :: Prelude.Maybe Prelude.Int,
+    -- | The number of tasks in the cluster that are in the RUNNING state.
+    runningTasksCount :: Prelude.Maybe Prelude.Int,
+    -- | The status of the ECS cluster.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The tags of the ECS Cluster.
+    tags :: Prelude.Maybe [Tag],
+    -- | Contains information about the details of the ECS Task.
+    taskDetails :: Prelude.Maybe EcsTaskDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EcsClusterDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'activeServicesCount', 'ecsClusterDetails_activeServicesCount' - The number of services that are running on the cluster in an ACTIVE
+-- state.
+--
+-- 'arn', 'ecsClusterDetails_arn' - The Amazon Resource Name (ARN) that identifies the cluster.
+--
+-- 'name', 'ecsClusterDetails_name' - The name of the ECS Cluster.
+--
+-- 'registeredContainerInstancesCount', 'ecsClusterDetails_registeredContainerInstancesCount' - The number of container instances registered into the cluster.
+--
+-- 'runningTasksCount', 'ecsClusterDetails_runningTasksCount' - The number of tasks in the cluster that are in the RUNNING state.
+--
+-- 'status', 'ecsClusterDetails_status' - The status of the ECS cluster.
+--
+-- 'tags', 'ecsClusterDetails_tags' - The tags of the ECS Cluster.
+--
+-- 'taskDetails', 'ecsClusterDetails_taskDetails' - Contains information about the details of the ECS Task.
+newEcsClusterDetails ::
+  EcsClusterDetails
+newEcsClusterDetails =
+  EcsClusterDetails'
+    { activeServicesCount =
+        Prelude.Nothing,
+      arn = Prelude.Nothing,
+      name = Prelude.Nothing,
+      registeredContainerInstancesCount = Prelude.Nothing,
+      runningTasksCount = Prelude.Nothing,
+      status = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      taskDetails = Prelude.Nothing
+    }
+
+-- | The number of services that are running on the cluster in an ACTIVE
+-- state.
+ecsClusterDetails_activeServicesCount :: Lens.Lens' EcsClusterDetails (Prelude.Maybe Prelude.Int)
+ecsClusterDetails_activeServicesCount = Lens.lens (\EcsClusterDetails' {activeServicesCount} -> activeServicesCount) (\s@EcsClusterDetails' {} a -> s {activeServicesCount = a} :: EcsClusterDetails)
+
+-- | The Amazon Resource Name (ARN) that identifies the cluster.
+ecsClusterDetails_arn :: Lens.Lens' EcsClusterDetails (Prelude.Maybe Prelude.Text)
+ecsClusterDetails_arn = Lens.lens (\EcsClusterDetails' {arn} -> arn) (\s@EcsClusterDetails' {} a -> s {arn = a} :: EcsClusterDetails)
+
+-- | The name of the ECS Cluster.
+ecsClusterDetails_name :: Lens.Lens' EcsClusterDetails (Prelude.Maybe Prelude.Text)
+ecsClusterDetails_name = Lens.lens (\EcsClusterDetails' {name} -> name) (\s@EcsClusterDetails' {} a -> s {name = a} :: EcsClusterDetails)
+
+-- | The number of container instances registered into the cluster.
+ecsClusterDetails_registeredContainerInstancesCount :: Lens.Lens' EcsClusterDetails (Prelude.Maybe Prelude.Int)
+ecsClusterDetails_registeredContainerInstancesCount = Lens.lens (\EcsClusterDetails' {registeredContainerInstancesCount} -> registeredContainerInstancesCount) (\s@EcsClusterDetails' {} a -> s {registeredContainerInstancesCount = a} :: EcsClusterDetails)
+
+-- | The number of tasks in the cluster that are in the RUNNING state.
+ecsClusterDetails_runningTasksCount :: Lens.Lens' EcsClusterDetails (Prelude.Maybe Prelude.Int)
+ecsClusterDetails_runningTasksCount = Lens.lens (\EcsClusterDetails' {runningTasksCount} -> runningTasksCount) (\s@EcsClusterDetails' {} a -> s {runningTasksCount = a} :: EcsClusterDetails)
+
+-- | The status of the ECS cluster.
+ecsClusterDetails_status :: Lens.Lens' EcsClusterDetails (Prelude.Maybe Prelude.Text)
+ecsClusterDetails_status = Lens.lens (\EcsClusterDetails' {status} -> status) (\s@EcsClusterDetails' {} a -> s {status = a} :: EcsClusterDetails)
+
+-- | The tags of the ECS Cluster.
+ecsClusterDetails_tags :: Lens.Lens' EcsClusterDetails (Prelude.Maybe [Tag])
+ecsClusterDetails_tags = Lens.lens (\EcsClusterDetails' {tags} -> tags) (\s@EcsClusterDetails' {} a -> s {tags = a} :: EcsClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Contains information about the details of the ECS Task.
+ecsClusterDetails_taskDetails :: Lens.Lens' EcsClusterDetails (Prelude.Maybe EcsTaskDetails)
+ecsClusterDetails_taskDetails = Lens.lens (\EcsClusterDetails' {taskDetails} -> taskDetails) (\s@EcsClusterDetails' {} a -> s {taskDetails = a} :: EcsClusterDetails)
+
+instance Data.FromJSON EcsClusterDetails where
+  parseJSON =
+    Data.withObject
+      "EcsClusterDetails"
+      ( \x ->
+          EcsClusterDetails'
+            Prelude.<$> (x Data..:? "activeServicesCount")
+            Prelude.<*> (x Data..:? "arn")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "registeredContainerInstancesCount")
+            Prelude.<*> (x Data..:? "runningTasksCount")
+            Prelude.<*> (x Data..:? "status")
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "taskDetails")
+      )
+
+instance Prelude.Hashable EcsClusterDetails where
+  hashWithSalt _salt EcsClusterDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` activeServicesCount
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` registeredContainerInstancesCount
+      `Prelude.hashWithSalt` runningTasksCount
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` taskDetails
+
+instance Prelude.NFData EcsClusterDetails where
+  rnf EcsClusterDetails' {..} =
+    Prelude.rnf activeServicesCount
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf registeredContainerInstancesCount
+      `Prelude.seq` Prelude.rnf runningTasksCount
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf taskDetails
diff --git a/gen/Amazonka/GuardDuty/Types/EcsTaskDetails.hs b/gen/Amazonka/GuardDuty/Types/EcsTaskDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/EcsTaskDetails.hs
@@ -0,0 +1,183 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.EcsTaskDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.EcsTaskDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Container
+import Amazonka.GuardDuty.Types.Tag
+import Amazonka.GuardDuty.Types.Volume
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the task in an ECS cluster.
+--
+-- /See:/ 'newEcsTaskDetails' smart constructor.
+data EcsTaskDetails = EcsTaskDetails'
+  { -- | The Amazon Resource Name (ARN) of the task.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The containers that\'s associated with the task.
+    containers :: Prelude.Maybe [Container],
+    -- | The ARN of the task definition that creates the task.
+    definitionArn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the task group that\'s associated with the task.
+    group' :: Prelude.Maybe Prelude.Text,
+    -- | The Unix timestamp for the time when the task started.
+    startedAt :: Prelude.Maybe Data.POSIX,
+    -- | Contains the tag specified when a task is started.
+    startedBy :: Prelude.Maybe Prelude.Text,
+    -- | The tags of the ECS Task.
+    tags :: Prelude.Maybe [Tag],
+    -- | The Unix timestamp for the time when the task was created.
+    taskCreatedAt :: Prelude.Maybe Data.POSIX,
+    -- | The version counter for the task.
+    version :: Prelude.Maybe Prelude.Text,
+    -- | The list of data volume definitions for the task.
+    volumes :: Prelude.Maybe [Volume]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EcsTaskDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'ecsTaskDetails_arn' - The Amazon Resource Name (ARN) of the task.
+--
+-- 'containers', 'ecsTaskDetails_containers' - The containers that\'s associated with the task.
+--
+-- 'definitionArn', 'ecsTaskDetails_definitionArn' - The ARN of the task definition that creates the task.
+--
+-- 'group'', 'ecsTaskDetails_group' - The name of the task group that\'s associated with the task.
+--
+-- 'startedAt', 'ecsTaskDetails_startedAt' - The Unix timestamp for the time when the task started.
+--
+-- 'startedBy', 'ecsTaskDetails_startedBy' - Contains the tag specified when a task is started.
+--
+-- 'tags', 'ecsTaskDetails_tags' - The tags of the ECS Task.
+--
+-- 'taskCreatedAt', 'ecsTaskDetails_taskCreatedAt' - The Unix timestamp for the time when the task was created.
+--
+-- 'version', 'ecsTaskDetails_version' - The version counter for the task.
+--
+-- 'volumes', 'ecsTaskDetails_volumes' - The list of data volume definitions for the task.
+newEcsTaskDetails ::
+  EcsTaskDetails
+newEcsTaskDetails =
+  EcsTaskDetails'
+    { arn = Prelude.Nothing,
+      containers = Prelude.Nothing,
+      definitionArn = Prelude.Nothing,
+      group' = Prelude.Nothing,
+      startedAt = Prelude.Nothing,
+      startedBy = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      taskCreatedAt = Prelude.Nothing,
+      version = Prelude.Nothing,
+      volumes = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the task.
+ecsTaskDetails_arn :: Lens.Lens' EcsTaskDetails (Prelude.Maybe Prelude.Text)
+ecsTaskDetails_arn = Lens.lens (\EcsTaskDetails' {arn} -> arn) (\s@EcsTaskDetails' {} a -> s {arn = a} :: EcsTaskDetails)
+
+-- | The containers that\'s associated with the task.
+ecsTaskDetails_containers :: Lens.Lens' EcsTaskDetails (Prelude.Maybe [Container])
+ecsTaskDetails_containers = Lens.lens (\EcsTaskDetails' {containers} -> containers) (\s@EcsTaskDetails' {} a -> s {containers = a} :: EcsTaskDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN of the task definition that creates the task.
+ecsTaskDetails_definitionArn :: Lens.Lens' EcsTaskDetails (Prelude.Maybe Prelude.Text)
+ecsTaskDetails_definitionArn = Lens.lens (\EcsTaskDetails' {definitionArn} -> definitionArn) (\s@EcsTaskDetails' {} a -> s {definitionArn = a} :: EcsTaskDetails)
+
+-- | The name of the task group that\'s associated with the task.
+ecsTaskDetails_group :: Lens.Lens' EcsTaskDetails (Prelude.Maybe Prelude.Text)
+ecsTaskDetails_group = Lens.lens (\EcsTaskDetails' {group'} -> group') (\s@EcsTaskDetails' {} a -> s {group' = a} :: EcsTaskDetails)
+
+-- | The Unix timestamp for the time when the task started.
+ecsTaskDetails_startedAt :: Lens.Lens' EcsTaskDetails (Prelude.Maybe Prelude.UTCTime)
+ecsTaskDetails_startedAt = Lens.lens (\EcsTaskDetails' {startedAt} -> startedAt) (\s@EcsTaskDetails' {} a -> s {startedAt = a} :: EcsTaskDetails) Prelude.. Lens.mapping Data._Time
+
+-- | Contains the tag specified when a task is started.
+ecsTaskDetails_startedBy :: Lens.Lens' EcsTaskDetails (Prelude.Maybe Prelude.Text)
+ecsTaskDetails_startedBy = Lens.lens (\EcsTaskDetails' {startedBy} -> startedBy) (\s@EcsTaskDetails' {} a -> s {startedBy = a} :: EcsTaskDetails)
+
+-- | The tags of the ECS Task.
+ecsTaskDetails_tags :: Lens.Lens' EcsTaskDetails (Prelude.Maybe [Tag])
+ecsTaskDetails_tags = Lens.lens (\EcsTaskDetails' {tags} -> tags) (\s@EcsTaskDetails' {} a -> s {tags = a} :: EcsTaskDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Unix timestamp for the time when the task was created.
+ecsTaskDetails_taskCreatedAt :: Lens.Lens' EcsTaskDetails (Prelude.Maybe Prelude.UTCTime)
+ecsTaskDetails_taskCreatedAt = Lens.lens (\EcsTaskDetails' {taskCreatedAt} -> taskCreatedAt) (\s@EcsTaskDetails' {} a -> s {taskCreatedAt = a} :: EcsTaskDetails) Prelude.. Lens.mapping Data._Time
+
+-- | The version counter for the task.
+ecsTaskDetails_version :: Lens.Lens' EcsTaskDetails (Prelude.Maybe Prelude.Text)
+ecsTaskDetails_version = Lens.lens (\EcsTaskDetails' {version} -> version) (\s@EcsTaskDetails' {} a -> s {version = a} :: EcsTaskDetails)
+
+-- | The list of data volume definitions for the task.
+ecsTaskDetails_volumes :: Lens.Lens' EcsTaskDetails (Prelude.Maybe [Volume])
+ecsTaskDetails_volumes = Lens.lens (\EcsTaskDetails' {volumes} -> volumes) (\s@EcsTaskDetails' {} a -> s {volumes = a} :: EcsTaskDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON EcsTaskDetails where
+  parseJSON =
+    Data.withObject
+      "EcsTaskDetails"
+      ( \x ->
+          EcsTaskDetails'
+            Prelude.<$> (x Data..:? "arn")
+            Prelude.<*> (x Data..:? "containers" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "definitionArn")
+            Prelude.<*> (x Data..:? "group")
+            Prelude.<*> (x Data..:? "startedAt")
+            Prelude.<*> (x Data..:? "startedBy")
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "version")
+            Prelude.<*> (x Data..:? "volumes" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable EcsTaskDetails where
+  hashWithSalt _salt EcsTaskDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` containers
+      `Prelude.hashWithSalt` definitionArn
+      `Prelude.hashWithSalt` group'
+      `Prelude.hashWithSalt` startedAt
+      `Prelude.hashWithSalt` startedBy
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` taskCreatedAt
+      `Prelude.hashWithSalt` version
+      `Prelude.hashWithSalt` volumes
+
+instance Prelude.NFData EcsTaskDetails where
+  rnf EcsTaskDetails' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf containers
+      `Prelude.seq` Prelude.rnf definitionArn
+      `Prelude.seq` Prelude.rnf group'
+      `Prelude.seq` Prelude.rnf startedAt
+      `Prelude.seq` Prelude.rnf startedBy
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf taskCreatedAt
+      `Prelude.seq` Prelude.rnf version
+      `Prelude.seq` Prelude.rnf volumes
diff --git a/gen/Amazonka/GuardDuty/Types/EksClusterDetails.hs b/gen/Amazonka/GuardDuty/Types/EksClusterDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/EksClusterDetails.hs
@@ -0,0 +1,133 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.EksClusterDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.EksClusterDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Tag
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the EKS cluster involved in a Kubernetes finding.
+--
+-- /See:/ 'newEksClusterDetails' smart constructor.
+data EksClusterDetails = EksClusterDetails'
+  { -- | EKS cluster ARN.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The timestamp when the EKS cluster was created.
+    createdAt :: Prelude.Maybe Data.POSIX,
+    -- | EKS cluster name.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The EKS cluster status.
+    status :: Prelude.Maybe Prelude.Text,
+    -- | The EKS cluster tags.
+    tags :: Prelude.Maybe [Tag],
+    -- | The VPC ID to which the EKS cluster is attached.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EksClusterDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'eksClusterDetails_arn' - EKS cluster ARN.
+--
+-- 'createdAt', 'eksClusterDetails_createdAt' - The timestamp when the EKS cluster was created.
+--
+-- 'name', 'eksClusterDetails_name' - EKS cluster name.
+--
+-- 'status', 'eksClusterDetails_status' - The EKS cluster status.
+--
+-- 'tags', 'eksClusterDetails_tags' - The EKS cluster tags.
+--
+-- 'vpcId', 'eksClusterDetails_vpcId' - The VPC ID to which the EKS cluster is attached.
+newEksClusterDetails ::
+  EksClusterDetails
+newEksClusterDetails =
+  EksClusterDetails'
+    { arn = Prelude.Nothing,
+      createdAt = Prelude.Nothing,
+      name = Prelude.Nothing,
+      status = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | EKS cluster ARN.
+eksClusterDetails_arn :: Lens.Lens' EksClusterDetails (Prelude.Maybe Prelude.Text)
+eksClusterDetails_arn = Lens.lens (\EksClusterDetails' {arn} -> arn) (\s@EksClusterDetails' {} a -> s {arn = a} :: EksClusterDetails)
+
+-- | The timestamp when the EKS cluster was created.
+eksClusterDetails_createdAt :: Lens.Lens' EksClusterDetails (Prelude.Maybe Prelude.UTCTime)
+eksClusterDetails_createdAt = Lens.lens (\EksClusterDetails' {createdAt} -> createdAt) (\s@EksClusterDetails' {} a -> s {createdAt = a} :: EksClusterDetails) Prelude.. Lens.mapping Data._Time
+
+-- | EKS cluster name.
+eksClusterDetails_name :: Lens.Lens' EksClusterDetails (Prelude.Maybe Prelude.Text)
+eksClusterDetails_name = Lens.lens (\EksClusterDetails' {name} -> name) (\s@EksClusterDetails' {} a -> s {name = a} :: EksClusterDetails)
+
+-- | The EKS cluster status.
+eksClusterDetails_status :: Lens.Lens' EksClusterDetails (Prelude.Maybe Prelude.Text)
+eksClusterDetails_status = Lens.lens (\EksClusterDetails' {status} -> status) (\s@EksClusterDetails' {} a -> s {status = a} :: EksClusterDetails)
+
+-- | The EKS cluster tags.
+eksClusterDetails_tags :: Lens.Lens' EksClusterDetails (Prelude.Maybe [Tag])
+eksClusterDetails_tags = Lens.lens (\EksClusterDetails' {tags} -> tags) (\s@EksClusterDetails' {} a -> s {tags = a} :: EksClusterDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The VPC ID to which the EKS cluster is attached.
+eksClusterDetails_vpcId :: Lens.Lens' EksClusterDetails (Prelude.Maybe Prelude.Text)
+eksClusterDetails_vpcId = Lens.lens (\EksClusterDetails' {vpcId} -> vpcId) (\s@EksClusterDetails' {} a -> s {vpcId = a} :: EksClusterDetails)
+
+instance Data.FromJSON EksClusterDetails where
+  parseJSON =
+    Data.withObject
+      "EksClusterDetails"
+      ( \x ->
+          EksClusterDetails'
+            Prelude.<$> (x Data..:? "arn")
+            Prelude.<*> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "status")
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "vpcId")
+      )
+
+instance Prelude.Hashable EksClusterDetails where
+  hashWithSalt _salt EksClusterDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData EksClusterDetails where
+  rnf EksClusterDetails' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf vpcId
diff --git a/gen/Amazonka/GuardDuty/Types/Evidence.hs b/gen/Amazonka/GuardDuty/Types/Evidence.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Evidence.hs
@@ -0,0 +1,77 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Evidence
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Evidence where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ThreatIntelligenceDetail
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the reason that the finding was generated.
+--
+-- /See:/ 'newEvidence' smart constructor.
+data Evidence = Evidence'
+  { -- | A list of threat intelligence details related to the evidence.
+    threatIntelligenceDetails :: Prelude.Maybe [ThreatIntelligenceDetail]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Evidence' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'threatIntelligenceDetails', 'evidence_threatIntelligenceDetails' - A list of threat intelligence details related to the evidence.
+newEvidence ::
+  Evidence
+newEvidence =
+  Evidence'
+    { threatIntelligenceDetails =
+        Prelude.Nothing
+    }
+
+-- | A list of threat intelligence details related to the evidence.
+evidence_threatIntelligenceDetails :: Lens.Lens' Evidence (Prelude.Maybe [ThreatIntelligenceDetail])
+evidence_threatIntelligenceDetails = Lens.lens (\Evidence' {threatIntelligenceDetails} -> threatIntelligenceDetails) (\s@Evidence' {} a -> s {threatIntelligenceDetails = a} :: Evidence) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON Evidence where
+  parseJSON =
+    Data.withObject
+      "Evidence"
+      ( \x ->
+          Evidence'
+            Prelude.<$> ( x
+                            Data..:? "threatIntelligenceDetails"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable Evidence where
+  hashWithSalt _salt Evidence' {..} =
+    _salt
+      `Prelude.hashWithSalt` threatIntelligenceDetails
+
+instance Prelude.NFData Evidence where
+  rnf Evidence' {..} =
+    Prelude.rnf threatIntelligenceDetails
diff --git a/gen/Amazonka/GuardDuty/Types/Feedback.hs b/gen/Amazonka/GuardDuty/Types/Feedback.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Feedback.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Feedback
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Feedback
+  ( Feedback
+      ( ..,
+        Feedback_NOT_USEFUL,
+        Feedback_USEFUL
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Feedback = Feedback'
+  { fromFeedback ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Feedback_NOT_USEFUL :: Feedback
+pattern Feedback_NOT_USEFUL = Feedback' "NOT_USEFUL"
+
+pattern Feedback_USEFUL :: Feedback
+pattern Feedback_USEFUL = Feedback' "USEFUL"
+
+{-# COMPLETE
+  Feedback_NOT_USEFUL,
+  Feedback_USEFUL,
+  Feedback'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/FilterAction.hs b/gen/Amazonka/GuardDuty/Types/FilterAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FilterAction.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FilterAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FilterAction
+  ( FilterAction
+      ( ..,
+        FilterAction_ARCHIVE,
+        FilterAction_NOOP
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FilterAction = FilterAction'
+  { fromFilterAction ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FilterAction_ARCHIVE :: FilterAction
+pattern FilterAction_ARCHIVE = FilterAction' "ARCHIVE"
+
+pattern FilterAction_NOOP :: FilterAction
+pattern FilterAction_NOOP = FilterAction' "NOOP"
+
+{-# COMPLETE
+  FilterAction_ARCHIVE,
+  FilterAction_NOOP,
+  FilterAction'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/FilterCondition.hs b/gen/Amazonka/GuardDuty/Types/FilterCondition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FilterCondition.hs
@@ -0,0 +1,104 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FilterCondition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FilterCondition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the condition.
+--
+-- /See:/ 'newFilterCondition' smart constructor.
+data FilterCondition = FilterCondition'
+  { -- | Represents an /equal/ ____ condition to be applied to a single field
+    -- when querying for scan entries.
+    equalsValue :: Prelude.Maybe Prelude.Text,
+    -- | Represents a /greater than/ condition to be applied to a single field
+    -- when querying for scan entries.
+    greaterThan :: Prelude.Maybe Prelude.Integer,
+    -- | Represents a /less than/ condition to be applied to a single field when
+    -- querying for scan entries.
+    lessThan :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FilterCondition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'equalsValue', 'filterCondition_equalsValue' - Represents an /equal/ ____ condition to be applied to a single field
+-- when querying for scan entries.
+--
+-- 'greaterThan', 'filterCondition_greaterThan' - Represents a /greater than/ condition to be applied to a single field
+-- when querying for scan entries.
+--
+-- 'lessThan', 'filterCondition_lessThan' - Represents a /less than/ condition to be applied to a single field when
+-- querying for scan entries.
+newFilterCondition ::
+  FilterCondition
+newFilterCondition =
+  FilterCondition'
+    { equalsValue = Prelude.Nothing,
+      greaterThan = Prelude.Nothing,
+      lessThan = Prelude.Nothing
+    }
+
+-- | Represents an /equal/ ____ condition to be applied to a single field
+-- when querying for scan entries.
+filterCondition_equalsValue :: Lens.Lens' FilterCondition (Prelude.Maybe Prelude.Text)
+filterCondition_equalsValue = Lens.lens (\FilterCondition' {equalsValue} -> equalsValue) (\s@FilterCondition' {} a -> s {equalsValue = a} :: FilterCondition)
+
+-- | Represents a /greater than/ condition to be applied to a single field
+-- when querying for scan entries.
+filterCondition_greaterThan :: Lens.Lens' FilterCondition (Prelude.Maybe Prelude.Integer)
+filterCondition_greaterThan = Lens.lens (\FilterCondition' {greaterThan} -> greaterThan) (\s@FilterCondition' {} a -> s {greaterThan = a} :: FilterCondition)
+
+-- | Represents a /less than/ condition to be applied to a single field when
+-- querying for scan entries.
+filterCondition_lessThan :: Lens.Lens' FilterCondition (Prelude.Maybe Prelude.Integer)
+filterCondition_lessThan = Lens.lens (\FilterCondition' {lessThan} -> lessThan) (\s@FilterCondition' {} a -> s {lessThan = a} :: FilterCondition)
+
+instance Prelude.Hashable FilterCondition where
+  hashWithSalt _salt FilterCondition' {..} =
+    _salt
+      `Prelude.hashWithSalt` equalsValue
+      `Prelude.hashWithSalt` greaterThan
+      `Prelude.hashWithSalt` lessThan
+
+instance Prelude.NFData FilterCondition where
+  rnf FilterCondition' {..} =
+    Prelude.rnf equalsValue
+      `Prelude.seq` Prelude.rnf greaterThan
+      `Prelude.seq` Prelude.rnf lessThan
+
+instance Data.ToJSON FilterCondition where
+  toJSON FilterCondition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("equalsValue" Data..=) Prelude.<$> equalsValue,
+            ("greaterThan" Data..=) Prelude.<$> greaterThan,
+            ("lessThan" Data..=) Prelude.<$> lessThan
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/FilterCriteria.hs b/gen/Amazonka/GuardDuty/Types/FilterCriteria.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FilterCriteria.hs
@@ -0,0 +1,73 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FilterCriteria
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FilterCriteria where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.FilterCriterion
+import qualified Amazonka.Prelude as Prelude
+
+-- | Represents the criteria to be used in the filter for describing scan
+-- entries.
+--
+-- /See:/ 'newFilterCriteria' smart constructor.
+data FilterCriteria = FilterCriteria'
+  { -- | Represents a condition that when matched will be added to the response
+    -- of the operation.
+    filterCriterion :: Prelude.Maybe [FilterCriterion]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FilterCriteria' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filterCriterion', 'filterCriteria_filterCriterion' - Represents a condition that when matched will be added to the response
+-- of the operation.
+newFilterCriteria ::
+  FilterCriteria
+newFilterCriteria =
+  FilterCriteria' {filterCriterion = Prelude.Nothing}
+
+-- | Represents a condition that when matched will be added to the response
+-- of the operation.
+filterCriteria_filterCriterion :: Lens.Lens' FilterCriteria (Prelude.Maybe [FilterCriterion])
+filterCriteria_filterCriterion = Lens.lens (\FilterCriteria' {filterCriterion} -> filterCriterion) (\s@FilterCriteria' {} a -> s {filterCriterion = a} :: FilterCriteria) Prelude.. Lens.mapping Lens.coerced
+
+instance Prelude.Hashable FilterCriteria where
+  hashWithSalt _salt FilterCriteria' {..} =
+    _salt `Prelude.hashWithSalt` filterCriterion
+
+instance Prelude.NFData FilterCriteria where
+  rnf FilterCriteria' {..} = Prelude.rnf filterCriterion
+
+instance Data.ToJSON FilterCriteria where
+  toJSON FilterCriteria' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("filterCriterion" Data..=)
+              Prelude.<$> filterCriterion
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/FilterCriterion.hs b/gen/Amazonka/GuardDuty/Types/FilterCriterion.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FilterCriterion.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FilterCriterion
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FilterCriterion where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.CriterionKey
+import Amazonka.GuardDuty.Types.FilterCondition
+import qualified Amazonka.Prelude as Prelude
+
+-- | Represents a condition that when matched will be added to the response
+-- of the operation. Irrespective of using any filter criteria, an
+-- administrator account can view the scan entries for all of its member
+-- accounts. However, each member account can view the scan entries only
+-- for their own account.
+--
+-- /See:/ 'newFilterCriterion' smart constructor.
+data FilterCriterion = FilterCriterion'
+  { -- | An enum value representing possible scan properties to match with given
+    -- scan entries.
+    criterionKey :: Prelude.Maybe CriterionKey,
+    -- | Contains information about the condition.
+    filterCondition :: Prelude.Maybe FilterCondition
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FilterCriterion' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'criterionKey', 'filterCriterion_criterionKey' - An enum value representing possible scan properties to match with given
+-- scan entries.
+--
+-- 'filterCondition', 'filterCriterion_filterCondition' - Contains information about the condition.
+newFilterCriterion ::
+  FilterCriterion
+newFilterCriterion =
+  FilterCriterion'
+    { criterionKey = Prelude.Nothing,
+      filterCondition = Prelude.Nothing
+    }
+
+-- | An enum value representing possible scan properties to match with given
+-- scan entries.
+filterCriterion_criterionKey :: Lens.Lens' FilterCriterion (Prelude.Maybe CriterionKey)
+filterCriterion_criterionKey = Lens.lens (\FilterCriterion' {criterionKey} -> criterionKey) (\s@FilterCriterion' {} a -> s {criterionKey = a} :: FilterCriterion)
+
+-- | Contains information about the condition.
+filterCriterion_filterCondition :: Lens.Lens' FilterCriterion (Prelude.Maybe FilterCondition)
+filterCriterion_filterCondition = Lens.lens (\FilterCriterion' {filterCondition} -> filterCondition) (\s@FilterCriterion' {} a -> s {filterCondition = a} :: FilterCriterion)
+
+instance Prelude.Hashable FilterCriterion where
+  hashWithSalt _salt FilterCriterion' {..} =
+    _salt
+      `Prelude.hashWithSalt` criterionKey
+      `Prelude.hashWithSalt` filterCondition
+
+instance Prelude.NFData FilterCriterion where
+  rnf FilterCriterion' {..} =
+    Prelude.rnf criterionKey
+      `Prelude.seq` Prelude.rnf filterCondition
+
+instance Data.ToJSON FilterCriterion where
+  toJSON FilterCriterion' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("criterionKey" Data..=) Prelude.<$> criterionKey,
+            ("filterCondition" Data..=)
+              Prelude.<$> filterCondition
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/Finding.hs b/gen/Amazonka/GuardDuty/Types/Finding.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Finding.hs
@@ -0,0 +1,271 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Finding
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Finding where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Resource
+import Amazonka.GuardDuty.Types.ServiceInfo
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the finding, which is generated when abnormal
+-- or suspicious activity is detected.
+--
+-- /See:/ 'newFinding' smart constructor.
+data Finding = Finding'
+  { -- | The confidence score for the finding.
+    confidence :: Prelude.Maybe Prelude.Double,
+    -- | The description of the finding.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The partition associated with the finding.
+    partition :: Prelude.Maybe Prelude.Text,
+    service :: Prelude.Maybe ServiceInfo,
+    -- | The title of the finding.
+    title :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the account in which the finding was generated.
+    accountId :: Prelude.Text,
+    -- | The ARN of the finding.
+    arn :: Prelude.Text,
+    -- | The time and date when the finding was created.
+    createdAt :: Prelude.Text,
+    -- | The ID of the finding.
+    id :: Prelude.Text,
+    -- | The Region where the finding was generated.
+    region :: Prelude.Text,
+    resource :: Resource,
+    -- | The version of the schema used for the finding.
+    schemaVersion :: Prelude.Text,
+    -- | The severity of the finding.
+    severity :: Prelude.Double,
+    -- | The type of finding.
+    type' :: Prelude.Text,
+    -- | The time and date when the finding was last updated.
+    updatedAt :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Finding' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'confidence', 'finding_confidence' - The confidence score for the finding.
+--
+-- 'description', 'finding_description' - The description of the finding.
+--
+-- 'partition', 'finding_partition' - The partition associated with the finding.
+--
+-- 'service', 'finding_service' - Undocumented member.
+--
+-- 'title', 'finding_title' - The title of the finding.
+--
+-- 'accountId', 'finding_accountId' - The ID of the account in which the finding was generated.
+--
+-- 'arn', 'finding_arn' - The ARN of the finding.
+--
+-- 'createdAt', 'finding_createdAt' - The time and date when the finding was created.
+--
+-- 'id', 'finding_id' - The ID of the finding.
+--
+-- 'region', 'finding_region' - The Region where the finding was generated.
+--
+-- 'resource', 'finding_resource' - Undocumented member.
+--
+-- 'schemaVersion', 'finding_schemaVersion' - The version of the schema used for the finding.
+--
+-- 'severity', 'finding_severity' - The severity of the finding.
+--
+-- 'type'', 'finding_type' - The type of finding.
+--
+-- 'updatedAt', 'finding_updatedAt' - The time and date when the finding was last updated.
+newFinding ::
+  -- | 'accountId'
+  Prelude.Text ->
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'createdAt'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'region'
+  Prelude.Text ->
+  -- | 'resource'
+  Resource ->
+  -- | 'schemaVersion'
+  Prelude.Text ->
+  -- | 'severity'
+  Prelude.Double ->
+  -- | 'type''
+  Prelude.Text ->
+  -- | 'updatedAt'
+  Prelude.Text ->
+  Finding
+newFinding
+  pAccountId_
+  pArn_
+  pCreatedAt_
+  pId_
+  pRegion_
+  pResource_
+  pSchemaVersion_
+  pSeverity_
+  pType_
+  pUpdatedAt_ =
+    Finding'
+      { confidence = Prelude.Nothing,
+        description = Prelude.Nothing,
+        partition = Prelude.Nothing,
+        service = Prelude.Nothing,
+        title = Prelude.Nothing,
+        accountId = pAccountId_,
+        arn = pArn_,
+        createdAt = pCreatedAt_,
+        id = pId_,
+        region = pRegion_,
+        resource = pResource_,
+        schemaVersion = pSchemaVersion_,
+        severity = pSeverity_,
+        type' = pType_,
+        updatedAt = pUpdatedAt_
+      }
+
+-- | The confidence score for the finding.
+finding_confidence :: Lens.Lens' Finding (Prelude.Maybe Prelude.Double)
+finding_confidence = Lens.lens (\Finding' {confidence} -> confidence) (\s@Finding' {} a -> s {confidence = a} :: Finding)
+
+-- | The description of the finding.
+finding_description :: Lens.Lens' Finding (Prelude.Maybe Prelude.Text)
+finding_description = Lens.lens (\Finding' {description} -> description) (\s@Finding' {} a -> s {description = a} :: Finding)
+
+-- | The partition associated with the finding.
+finding_partition :: Lens.Lens' Finding (Prelude.Maybe Prelude.Text)
+finding_partition = Lens.lens (\Finding' {partition} -> partition) (\s@Finding' {} a -> s {partition = a} :: Finding)
+
+-- | Undocumented member.
+finding_service :: Lens.Lens' Finding (Prelude.Maybe ServiceInfo)
+finding_service = Lens.lens (\Finding' {service} -> service) (\s@Finding' {} a -> s {service = a} :: Finding)
+
+-- | The title of the finding.
+finding_title :: Lens.Lens' Finding (Prelude.Maybe Prelude.Text)
+finding_title = Lens.lens (\Finding' {title} -> title) (\s@Finding' {} a -> s {title = a} :: Finding)
+
+-- | The ID of the account in which the finding was generated.
+finding_accountId :: Lens.Lens' Finding Prelude.Text
+finding_accountId = Lens.lens (\Finding' {accountId} -> accountId) (\s@Finding' {} a -> s {accountId = a} :: Finding)
+
+-- | The ARN of the finding.
+finding_arn :: Lens.Lens' Finding Prelude.Text
+finding_arn = Lens.lens (\Finding' {arn} -> arn) (\s@Finding' {} a -> s {arn = a} :: Finding)
+
+-- | The time and date when the finding was created.
+finding_createdAt :: Lens.Lens' Finding Prelude.Text
+finding_createdAt = Lens.lens (\Finding' {createdAt} -> createdAt) (\s@Finding' {} a -> s {createdAt = a} :: Finding)
+
+-- | The ID of the finding.
+finding_id :: Lens.Lens' Finding Prelude.Text
+finding_id = Lens.lens (\Finding' {id} -> id) (\s@Finding' {} a -> s {id = a} :: Finding)
+
+-- | The Region where the finding was generated.
+finding_region :: Lens.Lens' Finding Prelude.Text
+finding_region = Lens.lens (\Finding' {region} -> region) (\s@Finding' {} a -> s {region = a} :: Finding)
+
+-- | Undocumented member.
+finding_resource :: Lens.Lens' Finding Resource
+finding_resource = Lens.lens (\Finding' {resource} -> resource) (\s@Finding' {} a -> s {resource = a} :: Finding)
+
+-- | The version of the schema used for the finding.
+finding_schemaVersion :: Lens.Lens' Finding Prelude.Text
+finding_schemaVersion = Lens.lens (\Finding' {schemaVersion} -> schemaVersion) (\s@Finding' {} a -> s {schemaVersion = a} :: Finding)
+
+-- | The severity of the finding.
+finding_severity :: Lens.Lens' Finding Prelude.Double
+finding_severity = Lens.lens (\Finding' {severity} -> severity) (\s@Finding' {} a -> s {severity = a} :: Finding)
+
+-- | The type of finding.
+finding_type :: Lens.Lens' Finding Prelude.Text
+finding_type = Lens.lens (\Finding' {type'} -> type') (\s@Finding' {} a -> s {type' = a} :: Finding)
+
+-- | The time and date when the finding was last updated.
+finding_updatedAt :: Lens.Lens' Finding Prelude.Text
+finding_updatedAt = Lens.lens (\Finding' {updatedAt} -> updatedAt) (\s@Finding' {} a -> s {updatedAt = a} :: Finding)
+
+instance Data.FromJSON Finding where
+  parseJSON =
+    Data.withObject
+      "Finding"
+      ( \x ->
+          Finding'
+            Prelude.<$> (x Data..:? "confidence")
+            Prelude.<*> (x Data..:? "description")
+            Prelude.<*> (x Data..:? "partition")
+            Prelude.<*> (x Data..:? "service")
+            Prelude.<*> (x Data..:? "title")
+            Prelude.<*> (x Data..: "accountId")
+            Prelude.<*> (x Data..: "arn")
+            Prelude.<*> (x Data..: "createdAt")
+            Prelude.<*> (x Data..: "id")
+            Prelude.<*> (x Data..: "region")
+            Prelude.<*> (x Data..: "resource")
+            Prelude.<*> (x Data..: "schemaVersion")
+            Prelude.<*> (x Data..: "severity")
+            Prelude.<*> (x Data..: "type")
+            Prelude.<*> (x Data..: "updatedAt")
+      )
+
+instance Prelude.Hashable Finding where
+  hashWithSalt _salt Finding' {..} =
+    _salt
+      `Prelude.hashWithSalt` confidence
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` partition
+      `Prelude.hashWithSalt` service
+      `Prelude.hashWithSalt` title
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` region
+      `Prelude.hashWithSalt` resource
+      `Prelude.hashWithSalt` schemaVersion
+      `Prelude.hashWithSalt` severity
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData Finding where
+  rnf Finding' {..} =
+    Prelude.rnf confidence
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf partition
+      `Prelude.seq` Prelude.rnf service
+      `Prelude.seq` Prelude.rnf title
+      `Prelude.seq` Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf region
+      `Prelude.seq` Prelude.rnf resource
+      `Prelude.seq` Prelude.rnf schemaVersion
+      `Prelude.seq` Prelude.rnf severity
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf updatedAt
diff --git a/gen/Amazonka/GuardDuty/Types/FindingCriteria.hs b/gen/Amazonka/GuardDuty/Types/FindingCriteria.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FindingCriteria.hs
@@ -0,0 +1,79 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FindingCriteria
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FindingCriteria where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Condition
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the criteria used for querying findings.
+--
+-- /See:/ 'newFindingCriteria' smart constructor.
+data FindingCriteria = FindingCriteria'
+  { -- | Represents a map of finding properties that match specified conditions
+    -- and values when querying findings.
+    criterion :: Prelude.Maybe (Prelude.HashMap Prelude.Text Condition)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingCriteria' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'criterion', 'findingCriteria_criterion' - Represents a map of finding properties that match specified conditions
+-- and values when querying findings.
+newFindingCriteria ::
+  FindingCriteria
+newFindingCriteria =
+  FindingCriteria' {criterion = Prelude.Nothing}
+
+-- | Represents a map of finding properties that match specified conditions
+-- and values when querying findings.
+findingCriteria_criterion :: Lens.Lens' FindingCriteria (Prelude.Maybe (Prelude.HashMap Prelude.Text Condition))
+findingCriteria_criterion = Lens.lens (\FindingCriteria' {criterion} -> criterion) (\s@FindingCriteria' {} a -> s {criterion = a} :: FindingCriteria) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON FindingCriteria where
+  parseJSON =
+    Data.withObject
+      "FindingCriteria"
+      ( \x ->
+          FindingCriteria'
+            Prelude.<$> (x Data..:? "criterion" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable FindingCriteria where
+  hashWithSalt _salt FindingCriteria' {..} =
+    _salt `Prelude.hashWithSalt` criterion
+
+instance Prelude.NFData FindingCriteria where
+  rnf FindingCriteria' {..} = Prelude.rnf criterion
+
+instance Data.ToJSON FindingCriteria where
+  toJSON FindingCriteria' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("criterion" Data..=) Prelude.<$> criterion]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/FindingPublishingFrequency.hs b/gen/Amazonka/GuardDuty/Types/FindingPublishingFrequency.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FindingPublishingFrequency.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FindingPublishingFrequency
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FindingPublishingFrequency
+  ( FindingPublishingFrequency
+      ( ..,
+        FindingPublishingFrequency_FIFTEEN_MINUTES,
+        FindingPublishingFrequency_ONE_HOUR,
+        FindingPublishingFrequency_SIX_HOURS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FindingPublishingFrequency = FindingPublishingFrequency'
+  { fromFindingPublishingFrequency ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FindingPublishingFrequency_FIFTEEN_MINUTES :: FindingPublishingFrequency
+pattern FindingPublishingFrequency_FIFTEEN_MINUTES = FindingPublishingFrequency' "FIFTEEN_MINUTES"
+
+pattern FindingPublishingFrequency_ONE_HOUR :: FindingPublishingFrequency
+pattern FindingPublishingFrequency_ONE_HOUR = FindingPublishingFrequency' "ONE_HOUR"
+
+pattern FindingPublishingFrequency_SIX_HOURS :: FindingPublishingFrequency
+pattern FindingPublishingFrequency_SIX_HOURS = FindingPublishingFrequency' "SIX_HOURS"
+
+{-# COMPLETE
+  FindingPublishingFrequency_FIFTEEN_MINUTES,
+  FindingPublishingFrequency_ONE_HOUR,
+  FindingPublishingFrequency_SIX_HOURS,
+  FindingPublishingFrequency'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/FindingStatisticType.hs b/gen/Amazonka/GuardDuty/Types/FindingStatisticType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FindingStatisticType.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FindingStatisticType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FindingStatisticType
+  ( FindingStatisticType
+      ( ..,
+        FindingStatisticType_COUNT_BY_SEVERITY
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FindingStatisticType = FindingStatisticType'
+  { fromFindingStatisticType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FindingStatisticType_COUNT_BY_SEVERITY :: FindingStatisticType
+pattern FindingStatisticType_COUNT_BY_SEVERITY = FindingStatisticType' "COUNT_BY_SEVERITY"
+
+{-# COMPLETE
+  FindingStatisticType_COUNT_BY_SEVERITY,
+  FindingStatisticType'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/FindingStatistics.hs b/gen/Amazonka/GuardDuty/Types/FindingStatistics.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FindingStatistics.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FindingStatistics
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FindingStatistics where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about finding statistics.
+--
+-- /See:/ 'newFindingStatistics' smart constructor.
+data FindingStatistics = FindingStatistics'
+  { -- | Represents a map of severity to count statistics for a set of findings.
+    countBySeverity :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Int)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FindingStatistics' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'countBySeverity', 'findingStatistics_countBySeverity' - Represents a map of severity to count statistics for a set of findings.
+newFindingStatistics ::
+  FindingStatistics
+newFindingStatistics =
+  FindingStatistics'
+    { countBySeverity =
+        Prelude.Nothing
+    }
+
+-- | Represents a map of severity to count statistics for a set of findings.
+findingStatistics_countBySeverity :: Lens.Lens' FindingStatistics (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Int))
+findingStatistics_countBySeverity = Lens.lens (\FindingStatistics' {countBySeverity} -> countBySeverity) (\s@FindingStatistics' {} a -> s {countBySeverity = a} :: FindingStatistics) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON FindingStatistics where
+  parseJSON =
+    Data.withObject
+      "FindingStatistics"
+      ( \x ->
+          FindingStatistics'
+            Prelude.<$> ( x
+                            Data..:? "countBySeverity"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable FindingStatistics where
+  hashWithSalt _salt FindingStatistics' {..} =
+    _salt `Prelude.hashWithSalt` countBySeverity
+
+instance Prelude.NFData FindingStatistics where
+  rnf FindingStatistics' {..} =
+    Prelude.rnf countBySeverity
diff --git a/gen/Amazonka/GuardDuty/Types/FlowLogsConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/FlowLogsConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/FlowLogsConfigurationResult.hs
@@ -0,0 +1,72 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.FlowLogsConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.FlowLogsConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the status of VPC flow logs as a data source.
+--
+-- /See:/ 'newFlowLogsConfigurationResult' smart constructor.
+data FlowLogsConfigurationResult = FlowLogsConfigurationResult'
+  { -- | Denotes whether VPC flow logs is enabled as a data source.
+    status :: DataSourceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FlowLogsConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'flowLogsConfigurationResult_status' - Denotes whether VPC flow logs is enabled as a data source.
+newFlowLogsConfigurationResult ::
+  -- | 'status'
+  DataSourceStatus ->
+  FlowLogsConfigurationResult
+newFlowLogsConfigurationResult pStatus_ =
+  FlowLogsConfigurationResult' {status = pStatus_}
+
+-- | Denotes whether VPC flow logs is enabled as a data source.
+flowLogsConfigurationResult_status :: Lens.Lens' FlowLogsConfigurationResult DataSourceStatus
+flowLogsConfigurationResult_status = Lens.lens (\FlowLogsConfigurationResult' {status} -> status) (\s@FlowLogsConfigurationResult' {} a -> s {status = a} :: FlowLogsConfigurationResult)
+
+instance Data.FromJSON FlowLogsConfigurationResult where
+  parseJSON =
+    Data.withObject
+      "FlowLogsConfigurationResult"
+      ( \x ->
+          FlowLogsConfigurationResult'
+            Prelude.<$> (x Data..: "status")
+      )
+
+instance Prelude.Hashable FlowLogsConfigurationResult where
+  hashWithSalt _salt FlowLogsConfigurationResult' {..} =
+    _salt `Prelude.hashWithSalt` status
+
+instance Prelude.NFData FlowLogsConfigurationResult where
+  rnf FlowLogsConfigurationResult' {..} =
+    Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/Types/GeoLocation.hs b/gen/Amazonka/GuardDuty/Types/GeoLocation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/GeoLocation.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.GeoLocation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.GeoLocation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the location of the remote IP address.
+--
+-- /See:/ 'newGeoLocation' smart constructor.
+data GeoLocation = GeoLocation'
+  { -- | The latitude information of the remote IP address.
+    lat :: Prelude.Maybe Prelude.Double,
+    -- | The longitude information of the remote IP address.
+    lon :: Prelude.Maybe Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GeoLocation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lat', 'geoLocation_lat' - The latitude information of the remote IP address.
+--
+-- 'lon', 'geoLocation_lon' - The longitude information of the remote IP address.
+newGeoLocation ::
+  GeoLocation
+newGeoLocation =
+  GeoLocation'
+    { lat = Prelude.Nothing,
+      lon = Prelude.Nothing
+    }
+
+-- | The latitude information of the remote IP address.
+geoLocation_lat :: Lens.Lens' GeoLocation (Prelude.Maybe Prelude.Double)
+geoLocation_lat = Lens.lens (\GeoLocation' {lat} -> lat) (\s@GeoLocation' {} a -> s {lat = a} :: GeoLocation)
+
+-- | The longitude information of the remote IP address.
+geoLocation_lon :: Lens.Lens' GeoLocation (Prelude.Maybe Prelude.Double)
+geoLocation_lon = Lens.lens (\GeoLocation' {lon} -> lon) (\s@GeoLocation' {} a -> s {lon = a} :: GeoLocation)
+
+instance Data.FromJSON GeoLocation where
+  parseJSON =
+    Data.withObject
+      "GeoLocation"
+      ( \x ->
+          GeoLocation'
+            Prelude.<$> (x Data..:? "lat")
+            Prelude.<*> (x Data..:? "lon")
+      )
+
+instance Prelude.Hashable GeoLocation where
+  hashWithSalt _salt GeoLocation' {..} =
+    _salt
+      `Prelude.hashWithSalt` lat
+      `Prelude.hashWithSalt` lon
+
+instance Prelude.NFData GeoLocation where
+  rnf GeoLocation' {..} =
+    Prelude.rnf lat `Prelude.seq` Prelude.rnf lon
diff --git a/gen/Amazonka/GuardDuty/Types/HighestSeverityThreatDetails.hs b/gen/Amazonka/GuardDuty/Types/HighestSeverityThreatDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/HighestSeverityThreatDetails.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.HighestSeverityThreatDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.HighestSeverityThreatDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details of the highest severity threat detected during scan and
+-- number of infected files.
+--
+-- /See:/ 'newHighestSeverityThreatDetails' smart constructor.
+data HighestSeverityThreatDetails = HighestSeverityThreatDetails'
+  { -- | Total number of infected files with the highest severity threat
+    -- detected.
+    count :: Prelude.Maybe Prelude.Int,
+    -- | Severity level of the highest severity threat detected.
+    severity :: Prelude.Maybe Prelude.Text,
+    -- | Threat name of the highest severity threat detected as part of the
+    -- malware scan.
+    threatName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'HighestSeverityThreatDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'count', 'highestSeverityThreatDetails_count' - Total number of infected files with the highest severity threat
+-- detected.
+--
+-- 'severity', 'highestSeverityThreatDetails_severity' - Severity level of the highest severity threat detected.
+--
+-- 'threatName', 'highestSeverityThreatDetails_threatName' - Threat name of the highest severity threat detected as part of the
+-- malware scan.
+newHighestSeverityThreatDetails ::
+  HighestSeverityThreatDetails
+newHighestSeverityThreatDetails =
+  HighestSeverityThreatDetails'
+    { count =
+        Prelude.Nothing,
+      severity = Prelude.Nothing,
+      threatName = Prelude.Nothing
+    }
+
+-- | Total number of infected files with the highest severity threat
+-- detected.
+highestSeverityThreatDetails_count :: Lens.Lens' HighestSeverityThreatDetails (Prelude.Maybe Prelude.Int)
+highestSeverityThreatDetails_count = Lens.lens (\HighestSeverityThreatDetails' {count} -> count) (\s@HighestSeverityThreatDetails' {} a -> s {count = a} :: HighestSeverityThreatDetails)
+
+-- | Severity level of the highest severity threat detected.
+highestSeverityThreatDetails_severity :: Lens.Lens' HighestSeverityThreatDetails (Prelude.Maybe Prelude.Text)
+highestSeverityThreatDetails_severity = Lens.lens (\HighestSeverityThreatDetails' {severity} -> severity) (\s@HighestSeverityThreatDetails' {} a -> s {severity = a} :: HighestSeverityThreatDetails)
+
+-- | Threat name of the highest severity threat detected as part of the
+-- malware scan.
+highestSeverityThreatDetails_threatName :: Lens.Lens' HighestSeverityThreatDetails (Prelude.Maybe Prelude.Text)
+highestSeverityThreatDetails_threatName = Lens.lens (\HighestSeverityThreatDetails' {threatName} -> threatName) (\s@HighestSeverityThreatDetails' {} a -> s {threatName = a} :: HighestSeverityThreatDetails)
+
+instance Data.FromJSON HighestSeverityThreatDetails where
+  parseJSON =
+    Data.withObject
+      "HighestSeverityThreatDetails"
+      ( \x ->
+          HighestSeverityThreatDetails'
+            Prelude.<$> (x Data..:? "count")
+            Prelude.<*> (x Data..:? "severity")
+            Prelude.<*> (x Data..:? "threatName")
+      )
+
+instance
+  Prelude.Hashable
+    HighestSeverityThreatDetails
+  where
+  hashWithSalt _salt HighestSeverityThreatDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` count
+      `Prelude.hashWithSalt` severity
+      `Prelude.hashWithSalt` threatName
+
+instance Prelude.NFData HighestSeverityThreatDetails where
+  rnf HighestSeverityThreatDetails' {..} =
+    Prelude.rnf count
+      `Prelude.seq` Prelude.rnf severity
+      `Prelude.seq` Prelude.rnf threatName
diff --git a/gen/Amazonka/GuardDuty/Types/HostPath.hs b/gen/Amazonka/GuardDuty/Types/HostPath.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/HostPath.hs
@@ -0,0 +1,65 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.HostPath
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.HostPath where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Represents a pre-existing file or directory on the host machine that the
+-- volume maps to.
+--
+-- /See:/ 'newHostPath' smart constructor.
+data HostPath = HostPath'
+  { -- | Path of the file or directory on the host that the volume maps to.
+    path :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'HostPath' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'path', 'hostPath_path' - Path of the file or directory on the host that the volume maps to.
+newHostPath ::
+  HostPath
+newHostPath = HostPath' {path = Prelude.Nothing}
+
+-- | Path of the file or directory on the host that the volume maps to.
+hostPath_path :: Lens.Lens' HostPath (Prelude.Maybe Prelude.Text)
+hostPath_path = Lens.lens (\HostPath' {path} -> path) (\s@HostPath' {} a -> s {path = a} :: HostPath)
+
+instance Data.FromJSON HostPath where
+  parseJSON =
+    Data.withObject
+      "HostPath"
+      (\x -> HostPath' Prelude.<$> (x Data..:? "path"))
+
+instance Prelude.Hashable HostPath where
+  hashWithSalt _salt HostPath' {..} =
+    _salt `Prelude.hashWithSalt` path
+
+instance Prelude.NFData HostPath where
+  rnf HostPath' {..} = Prelude.rnf path
diff --git a/gen/Amazonka/GuardDuty/Types/IamInstanceProfile.hs b/gen/Amazonka/GuardDuty/Types/IamInstanceProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/IamInstanceProfile.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.IamInstanceProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.IamInstanceProfile where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the EC2 instance profile.
+--
+-- /See:/ 'newIamInstanceProfile' smart constructor.
+data IamInstanceProfile = IamInstanceProfile'
+  { -- | The profile ARN of the EC2 instance.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The profile ID of the EC2 instance.
+    id :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IamInstanceProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'iamInstanceProfile_arn' - The profile ARN of the EC2 instance.
+--
+-- 'id', 'iamInstanceProfile_id' - The profile ID of the EC2 instance.
+newIamInstanceProfile ::
+  IamInstanceProfile
+newIamInstanceProfile =
+  IamInstanceProfile'
+    { arn = Prelude.Nothing,
+      id = Prelude.Nothing
+    }
+
+-- | The profile ARN of the EC2 instance.
+iamInstanceProfile_arn :: Lens.Lens' IamInstanceProfile (Prelude.Maybe Prelude.Text)
+iamInstanceProfile_arn = Lens.lens (\IamInstanceProfile' {arn} -> arn) (\s@IamInstanceProfile' {} a -> s {arn = a} :: IamInstanceProfile)
+
+-- | The profile ID of the EC2 instance.
+iamInstanceProfile_id :: Lens.Lens' IamInstanceProfile (Prelude.Maybe Prelude.Text)
+iamInstanceProfile_id = Lens.lens (\IamInstanceProfile' {id} -> id) (\s@IamInstanceProfile' {} a -> s {id = a} :: IamInstanceProfile)
+
+instance Data.FromJSON IamInstanceProfile where
+  parseJSON =
+    Data.withObject
+      "IamInstanceProfile"
+      ( \x ->
+          IamInstanceProfile'
+            Prelude.<$> (x Data..:? "arn")
+            Prelude.<*> (x Data..:? "id")
+      )
+
+instance Prelude.Hashable IamInstanceProfile where
+  hashWithSalt _salt IamInstanceProfile' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData IamInstanceProfile where
+  rnf IamInstanceProfile' {..} =
+    Prelude.rnf arn `Prelude.seq` Prelude.rnf id
diff --git a/gen/Amazonka/GuardDuty/Types/InstanceDetails.hs b/gen/Amazonka/GuardDuty/Types/InstanceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/InstanceDetails.hs
@@ -0,0 +1,227 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.InstanceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.InstanceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.IamInstanceProfile
+import Amazonka.GuardDuty.Types.NetworkInterface
+import Amazonka.GuardDuty.Types.ProductCode
+import Amazonka.GuardDuty.Types.Tag
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the details of an instance.
+--
+-- /See:/ 'newInstanceDetails' smart constructor.
+data InstanceDetails = InstanceDetails'
+  { -- | The Availability Zone of the EC2 instance.
+    availabilityZone :: Prelude.Maybe Prelude.Text,
+    -- | The profile information of the EC2 instance.
+    iamInstanceProfile :: Prelude.Maybe IamInstanceProfile,
+    -- | The image description of the EC2 instance.
+    imageDescription :: Prelude.Maybe Prelude.Text,
+    -- | The image ID of the EC2 instance.
+    imageId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the EC2 instance.
+    instanceId :: Prelude.Maybe Prelude.Text,
+    -- | The state of the EC2 instance.
+    instanceState :: Prelude.Maybe Prelude.Text,
+    -- | The type of the EC2 instance.
+    instanceType :: Prelude.Maybe Prelude.Text,
+    -- | The launch time of the EC2 instance.
+    launchTime :: Prelude.Maybe Prelude.Text,
+    -- | The elastic network interface information of the EC2 instance.
+    networkInterfaces :: Prelude.Maybe [NetworkInterface],
+    -- | The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only
+    -- applicable to Amazon Web Services Outposts instances.
+    outpostArn :: Prelude.Maybe Prelude.Text,
+    -- | The platform of the EC2 instance.
+    platform :: Prelude.Maybe Prelude.Text,
+    -- | The product code of the EC2 instance.
+    productCodes :: Prelude.Maybe [ProductCode],
+    -- | The tags of the EC2 instance.
+    tags :: Prelude.Maybe [Tag]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InstanceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availabilityZone', 'instanceDetails_availabilityZone' - The Availability Zone of the EC2 instance.
+--
+-- 'iamInstanceProfile', 'instanceDetails_iamInstanceProfile' - The profile information of the EC2 instance.
+--
+-- 'imageDescription', 'instanceDetails_imageDescription' - The image description of the EC2 instance.
+--
+-- 'imageId', 'instanceDetails_imageId' - The image ID of the EC2 instance.
+--
+-- 'instanceId', 'instanceDetails_instanceId' - The ID of the EC2 instance.
+--
+-- 'instanceState', 'instanceDetails_instanceState' - The state of the EC2 instance.
+--
+-- 'instanceType', 'instanceDetails_instanceType' - The type of the EC2 instance.
+--
+-- 'launchTime', 'instanceDetails_launchTime' - The launch time of the EC2 instance.
+--
+-- 'networkInterfaces', 'instanceDetails_networkInterfaces' - The elastic network interface information of the EC2 instance.
+--
+-- 'outpostArn', 'instanceDetails_outpostArn' - The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only
+-- applicable to Amazon Web Services Outposts instances.
+--
+-- 'platform', 'instanceDetails_platform' - The platform of the EC2 instance.
+--
+-- 'productCodes', 'instanceDetails_productCodes' - The product code of the EC2 instance.
+--
+-- 'tags', 'instanceDetails_tags' - The tags of the EC2 instance.
+newInstanceDetails ::
+  InstanceDetails
+newInstanceDetails =
+  InstanceDetails'
+    { availabilityZone =
+        Prelude.Nothing,
+      iamInstanceProfile = Prelude.Nothing,
+      imageDescription = Prelude.Nothing,
+      imageId = Prelude.Nothing,
+      instanceId = Prelude.Nothing,
+      instanceState = Prelude.Nothing,
+      instanceType = Prelude.Nothing,
+      launchTime = Prelude.Nothing,
+      networkInterfaces = Prelude.Nothing,
+      outpostArn = Prelude.Nothing,
+      platform = Prelude.Nothing,
+      productCodes = Prelude.Nothing,
+      tags = Prelude.Nothing
+    }
+
+-- | The Availability Zone of the EC2 instance.
+instanceDetails_availabilityZone :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_availabilityZone = Lens.lens (\InstanceDetails' {availabilityZone} -> availabilityZone) (\s@InstanceDetails' {} a -> s {availabilityZone = a} :: InstanceDetails)
+
+-- | The profile information of the EC2 instance.
+instanceDetails_iamInstanceProfile :: Lens.Lens' InstanceDetails (Prelude.Maybe IamInstanceProfile)
+instanceDetails_iamInstanceProfile = Lens.lens (\InstanceDetails' {iamInstanceProfile} -> iamInstanceProfile) (\s@InstanceDetails' {} a -> s {iamInstanceProfile = a} :: InstanceDetails)
+
+-- | The image description of the EC2 instance.
+instanceDetails_imageDescription :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_imageDescription = Lens.lens (\InstanceDetails' {imageDescription} -> imageDescription) (\s@InstanceDetails' {} a -> s {imageDescription = a} :: InstanceDetails)
+
+-- | The image ID of the EC2 instance.
+instanceDetails_imageId :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_imageId = Lens.lens (\InstanceDetails' {imageId} -> imageId) (\s@InstanceDetails' {} a -> s {imageId = a} :: InstanceDetails)
+
+-- | The ID of the EC2 instance.
+instanceDetails_instanceId :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_instanceId = Lens.lens (\InstanceDetails' {instanceId} -> instanceId) (\s@InstanceDetails' {} a -> s {instanceId = a} :: InstanceDetails)
+
+-- | The state of the EC2 instance.
+instanceDetails_instanceState :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_instanceState = Lens.lens (\InstanceDetails' {instanceState} -> instanceState) (\s@InstanceDetails' {} a -> s {instanceState = a} :: InstanceDetails)
+
+-- | The type of the EC2 instance.
+instanceDetails_instanceType :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_instanceType = Lens.lens (\InstanceDetails' {instanceType} -> instanceType) (\s@InstanceDetails' {} a -> s {instanceType = a} :: InstanceDetails)
+
+-- | The launch time of the EC2 instance.
+instanceDetails_launchTime :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_launchTime = Lens.lens (\InstanceDetails' {launchTime} -> launchTime) (\s@InstanceDetails' {} a -> s {launchTime = a} :: InstanceDetails)
+
+-- | The elastic network interface information of the EC2 instance.
+instanceDetails_networkInterfaces :: Lens.Lens' InstanceDetails (Prelude.Maybe [NetworkInterface])
+instanceDetails_networkInterfaces = Lens.lens (\InstanceDetails' {networkInterfaces} -> networkInterfaces) (\s@InstanceDetails' {} a -> s {networkInterfaces = a} :: InstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only
+-- applicable to Amazon Web Services Outposts instances.
+instanceDetails_outpostArn :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_outpostArn = Lens.lens (\InstanceDetails' {outpostArn} -> outpostArn) (\s@InstanceDetails' {} a -> s {outpostArn = a} :: InstanceDetails)
+
+-- | The platform of the EC2 instance.
+instanceDetails_platform :: Lens.Lens' InstanceDetails (Prelude.Maybe Prelude.Text)
+instanceDetails_platform = Lens.lens (\InstanceDetails' {platform} -> platform) (\s@InstanceDetails' {} a -> s {platform = a} :: InstanceDetails)
+
+-- | The product code of the EC2 instance.
+instanceDetails_productCodes :: Lens.Lens' InstanceDetails (Prelude.Maybe [ProductCode])
+instanceDetails_productCodes = Lens.lens (\InstanceDetails' {productCodes} -> productCodes) (\s@InstanceDetails' {} a -> s {productCodes = a} :: InstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The tags of the EC2 instance.
+instanceDetails_tags :: Lens.Lens' InstanceDetails (Prelude.Maybe [Tag])
+instanceDetails_tags = Lens.lens (\InstanceDetails' {tags} -> tags) (\s@InstanceDetails' {} a -> s {tags = a} :: InstanceDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON InstanceDetails where
+  parseJSON =
+    Data.withObject
+      "InstanceDetails"
+      ( \x ->
+          InstanceDetails'
+            Prelude.<$> (x Data..:? "availabilityZone")
+            Prelude.<*> (x Data..:? "iamInstanceProfile")
+            Prelude.<*> (x Data..:? "imageDescription")
+            Prelude.<*> (x Data..:? "imageId")
+            Prelude.<*> (x Data..:? "instanceId")
+            Prelude.<*> (x Data..:? "instanceState")
+            Prelude.<*> (x Data..:? "instanceType")
+            Prelude.<*> (x Data..:? "launchTime")
+            Prelude.<*> ( x
+                            Data..:? "networkInterfaces"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "outpostArn")
+            Prelude.<*> (x Data..:? "platform")
+            Prelude.<*> (x Data..:? "productCodes" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable InstanceDetails where
+  hashWithSalt _salt InstanceDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` availabilityZone
+      `Prelude.hashWithSalt` iamInstanceProfile
+      `Prelude.hashWithSalt` imageDescription
+      `Prelude.hashWithSalt` imageId
+      `Prelude.hashWithSalt` instanceId
+      `Prelude.hashWithSalt` instanceState
+      `Prelude.hashWithSalt` instanceType
+      `Prelude.hashWithSalt` launchTime
+      `Prelude.hashWithSalt` networkInterfaces
+      `Prelude.hashWithSalt` outpostArn
+      `Prelude.hashWithSalt` platform
+      `Prelude.hashWithSalt` productCodes
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData InstanceDetails where
+  rnf InstanceDetails' {..} =
+    Prelude.rnf availabilityZone
+      `Prelude.seq` Prelude.rnf iamInstanceProfile
+      `Prelude.seq` Prelude.rnf imageDescription
+      `Prelude.seq` Prelude.rnf imageId
+      `Prelude.seq` Prelude.rnf instanceId
+      `Prelude.seq` Prelude.rnf instanceState
+      `Prelude.seq` Prelude.rnf instanceType
+      `Prelude.seq` Prelude.rnf launchTime
+      `Prelude.seq` Prelude.rnf networkInterfaces
+      `Prelude.seq` Prelude.rnf outpostArn
+      `Prelude.seq` Prelude.rnf platform
+      `Prelude.seq` Prelude.rnf productCodes
+      `Prelude.seq` Prelude.rnf tags
diff --git a/gen/Amazonka/GuardDuty/Types/Invitation.hs b/gen/Amazonka/GuardDuty/Types/Invitation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Invitation.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Invitation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Invitation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the invitation to become a member account.
+--
+-- /See:/ 'newInvitation' smart constructor.
+data Invitation = Invitation'
+  { -- | The ID of the account that the invitation was sent from.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the invitation. This value is used to validate the inviter
+    -- account to the member account.
+    invitationId :: Prelude.Maybe Prelude.Text,
+    -- | The timestamp when the invitation was sent.
+    invitedAt :: Prelude.Maybe Prelude.Text,
+    -- | The status of the relationship between the inviter and invitee accounts.
+    relationshipStatus :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Invitation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'invitation_accountId' - The ID of the account that the invitation was sent from.
+--
+-- 'invitationId', 'invitation_invitationId' - The ID of the invitation. This value is used to validate the inviter
+-- account to the member account.
+--
+-- 'invitedAt', 'invitation_invitedAt' - The timestamp when the invitation was sent.
+--
+-- 'relationshipStatus', 'invitation_relationshipStatus' - The status of the relationship between the inviter and invitee accounts.
+newInvitation ::
+  Invitation
+newInvitation =
+  Invitation'
+    { accountId = Prelude.Nothing,
+      invitationId = Prelude.Nothing,
+      invitedAt = Prelude.Nothing,
+      relationshipStatus = Prelude.Nothing
+    }
+
+-- | The ID of the account that the invitation was sent from.
+invitation_accountId :: Lens.Lens' Invitation (Prelude.Maybe Prelude.Text)
+invitation_accountId = Lens.lens (\Invitation' {accountId} -> accountId) (\s@Invitation' {} a -> s {accountId = a} :: Invitation)
+
+-- | The ID of the invitation. This value is used to validate the inviter
+-- account to the member account.
+invitation_invitationId :: Lens.Lens' Invitation (Prelude.Maybe Prelude.Text)
+invitation_invitationId = Lens.lens (\Invitation' {invitationId} -> invitationId) (\s@Invitation' {} a -> s {invitationId = a} :: Invitation)
+
+-- | The timestamp when the invitation was sent.
+invitation_invitedAt :: Lens.Lens' Invitation (Prelude.Maybe Prelude.Text)
+invitation_invitedAt = Lens.lens (\Invitation' {invitedAt} -> invitedAt) (\s@Invitation' {} a -> s {invitedAt = a} :: Invitation)
+
+-- | The status of the relationship between the inviter and invitee accounts.
+invitation_relationshipStatus :: Lens.Lens' Invitation (Prelude.Maybe Prelude.Text)
+invitation_relationshipStatus = Lens.lens (\Invitation' {relationshipStatus} -> relationshipStatus) (\s@Invitation' {} a -> s {relationshipStatus = a} :: Invitation)
+
+instance Data.FromJSON Invitation where
+  parseJSON =
+    Data.withObject
+      "Invitation"
+      ( \x ->
+          Invitation'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "invitationId")
+            Prelude.<*> (x Data..:? "invitedAt")
+            Prelude.<*> (x Data..:? "relationshipStatus")
+      )
+
+instance Prelude.Hashable Invitation where
+  hashWithSalt _salt Invitation' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` invitationId
+      `Prelude.hashWithSalt` invitedAt
+      `Prelude.hashWithSalt` relationshipStatus
+
+instance Prelude.NFData Invitation where
+  rnf Invitation' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf invitationId
+      `Prelude.seq` Prelude.rnf invitedAt
+      `Prelude.seq` Prelude.rnf relationshipStatus
diff --git a/gen/Amazonka/GuardDuty/Types/IpSetFormat.hs b/gen/Amazonka/GuardDuty/Types/IpSetFormat.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/IpSetFormat.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.IpSetFormat
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.IpSetFormat
+  ( IpSetFormat
+      ( ..,
+        IpSetFormat_ALIEN_VAULT,
+        IpSetFormat_FIRE_EYE,
+        IpSetFormat_OTX_CSV,
+        IpSetFormat_PROOF_POINT,
+        IpSetFormat_STIX,
+        IpSetFormat_TXT
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype IpSetFormat = IpSetFormat'
+  { fromIpSetFormat ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern IpSetFormat_ALIEN_VAULT :: IpSetFormat
+pattern IpSetFormat_ALIEN_VAULT = IpSetFormat' "ALIEN_VAULT"
+
+pattern IpSetFormat_FIRE_EYE :: IpSetFormat
+pattern IpSetFormat_FIRE_EYE = IpSetFormat' "FIRE_EYE"
+
+pattern IpSetFormat_OTX_CSV :: IpSetFormat
+pattern IpSetFormat_OTX_CSV = IpSetFormat' "OTX_CSV"
+
+pattern IpSetFormat_PROOF_POINT :: IpSetFormat
+pattern IpSetFormat_PROOF_POINT = IpSetFormat' "PROOF_POINT"
+
+pattern IpSetFormat_STIX :: IpSetFormat
+pattern IpSetFormat_STIX = IpSetFormat' "STIX"
+
+pattern IpSetFormat_TXT :: IpSetFormat
+pattern IpSetFormat_TXT = IpSetFormat' "TXT"
+
+{-# COMPLETE
+  IpSetFormat_ALIEN_VAULT,
+  IpSetFormat_FIRE_EYE,
+  IpSetFormat_OTX_CSV,
+  IpSetFormat_PROOF_POINT,
+  IpSetFormat_STIX,
+  IpSetFormat_TXT,
+  IpSetFormat'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/IpSetStatus.hs b/gen/Amazonka/GuardDuty/Types/IpSetStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/IpSetStatus.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.IpSetStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.IpSetStatus
+  ( IpSetStatus
+      ( ..,
+        IpSetStatus_ACTIVATING,
+        IpSetStatus_ACTIVE,
+        IpSetStatus_DEACTIVATING,
+        IpSetStatus_DELETED,
+        IpSetStatus_DELETE_PENDING,
+        IpSetStatus_ERROR,
+        IpSetStatus_INACTIVE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype IpSetStatus = IpSetStatus'
+  { fromIpSetStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern IpSetStatus_ACTIVATING :: IpSetStatus
+pattern IpSetStatus_ACTIVATING = IpSetStatus' "ACTIVATING"
+
+pattern IpSetStatus_ACTIVE :: IpSetStatus
+pattern IpSetStatus_ACTIVE = IpSetStatus' "ACTIVE"
+
+pattern IpSetStatus_DEACTIVATING :: IpSetStatus
+pattern IpSetStatus_DEACTIVATING = IpSetStatus' "DEACTIVATING"
+
+pattern IpSetStatus_DELETED :: IpSetStatus
+pattern IpSetStatus_DELETED = IpSetStatus' "DELETED"
+
+pattern IpSetStatus_DELETE_PENDING :: IpSetStatus
+pattern IpSetStatus_DELETE_PENDING = IpSetStatus' "DELETE_PENDING"
+
+pattern IpSetStatus_ERROR :: IpSetStatus
+pattern IpSetStatus_ERROR = IpSetStatus' "ERROR"
+
+pattern IpSetStatus_INACTIVE :: IpSetStatus
+pattern IpSetStatus_INACTIVE = IpSetStatus' "INACTIVE"
+
+{-# COMPLETE
+  IpSetStatus_ACTIVATING,
+  IpSetStatus_ACTIVE,
+  IpSetStatus_DEACTIVATING,
+  IpSetStatus_DELETED,
+  IpSetStatus_DELETE_PENDING,
+  IpSetStatus_ERROR,
+  IpSetStatus_INACTIVE,
+  IpSetStatus'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesApiCallAction.hs b/gen/Amazonka/GuardDuty/Types/KubernetesApiCallAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesApiCallAction.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesApiCallAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesApiCallAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.RemoteIpDetails
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information about the Kubernetes API call action described in this
+-- finding.
+--
+-- /See:/ 'newKubernetesApiCallAction' smart constructor.
+data KubernetesApiCallAction = KubernetesApiCallAction'
+  { -- | Parameters related to the Kubernetes API call action.
+    parameters :: Prelude.Maybe Prelude.Text,
+    remoteIpDetails :: Prelude.Maybe RemoteIpDetails,
+    -- | The Kubernetes API request URI.
+    requestUri :: Prelude.Maybe Prelude.Text,
+    -- | The IP of the Kubernetes API caller and the IPs of any proxies or load
+    -- balancers between the caller and the API endpoint.
+    sourceIps :: Prelude.Maybe [Prelude.Text],
+    -- | The resulting HTTP response code of the Kubernetes API call action.
+    statusCode :: Prelude.Maybe Prelude.Int,
+    -- | The user agent of the caller of the Kubernetes API.
+    userAgent :: Prelude.Maybe Prelude.Text,
+    -- | The Kubernetes API request HTTP verb.
+    verb :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesApiCallAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'parameters', 'kubernetesApiCallAction_parameters' - Parameters related to the Kubernetes API call action.
+--
+-- 'remoteIpDetails', 'kubernetesApiCallAction_remoteIpDetails' - Undocumented member.
+--
+-- 'requestUri', 'kubernetesApiCallAction_requestUri' - The Kubernetes API request URI.
+--
+-- 'sourceIps', 'kubernetesApiCallAction_sourceIps' - The IP of the Kubernetes API caller and the IPs of any proxies or load
+-- balancers between the caller and the API endpoint.
+--
+-- 'statusCode', 'kubernetesApiCallAction_statusCode' - The resulting HTTP response code of the Kubernetes API call action.
+--
+-- 'userAgent', 'kubernetesApiCallAction_userAgent' - The user agent of the caller of the Kubernetes API.
+--
+-- 'verb', 'kubernetesApiCallAction_verb' - The Kubernetes API request HTTP verb.
+newKubernetesApiCallAction ::
+  KubernetesApiCallAction
+newKubernetesApiCallAction =
+  KubernetesApiCallAction'
+    { parameters =
+        Prelude.Nothing,
+      remoteIpDetails = Prelude.Nothing,
+      requestUri = Prelude.Nothing,
+      sourceIps = Prelude.Nothing,
+      statusCode = Prelude.Nothing,
+      userAgent = Prelude.Nothing,
+      verb = Prelude.Nothing
+    }
+
+-- | Parameters related to the Kubernetes API call action.
+kubernetesApiCallAction_parameters :: Lens.Lens' KubernetesApiCallAction (Prelude.Maybe Prelude.Text)
+kubernetesApiCallAction_parameters = Lens.lens (\KubernetesApiCallAction' {parameters} -> parameters) (\s@KubernetesApiCallAction' {} a -> s {parameters = a} :: KubernetesApiCallAction)
+
+-- | Undocumented member.
+kubernetesApiCallAction_remoteIpDetails :: Lens.Lens' KubernetesApiCallAction (Prelude.Maybe RemoteIpDetails)
+kubernetesApiCallAction_remoteIpDetails = Lens.lens (\KubernetesApiCallAction' {remoteIpDetails} -> remoteIpDetails) (\s@KubernetesApiCallAction' {} a -> s {remoteIpDetails = a} :: KubernetesApiCallAction)
+
+-- | The Kubernetes API request URI.
+kubernetesApiCallAction_requestUri :: Lens.Lens' KubernetesApiCallAction (Prelude.Maybe Prelude.Text)
+kubernetesApiCallAction_requestUri = Lens.lens (\KubernetesApiCallAction' {requestUri} -> requestUri) (\s@KubernetesApiCallAction' {} a -> s {requestUri = a} :: KubernetesApiCallAction)
+
+-- | The IP of the Kubernetes API caller and the IPs of any proxies or load
+-- balancers between the caller and the API endpoint.
+kubernetesApiCallAction_sourceIps :: Lens.Lens' KubernetesApiCallAction (Prelude.Maybe [Prelude.Text])
+kubernetesApiCallAction_sourceIps = Lens.lens (\KubernetesApiCallAction' {sourceIps} -> sourceIps) (\s@KubernetesApiCallAction' {} a -> s {sourceIps = a} :: KubernetesApiCallAction) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resulting HTTP response code of the Kubernetes API call action.
+kubernetesApiCallAction_statusCode :: Lens.Lens' KubernetesApiCallAction (Prelude.Maybe Prelude.Int)
+kubernetesApiCallAction_statusCode = Lens.lens (\KubernetesApiCallAction' {statusCode} -> statusCode) (\s@KubernetesApiCallAction' {} a -> s {statusCode = a} :: KubernetesApiCallAction)
+
+-- | The user agent of the caller of the Kubernetes API.
+kubernetesApiCallAction_userAgent :: Lens.Lens' KubernetesApiCallAction (Prelude.Maybe Prelude.Text)
+kubernetesApiCallAction_userAgent = Lens.lens (\KubernetesApiCallAction' {userAgent} -> userAgent) (\s@KubernetesApiCallAction' {} a -> s {userAgent = a} :: KubernetesApiCallAction)
+
+-- | The Kubernetes API request HTTP verb.
+kubernetesApiCallAction_verb :: Lens.Lens' KubernetesApiCallAction (Prelude.Maybe Prelude.Text)
+kubernetesApiCallAction_verb = Lens.lens (\KubernetesApiCallAction' {verb} -> verb) (\s@KubernetesApiCallAction' {} a -> s {verb = a} :: KubernetesApiCallAction)
+
+instance Data.FromJSON KubernetesApiCallAction where
+  parseJSON =
+    Data.withObject
+      "KubernetesApiCallAction"
+      ( \x ->
+          KubernetesApiCallAction'
+            Prelude.<$> (x Data..:? "parameters")
+            Prelude.<*> (x Data..:? "remoteIpDetails")
+            Prelude.<*> (x Data..:? "requestUri")
+            Prelude.<*> (x Data..:? "sourceIps" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "statusCode")
+            Prelude.<*> (x Data..:? "userAgent")
+            Prelude.<*> (x Data..:? "verb")
+      )
+
+instance Prelude.Hashable KubernetesApiCallAction where
+  hashWithSalt _salt KubernetesApiCallAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` parameters
+      `Prelude.hashWithSalt` remoteIpDetails
+      `Prelude.hashWithSalt` requestUri
+      `Prelude.hashWithSalt` sourceIps
+      `Prelude.hashWithSalt` statusCode
+      `Prelude.hashWithSalt` userAgent
+      `Prelude.hashWithSalt` verb
+
+instance Prelude.NFData KubernetesApiCallAction where
+  rnf KubernetesApiCallAction' {..} =
+    Prelude.rnf parameters
+      `Prelude.seq` Prelude.rnf remoteIpDetails
+      `Prelude.seq` Prelude.rnf requestUri
+      `Prelude.seq` Prelude.rnf sourceIps
+      `Prelude.seq` Prelude.rnf statusCode
+      `Prelude.seq` Prelude.rnf userAgent
+      `Prelude.seq` Prelude.rnf verb
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesAuditLogsConfiguration.hs b/gen/Amazonka/GuardDuty/Types/KubernetesAuditLogsConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesAuditLogsConfiguration.hs
@@ -0,0 +1,80 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesAuditLogsConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesAuditLogsConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether Kubernetes audit logs are enabled as a data source.
+--
+-- /See:/ 'newKubernetesAuditLogsConfiguration' smart constructor.
+data KubernetesAuditLogsConfiguration = KubernetesAuditLogsConfiguration'
+  { -- | The status of Kubernetes audit logs as a data source.
+    enable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesAuditLogsConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enable', 'kubernetesAuditLogsConfiguration_enable' - The status of Kubernetes audit logs as a data source.
+newKubernetesAuditLogsConfiguration ::
+  -- | 'enable'
+  Prelude.Bool ->
+  KubernetesAuditLogsConfiguration
+newKubernetesAuditLogsConfiguration pEnable_ =
+  KubernetesAuditLogsConfiguration'
+    { enable =
+        pEnable_
+    }
+
+-- | The status of Kubernetes audit logs as a data source.
+kubernetesAuditLogsConfiguration_enable :: Lens.Lens' KubernetesAuditLogsConfiguration Prelude.Bool
+kubernetesAuditLogsConfiguration_enable = Lens.lens (\KubernetesAuditLogsConfiguration' {enable} -> enable) (\s@KubernetesAuditLogsConfiguration' {} a -> s {enable = a} :: KubernetesAuditLogsConfiguration)
+
+instance
+  Prelude.Hashable
+    KubernetesAuditLogsConfiguration
+  where
+  hashWithSalt
+    _salt
+    KubernetesAuditLogsConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` enable
+
+instance
+  Prelude.NFData
+    KubernetesAuditLogsConfiguration
+  where
+  rnf KubernetesAuditLogsConfiguration' {..} =
+    Prelude.rnf enable
+
+instance Data.ToJSON KubernetesAuditLogsConfiguration where
+  toJSON KubernetesAuditLogsConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("enable" Data..= enable)]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesAuditLogsConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/KubernetesAuditLogsConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesAuditLogsConfigurationResult.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesAuditLogsConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesAuditLogsConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether Kubernetes audit logs are enabled as a data source.
+--
+-- /See:/ 'newKubernetesAuditLogsConfigurationResult' smart constructor.
+data KubernetesAuditLogsConfigurationResult = KubernetesAuditLogsConfigurationResult'
+  { -- | A value that describes whether Kubernetes audit logs are enabled as a
+    -- data source.
+    status :: DataSourceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesAuditLogsConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'kubernetesAuditLogsConfigurationResult_status' - A value that describes whether Kubernetes audit logs are enabled as a
+-- data source.
+newKubernetesAuditLogsConfigurationResult ::
+  -- | 'status'
+  DataSourceStatus ->
+  KubernetesAuditLogsConfigurationResult
+newKubernetesAuditLogsConfigurationResult pStatus_ =
+  KubernetesAuditLogsConfigurationResult'
+    { status =
+        pStatus_
+    }
+
+-- | A value that describes whether Kubernetes audit logs are enabled as a
+-- data source.
+kubernetesAuditLogsConfigurationResult_status :: Lens.Lens' KubernetesAuditLogsConfigurationResult DataSourceStatus
+kubernetesAuditLogsConfigurationResult_status = Lens.lens (\KubernetesAuditLogsConfigurationResult' {status} -> status) (\s@KubernetesAuditLogsConfigurationResult' {} a -> s {status = a} :: KubernetesAuditLogsConfigurationResult)
+
+instance
+  Data.FromJSON
+    KubernetesAuditLogsConfigurationResult
+  where
+  parseJSON =
+    Data.withObject
+      "KubernetesAuditLogsConfigurationResult"
+      ( \x ->
+          KubernetesAuditLogsConfigurationResult'
+            Prelude.<$> (x Data..: "status")
+      )
+
+instance
+  Prelude.Hashable
+    KubernetesAuditLogsConfigurationResult
+  where
+  hashWithSalt
+    _salt
+    KubernetesAuditLogsConfigurationResult' {..} =
+      _salt `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    KubernetesAuditLogsConfigurationResult
+  where
+  rnf KubernetesAuditLogsConfigurationResult' {..} =
+    Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesConfiguration.hs b/gen/Amazonka/GuardDuty/Types/KubernetesConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesConfiguration.hs
@@ -0,0 +1,70 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.KubernetesAuditLogsConfiguration
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether any Kubernetes data sources are enabled.
+--
+-- /See:/ 'newKubernetesConfiguration' smart constructor.
+data KubernetesConfiguration = KubernetesConfiguration'
+  { -- | The status of Kubernetes audit logs as a data source.
+    auditLogs :: KubernetesAuditLogsConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'auditLogs', 'kubernetesConfiguration_auditLogs' - The status of Kubernetes audit logs as a data source.
+newKubernetesConfiguration ::
+  -- | 'auditLogs'
+  KubernetesAuditLogsConfiguration ->
+  KubernetesConfiguration
+newKubernetesConfiguration pAuditLogs_ =
+  KubernetesConfiguration' {auditLogs = pAuditLogs_}
+
+-- | The status of Kubernetes audit logs as a data source.
+kubernetesConfiguration_auditLogs :: Lens.Lens' KubernetesConfiguration KubernetesAuditLogsConfiguration
+kubernetesConfiguration_auditLogs = Lens.lens (\KubernetesConfiguration' {auditLogs} -> auditLogs) (\s@KubernetesConfiguration' {} a -> s {auditLogs = a} :: KubernetesConfiguration)
+
+instance Prelude.Hashable KubernetesConfiguration where
+  hashWithSalt _salt KubernetesConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` auditLogs
+
+instance Prelude.NFData KubernetesConfiguration where
+  rnf KubernetesConfiguration' {..} =
+    Prelude.rnf auditLogs
+
+instance Data.ToJSON KubernetesConfiguration where
+  toJSON KubernetesConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("auditLogs" Data..= auditLogs)]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/KubernetesConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesConfigurationResult.hs
@@ -0,0 +1,78 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.KubernetesAuditLogsConfigurationResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether any Kubernetes logs will be enabled as a data source.
+--
+-- /See:/ 'newKubernetesConfigurationResult' smart constructor.
+data KubernetesConfigurationResult = KubernetesConfigurationResult'
+  { -- | Describes whether Kubernetes audit logs are enabled as a data source.
+    auditLogs :: KubernetesAuditLogsConfigurationResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'auditLogs', 'kubernetesConfigurationResult_auditLogs' - Describes whether Kubernetes audit logs are enabled as a data source.
+newKubernetesConfigurationResult ::
+  -- | 'auditLogs'
+  KubernetesAuditLogsConfigurationResult ->
+  KubernetesConfigurationResult
+newKubernetesConfigurationResult pAuditLogs_ =
+  KubernetesConfigurationResult'
+    { auditLogs =
+        pAuditLogs_
+    }
+
+-- | Describes whether Kubernetes audit logs are enabled as a data source.
+kubernetesConfigurationResult_auditLogs :: Lens.Lens' KubernetesConfigurationResult KubernetesAuditLogsConfigurationResult
+kubernetesConfigurationResult_auditLogs = Lens.lens (\KubernetesConfigurationResult' {auditLogs} -> auditLogs) (\s@KubernetesConfigurationResult' {} a -> s {auditLogs = a} :: KubernetesConfigurationResult)
+
+instance Data.FromJSON KubernetesConfigurationResult where
+  parseJSON =
+    Data.withObject
+      "KubernetesConfigurationResult"
+      ( \x ->
+          KubernetesConfigurationResult'
+            Prelude.<$> (x Data..: "auditLogs")
+      )
+
+instance
+  Prelude.Hashable
+    KubernetesConfigurationResult
+  where
+  hashWithSalt _salt KubernetesConfigurationResult' {..} =
+    _salt `Prelude.hashWithSalt` auditLogs
+
+instance Prelude.NFData KubernetesConfigurationResult where
+  rnf KubernetesConfigurationResult' {..} =
+    Prelude.rnf auditLogs
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesDataSourceFreeTrial.hs b/gen/Amazonka/GuardDuty/Types/KubernetesDataSourceFreeTrial.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesDataSourceFreeTrial.hs
@@ -0,0 +1,77 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesDataSourceFreeTrial
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesDataSourceFreeTrial where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceFreeTrial
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about the Kubernetes resources when it is enabled as a
+-- data source.
+--
+-- /See:/ 'newKubernetesDataSourceFreeTrial' smart constructor.
+data KubernetesDataSourceFreeTrial = KubernetesDataSourceFreeTrial'
+  { -- | Describes whether Kubernetes audit logs are enabled as a data source.
+    auditLogs :: Prelude.Maybe DataSourceFreeTrial
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesDataSourceFreeTrial' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'auditLogs', 'kubernetesDataSourceFreeTrial_auditLogs' - Describes whether Kubernetes audit logs are enabled as a data source.
+newKubernetesDataSourceFreeTrial ::
+  KubernetesDataSourceFreeTrial
+newKubernetesDataSourceFreeTrial =
+  KubernetesDataSourceFreeTrial'
+    { auditLogs =
+        Prelude.Nothing
+    }
+
+-- | Describes whether Kubernetes audit logs are enabled as a data source.
+kubernetesDataSourceFreeTrial_auditLogs :: Lens.Lens' KubernetesDataSourceFreeTrial (Prelude.Maybe DataSourceFreeTrial)
+kubernetesDataSourceFreeTrial_auditLogs = Lens.lens (\KubernetesDataSourceFreeTrial' {auditLogs} -> auditLogs) (\s@KubernetesDataSourceFreeTrial' {} a -> s {auditLogs = a} :: KubernetesDataSourceFreeTrial)
+
+instance Data.FromJSON KubernetesDataSourceFreeTrial where
+  parseJSON =
+    Data.withObject
+      "KubernetesDataSourceFreeTrial"
+      ( \x ->
+          KubernetesDataSourceFreeTrial'
+            Prelude.<$> (x Data..:? "auditLogs")
+      )
+
+instance
+  Prelude.Hashable
+    KubernetesDataSourceFreeTrial
+  where
+  hashWithSalt _salt KubernetesDataSourceFreeTrial' {..} =
+    _salt `Prelude.hashWithSalt` auditLogs
+
+instance Prelude.NFData KubernetesDataSourceFreeTrial where
+  rnf KubernetesDataSourceFreeTrial' {..} =
+    Prelude.rnf auditLogs
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesDetails.hs b/gen/Amazonka/GuardDuty/Types/KubernetesDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesDetails.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.KubernetesUserDetails
+import Amazonka.GuardDuty.Types.KubernetesWorkloadDetails
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about Kubernetes resources such as a Kubernetes user or workload
+-- resource involved in a Kubernetes finding.
+--
+-- /See:/ 'newKubernetesDetails' smart constructor.
+data KubernetesDetails = KubernetesDetails'
+  { -- | Details about the Kubernetes user involved in a Kubernetes finding.
+    kubernetesUserDetails :: Prelude.Maybe KubernetesUserDetails,
+    -- | Details about the Kubernetes workload involved in a Kubernetes finding.
+    kubernetesWorkloadDetails :: Prelude.Maybe KubernetesWorkloadDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kubernetesUserDetails', 'kubernetesDetails_kubernetesUserDetails' - Details about the Kubernetes user involved in a Kubernetes finding.
+--
+-- 'kubernetesWorkloadDetails', 'kubernetesDetails_kubernetesWorkloadDetails' - Details about the Kubernetes workload involved in a Kubernetes finding.
+newKubernetesDetails ::
+  KubernetesDetails
+newKubernetesDetails =
+  KubernetesDetails'
+    { kubernetesUserDetails =
+        Prelude.Nothing,
+      kubernetesWorkloadDetails = Prelude.Nothing
+    }
+
+-- | Details about the Kubernetes user involved in a Kubernetes finding.
+kubernetesDetails_kubernetesUserDetails :: Lens.Lens' KubernetesDetails (Prelude.Maybe KubernetesUserDetails)
+kubernetesDetails_kubernetesUserDetails = Lens.lens (\KubernetesDetails' {kubernetesUserDetails} -> kubernetesUserDetails) (\s@KubernetesDetails' {} a -> s {kubernetesUserDetails = a} :: KubernetesDetails)
+
+-- | Details about the Kubernetes workload involved in a Kubernetes finding.
+kubernetesDetails_kubernetesWorkloadDetails :: Lens.Lens' KubernetesDetails (Prelude.Maybe KubernetesWorkloadDetails)
+kubernetesDetails_kubernetesWorkloadDetails = Lens.lens (\KubernetesDetails' {kubernetesWorkloadDetails} -> kubernetesWorkloadDetails) (\s@KubernetesDetails' {} a -> s {kubernetesWorkloadDetails = a} :: KubernetesDetails)
+
+instance Data.FromJSON KubernetesDetails where
+  parseJSON =
+    Data.withObject
+      "KubernetesDetails"
+      ( \x ->
+          KubernetesDetails'
+            Prelude.<$> (x Data..:? "kubernetesUserDetails")
+            Prelude.<*> (x Data..:? "kubernetesWorkloadDetails")
+      )
+
+instance Prelude.Hashable KubernetesDetails where
+  hashWithSalt _salt KubernetesDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` kubernetesUserDetails
+      `Prelude.hashWithSalt` kubernetesWorkloadDetails
+
+instance Prelude.NFData KubernetesDetails where
+  rnf KubernetesDetails' {..} =
+    Prelude.rnf kubernetesUserDetails
+      `Prelude.seq` Prelude.rnf kubernetesWorkloadDetails
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesUserDetails.hs b/gen/Amazonka/GuardDuty/Types/KubernetesUserDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesUserDetails.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesUserDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesUserDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the Kubernetes user involved in a Kubernetes finding.
+--
+-- /See:/ 'newKubernetesUserDetails' smart constructor.
+data KubernetesUserDetails = KubernetesUserDetails'
+  { -- | The groups that include the user who called the Kubernetes API.
+    groups :: Prelude.Maybe [Prelude.Text],
+    -- | The user ID of the user who called the Kubernetes API.
+    uid :: Prelude.Maybe Prelude.Text,
+    -- | The username of the user who called the Kubernetes API.
+    username :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesUserDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groups', 'kubernetesUserDetails_groups' - The groups that include the user who called the Kubernetes API.
+--
+-- 'uid', 'kubernetesUserDetails_uid' - The user ID of the user who called the Kubernetes API.
+--
+-- 'username', 'kubernetesUserDetails_username' - The username of the user who called the Kubernetes API.
+newKubernetesUserDetails ::
+  KubernetesUserDetails
+newKubernetesUserDetails =
+  KubernetesUserDetails'
+    { groups = Prelude.Nothing,
+      uid = Prelude.Nothing,
+      username = Prelude.Nothing
+    }
+
+-- | The groups that include the user who called the Kubernetes API.
+kubernetesUserDetails_groups :: Lens.Lens' KubernetesUserDetails (Prelude.Maybe [Prelude.Text])
+kubernetesUserDetails_groups = Lens.lens (\KubernetesUserDetails' {groups} -> groups) (\s@KubernetesUserDetails' {} a -> s {groups = a} :: KubernetesUserDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | The user ID of the user who called the Kubernetes API.
+kubernetesUserDetails_uid :: Lens.Lens' KubernetesUserDetails (Prelude.Maybe Prelude.Text)
+kubernetesUserDetails_uid = Lens.lens (\KubernetesUserDetails' {uid} -> uid) (\s@KubernetesUserDetails' {} a -> s {uid = a} :: KubernetesUserDetails)
+
+-- | The username of the user who called the Kubernetes API.
+kubernetesUserDetails_username :: Lens.Lens' KubernetesUserDetails (Prelude.Maybe Prelude.Text)
+kubernetesUserDetails_username = Lens.lens (\KubernetesUserDetails' {username} -> username) (\s@KubernetesUserDetails' {} a -> s {username = a} :: KubernetesUserDetails)
+
+instance Data.FromJSON KubernetesUserDetails where
+  parseJSON =
+    Data.withObject
+      "KubernetesUserDetails"
+      ( \x ->
+          KubernetesUserDetails'
+            Prelude.<$> (x Data..:? "groups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "uid")
+            Prelude.<*> (x Data..:? "username")
+      )
+
+instance Prelude.Hashable KubernetesUserDetails where
+  hashWithSalt _salt KubernetesUserDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` groups
+      `Prelude.hashWithSalt` uid
+      `Prelude.hashWithSalt` username
+
+instance Prelude.NFData KubernetesUserDetails where
+  rnf KubernetesUserDetails' {..} =
+    Prelude.rnf groups
+      `Prelude.seq` Prelude.rnf uid
+      `Prelude.seq` Prelude.rnf username
diff --git a/gen/Amazonka/GuardDuty/Types/KubernetesWorkloadDetails.hs b/gen/Amazonka/GuardDuty/Types/KubernetesWorkloadDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/KubernetesWorkloadDetails.hs
@@ -0,0 +1,150 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.KubernetesWorkloadDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.KubernetesWorkloadDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Container
+import Amazonka.GuardDuty.Types.Volume
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about the Kubernetes workload involved in a Kubernetes finding.
+--
+-- /See:/ 'newKubernetesWorkloadDetails' smart constructor.
+data KubernetesWorkloadDetails = KubernetesWorkloadDetails'
+  { -- | Containers running as part of the Kubernetes workload.
+    containers :: Prelude.Maybe [Container],
+    -- | Whether the hostNetwork flag is enabled for the pods included in the
+    -- workload.
+    hostNetwork :: Prelude.Maybe Prelude.Bool,
+    -- | Kubernetes workload name.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Kubernetes namespace that the workload is part of.
+    namespace :: Prelude.Maybe Prelude.Text,
+    -- | Kubernetes workload type (e.g. Pod, Deployment, etc.).
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | Kubernetes workload ID.
+    uid :: Prelude.Maybe Prelude.Text,
+    -- | Volumes used by the Kubernetes workload.
+    volumes :: Prelude.Maybe [Volume]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'KubernetesWorkloadDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'containers', 'kubernetesWorkloadDetails_containers' - Containers running as part of the Kubernetes workload.
+--
+-- 'hostNetwork', 'kubernetesWorkloadDetails_hostNetwork' - Whether the hostNetwork flag is enabled for the pods included in the
+-- workload.
+--
+-- 'name', 'kubernetesWorkloadDetails_name' - Kubernetes workload name.
+--
+-- 'namespace', 'kubernetesWorkloadDetails_namespace' - Kubernetes namespace that the workload is part of.
+--
+-- 'type'', 'kubernetesWorkloadDetails_type' - Kubernetes workload type (e.g. Pod, Deployment, etc.).
+--
+-- 'uid', 'kubernetesWorkloadDetails_uid' - Kubernetes workload ID.
+--
+-- 'volumes', 'kubernetesWorkloadDetails_volumes' - Volumes used by the Kubernetes workload.
+newKubernetesWorkloadDetails ::
+  KubernetesWorkloadDetails
+newKubernetesWorkloadDetails =
+  KubernetesWorkloadDetails'
+    { containers =
+        Prelude.Nothing,
+      hostNetwork = Prelude.Nothing,
+      name = Prelude.Nothing,
+      namespace = Prelude.Nothing,
+      type' = Prelude.Nothing,
+      uid = Prelude.Nothing,
+      volumes = Prelude.Nothing
+    }
+
+-- | Containers running as part of the Kubernetes workload.
+kubernetesWorkloadDetails_containers :: Lens.Lens' KubernetesWorkloadDetails (Prelude.Maybe [Container])
+kubernetesWorkloadDetails_containers = Lens.lens (\KubernetesWorkloadDetails' {containers} -> containers) (\s@KubernetesWorkloadDetails' {} a -> s {containers = a} :: KubernetesWorkloadDetails) Prelude.. Lens.mapping Lens.coerced
+
+-- | Whether the hostNetwork flag is enabled for the pods included in the
+-- workload.
+kubernetesWorkloadDetails_hostNetwork :: Lens.Lens' KubernetesWorkloadDetails (Prelude.Maybe Prelude.Bool)
+kubernetesWorkloadDetails_hostNetwork = Lens.lens (\KubernetesWorkloadDetails' {hostNetwork} -> hostNetwork) (\s@KubernetesWorkloadDetails' {} a -> s {hostNetwork = a} :: KubernetesWorkloadDetails)
+
+-- | Kubernetes workload name.
+kubernetesWorkloadDetails_name :: Lens.Lens' KubernetesWorkloadDetails (Prelude.Maybe Prelude.Text)
+kubernetesWorkloadDetails_name = Lens.lens (\KubernetesWorkloadDetails' {name} -> name) (\s@KubernetesWorkloadDetails' {} a -> s {name = a} :: KubernetesWorkloadDetails)
+
+-- | Kubernetes namespace that the workload is part of.
+kubernetesWorkloadDetails_namespace :: Lens.Lens' KubernetesWorkloadDetails (Prelude.Maybe Prelude.Text)
+kubernetesWorkloadDetails_namespace = Lens.lens (\KubernetesWorkloadDetails' {namespace} -> namespace) (\s@KubernetesWorkloadDetails' {} a -> s {namespace = a} :: KubernetesWorkloadDetails)
+
+-- | Kubernetes workload type (e.g. Pod, Deployment, etc.).
+kubernetesWorkloadDetails_type :: Lens.Lens' KubernetesWorkloadDetails (Prelude.Maybe Prelude.Text)
+kubernetesWorkloadDetails_type = Lens.lens (\KubernetesWorkloadDetails' {type'} -> type') (\s@KubernetesWorkloadDetails' {} a -> s {type' = a} :: KubernetesWorkloadDetails)
+
+-- | Kubernetes workload ID.
+kubernetesWorkloadDetails_uid :: Lens.Lens' KubernetesWorkloadDetails (Prelude.Maybe Prelude.Text)
+kubernetesWorkloadDetails_uid = Lens.lens (\KubernetesWorkloadDetails' {uid} -> uid) (\s@KubernetesWorkloadDetails' {} a -> s {uid = a} :: KubernetesWorkloadDetails)
+
+-- | Volumes used by the Kubernetes workload.
+kubernetesWorkloadDetails_volumes :: Lens.Lens' KubernetesWorkloadDetails (Prelude.Maybe [Volume])
+kubernetesWorkloadDetails_volumes = Lens.lens (\KubernetesWorkloadDetails' {volumes} -> volumes) (\s@KubernetesWorkloadDetails' {} a -> s {volumes = a} :: KubernetesWorkloadDetails) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON KubernetesWorkloadDetails where
+  parseJSON =
+    Data.withObject
+      "KubernetesWorkloadDetails"
+      ( \x ->
+          KubernetesWorkloadDetails'
+            Prelude.<$> (x Data..:? "containers" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "hostNetwork")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "namespace")
+            Prelude.<*> (x Data..:? "type")
+            Prelude.<*> (x Data..:? "uid")
+            Prelude.<*> (x Data..:? "volumes" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable KubernetesWorkloadDetails where
+  hashWithSalt _salt KubernetesWorkloadDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` containers
+      `Prelude.hashWithSalt` hostNetwork
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` namespace
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` uid
+      `Prelude.hashWithSalt` volumes
+
+instance Prelude.NFData KubernetesWorkloadDetails where
+  rnf KubernetesWorkloadDetails' {..} =
+    Prelude.rnf containers
+      `Prelude.seq` Prelude.rnf hostNetwork
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf namespace
+      `Prelude.seq` Prelude.rnf type'
+      `Prelude.seq` Prelude.rnf uid
+      `Prelude.seq` Prelude.rnf volumes
diff --git a/gen/Amazonka/GuardDuty/Types/LocalIpDetails.hs b/gen/Amazonka/GuardDuty/Types/LocalIpDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/LocalIpDetails.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.LocalIpDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.LocalIpDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the local IP address of the connection.
+--
+-- /See:/ 'newLocalIpDetails' smart constructor.
+data LocalIpDetails = LocalIpDetails'
+  { -- | The IPv4 local address of the connection.
+    ipAddressV4 :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LocalIpDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipAddressV4', 'localIpDetails_ipAddressV4' - The IPv4 local address of the connection.
+newLocalIpDetails ::
+  LocalIpDetails
+newLocalIpDetails =
+  LocalIpDetails' {ipAddressV4 = Prelude.Nothing}
+
+-- | The IPv4 local address of the connection.
+localIpDetails_ipAddressV4 :: Lens.Lens' LocalIpDetails (Prelude.Maybe Prelude.Text)
+localIpDetails_ipAddressV4 = Lens.lens (\LocalIpDetails' {ipAddressV4} -> ipAddressV4) (\s@LocalIpDetails' {} a -> s {ipAddressV4 = a} :: LocalIpDetails)
+
+instance Data.FromJSON LocalIpDetails where
+  parseJSON =
+    Data.withObject
+      "LocalIpDetails"
+      ( \x ->
+          LocalIpDetails'
+            Prelude.<$> (x Data..:? "ipAddressV4")
+      )
+
+instance Prelude.Hashable LocalIpDetails where
+  hashWithSalt _salt LocalIpDetails' {..} =
+    _salt `Prelude.hashWithSalt` ipAddressV4
+
+instance Prelude.NFData LocalIpDetails where
+  rnf LocalIpDetails' {..} = Prelude.rnf ipAddressV4
diff --git a/gen/Amazonka/GuardDuty/Types/LocalPortDetails.hs b/gen/Amazonka/GuardDuty/Types/LocalPortDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/LocalPortDetails.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.LocalPortDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.LocalPortDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the port for the local connection.
+--
+-- /See:/ 'newLocalPortDetails' smart constructor.
+data LocalPortDetails = LocalPortDetails'
+  { -- | The port number of the local connection.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | The port name of the local connection.
+    portName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LocalPortDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'port', 'localPortDetails_port' - The port number of the local connection.
+--
+-- 'portName', 'localPortDetails_portName' - The port name of the local connection.
+newLocalPortDetails ::
+  LocalPortDetails
+newLocalPortDetails =
+  LocalPortDetails'
+    { port = Prelude.Nothing,
+      portName = Prelude.Nothing
+    }
+
+-- | The port number of the local connection.
+localPortDetails_port :: Lens.Lens' LocalPortDetails (Prelude.Maybe Prelude.Int)
+localPortDetails_port = Lens.lens (\LocalPortDetails' {port} -> port) (\s@LocalPortDetails' {} a -> s {port = a} :: LocalPortDetails)
+
+-- | The port name of the local connection.
+localPortDetails_portName :: Lens.Lens' LocalPortDetails (Prelude.Maybe Prelude.Text)
+localPortDetails_portName = Lens.lens (\LocalPortDetails' {portName} -> portName) (\s@LocalPortDetails' {} a -> s {portName = a} :: LocalPortDetails)
+
+instance Data.FromJSON LocalPortDetails where
+  parseJSON =
+    Data.withObject
+      "LocalPortDetails"
+      ( \x ->
+          LocalPortDetails'
+            Prelude.<$> (x Data..:? "port")
+            Prelude.<*> (x Data..:? "portName")
+      )
+
+instance Prelude.Hashable LocalPortDetails where
+  hashWithSalt _salt LocalPortDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` portName
+
+instance Prelude.NFData LocalPortDetails where
+  rnf LocalPortDetails' {..} =
+    Prelude.rnf port `Prelude.seq` Prelude.rnf portName
diff --git a/gen/Amazonka/GuardDuty/Types/MalwareProtectionConfiguration.hs b/gen/Amazonka/GuardDuty/Types/MalwareProtectionConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/MalwareProtectionConfiguration.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.MalwareProtectionConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.MalwareProtectionConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindings
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether Malware Protection will be enabled as a data source.
+--
+-- /See:/ 'newMalwareProtectionConfiguration' smart constructor.
+data MalwareProtectionConfiguration = MalwareProtectionConfiguration'
+  { -- | Describes the configuration of Malware Protection for EC2 instances with
+    -- findings.
+    scanEc2InstanceWithFindings :: Prelude.Maybe ScanEc2InstanceWithFindings
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'MalwareProtectionConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanEc2InstanceWithFindings', 'malwareProtectionConfiguration_scanEc2InstanceWithFindings' - Describes the configuration of Malware Protection for EC2 instances with
+-- findings.
+newMalwareProtectionConfiguration ::
+  MalwareProtectionConfiguration
+newMalwareProtectionConfiguration =
+  MalwareProtectionConfiguration'
+    { scanEc2InstanceWithFindings =
+        Prelude.Nothing
+    }
+
+-- | Describes the configuration of Malware Protection for EC2 instances with
+-- findings.
+malwareProtectionConfiguration_scanEc2InstanceWithFindings :: Lens.Lens' MalwareProtectionConfiguration (Prelude.Maybe ScanEc2InstanceWithFindings)
+malwareProtectionConfiguration_scanEc2InstanceWithFindings = Lens.lens (\MalwareProtectionConfiguration' {scanEc2InstanceWithFindings} -> scanEc2InstanceWithFindings) (\s@MalwareProtectionConfiguration' {} a -> s {scanEc2InstanceWithFindings = a} :: MalwareProtectionConfiguration)
+
+instance
+  Prelude.Hashable
+    MalwareProtectionConfiguration
+  where
+  hashWithSalt
+    _salt
+    MalwareProtectionConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` scanEc2InstanceWithFindings
+
+instance
+  Prelude.NFData
+    MalwareProtectionConfiguration
+  where
+  rnf MalwareProtectionConfiguration' {..} =
+    Prelude.rnf scanEc2InstanceWithFindings
+
+instance Data.ToJSON MalwareProtectionConfiguration where
+  toJSON MalwareProtectionConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("scanEc2InstanceWithFindings" Data..=)
+              Prelude.<$> scanEc2InstanceWithFindings
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/MalwareProtectionConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/MalwareProtectionConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/MalwareProtectionConfigurationResult.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.MalwareProtectionConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.MalwareProtectionConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindingsResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | An object that contains information on the status of all Malware
+-- Protection data sources.
+--
+-- /See:/ 'newMalwareProtectionConfigurationResult' smart constructor.
+data MalwareProtectionConfigurationResult = MalwareProtectionConfigurationResult'
+  { -- | Describes the configuration of Malware Protection for EC2 instances with
+    -- findings.
+    scanEc2InstanceWithFindings :: Prelude.Maybe ScanEc2InstanceWithFindingsResult,
+    -- | The GuardDuty Malware Protection service role.
+    serviceRole :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'MalwareProtectionConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanEc2InstanceWithFindings', 'malwareProtectionConfigurationResult_scanEc2InstanceWithFindings' - Describes the configuration of Malware Protection for EC2 instances with
+-- findings.
+--
+-- 'serviceRole', 'malwareProtectionConfigurationResult_serviceRole' - The GuardDuty Malware Protection service role.
+newMalwareProtectionConfigurationResult ::
+  MalwareProtectionConfigurationResult
+newMalwareProtectionConfigurationResult =
+  MalwareProtectionConfigurationResult'
+    { scanEc2InstanceWithFindings =
+        Prelude.Nothing,
+      serviceRole = Prelude.Nothing
+    }
+
+-- | Describes the configuration of Malware Protection for EC2 instances with
+-- findings.
+malwareProtectionConfigurationResult_scanEc2InstanceWithFindings :: Lens.Lens' MalwareProtectionConfigurationResult (Prelude.Maybe ScanEc2InstanceWithFindingsResult)
+malwareProtectionConfigurationResult_scanEc2InstanceWithFindings = Lens.lens (\MalwareProtectionConfigurationResult' {scanEc2InstanceWithFindings} -> scanEc2InstanceWithFindings) (\s@MalwareProtectionConfigurationResult' {} a -> s {scanEc2InstanceWithFindings = a} :: MalwareProtectionConfigurationResult)
+
+-- | The GuardDuty Malware Protection service role.
+malwareProtectionConfigurationResult_serviceRole :: Lens.Lens' MalwareProtectionConfigurationResult (Prelude.Maybe Prelude.Text)
+malwareProtectionConfigurationResult_serviceRole = Lens.lens (\MalwareProtectionConfigurationResult' {serviceRole} -> serviceRole) (\s@MalwareProtectionConfigurationResult' {} a -> s {serviceRole = a} :: MalwareProtectionConfigurationResult)
+
+instance
+  Data.FromJSON
+    MalwareProtectionConfigurationResult
+  where
+  parseJSON =
+    Data.withObject
+      "MalwareProtectionConfigurationResult"
+      ( \x ->
+          MalwareProtectionConfigurationResult'
+            Prelude.<$> (x Data..:? "scanEc2InstanceWithFindings")
+            Prelude.<*> (x Data..:? "serviceRole")
+      )
+
+instance
+  Prelude.Hashable
+    MalwareProtectionConfigurationResult
+  where
+  hashWithSalt
+    _salt
+    MalwareProtectionConfigurationResult' {..} =
+      _salt
+        `Prelude.hashWithSalt` scanEc2InstanceWithFindings
+        `Prelude.hashWithSalt` serviceRole
+
+instance
+  Prelude.NFData
+    MalwareProtectionConfigurationResult
+  where
+  rnf MalwareProtectionConfigurationResult' {..} =
+    Prelude.rnf scanEc2InstanceWithFindings
+      `Prelude.seq` Prelude.rnf serviceRole
diff --git a/gen/Amazonka/GuardDuty/Types/MalwareProtectionDataSourceFreeTrial.hs b/gen/Amazonka/GuardDuty/Types/MalwareProtectionDataSourceFreeTrial.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/MalwareProtectionDataSourceFreeTrial.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.MalwareProtectionDataSourceFreeTrial
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.MalwareProtectionDataSourceFreeTrial where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceFreeTrial
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides details about Malware Protection when it is enabled as a data
+-- source.
+--
+-- /See:/ 'newMalwareProtectionDataSourceFreeTrial' smart constructor.
+data MalwareProtectionDataSourceFreeTrial = MalwareProtectionDataSourceFreeTrial'
+  { -- | Describes whether Malware Protection for EC2 instances with findings is
+    -- enabled as a data source.
+    scanEc2InstanceWithFindings :: Prelude.Maybe DataSourceFreeTrial
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'MalwareProtectionDataSourceFreeTrial' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanEc2InstanceWithFindings', 'malwareProtectionDataSourceFreeTrial_scanEc2InstanceWithFindings' - Describes whether Malware Protection for EC2 instances with findings is
+-- enabled as a data source.
+newMalwareProtectionDataSourceFreeTrial ::
+  MalwareProtectionDataSourceFreeTrial
+newMalwareProtectionDataSourceFreeTrial =
+  MalwareProtectionDataSourceFreeTrial'
+    { scanEc2InstanceWithFindings =
+        Prelude.Nothing
+    }
+
+-- | Describes whether Malware Protection for EC2 instances with findings is
+-- enabled as a data source.
+malwareProtectionDataSourceFreeTrial_scanEc2InstanceWithFindings :: Lens.Lens' MalwareProtectionDataSourceFreeTrial (Prelude.Maybe DataSourceFreeTrial)
+malwareProtectionDataSourceFreeTrial_scanEc2InstanceWithFindings = Lens.lens (\MalwareProtectionDataSourceFreeTrial' {scanEc2InstanceWithFindings} -> scanEc2InstanceWithFindings) (\s@MalwareProtectionDataSourceFreeTrial' {} a -> s {scanEc2InstanceWithFindings = a} :: MalwareProtectionDataSourceFreeTrial)
+
+instance
+  Data.FromJSON
+    MalwareProtectionDataSourceFreeTrial
+  where
+  parseJSON =
+    Data.withObject
+      "MalwareProtectionDataSourceFreeTrial"
+      ( \x ->
+          MalwareProtectionDataSourceFreeTrial'
+            Prelude.<$> (x Data..:? "scanEc2InstanceWithFindings")
+      )
+
+instance
+  Prelude.Hashable
+    MalwareProtectionDataSourceFreeTrial
+  where
+  hashWithSalt
+    _salt
+    MalwareProtectionDataSourceFreeTrial' {..} =
+      _salt
+        `Prelude.hashWithSalt` scanEc2InstanceWithFindings
+
+instance
+  Prelude.NFData
+    MalwareProtectionDataSourceFreeTrial
+  where
+  rnf MalwareProtectionDataSourceFreeTrial' {..} =
+    Prelude.rnf scanEc2InstanceWithFindings
diff --git a/gen/Amazonka/GuardDuty/Types/Member.hs b/gen/Amazonka/GuardDuty/Types/Member.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Member.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Member
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Member where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the member account.
+--
+-- /See:/ 'newMember' smart constructor.
+data Member = Member'
+  { -- | The administrator account ID.
+    administratorId :: Prelude.Maybe Prelude.Text,
+    -- | The detector ID of the member account.
+    detectorId :: Prelude.Maybe Prelude.Text,
+    -- | The timestamp when the invitation was sent.
+    invitedAt :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the member account.
+    accountId :: Prelude.Text,
+    -- | The administrator account ID.
+    masterId :: Prelude.Text,
+    -- | The email address of the member account.
+    email :: Prelude.Text,
+    -- | The status of the relationship between the member and the administrator.
+    relationshipStatus :: Prelude.Text,
+    -- | The last-updated timestamp of the member.
+    updatedAt :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Member' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'administratorId', 'member_administratorId' - The administrator account ID.
+--
+-- 'detectorId', 'member_detectorId' - The detector ID of the member account.
+--
+-- 'invitedAt', 'member_invitedAt' - The timestamp when the invitation was sent.
+--
+-- 'accountId', 'member_accountId' - The ID of the member account.
+--
+-- 'masterId', 'member_masterId' - The administrator account ID.
+--
+-- 'email', 'member_email' - The email address of the member account.
+--
+-- 'relationshipStatus', 'member_relationshipStatus' - The status of the relationship between the member and the administrator.
+--
+-- 'updatedAt', 'member_updatedAt' - The last-updated timestamp of the member.
+newMember ::
+  -- | 'accountId'
+  Prelude.Text ->
+  -- | 'masterId'
+  Prelude.Text ->
+  -- | 'email'
+  Prelude.Text ->
+  -- | 'relationshipStatus'
+  Prelude.Text ->
+  -- | 'updatedAt'
+  Prelude.Text ->
+  Member
+newMember
+  pAccountId_
+  pMasterId_
+  pEmail_
+  pRelationshipStatus_
+  pUpdatedAt_ =
+    Member'
+      { administratorId = Prelude.Nothing,
+        detectorId = Prelude.Nothing,
+        invitedAt = Prelude.Nothing,
+        accountId = pAccountId_,
+        masterId = pMasterId_,
+        email = pEmail_,
+        relationshipStatus = pRelationshipStatus_,
+        updatedAt = pUpdatedAt_
+      }
+
+-- | The administrator account ID.
+member_administratorId :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_administratorId = Lens.lens (\Member' {administratorId} -> administratorId) (\s@Member' {} a -> s {administratorId = a} :: Member)
+
+-- | The detector ID of the member account.
+member_detectorId :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_detectorId = Lens.lens (\Member' {detectorId} -> detectorId) (\s@Member' {} a -> s {detectorId = a} :: Member)
+
+-- | The timestamp when the invitation was sent.
+member_invitedAt :: Lens.Lens' Member (Prelude.Maybe Prelude.Text)
+member_invitedAt = Lens.lens (\Member' {invitedAt} -> invitedAt) (\s@Member' {} a -> s {invitedAt = a} :: Member)
+
+-- | The ID of the member account.
+member_accountId :: Lens.Lens' Member Prelude.Text
+member_accountId = Lens.lens (\Member' {accountId} -> accountId) (\s@Member' {} a -> s {accountId = a} :: Member)
+
+-- | The administrator account ID.
+member_masterId :: Lens.Lens' Member Prelude.Text
+member_masterId = Lens.lens (\Member' {masterId} -> masterId) (\s@Member' {} a -> s {masterId = a} :: Member)
+
+-- | The email address of the member account.
+member_email :: Lens.Lens' Member Prelude.Text
+member_email = Lens.lens (\Member' {email} -> email) (\s@Member' {} a -> s {email = a} :: Member)
+
+-- | The status of the relationship between the member and the administrator.
+member_relationshipStatus :: Lens.Lens' Member Prelude.Text
+member_relationshipStatus = Lens.lens (\Member' {relationshipStatus} -> relationshipStatus) (\s@Member' {} a -> s {relationshipStatus = a} :: Member)
+
+-- | The last-updated timestamp of the member.
+member_updatedAt :: Lens.Lens' Member Prelude.Text
+member_updatedAt = Lens.lens (\Member' {updatedAt} -> updatedAt) (\s@Member' {} a -> s {updatedAt = a} :: Member)
+
+instance Data.FromJSON Member where
+  parseJSON =
+    Data.withObject
+      "Member"
+      ( \x ->
+          Member'
+            Prelude.<$> (x Data..:? "administratorId")
+            Prelude.<*> (x Data..:? "detectorId")
+            Prelude.<*> (x Data..:? "invitedAt")
+            Prelude.<*> (x Data..: "accountId")
+            Prelude.<*> (x Data..: "masterId")
+            Prelude.<*> (x Data..: "email")
+            Prelude.<*> (x Data..: "relationshipStatus")
+            Prelude.<*> (x Data..: "updatedAt")
+      )
+
+instance Prelude.Hashable Member where
+  hashWithSalt _salt Member' {..} =
+    _salt
+      `Prelude.hashWithSalt` administratorId
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` invitedAt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` masterId
+      `Prelude.hashWithSalt` email
+      `Prelude.hashWithSalt` relationshipStatus
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData Member where
+  rnf Member' {..} =
+    Prelude.rnf administratorId
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf invitedAt
+      `Prelude.seq` Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf masterId
+      `Prelude.seq` Prelude.rnf email
+      `Prelude.seq` Prelude.rnf relationshipStatus
+      `Prelude.seq` Prelude.rnf updatedAt
diff --git a/gen/Amazonka/GuardDuty/Types/MemberDataSourceConfiguration.hs b/gen/Amazonka/GuardDuty/Types/MemberDataSourceConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/MemberDataSourceConfiguration.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.MemberDataSourceConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.MemberDataSourceConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceConfigurationsResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on which data sources are enabled for a member
+-- account.
+--
+-- /See:/ 'newMemberDataSourceConfiguration' smart constructor.
+data MemberDataSourceConfiguration = MemberDataSourceConfiguration'
+  { -- | The account ID for the member account.
+    accountId :: Prelude.Text,
+    -- | Contains information on the status of data sources for the account.
+    dataSources :: DataSourceConfigurationsResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'MemberDataSourceConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'memberDataSourceConfiguration_accountId' - The account ID for the member account.
+--
+-- 'dataSources', 'memberDataSourceConfiguration_dataSources' - Contains information on the status of data sources for the account.
+newMemberDataSourceConfiguration ::
+  -- | 'accountId'
+  Prelude.Text ->
+  -- | 'dataSources'
+  DataSourceConfigurationsResult ->
+  MemberDataSourceConfiguration
+newMemberDataSourceConfiguration
+  pAccountId_
+  pDataSources_ =
+    MemberDataSourceConfiguration'
+      { accountId =
+          pAccountId_,
+        dataSources = pDataSources_
+      }
+
+-- | The account ID for the member account.
+memberDataSourceConfiguration_accountId :: Lens.Lens' MemberDataSourceConfiguration Prelude.Text
+memberDataSourceConfiguration_accountId = Lens.lens (\MemberDataSourceConfiguration' {accountId} -> accountId) (\s@MemberDataSourceConfiguration' {} a -> s {accountId = a} :: MemberDataSourceConfiguration)
+
+-- | Contains information on the status of data sources for the account.
+memberDataSourceConfiguration_dataSources :: Lens.Lens' MemberDataSourceConfiguration DataSourceConfigurationsResult
+memberDataSourceConfiguration_dataSources = Lens.lens (\MemberDataSourceConfiguration' {dataSources} -> dataSources) (\s@MemberDataSourceConfiguration' {} a -> s {dataSources = a} :: MemberDataSourceConfiguration)
+
+instance Data.FromJSON MemberDataSourceConfiguration where
+  parseJSON =
+    Data.withObject
+      "MemberDataSourceConfiguration"
+      ( \x ->
+          MemberDataSourceConfiguration'
+            Prelude.<$> (x Data..: "accountId")
+            Prelude.<*> (x Data..: "dataSources")
+      )
+
+instance
+  Prelude.Hashable
+    MemberDataSourceConfiguration
+  where
+  hashWithSalt _salt MemberDataSourceConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` dataSources
+
+instance Prelude.NFData MemberDataSourceConfiguration where
+  rnf MemberDataSourceConfiguration' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf dataSources
diff --git a/gen/Amazonka/GuardDuty/Types/NetworkConnectionAction.hs b/gen/Amazonka/GuardDuty/Types/NetworkConnectionAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/NetworkConnectionAction.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.NetworkConnectionAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.NetworkConnectionAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.LocalIpDetails
+import Amazonka.GuardDuty.Types.LocalPortDetails
+import Amazonka.GuardDuty.Types.RemoteIpDetails
+import Amazonka.GuardDuty.Types.RemotePortDetails
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the NETWORK_CONNECTION action described in
+-- the finding.
+--
+-- /See:/ 'newNetworkConnectionAction' smart constructor.
+data NetworkConnectionAction = NetworkConnectionAction'
+  { -- | Indicates whether EC2 blocked the network connection to your instance.
+    blocked :: Prelude.Maybe Prelude.Bool,
+    -- | The network connection direction.
+    connectionDirection :: Prelude.Maybe Prelude.Text,
+    -- | The local IP information of the connection.
+    localIpDetails :: Prelude.Maybe LocalIpDetails,
+    -- | The local port information of the connection.
+    localPortDetails :: Prelude.Maybe LocalPortDetails,
+    -- | The network connection protocol.
+    protocol :: Prelude.Maybe Prelude.Text,
+    -- | The remote IP information of the connection.
+    remoteIpDetails :: Prelude.Maybe RemoteIpDetails,
+    -- | The remote port information of the connection.
+    remotePortDetails :: Prelude.Maybe RemotePortDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NetworkConnectionAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blocked', 'networkConnectionAction_blocked' - Indicates whether EC2 blocked the network connection to your instance.
+--
+-- 'connectionDirection', 'networkConnectionAction_connectionDirection' - The network connection direction.
+--
+-- 'localIpDetails', 'networkConnectionAction_localIpDetails' - The local IP information of the connection.
+--
+-- 'localPortDetails', 'networkConnectionAction_localPortDetails' - The local port information of the connection.
+--
+-- 'protocol', 'networkConnectionAction_protocol' - The network connection protocol.
+--
+-- 'remoteIpDetails', 'networkConnectionAction_remoteIpDetails' - The remote IP information of the connection.
+--
+-- 'remotePortDetails', 'networkConnectionAction_remotePortDetails' - The remote port information of the connection.
+newNetworkConnectionAction ::
+  NetworkConnectionAction
+newNetworkConnectionAction =
+  NetworkConnectionAction'
+    { blocked = Prelude.Nothing,
+      connectionDirection = Prelude.Nothing,
+      localIpDetails = Prelude.Nothing,
+      localPortDetails = Prelude.Nothing,
+      protocol = Prelude.Nothing,
+      remoteIpDetails = Prelude.Nothing,
+      remotePortDetails = Prelude.Nothing
+    }
+
+-- | Indicates whether EC2 blocked the network connection to your instance.
+networkConnectionAction_blocked :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe Prelude.Bool)
+networkConnectionAction_blocked = Lens.lens (\NetworkConnectionAction' {blocked} -> blocked) (\s@NetworkConnectionAction' {} a -> s {blocked = a} :: NetworkConnectionAction)
+
+-- | The network connection direction.
+networkConnectionAction_connectionDirection :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe Prelude.Text)
+networkConnectionAction_connectionDirection = Lens.lens (\NetworkConnectionAction' {connectionDirection} -> connectionDirection) (\s@NetworkConnectionAction' {} a -> s {connectionDirection = a} :: NetworkConnectionAction)
+
+-- | The local IP information of the connection.
+networkConnectionAction_localIpDetails :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe LocalIpDetails)
+networkConnectionAction_localIpDetails = Lens.lens (\NetworkConnectionAction' {localIpDetails} -> localIpDetails) (\s@NetworkConnectionAction' {} a -> s {localIpDetails = a} :: NetworkConnectionAction)
+
+-- | The local port information of the connection.
+networkConnectionAction_localPortDetails :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe LocalPortDetails)
+networkConnectionAction_localPortDetails = Lens.lens (\NetworkConnectionAction' {localPortDetails} -> localPortDetails) (\s@NetworkConnectionAction' {} a -> s {localPortDetails = a} :: NetworkConnectionAction)
+
+-- | The network connection protocol.
+networkConnectionAction_protocol :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe Prelude.Text)
+networkConnectionAction_protocol = Lens.lens (\NetworkConnectionAction' {protocol} -> protocol) (\s@NetworkConnectionAction' {} a -> s {protocol = a} :: NetworkConnectionAction)
+
+-- | The remote IP information of the connection.
+networkConnectionAction_remoteIpDetails :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe RemoteIpDetails)
+networkConnectionAction_remoteIpDetails = Lens.lens (\NetworkConnectionAction' {remoteIpDetails} -> remoteIpDetails) (\s@NetworkConnectionAction' {} a -> s {remoteIpDetails = a} :: NetworkConnectionAction)
+
+-- | The remote port information of the connection.
+networkConnectionAction_remotePortDetails :: Lens.Lens' NetworkConnectionAction (Prelude.Maybe RemotePortDetails)
+networkConnectionAction_remotePortDetails = Lens.lens (\NetworkConnectionAction' {remotePortDetails} -> remotePortDetails) (\s@NetworkConnectionAction' {} a -> s {remotePortDetails = a} :: NetworkConnectionAction)
+
+instance Data.FromJSON NetworkConnectionAction where
+  parseJSON =
+    Data.withObject
+      "NetworkConnectionAction"
+      ( \x ->
+          NetworkConnectionAction'
+            Prelude.<$> (x Data..:? "blocked")
+            Prelude.<*> (x Data..:? "connectionDirection")
+            Prelude.<*> (x Data..:? "localIpDetails")
+            Prelude.<*> (x Data..:? "localPortDetails")
+            Prelude.<*> (x Data..:? "protocol")
+            Prelude.<*> (x Data..:? "remoteIpDetails")
+            Prelude.<*> (x Data..:? "remotePortDetails")
+      )
+
+instance Prelude.Hashable NetworkConnectionAction where
+  hashWithSalt _salt NetworkConnectionAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` blocked
+      `Prelude.hashWithSalt` connectionDirection
+      `Prelude.hashWithSalt` localIpDetails
+      `Prelude.hashWithSalt` localPortDetails
+      `Prelude.hashWithSalt` protocol
+      `Prelude.hashWithSalt` remoteIpDetails
+      `Prelude.hashWithSalt` remotePortDetails
+
+instance Prelude.NFData NetworkConnectionAction where
+  rnf NetworkConnectionAction' {..} =
+    Prelude.rnf blocked
+      `Prelude.seq` Prelude.rnf connectionDirection
+      `Prelude.seq` Prelude.rnf localIpDetails
+      `Prelude.seq` Prelude.rnf localPortDetails
+      `Prelude.seq` Prelude.rnf protocol
+      `Prelude.seq` Prelude.rnf remoteIpDetails
+      `Prelude.seq` Prelude.rnf remotePortDetails
diff --git a/gen/Amazonka/GuardDuty/Types/NetworkInterface.hs b/gen/Amazonka/GuardDuty/Types/NetworkInterface.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/NetworkInterface.hs
@@ -0,0 +1,186 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.NetworkInterface
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.NetworkInterface where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.PrivateIpAddressDetails
+import Amazonka.GuardDuty.Types.SecurityGroup
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the elastic network interface of the EC2
+-- instance.
+--
+-- /See:/ 'newNetworkInterface' smart constructor.
+data NetworkInterface = NetworkInterface'
+  { -- | A list of IPv6 addresses for the EC2 instance.
+    ipv6Addresses :: Prelude.Maybe [Prelude.Text],
+    -- | The ID of the network interface.
+    networkInterfaceId :: Prelude.Maybe Prelude.Text,
+    -- | The private DNS name of the EC2 instance.
+    privateDnsName :: Prelude.Maybe Prelude.Text,
+    -- | The private IP address of the EC2 instance.
+    privateIpAddress :: Prelude.Maybe Prelude.Text,
+    -- | Other private IP address information of the EC2 instance.
+    privateIpAddresses :: Prelude.Maybe [PrivateIpAddressDetails],
+    -- | The public DNS name of the EC2 instance.
+    publicDnsName :: Prelude.Maybe Prelude.Text,
+    -- | The public IP address of the EC2 instance.
+    publicIp :: Prelude.Maybe Prelude.Text,
+    -- | The security groups associated with the EC2 instance.
+    securityGroups :: Prelude.Maybe [SecurityGroup],
+    -- | The subnet ID of the EC2 instance.
+    subnetId :: Prelude.Maybe Prelude.Text,
+    -- | The VPC ID of the EC2 instance.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NetworkInterface' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipv6Addresses', 'networkInterface_ipv6Addresses' - A list of IPv6 addresses for the EC2 instance.
+--
+-- 'networkInterfaceId', 'networkInterface_networkInterfaceId' - The ID of the network interface.
+--
+-- 'privateDnsName', 'networkInterface_privateDnsName' - The private DNS name of the EC2 instance.
+--
+-- 'privateIpAddress', 'networkInterface_privateIpAddress' - The private IP address of the EC2 instance.
+--
+-- 'privateIpAddresses', 'networkInterface_privateIpAddresses' - Other private IP address information of the EC2 instance.
+--
+-- 'publicDnsName', 'networkInterface_publicDnsName' - The public DNS name of the EC2 instance.
+--
+-- 'publicIp', 'networkInterface_publicIp' - The public IP address of the EC2 instance.
+--
+-- 'securityGroups', 'networkInterface_securityGroups' - The security groups associated with the EC2 instance.
+--
+-- 'subnetId', 'networkInterface_subnetId' - The subnet ID of the EC2 instance.
+--
+-- 'vpcId', 'networkInterface_vpcId' - The VPC ID of the EC2 instance.
+newNetworkInterface ::
+  NetworkInterface
+newNetworkInterface =
+  NetworkInterface'
+    { ipv6Addresses = Prelude.Nothing,
+      networkInterfaceId = Prelude.Nothing,
+      privateDnsName = Prelude.Nothing,
+      privateIpAddress = Prelude.Nothing,
+      privateIpAddresses = Prelude.Nothing,
+      publicDnsName = Prelude.Nothing,
+      publicIp = Prelude.Nothing,
+      securityGroups = Prelude.Nothing,
+      subnetId = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | A list of IPv6 addresses for the EC2 instance.
+networkInterface_ipv6Addresses :: Lens.Lens' NetworkInterface (Prelude.Maybe [Prelude.Text])
+networkInterface_ipv6Addresses = Lens.lens (\NetworkInterface' {ipv6Addresses} -> ipv6Addresses) (\s@NetworkInterface' {} a -> s {ipv6Addresses = a} :: NetworkInterface) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the network interface.
+networkInterface_networkInterfaceId :: Lens.Lens' NetworkInterface (Prelude.Maybe Prelude.Text)
+networkInterface_networkInterfaceId = Lens.lens (\NetworkInterface' {networkInterfaceId} -> networkInterfaceId) (\s@NetworkInterface' {} a -> s {networkInterfaceId = a} :: NetworkInterface)
+
+-- | The private DNS name of the EC2 instance.
+networkInterface_privateDnsName :: Lens.Lens' NetworkInterface (Prelude.Maybe Prelude.Text)
+networkInterface_privateDnsName = Lens.lens (\NetworkInterface' {privateDnsName} -> privateDnsName) (\s@NetworkInterface' {} a -> s {privateDnsName = a} :: NetworkInterface)
+
+-- | The private IP address of the EC2 instance.
+networkInterface_privateIpAddress :: Lens.Lens' NetworkInterface (Prelude.Maybe Prelude.Text)
+networkInterface_privateIpAddress = Lens.lens (\NetworkInterface' {privateIpAddress} -> privateIpAddress) (\s@NetworkInterface' {} a -> s {privateIpAddress = a} :: NetworkInterface)
+
+-- | Other private IP address information of the EC2 instance.
+networkInterface_privateIpAddresses :: Lens.Lens' NetworkInterface (Prelude.Maybe [PrivateIpAddressDetails])
+networkInterface_privateIpAddresses = Lens.lens (\NetworkInterface' {privateIpAddresses} -> privateIpAddresses) (\s@NetworkInterface' {} a -> s {privateIpAddresses = a} :: NetworkInterface) Prelude.. Lens.mapping Lens.coerced
+
+-- | The public DNS name of the EC2 instance.
+networkInterface_publicDnsName :: Lens.Lens' NetworkInterface (Prelude.Maybe Prelude.Text)
+networkInterface_publicDnsName = Lens.lens (\NetworkInterface' {publicDnsName} -> publicDnsName) (\s@NetworkInterface' {} a -> s {publicDnsName = a} :: NetworkInterface)
+
+-- | The public IP address of the EC2 instance.
+networkInterface_publicIp :: Lens.Lens' NetworkInterface (Prelude.Maybe Prelude.Text)
+networkInterface_publicIp = Lens.lens (\NetworkInterface' {publicIp} -> publicIp) (\s@NetworkInterface' {} a -> s {publicIp = a} :: NetworkInterface)
+
+-- | The security groups associated with the EC2 instance.
+networkInterface_securityGroups :: Lens.Lens' NetworkInterface (Prelude.Maybe [SecurityGroup])
+networkInterface_securityGroups = Lens.lens (\NetworkInterface' {securityGroups} -> securityGroups) (\s@NetworkInterface' {} a -> s {securityGroups = a} :: NetworkInterface) Prelude.. Lens.mapping Lens.coerced
+
+-- | The subnet ID of the EC2 instance.
+networkInterface_subnetId :: Lens.Lens' NetworkInterface (Prelude.Maybe Prelude.Text)
+networkInterface_subnetId = Lens.lens (\NetworkInterface' {subnetId} -> subnetId) (\s@NetworkInterface' {} a -> s {subnetId = a} :: NetworkInterface)
+
+-- | The VPC ID of the EC2 instance.
+networkInterface_vpcId :: Lens.Lens' NetworkInterface (Prelude.Maybe Prelude.Text)
+networkInterface_vpcId = Lens.lens (\NetworkInterface' {vpcId} -> vpcId) (\s@NetworkInterface' {} a -> s {vpcId = a} :: NetworkInterface)
+
+instance Data.FromJSON NetworkInterface where
+  parseJSON =
+    Data.withObject
+      "NetworkInterface"
+      ( \x ->
+          NetworkInterface'
+            Prelude.<$> (x Data..:? "ipv6Addresses" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "networkInterfaceId")
+            Prelude.<*> (x Data..:? "privateDnsName")
+            Prelude.<*> (x Data..:? "privateIpAddress")
+            Prelude.<*> ( x
+                            Data..:? "privateIpAddresses"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "publicDnsName")
+            Prelude.<*> (x Data..:? "publicIp")
+            Prelude.<*> (x Data..:? "securityGroups" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "subnetId")
+            Prelude.<*> (x Data..:? "vpcId")
+      )
+
+instance Prelude.Hashable NetworkInterface where
+  hashWithSalt _salt NetworkInterface' {..} =
+    _salt
+      `Prelude.hashWithSalt` ipv6Addresses
+      `Prelude.hashWithSalt` networkInterfaceId
+      `Prelude.hashWithSalt` privateDnsName
+      `Prelude.hashWithSalt` privateIpAddress
+      `Prelude.hashWithSalt` privateIpAddresses
+      `Prelude.hashWithSalt` publicDnsName
+      `Prelude.hashWithSalt` publicIp
+      `Prelude.hashWithSalt` securityGroups
+      `Prelude.hashWithSalt` subnetId
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData NetworkInterface where
+  rnf NetworkInterface' {..} =
+    Prelude.rnf ipv6Addresses
+      `Prelude.seq` Prelude.rnf networkInterfaceId
+      `Prelude.seq` Prelude.rnf privateDnsName
+      `Prelude.seq` Prelude.rnf privateIpAddress
+      `Prelude.seq` Prelude.rnf privateIpAddresses
+      `Prelude.seq` Prelude.rnf publicDnsName
+      `Prelude.seq` Prelude.rnf publicIp
+      `Prelude.seq` Prelude.rnf securityGroups
+      `Prelude.seq` Prelude.rnf subnetId
+      `Prelude.seq` Prelude.rnf vpcId
diff --git a/gen/Amazonka/GuardDuty/Types/OrderBy.hs b/gen/Amazonka/GuardDuty/Types/OrderBy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrderBy.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrderBy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrderBy
+  ( OrderBy
+      ( ..,
+        OrderBy_ASC,
+        OrderBy_DESC
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype OrderBy = OrderBy' {fromOrderBy :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern OrderBy_ASC :: OrderBy
+pattern OrderBy_ASC = OrderBy' "ASC"
+
+pattern OrderBy_DESC :: OrderBy
+pattern OrderBy_DESC = OrderBy' "DESC"
+
+{-# COMPLETE
+  OrderBy_ASC,
+  OrderBy_DESC,
+  OrderBy'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/Organization.hs b/gen/Amazonka/GuardDuty/Types/Organization.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Organization.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Organization
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Organization where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the ISP organization of the remote IP
+-- address.
+--
+-- /See:/ 'newOrganization' smart constructor.
+data Organization = Organization'
+  { -- | The Autonomous System Number (ASN) of the internet provider of the
+    -- remote IP address.
+    asn :: Prelude.Maybe Prelude.Text,
+    -- | The organization that registered this ASN.
+    asnOrg :: Prelude.Maybe Prelude.Text,
+    -- | The ISP information for the internet provider.
+    isp :: Prelude.Maybe Prelude.Text,
+    -- | The name of the internet provider.
+    org :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Organization' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'asn', 'organization_asn' - The Autonomous System Number (ASN) of the internet provider of the
+-- remote IP address.
+--
+-- 'asnOrg', 'organization_asnOrg' - The organization that registered this ASN.
+--
+-- 'isp', 'organization_isp' - The ISP information for the internet provider.
+--
+-- 'org', 'organization_org' - The name of the internet provider.
+newOrganization ::
+  Organization
+newOrganization =
+  Organization'
+    { asn = Prelude.Nothing,
+      asnOrg = Prelude.Nothing,
+      isp = Prelude.Nothing,
+      org = Prelude.Nothing
+    }
+
+-- | The Autonomous System Number (ASN) of the internet provider of the
+-- remote IP address.
+organization_asn :: Lens.Lens' Organization (Prelude.Maybe Prelude.Text)
+organization_asn = Lens.lens (\Organization' {asn} -> asn) (\s@Organization' {} a -> s {asn = a} :: Organization)
+
+-- | The organization that registered this ASN.
+organization_asnOrg :: Lens.Lens' Organization (Prelude.Maybe Prelude.Text)
+organization_asnOrg = Lens.lens (\Organization' {asnOrg} -> asnOrg) (\s@Organization' {} a -> s {asnOrg = a} :: Organization)
+
+-- | The ISP information for the internet provider.
+organization_isp :: Lens.Lens' Organization (Prelude.Maybe Prelude.Text)
+organization_isp = Lens.lens (\Organization' {isp} -> isp) (\s@Organization' {} a -> s {isp = a} :: Organization)
+
+-- | The name of the internet provider.
+organization_org :: Lens.Lens' Organization (Prelude.Maybe Prelude.Text)
+organization_org = Lens.lens (\Organization' {org} -> org) (\s@Organization' {} a -> s {org = a} :: Organization)
+
+instance Data.FromJSON Organization where
+  parseJSON =
+    Data.withObject
+      "Organization"
+      ( \x ->
+          Organization'
+            Prelude.<$> (x Data..:? "asn")
+            Prelude.<*> (x Data..:? "asnOrg")
+            Prelude.<*> (x Data..:? "isp")
+            Prelude.<*> (x Data..:? "org")
+      )
+
+instance Prelude.Hashable Organization where
+  hashWithSalt _salt Organization' {..} =
+    _salt
+      `Prelude.hashWithSalt` asn
+      `Prelude.hashWithSalt` asnOrg
+      `Prelude.hashWithSalt` isp
+      `Prelude.hashWithSalt` org
+
+instance Prelude.NFData Organization where
+  rnf Organization' {..} =
+    Prelude.rnf asn
+      `Prelude.seq` Prelude.rnf asnOrg
+      `Prelude.seq` Prelude.rnf isp
+      `Prelude.seq` Prelude.rnf org
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationDataSourceConfigurations.hs b/gen/Amazonka/GuardDuty/Types/OrganizationDataSourceConfigurations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationDataSourceConfigurations.hs
@@ -0,0 +1,122 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurations where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationKubernetesConfiguration
+import Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfiguration
+import Amazonka.GuardDuty.Types.OrganizationS3LogsConfiguration
+import qualified Amazonka.Prelude as Prelude
+
+-- | An object that contains information on which data sources will be
+-- configured to be automatically enabled for new members within the
+-- organization.
+--
+-- /See:/ 'newOrganizationDataSourceConfigurations' smart constructor.
+data OrganizationDataSourceConfigurations = OrganizationDataSourceConfigurations'
+  { -- | Describes the configuration of Kubernetes data sources for new members
+    -- of the organization.
+    kubernetes :: Prelude.Maybe OrganizationKubernetesConfiguration,
+    -- | Describes the configuration of Malware Protection for new members of the
+    -- organization.
+    malwareProtection :: Prelude.Maybe OrganizationMalwareProtectionConfiguration,
+    -- | Describes whether S3 data event logs are enabled for new members of the
+    -- organization.
+    s3Logs :: Prelude.Maybe OrganizationS3LogsConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationDataSourceConfigurations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kubernetes', 'organizationDataSourceConfigurations_kubernetes' - Describes the configuration of Kubernetes data sources for new members
+-- of the organization.
+--
+-- 'malwareProtection', 'organizationDataSourceConfigurations_malwareProtection' - Describes the configuration of Malware Protection for new members of the
+-- organization.
+--
+-- 's3Logs', 'organizationDataSourceConfigurations_s3Logs' - Describes whether S3 data event logs are enabled for new members of the
+-- organization.
+newOrganizationDataSourceConfigurations ::
+  OrganizationDataSourceConfigurations
+newOrganizationDataSourceConfigurations =
+  OrganizationDataSourceConfigurations'
+    { kubernetes =
+        Prelude.Nothing,
+      malwareProtection = Prelude.Nothing,
+      s3Logs = Prelude.Nothing
+    }
+
+-- | Describes the configuration of Kubernetes data sources for new members
+-- of the organization.
+organizationDataSourceConfigurations_kubernetes :: Lens.Lens' OrganizationDataSourceConfigurations (Prelude.Maybe OrganizationKubernetesConfiguration)
+organizationDataSourceConfigurations_kubernetes = Lens.lens (\OrganizationDataSourceConfigurations' {kubernetes} -> kubernetes) (\s@OrganizationDataSourceConfigurations' {} a -> s {kubernetes = a} :: OrganizationDataSourceConfigurations)
+
+-- | Describes the configuration of Malware Protection for new members of the
+-- organization.
+organizationDataSourceConfigurations_malwareProtection :: Lens.Lens' OrganizationDataSourceConfigurations (Prelude.Maybe OrganizationMalwareProtectionConfiguration)
+organizationDataSourceConfigurations_malwareProtection = Lens.lens (\OrganizationDataSourceConfigurations' {malwareProtection} -> malwareProtection) (\s@OrganizationDataSourceConfigurations' {} a -> s {malwareProtection = a} :: OrganizationDataSourceConfigurations)
+
+-- | Describes whether S3 data event logs are enabled for new members of the
+-- organization.
+organizationDataSourceConfigurations_s3Logs :: Lens.Lens' OrganizationDataSourceConfigurations (Prelude.Maybe OrganizationS3LogsConfiguration)
+organizationDataSourceConfigurations_s3Logs = Lens.lens (\OrganizationDataSourceConfigurations' {s3Logs} -> s3Logs) (\s@OrganizationDataSourceConfigurations' {} a -> s {s3Logs = a} :: OrganizationDataSourceConfigurations)
+
+instance
+  Prelude.Hashable
+    OrganizationDataSourceConfigurations
+  where
+  hashWithSalt
+    _salt
+    OrganizationDataSourceConfigurations' {..} =
+      _salt
+        `Prelude.hashWithSalt` kubernetes
+        `Prelude.hashWithSalt` malwareProtection
+        `Prelude.hashWithSalt` s3Logs
+
+instance
+  Prelude.NFData
+    OrganizationDataSourceConfigurations
+  where
+  rnf OrganizationDataSourceConfigurations' {..} =
+    Prelude.rnf kubernetes
+      `Prelude.seq` Prelude.rnf malwareProtection
+      `Prelude.seq` Prelude.rnf s3Logs
+
+instance
+  Data.ToJSON
+    OrganizationDataSourceConfigurations
+  where
+  toJSON OrganizationDataSourceConfigurations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("kubernetes" Data..=) Prelude.<$> kubernetes,
+            ("malwareProtection" Data..=)
+              Prelude.<$> malwareProtection,
+            ("s3Logs" Data..=) Prelude.<$> s3Logs
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationDataSourceConfigurationsResult.hs b/gen/Amazonka/GuardDuty/Types/OrganizationDataSourceConfigurationsResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationDataSourceConfigurationsResult.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurationsResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationDataSourceConfigurationsResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationKubernetesConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfigurationResult
+import Amazonka.GuardDuty.Types.OrganizationS3LogsConfigurationResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | An object that contains information on which data sources are
+-- automatically enabled for new members within the organization.
+--
+-- /See:/ 'newOrganizationDataSourceConfigurationsResult' smart constructor.
+data OrganizationDataSourceConfigurationsResult = OrganizationDataSourceConfigurationsResult'
+  { -- | Describes the configuration of Kubernetes data sources.
+    kubernetes :: Prelude.Maybe OrganizationKubernetesConfigurationResult,
+    -- | Describes the configuration of Malware Protection data source for an
+    -- organization.
+    malwareProtection :: Prelude.Maybe OrganizationMalwareProtectionConfigurationResult,
+    -- | Describes whether S3 data event logs are enabled as a data source.
+    s3Logs :: OrganizationS3LogsConfigurationResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationDataSourceConfigurationsResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'kubernetes', 'organizationDataSourceConfigurationsResult_kubernetes' - Describes the configuration of Kubernetes data sources.
+--
+-- 'malwareProtection', 'organizationDataSourceConfigurationsResult_malwareProtection' - Describes the configuration of Malware Protection data source for an
+-- organization.
+--
+-- 's3Logs', 'organizationDataSourceConfigurationsResult_s3Logs' - Describes whether S3 data event logs are enabled as a data source.
+newOrganizationDataSourceConfigurationsResult ::
+  -- | 's3Logs'
+  OrganizationS3LogsConfigurationResult ->
+  OrganizationDataSourceConfigurationsResult
+newOrganizationDataSourceConfigurationsResult
+  pS3Logs_ =
+    OrganizationDataSourceConfigurationsResult'
+      { kubernetes =
+          Prelude.Nothing,
+        malwareProtection =
+          Prelude.Nothing,
+        s3Logs = pS3Logs_
+      }
+
+-- | Describes the configuration of Kubernetes data sources.
+organizationDataSourceConfigurationsResult_kubernetes :: Lens.Lens' OrganizationDataSourceConfigurationsResult (Prelude.Maybe OrganizationKubernetesConfigurationResult)
+organizationDataSourceConfigurationsResult_kubernetes = Lens.lens (\OrganizationDataSourceConfigurationsResult' {kubernetes} -> kubernetes) (\s@OrganizationDataSourceConfigurationsResult' {} a -> s {kubernetes = a} :: OrganizationDataSourceConfigurationsResult)
+
+-- | Describes the configuration of Malware Protection data source for an
+-- organization.
+organizationDataSourceConfigurationsResult_malwareProtection :: Lens.Lens' OrganizationDataSourceConfigurationsResult (Prelude.Maybe OrganizationMalwareProtectionConfigurationResult)
+organizationDataSourceConfigurationsResult_malwareProtection = Lens.lens (\OrganizationDataSourceConfigurationsResult' {malwareProtection} -> malwareProtection) (\s@OrganizationDataSourceConfigurationsResult' {} a -> s {malwareProtection = a} :: OrganizationDataSourceConfigurationsResult)
+
+-- | Describes whether S3 data event logs are enabled as a data source.
+organizationDataSourceConfigurationsResult_s3Logs :: Lens.Lens' OrganizationDataSourceConfigurationsResult OrganizationS3LogsConfigurationResult
+organizationDataSourceConfigurationsResult_s3Logs = Lens.lens (\OrganizationDataSourceConfigurationsResult' {s3Logs} -> s3Logs) (\s@OrganizationDataSourceConfigurationsResult' {} a -> s {s3Logs = a} :: OrganizationDataSourceConfigurationsResult)
+
+instance
+  Data.FromJSON
+    OrganizationDataSourceConfigurationsResult
+  where
+  parseJSON =
+    Data.withObject
+      "OrganizationDataSourceConfigurationsResult"
+      ( \x ->
+          OrganizationDataSourceConfigurationsResult'
+            Prelude.<$> (x Data..:? "kubernetes")
+            Prelude.<*> (x Data..:? "malwareProtection")
+            Prelude.<*> (x Data..: "s3Logs")
+      )
+
+instance
+  Prelude.Hashable
+    OrganizationDataSourceConfigurationsResult
+  where
+  hashWithSalt
+    _salt
+    OrganizationDataSourceConfigurationsResult' {..} =
+      _salt
+        `Prelude.hashWithSalt` kubernetes
+        `Prelude.hashWithSalt` malwareProtection
+        `Prelude.hashWithSalt` s3Logs
+
+instance
+  Prelude.NFData
+    OrganizationDataSourceConfigurationsResult
+  where
+  rnf OrganizationDataSourceConfigurationsResult' {..} =
+    Prelude.rnf kubernetes
+      `Prelude.seq` Prelude.rnf malwareProtection
+      `Prelude.seq` Prelude.rnf s3Logs
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationEbsVolumes.hs b/gen/Amazonka/GuardDuty/Types/OrganizationEbsVolumes.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationEbsVolumes.hs
@@ -0,0 +1,73 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationEbsVolumes
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationEbsVolumes where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Organization-wide EBS volumes scan configuration.
+--
+-- /See:/ 'newOrganizationEbsVolumes' smart constructor.
+data OrganizationEbsVolumes = OrganizationEbsVolumes'
+  { -- | Whether scanning EBS volumes should be auto-enabled for new members
+    -- joining the organization.
+    autoEnable :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationEbsVolumes' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnable', 'organizationEbsVolumes_autoEnable' - Whether scanning EBS volumes should be auto-enabled for new members
+-- joining the organization.
+newOrganizationEbsVolumes ::
+  OrganizationEbsVolumes
+newOrganizationEbsVolumes =
+  OrganizationEbsVolumes'
+    { autoEnable =
+        Prelude.Nothing
+    }
+
+-- | Whether scanning EBS volumes should be auto-enabled for new members
+-- joining the organization.
+organizationEbsVolumes_autoEnable :: Lens.Lens' OrganizationEbsVolumes (Prelude.Maybe Prelude.Bool)
+organizationEbsVolumes_autoEnable = Lens.lens (\OrganizationEbsVolumes' {autoEnable} -> autoEnable) (\s@OrganizationEbsVolumes' {} a -> s {autoEnable = a} :: OrganizationEbsVolumes)
+
+instance Prelude.Hashable OrganizationEbsVolumes where
+  hashWithSalt _salt OrganizationEbsVolumes' {..} =
+    _salt `Prelude.hashWithSalt` autoEnable
+
+instance Prelude.NFData OrganizationEbsVolumes where
+  rnf OrganizationEbsVolumes' {..} =
+    Prelude.rnf autoEnable
+
+instance Data.ToJSON OrganizationEbsVolumes where
+  toJSON OrganizationEbsVolumes' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("autoEnable" Data..=) Prelude.<$> autoEnable]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationEbsVolumesResult.hs b/gen/Amazonka/GuardDuty/Types/OrganizationEbsVolumesResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationEbsVolumesResult.hs
@@ -0,0 +1,79 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationEbsVolumesResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationEbsVolumesResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An object that contains information on the status of whether EBS volumes
+-- scanning will be enabled as a data source for an organization.
+--
+-- /See:/ 'newOrganizationEbsVolumesResult' smart constructor.
+data OrganizationEbsVolumesResult = OrganizationEbsVolumesResult'
+  { -- | An object that contains the status of whether scanning EBS volumes
+    -- should be auto-enabled for new members joining the organization.
+    autoEnable :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationEbsVolumesResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnable', 'organizationEbsVolumesResult_autoEnable' - An object that contains the status of whether scanning EBS volumes
+-- should be auto-enabled for new members joining the organization.
+newOrganizationEbsVolumesResult ::
+  OrganizationEbsVolumesResult
+newOrganizationEbsVolumesResult =
+  OrganizationEbsVolumesResult'
+    { autoEnable =
+        Prelude.Nothing
+    }
+
+-- | An object that contains the status of whether scanning EBS volumes
+-- should be auto-enabled for new members joining the organization.
+organizationEbsVolumesResult_autoEnable :: Lens.Lens' OrganizationEbsVolumesResult (Prelude.Maybe Prelude.Bool)
+organizationEbsVolumesResult_autoEnable = Lens.lens (\OrganizationEbsVolumesResult' {autoEnable} -> autoEnable) (\s@OrganizationEbsVolumesResult' {} a -> s {autoEnable = a} :: OrganizationEbsVolumesResult)
+
+instance Data.FromJSON OrganizationEbsVolumesResult where
+  parseJSON =
+    Data.withObject
+      "OrganizationEbsVolumesResult"
+      ( \x ->
+          OrganizationEbsVolumesResult'
+            Prelude.<$> (x Data..:? "autoEnable")
+      )
+
+instance
+  Prelude.Hashable
+    OrganizationEbsVolumesResult
+  where
+  hashWithSalt _salt OrganizationEbsVolumesResult' {..} =
+    _salt `Prelude.hashWithSalt` autoEnable
+
+instance Prelude.NFData OrganizationEbsVolumesResult where
+  rnf OrganizationEbsVolumesResult' {..} =
+    Prelude.rnf autoEnable
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesAuditLogsConfiguration.hs b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesAuditLogsConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesAuditLogsConfiguration.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Organization-wide Kubernetes audit logs configuration.
+--
+-- /See:/ 'newOrganizationKubernetesAuditLogsConfiguration' smart constructor.
+data OrganizationKubernetesAuditLogsConfiguration = OrganizationKubernetesAuditLogsConfiguration'
+  { -- | A value that contains information on whether Kubernetes audit logs
+    -- should be enabled automatically as a data source for the organization.
+    autoEnable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationKubernetesAuditLogsConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnable', 'organizationKubernetesAuditLogsConfiguration_autoEnable' - A value that contains information on whether Kubernetes audit logs
+-- should be enabled automatically as a data source for the organization.
+newOrganizationKubernetesAuditLogsConfiguration ::
+  -- | 'autoEnable'
+  Prelude.Bool ->
+  OrganizationKubernetesAuditLogsConfiguration
+newOrganizationKubernetesAuditLogsConfiguration
+  pAutoEnable_ =
+    OrganizationKubernetesAuditLogsConfiguration'
+      { autoEnable =
+          pAutoEnable_
+      }
+
+-- | A value that contains information on whether Kubernetes audit logs
+-- should be enabled automatically as a data source for the organization.
+organizationKubernetesAuditLogsConfiguration_autoEnable :: Lens.Lens' OrganizationKubernetesAuditLogsConfiguration Prelude.Bool
+organizationKubernetesAuditLogsConfiguration_autoEnable = Lens.lens (\OrganizationKubernetesAuditLogsConfiguration' {autoEnable} -> autoEnable) (\s@OrganizationKubernetesAuditLogsConfiguration' {} a -> s {autoEnable = a} :: OrganizationKubernetesAuditLogsConfiguration)
+
+instance
+  Prelude.Hashable
+    OrganizationKubernetesAuditLogsConfiguration
+  where
+  hashWithSalt
+    _salt
+    OrganizationKubernetesAuditLogsConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` autoEnable
+
+instance
+  Prelude.NFData
+    OrganizationKubernetesAuditLogsConfiguration
+  where
+  rnf OrganizationKubernetesAuditLogsConfiguration' {..} =
+    Prelude.rnf autoEnable
+
+instance
+  Data.ToJSON
+    OrganizationKubernetesAuditLogsConfiguration
+  where
+  toJSON
+    OrganizationKubernetesAuditLogsConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [Prelude.Just ("autoEnable" Data..= autoEnable)]
+        )
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesAuditLogsConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesAuditLogsConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesAuditLogsConfigurationResult.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The current configuration of Kubernetes audit logs as a data source for
+-- the organization.
+--
+-- /See:/ 'newOrganizationKubernetesAuditLogsConfigurationResult' smart constructor.
+data OrganizationKubernetesAuditLogsConfigurationResult = OrganizationKubernetesAuditLogsConfigurationResult'
+  { -- | Whether Kubernetes audit logs data source should be auto-enabled for new
+    -- members joining the organization.
+    autoEnable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationKubernetesAuditLogsConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnable', 'organizationKubernetesAuditLogsConfigurationResult_autoEnable' - Whether Kubernetes audit logs data source should be auto-enabled for new
+-- members joining the organization.
+newOrganizationKubernetesAuditLogsConfigurationResult ::
+  -- | 'autoEnable'
+  Prelude.Bool ->
+  OrganizationKubernetesAuditLogsConfigurationResult
+newOrganizationKubernetesAuditLogsConfigurationResult
+  pAutoEnable_ =
+    OrganizationKubernetesAuditLogsConfigurationResult'
+      { autoEnable =
+          pAutoEnable_
+      }
+
+-- | Whether Kubernetes audit logs data source should be auto-enabled for new
+-- members joining the organization.
+organizationKubernetesAuditLogsConfigurationResult_autoEnable :: Lens.Lens' OrganizationKubernetesAuditLogsConfigurationResult Prelude.Bool
+organizationKubernetesAuditLogsConfigurationResult_autoEnable = Lens.lens (\OrganizationKubernetesAuditLogsConfigurationResult' {autoEnable} -> autoEnable) (\s@OrganizationKubernetesAuditLogsConfigurationResult' {} a -> s {autoEnable = a} :: OrganizationKubernetesAuditLogsConfigurationResult)
+
+instance
+  Data.FromJSON
+    OrganizationKubernetesAuditLogsConfigurationResult
+  where
+  parseJSON =
+    Data.withObject
+      "OrganizationKubernetesAuditLogsConfigurationResult"
+      ( \x ->
+          OrganizationKubernetesAuditLogsConfigurationResult'
+            Prelude.<$> (x Data..: "autoEnable")
+      )
+
+instance
+  Prelude.Hashable
+    OrganizationKubernetesAuditLogsConfigurationResult
+  where
+  hashWithSalt
+    _salt
+    OrganizationKubernetesAuditLogsConfigurationResult' {..} =
+      _salt `Prelude.hashWithSalt` autoEnable
+
+instance
+  Prelude.NFData
+    OrganizationKubernetesAuditLogsConfigurationResult
+  where
+  rnf
+    OrganizationKubernetesAuditLogsConfigurationResult' {..} =
+      Prelude.rnf autoEnable
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesConfiguration.hs b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesConfiguration.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationKubernetesConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationKubernetesConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfiguration
+import qualified Amazonka.Prelude as Prelude
+
+-- | Organization-wide Kubernetes data sources configurations.
+--
+-- /See:/ 'newOrganizationKubernetesConfiguration' smart constructor.
+data OrganizationKubernetesConfiguration = OrganizationKubernetesConfiguration'
+  { -- | Whether Kubernetes audit logs data source should be auto-enabled for new
+    -- members joining the organization.
+    auditLogs :: OrganizationKubernetesAuditLogsConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationKubernetesConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'auditLogs', 'organizationKubernetesConfiguration_auditLogs' - Whether Kubernetes audit logs data source should be auto-enabled for new
+-- members joining the organization.
+newOrganizationKubernetesConfiguration ::
+  -- | 'auditLogs'
+  OrganizationKubernetesAuditLogsConfiguration ->
+  OrganizationKubernetesConfiguration
+newOrganizationKubernetesConfiguration pAuditLogs_ =
+  OrganizationKubernetesConfiguration'
+    { auditLogs =
+        pAuditLogs_
+    }
+
+-- | Whether Kubernetes audit logs data source should be auto-enabled for new
+-- members joining the organization.
+organizationKubernetesConfiguration_auditLogs :: Lens.Lens' OrganizationKubernetesConfiguration OrganizationKubernetesAuditLogsConfiguration
+organizationKubernetesConfiguration_auditLogs = Lens.lens (\OrganizationKubernetesConfiguration' {auditLogs} -> auditLogs) (\s@OrganizationKubernetesConfiguration' {} a -> s {auditLogs = a} :: OrganizationKubernetesConfiguration)
+
+instance
+  Prelude.Hashable
+    OrganizationKubernetesConfiguration
+  where
+  hashWithSalt
+    _salt
+    OrganizationKubernetesConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` auditLogs
+
+instance
+  Prelude.NFData
+    OrganizationKubernetesConfiguration
+  where
+  rnf OrganizationKubernetesConfiguration' {..} =
+    Prelude.rnf auditLogs
+
+instance
+  Data.ToJSON
+    OrganizationKubernetesConfiguration
+  where
+  toJSON OrganizationKubernetesConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("auditLogs" Data..= auditLogs)]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationKubernetesConfigurationResult.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationKubernetesConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationKubernetesConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationKubernetesAuditLogsConfigurationResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | The current configuration of all Kubernetes data sources for the
+-- organization.
+--
+-- /See:/ 'newOrganizationKubernetesConfigurationResult' smart constructor.
+data OrganizationKubernetesConfigurationResult = OrganizationKubernetesConfigurationResult'
+  { -- | The current configuration of Kubernetes audit logs as a data source for
+    -- the organization.
+    auditLogs :: OrganizationKubernetesAuditLogsConfigurationResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationKubernetesConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'auditLogs', 'organizationKubernetesConfigurationResult_auditLogs' - The current configuration of Kubernetes audit logs as a data source for
+-- the organization.
+newOrganizationKubernetesConfigurationResult ::
+  -- | 'auditLogs'
+  OrganizationKubernetesAuditLogsConfigurationResult ->
+  OrganizationKubernetesConfigurationResult
+newOrganizationKubernetesConfigurationResult
+  pAuditLogs_ =
+    OrganizationKubernetesConfigurationResult'
+      { auditLogs =
+          pAuditLogs_
+      }
+
+-- | The current configuration of Kubernetes audit logs as a data source for
+-- the organization.
+organizationKubernetesConfigurationResult_auditLogs :: Lens.Lens' OrganizationKubernetesConfigurationResult OrganizationKubernetesAuditLogsConfigurationResult
+organizationKubernetesConfigurationResult_auditLogs = Lens.lens (\OrganizationKubernetesConfigurationResult' {auditLogs} -> auditLogs) (\s@OrganizationKubernetesConfigurationResult' {} a -> s {auditLogs = a} :: OrganizationKubernetesConfigurationResult)
+
+instance
+  Data.FromJSON
+    OrganizationKubernetesConfigurationResult
+  where
+  parseJSON =
+    Data.withObject
+      "OrganizationKubernetesConfigurationResult"
+      ( \x ->
+          OrganizationKubernetesConfigurationResult'
+            Prelude.<$> (x Data..: "auditLogs")
+      )
+
+instance
+  Prelude.Hashable
+    OrganizationKubernetesConfigurationResult
+  where
+  hashWithSalt
+    _salt
+    OrganizationKubernetesConfigurationResult' {..} =
+      _salt `Prelude.hashWithSalt` auditLogs
+
+instance
+  Prelude.NFData
+    OrganizationKubernetesConfigurationResult
+  where
+  rnf OrganizationKubernetesConfigurationResult' {..} =
+    Prelude.rnf auditLogs
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationMalwareProtectionConfiguration.hs b/gen/Amazonka/GuardDuty/Types/OrganizationMalwareProtectionConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationMalwareProtectionConfiguration.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindings
+import qualified Amazonka.Prelude as Prelude
+
+-- | Organization-wide Malware Protection configurations.
+--
+-- /See:/ 'newOrganizationMalwareProtectionConfiguration' smart constructor.
+data OrganizationMalwareProtectionConfiguration = OrganizationMalwareProtectionConfiguration'
+  { -- | Whether Malware Protection for EC2 instances with findings should be
+    -- auto-enabled for new members joining the organization.
+    scanEc2InstanceWithFindings :: Prelude.Maybe OrganizationScanEc2InstanceWithFindings
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationMalwareProtectionConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanEc2InstanceWithFindings', 'organizationMalwareProtectionConfiguration_scanEc2InstanceWithFindings' - Whether Malware Protection for EC2 instances with findings should be
+-- auto-enabled for new members joining the organization.
+newOrganizationMalwareProtectionConfiguration ::
+  OrganizationMalwareProtectionConfiguration
+newOrganizationMalwareProtectionConfiguration =
+  OrganizationMalwareProtectionConfiguration'
+    { scanEc2InstanceWithFindings =
+        Prelude.Nothing
+    }
+
+-- | Whether Malware Protection for EC2 instances with findings should be
+-- auto-enabled for new members joining the organization.
+organizationMalwareProtectionConfiguration_scanEc2InstanceWithFindings :: Lens.Lens' OrganizationMalwareProtectionConfiguration (Prelude.Maybe OrganizationScanEc2InstanceWithFindings)
+organizationMalwareProtectionConfiguration_scanEc2InstanceWithFindings = Lens.lens (\OrganizationMalwareProtectionConfiguration' {scanEc2InstanceWithFindings} -> scanEc2InstanceWithFindings) (\s@OrganizationMalwareProtectionConfiguration' {} a -> s {scanEc2InstanceWithFindings = a} :: OrganizationMalwareProtectionConfiguration)
+
+instance
+  Prelude.Hashable
+    OrganizationMalwareProtectionConfiguration
+  where
+  hashWithSalt
+    _salt
+    OrganizationMalwareProtectionConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` scanEc2InstanceWithFindings
+
+instance
+  Prelude.NFData
+    OrganizationMalwareProtectionConfiguration
+  where
+  rnf OrganizationMalwareProtectionConfiguration' {..} =
+    Prelude.rnf scanEc2InstanceWithFindings
+
+instance
+  Data.ToJSON
+    OrganizationMalwareProtectionConfiguration
+  where
+  toJSON
+    OrganizationMalwareProtectionConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("scanEc2InstanceWithFindings" Data..=)
+                Prelude.<$> scanEc2InstanceWithFindings
+            ]
+        )
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationMalwareProtectionConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/OrganizationMalwareProtectionConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationMalwareProtectionConfigurationResult.hs
@@ -0,0 +1,90 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationMalwareProtectionConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindingsResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | An object that contains information on the status of all Malware
+-- Protection data source for an organization.
+--
+-- /See:/ 'newOrganizationMalwareProtectionConfigurationResult' smart constructor.
+data OrganizationMalwareProtectionConfigurationResult = OrganizationMalwareProtectionConfigurationResult'
+  { -- | Describes the configuration for scanning EC2 instances with findings for
+    -- an organization.
+    scanEc2InstanceWithFindings :: Prelude.Maybe OrganizationScanEc2InstanceWithFindingsResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationMalwareProtectionConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanEc2InstanceWithFindings', 'organizationMalwareProtectionConfigurationResult_scanEc2InstanceWithFindings' - Describes the configuration for scanning EC2 instances with findings for
+-- an organization.
+newOrganizationMalwareProtectionConfigurationResult ::
+  OrganizationMalwareProtectionConfigurationResult
+newOrganizationMalwareProtectionConfigurationResult =
+  OrganizationMalwareProtectionConfigurationResult'
+    { scanEc2InstanceWithFindings =
+        Prelude.Nothing
+    }
+
+-- | Describes the configuration for scanning EC2 instances with findings for
+-- an organization.
+organizationMalwareProtectionConfigurationResult_scanEc2InstanceWithFindings :: Lens.Lens' OrganizationMalwareProtectionConfigurationResult (Prelude.Maybe OrganizationScanEc2InstanceWithFindingsResult)
+organizationMalwareProtectionConfigurationResult_scanEc2InstanceWithFindings = Lens.lens (\OrganizationMalwareProtectionConfigurationResult' {scanEc2InstanceWithFindings} -> scanEc2InstanceWithFindings) (\s@OrganizationMalwareProtectionConfigurationResult' {} a -> s {scanEc2InstanceWithFindings = a} :: OrganizationMalwareProtectionConfigurationResult)
+
+instance
+  Data.FromJSON
+    OrganizationMalwareProtectionConfigurationResult
+  where
+  parseJSON =
+    Data.withObject
+      "OrganizationMalwareProtectionConfigurationResult"
+      ( \x ->
+          OrganizationMalwareProtectionConfigurationResult'
+            Prelude.<$> (x Data..:? "scanEc2InstanceWithFindings")
+      )
+
+instance
+  Prelude.Hashable
+    OrganizationMalwareProtectionConfigurationResult
+  where
+  hashWithSalt
+    _salt
+    OrganizationMalwareProtectionConfigurationResult' {..} =
+      _salt
+        `Prelude.hashWithSalt` scanEc2InstanceWithFindings
+
+instance
+  Prelude.NFData
+    OrganizationMalwareProtectionConfigurationResult
+  where
+  rnf
+    OrganizationMalwareProtectionConfigurationResult' {..} =
+      Prelude.rnf scanEc2InstanceWithFindings
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationS3LogsConfiguration.hs b/gen/Amazonka/GuardDuty/Types/OrganizationS3LogsConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationS3LogsConfiguration.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationS3LogsConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationS3LogsConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether S3 data event logs will be automatically enabled for
+-- new members of the organization.
+--
+-- /See:/ 'newOrganizationS3LogsConfiguration' smart constructor.
+data OrganizationS3LogsConfiguration = OrganizationS3LogsConfiguration'
+  { -- | A value that contains information on whether S3 data event logs will be
+    -- enabled automatically as a data source for the organization.
+    autoEnable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationS3LogsConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnable', 'organizationS3LogsConfiguration_autoEnable' - A value that contains information on whether S3 data event logs will be
+-- enabled automatically as a data source for the organization.
+newOrganizationS3LogsConfiguration ::
+  -- | 'autoEnable'
+  Prelude.Bool ->
+  OrganizationS3LogsConfiguration
+newOrganizationS3LogsConfiguration pAutoEnable_ =
+  OrganizationS3LogsConfiguration'
+    { autoEnable =
+        pAutoEnable_
+    }
+
+-- | A value that contains information on whether S3 data event logs will be
+-- enabled automatically as a data source for the organization.
+organizationS3LogsConfiguration_autoEnable :: Lens.Lens' OrganizationS3LogsConfiguration Prelude.Bool
+organizationS3LogsConfiguration_autoEnable = Lens.lens (\OrganizationS3LogsConfiguration' {autoEnable} -> autoEnable) (\s@OrganizationS3LogsConfiguration' {} a -> s {autoEnable = a} :: OrganizationS3LogsConfiguration)
+
+instance
+  Prelude.Hashable
+    OrganizationS3LogsConfiguration
+  where
+  hashWithSalt
+    _salt
+    OrganizationS3LogsConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` autoEnable
+
+instance
+  Prelude.NFData
+    OrganizationS3LogsConfiguration
+  where
+  rnf OrganizationS3LogsConfiguration' {..} =
+    Prelude.rnf autoEnable
+
+instance Data.ToJSON OrganizationS3LogsConfiguration where
+  toJSON OrganizationS3LogsConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("autoEnable" Data..= autoEnable)]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationS3LogsConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/OrganizationS3LogsConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationS3LogsConfigurationResult.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationS3LogsConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationS3LogsConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The current configuration of S3 data event logs as a data source for the
+-- organization.
+--
+-- /See:/ 'newOrganizationS3LogsConfigurationResult' smart constructor.
+data OrganizationS3LogsConfigurationResult = OrganizationS3LogsConfigurationResult'
+  { -- | A value that describes whether S3 data event logs are automatically
+    -- enabled for new members of the organization.
+    autoEnable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationS3LogsConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoEnable', 'organizationS3LogsConfigurationResult_autoEnable' - A value that describes whether S3 data event logs are automatically
+-- enabled for new members of the organization.
+newOrganizationS3LogsConfigurationResult ::
+  -- | 'autoEnable'
+  Prelude.Bool ->
+  OrganizationS3LogsConfigurationResult
+newOrganizationS3LogsConfigurationResult pAutoEnable_ =
+  OrganizationS3LogsConfigurationResult'
+    { autoEnable =
+        pAutoEnable_
+    }
+
+-- | A value that describes whether S3 data event logs are automatically
+-- enabled for new members of the organization.
+organizationS3LogsConfigurationResult_autoEnable :: Lens.Lens' OrganizationS3LogsConfigurationResult Prelude.Bool
+organizationS3LogsConfigurationResult_autoEnable = Lens.lens (\OrganizationS3LogsConfigurationResult' {autoEnable} -> autoEnable) (\s@OrganizationS3LogsConfigurationResult' {} a -> s {autoEnable = a} :: OrganizationS3LogsConfigurationResult)
+
+instance
+  Data.FromJSON
+    OrganizationS3LogsConfigurationResult
+  where
+  parseJSON =
+    Data.withObject
+      "OrganizationS3LogsConfigurationResult"
+      ( \x ->
+          OrganizationS3LogsConfigurationResult'
+            Prelude.<$> (x Data..: "autoEnable")
+      )
+
+instance
+  Prelude.Hashable
+    OrganizationS3LogsConfigurationResult
+  where
+  hashWithSalt
+    _salt
+    OrganizationS3LogsConfigurationResult' {..} =
+      _salt `Prelude.hashWithSalt` autoEnable
+
+instance
+  Prelude.NFData
+    OrganizationS3LogsConfigurationResult
+  where
+  rnf OrganizationS3LogsConfigurationResult' {..} =
+    Prelude.rnf autoEnable
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationScanEc2InstanceWithFindings.hs b/gen/Amazonka/GuardDuty/Types/OrganizationScanEc2InstanceWithFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationScanEc2InstanceWithFindings.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindings where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationEbsVolumes
+import qualified Amazonka.Prelude as Prelude
+
+-- | Organization-wide EC2 instances with findings scan configuration.
+--
+-- /See:/ 'newOrganizationScanEc2InstanceWithFindings' smart constructor.
+data OrganizationScanEc2InstanceWithFindings = OrganizationScanEc2InstanceWithFindings'
+  { -- | Whether scanning EBS volumes should be auto-enabled for new members
+    -- joining the organization.
+    ebsVolumes :: Prelude.Maybe OrganizationEbsVolumes
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationScanEc2InstanceWithFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ebsVolumes', 'organizationScanEc2InstanceWithFindings_ebsVolumes' - Whether scanning EBS volumes should be auto-enabled for new members
+-- joining the organization.
+newOrganizationScanEc2InstanceWithFindings ::
+  OrganizationScanEc2InstanceWithFindings
+newOrganizationScanEc2InstanceWithFindings =
+  OrganizationScanEc2InstanceWithFindings'
+    { ebsVolumes =
+        Prelude.Nothing
+    }
+
+-- | Whether scanning EBS volumes should be auto-enabled for new members
+-- joining the organization.
+organizationScanEc2InstanceWithFindings_ebsVolumes :: Lens.Lens' OrganizationScanEc2InstanceWithFindings (Prelude.Maybe OrganizationEbsVolumes)
+organizationScanEc2InstanceWithFindings_ebsVolumes = Lens.lens (\OrganizationScanEc2InstanceWithFindings' {ebsVolumes} -> ebsVolumes) (\s@OrganizationScanEc2InstanceWithFindings' {} a -> s {ebsVolumes = a} :: OrganizationScanEc2InstanceWithFindings)
+
+instance
+  Prelude.Hashable
+    OrganizationScanEc2InstanceWithFindings
+  where
+  hashWithSalt
+    _salt
+    OrganizationScanEc2InstanceWithFindings' {..} =
+      _salt `Prelude.hashWithSalt` ebsVolumes
+
+instance
+  Prelude.NFData
+    OrganizationScanEc2InstanceWithFindings
+  where
+  rnf OrganizationScanEc2InstanceWithFindings' {..} =
+    Prelude.rnf ebsVolumes
+
+instance
+  Data.ToJSON
+    OrganizationScanEc2InstanceWithFindings
+  where
+  toJSON OrganizationScanEc2InstanceWithFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("ebsVolumes" Data..=) Prelude.<$> ebsVolumes]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/OrganizationScanEc2InstanceWithFindingsResult.hs b/gen/Amazonka/GuardDuty/Types/OrganizationScanEc2InstanceWithFindingsResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/OrganizationScanEc2InstanceWithFindingsResult.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindingsResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.OrganizationScanEc2InstanceWithFindingsResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrganizationEbsVolumesResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | An object that contains information on the status of scanning EC2
+-- instances with findings for an organization.
+--
+-- /See:/ 'newOrganizationScanEc2InstanceWithFindingsResult' smart constructor.
+data OrganizationScanEc2InstanceWithFindingsResult = OrganizationScanEc2InstanceWithFindingsResult'
+  { -- | Describes the configuration for scanning EBS volumes for an
+    -- organization.
+    ebsVolumes :: Prelude.Maybe OrganizationEbsVolumesResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrganizationScanEc2InstanceWithFindingsResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ebsVolumes', 'organizationScanEc2InstanceWithFindingsResult_ebsVolumes' - Describes the configuration for scanning EBS volumes for an
+-- organization.
+newOrganizationScanEc2InstanceWithFindingsResult ::
+  OrganizationScanEc2InstanceWithFindingsResult
+newOrganizationScanEc2InstanceWithFindingsResult =
+  OrganizationScanEc2InstanceWithFindingsResult'
+    { ebsVolumes =
+        Prelude.Nothing
+    }
+
+-- | Describes the configuration for scanning EBS volumes for an
+-- organization.
+organizationScanEc2InstanceWithFindingsResult_ebsVolumes :: Lens.Lens' OrganizationScanEc2InstanceWithFindingsResult (Prelude.Maybe OrganizationEbsVolumesResult)
+organizationScanEc2InstanceWithFindingsResult_ebsVolumes = Lens.lens (\OrganizationScanEc2InstanceWithFindingsResult' {ebsVolumes} -> ebsVolumes) (\s@OrganizationScanEc2InstanceWithFindingsResult' {} a -> s {ebsVolumes = a} :: OrganizationScanEc2InstanceWithFindingsResult)
+
+instance
+  Data.FromJSON
+    OrganizationScanEc2InstanceWithFindingsResult
+  where
+  parseJSON =
+    Data.withObject
+      "OrganizationScanEc2InstanceWithFindingsResult"
+      ( \x ->
+          OrganizationScanEc2InstanceWithFindingsResult'
+            Prelude.<$> (x Data..:? "ebsVolumes")
+      )
+
+instance
+  Prelude.Hashable
+    OrganizationScanEc2InstanceWithFindingsResult
+  where
+  hashWithSalt
+    _salt
+    OrganizationScanEc2InstanceWithFindingsResult' {..} =
+      _salt `Prelude.hashWithSalt` ebsVolumes
+
+instance
+  Prelude.NFData
+    OrganizationScanEc2InstanceWithFindingsResult
+  where
+  rnf
+    OrganizationScanEc2InstanceWithFindingsResult' {..} =
+      Prelude.rnf ebsVolumes
diff --git a/gen/Amazonka/GuardDuty/Types/Owner.hs b/gen/Amazonka/GuardDuty/Types/Owner.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Owner.hs
@@ -0,0 +1,70 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Owner
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Owner where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the owner of the bucket.
+--
+-- /See:/ 'newOwner' smart constructor.
+data Owner = Owner'
+  { -- | The canonical user ID of the bucket owner. For information about
+    -- locating your canonical user ID see
+    -- <https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId Finding Your Account Canonical User ID.>
+    id :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Owner' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'owner_id' - The canonical user ID of the bucket owner. For information about
+-- locating your canonical user ID see
+-- <https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId Finding Your Account Canonical User ID.>
+newOwner ::
+  Owner
+newOwner = Owner' {id = Prelude.Nothing}
+
+-- | The canonical user ID of the bucket owner. For information about
+-- locating your canonical user ID see
+-- <https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId Finding Your Account Canonical User ID.>
+owner_id :: Lens.Lens' Owner (Prelude.Maybe Prelude.Text)
+owner_id = Lens.lens (\Owner' {id} -> id) (\s@Owner' {} a -> s {id = a} :: Owner)
+
+instance Data.FromJSON Owner where
+  parseJSON =
+    Data.withObject
+      "Owner"
+      (\x -> Owner' Prelude.<$> (x Data..:? "id"))
+
+instance Prelude.Hashable Owner where
+  hashWithSalt _salt Owner' {..} =
+    _salt `Prelude.hashWithSalt` id
+
+instance Prelude.NFData Owner where
+  rnf Owner' {..} = Prelude.rnf id
diff --git a/gen/Amazonka/GuardDuty/Types/PermissionConfiguration.hs b/gen/Amazonka/GuardDuty/Types/PermissionConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/PermissionConfiguration.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.PermissionConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.PermissionConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.AccountLevelPermissions
+import Amazonka.GuardDuty.Types.BucketLevelPermissions
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about how permissions are configured for the S3
+-- bucket.
+--
+-- /See:/ 'newPermissionConfiguration' smart constructor.
+data PermissionConfiguration = PermissionConfiguration'
+  { -- | Contains information about the account level permissions on the S3
+    -- bucket.
+    accountLevelPermissions :: Prelude.Maybe AccountLevelPermissions,
+    -- | Contains information about the bucket level permissions for the S3
+    -- bucket.
+    bucketLevelPermissions :: Prelude.Maybe BucketLevelPermissions
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PermissionConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountLevelPermissions', 'permissionConfiguration_accountLevelPermissions' - Contains information about the account level permissions on the S3
+-- bucket.
+--
+-- 'bucketLevelPermissions', 'permissionConfiguration_bucketLevelPermissions' - Contains information about the bucket level permissions for the S3
+-- bucket.
+newPermissionConfiguration ::
+  PermissionConfiguration
+newPermissionConfiguration =
+  PermissionConfiguration'
+    { accountLevelPermissions =
+        Prelude.Nothing,
+      bucketLevelPermissions = Prelude.Nothing
+    }
+
+-- | Contains information about the account level permissions on the S3
+-- bucket.
+permissionConfiguration_accountLevelPermissions :: Lens.Lens' PermissionConfiguration (Prelude.Maybe AccountLevelPermissions)
+permissionConfiguration_accountLevelPermissions = Lens.lens (\PermissionConfiguration' {accountLevelPermissions} -> accountLevelPermissions) (\s@PermissionConfiguration' {} a -> s {accountLevelPermissions = a} :: PermissionConfiguration)
+
+-- | Contains information about the bucket level permissions for the S3
+-- bucket.
+permissionConfiguration_bucketLevelPermissions :: Lens.Lens' PermissionConfiguration (Prelude.Maybe BucketLevelPermissions)
+permissionConfiguration_bucketLevelPermissions = Lens.lens (\PermissionConfiguration' {bucketLevelPermissions} -> bucketLevelPermissions) (\s@PermissionConfiguration' {} a -> s {bucketLevelPermissions = a} :: PermissionConfiguration)
+
+instance Data.FromJSON PermissionConfiguration where
+  parseJSON =
+    Data.withObject
+      "PermissionConfiguration"
+      ( \x ->
+          PermissionConfiguration'
+            Prelude.<$> (x Data..:? "accountLevelPermissions")
+            Prelude.<*> (x Data..:? "bucketLevelPermissions")
+      )
+
+instance Prelude.Hashable PermissionConfiguration where
+  hashWithSalt _salt PermissionConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountLevelPermissions
+      `Prelude.hashWithSalt` bucketLevelPermissions
+
+instance Prelude.NFData PermissionConfiguration where
+  rnf PermissionConfiguration' {..} =
+    Prelude.rnf accountLevelPermissions
+      `Prelude.seq` Prelude.rnf bucketLevelPermissions
diff --git a/gen/Amazonka/GuardDuty/Types/PortProbeAction.hs b/gen/Amazonka/GuardDuty/Types/PortProbeAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/PortProbeAction.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.PortProbeAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.PortProbeAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.PortProbeDetail
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the PORT_PROBE action described in the
+-- finding.
+--
+-- /See:/ 'newPortProbeAction' smart constructor.
+data PortProbeAction = PortProbeAction'
+  { -- | Indicates whether EC2 blocked the port probe to the instance, such as
+    -- with an ACL.
+    blocked :: Prelude.Maybe Prelude.Bool,
+    -- | A list of objects related to port probe details.
+    portProbeDetails :: Prelude.Maybe [PortProbeDetail]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PortProbeAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blocked', 'portProbeAction_blocked' - Indicates whether EC2 blocked the port probe to the instance, such as
+-- with an ACL.
+--
+-- 'portProbeDetails', 'portProbeAction_portProbeDetails' - A list of objects related to port probe details.
+newPortProbeAction ::
+  PortProbeAction
+newPortProbeAction =
+  PortProbeAction'
+    { blocked = Prelude.Nothing,
+      portProbeDetails = Prelude.Nothing
+    }
+
+-- | Indicates whether EC2 blocked the port probe to the instance, such as
+-- with an ACL.
+portProbeAction_blocked :: Lens.Lens' PortProbeAction (Prelude.Maybe Prelude.Bool)
+portProbeAction_blocked = Lens.lens (\PortProbeAction' {blocked} -> blocked) (\s@PortProbeAction' {} a -> s {blocked = a} :: PortProbeAction)
+
+-- | A list of objects related to port probe details.
+portProbeAction_portProbeDetails :: Lens.Lens' PortProbeAction (Prelude.Maybe [PortProbeDetail])
+portProbeAction_portProbeDetails = Lens.lens (\PortProbeAction' {portProbeDetails} -> portProbeDetails) (\s@PortProbeAction' {} a -> s {portProbeDetails = a} :: PortProbeAction) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON PortProbeAction where
+  parseJSON =
+    Data.withObject
+      "PortProbeAction"
+      ( \x ->
+          PortProbeAction'
+            Prelude.<$> (x Data..:? "blocked")
+            Prelude.<*> ( x
+                            Data..:? "portProbeDetails"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable PortProbeAction where
+  hashWithSalt _salt PortProbeAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` blocked
+      `Prelude.hashWithSalt` portProbeDetails
+
+instance Prelude.NFData PortProbeAction where
+  rnf PortProbeAction' {..} =
+    Prelude.rnf blocked
+      `Prelude.seq` Prelude.rnf portProbeDetails
diff --git a/gen/Amazonka/GuardDuty/Types/PortProbeDetail.hs b/gen/Amazonka/GuardDuty/Types/PortProbeDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/PortProbeDetail.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.PortProbeDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.PortProbeDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.LocalIpDetails
+import Amazonka.GuardDuty.Types.LocalPortDetails
+import Amazonka.GuardDuty.Types.RemoteIpDetails
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the port probe details.
+--
+-- /See:/ 'newPortProbeDetail' smart constructor.
+data PortProbeDetail = PortProbeDetail'
+  { -- | The local IP information of the connection.
+    localIpDetails :: Prelude.Maybe LocalIpDetails,
+    -- | The local port information of the connection.
+    localPortDetails :: Prelude.Maybe LocalPortDetails,
+    -- | The remote IP information of the connection.
+    remoteIpDetails :: Prelude.Maybe RemoteIpDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PortProbeDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'localIpDetails', 'portProbeDetail_localIpDetails' - The local IP information of the connection.
+--
+-- 'localPortDetails', 'portProbeDetail_localPortDetails' - The local port information of the connection.
+--
+-- 'remoteIpDetails', 'portProbeDetail_remoteIpDetails' - The remote IP information of the connection.
+newPortProbeDetail ::
+  PortProbeDetail
+newPortProbeDetail =
+  PortProbeDetail'
+    { localIpDetails = Prelude.Nothing,
+      localPortDetails = Prelude.Nothing,
+      remoteIpDetails = Prelude.Nothing
+    }
+
+-- | The local IP information of the connection.
+portProbeDetail_localIpDetails :: Lens.Lens' PortProbeDetail (Prelude.Maybe LocalIpDetails)
+portProbeDetail_localIpDetails = Lens.lens (\PortProbeDetail' {localIpDetails} -> localIpDetails) (\s@PortProbeDetail' {} a -> s {localIpDetails = a} :: PortProbeDetail)
+
+-- | The local port information of the connection.
+portProbeDetail_localPortDetails :: Lens.Lens' PortProbeDetail (Prelude.Maybe LocalPortDetails)
+portProbeDetail_localPortDetails = Lens.lens (\PortProbeDetail' {localPortDetails} -> localPortDetails) (\s@PortProbeDetail' {} a -> s {localPortDetails = a} :: PortProbeDetail)
+
+-- | The remote IP information of the connection.
+portProbeDetail_remoteIpDetails :: Lens.Lens' PortProbeDetail (Prelude.Maybe RemoteIpDetails)
+portProbeDetail_remoteIpDetails = Lens.lens (\PortProbeDetail' {remoteIpDetails} -> remoteIpDetails) (\s@PortProbeDetail' {} a -> s {remoteIpDetails = a} :: PortProbeDetail)
+
+instance Data.FromJSON PortProbeDetail where
+  parseJSON =
+    Data.withObject
+      "PortProbeDetail"
+      ( \x ->
+          PortProbeDetail'
+            Prelude.<$> (x Data..:? "localIpDetails")
+            Prelude.<*> (x Data..:? "localPortDetails")
+            Prelude.<*> (x Data..:? "remoteIpDetails")
+      )
+
+instance Prelude.Hashable PortProbeDetail where
+  hashWithSalt _salt PortProbeDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` localIpDetails
+      `Prelude.hashWithSalt` localPortDetails
+      `Prelude.hashWithSalt` remoteIpDetails
+
+instance Prelude.NFData PortProbeDetail where
+  rnf PortProbeDetail' {..} =
+    Prelude.rnf localIpDetails
+      `Prelude.seq` Prelude.rnf localPortDetails
+      `Prelude.seq` Prelude.rnf remoteIpDetails
diff --git a/gen/Amazonka/GuardDuty/Types/PrivateIpAddressDetails.hs b/gen/Amazonka/GuardDuty/Types/PrivateIpAddressDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/PrivateIpAddressDetails.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.PrivateIpAddressDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.PrivateIpAddressDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains other private IP address information of the EC2 instance.
+--
+-- /See:/ 'newPrivateIpAddressDetails' smart constructor.
+data PrivateIpAddressDetails = PrivateIpAddressDetails'
+  { -- | The private DNS name of the EC2 instance.
+    privateDnsName :: Prelude.Maybe Prelude.Text,
+    -- | The private IP address of the EC2 instance.
+    privateIpAddress :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PrivateIpAddressDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'privateDnsName', 'privateIpAddressDetails_privateDnsName' - The private DNS name of the EC2 instance.
+--
+-- 'privateIpAddress', 'privateIpAddressDetails_privateIpAddress' - The private IP address of the EC2 instance.
+newPrivateIpAddressDetails ::
+  PrivateIpAddressDetails
+newPrivateIpAddressDetails =
+  PrivateIpAddressDetails'
+    { privateDnsName =
+        Prelude.Nothing,
+      privateIpAddress = Prelude.Nothing
+    }
+
+-- | The private DNS name of the EC2 instance.
+privateIpAddressDetails_privateDnsName :: Lens.Lens' PrivateIpAddressDetails (Prelude.Maybe Prelude.Text)
+privateIpAddressDetails_privateDnsName = Lens.lens (\PrivateIpAddressDetails' {privateDnsName} -> privateDnsName) (\s@PrivateIpAddressDetails' {} a -> s {privateDnsName = a} :: PrivateIpAddressDetails)
+
+-- | The private IP address of the EC2 instance.
+privateIpAddressDetails_privateIpAddress :: Lens.Lens' PrivateIpAddressDetails (Prelude.Maybe Prelude.Text)
+privateIpAddressDetails_privateIpAddress = Lens.lens (\PrivateIpAddressDetails' {privateIpAddress} -> privateIpAddress) (\s@PrivateIpAddressDetails' {} a -> s {privateIpAddress = a} :: PrivateIpAddressDetails)
+
+instance Data.FromJSON PrivateIpAddressDetails where
+  parseJSON =
+    Data.withObject
+      "PrivateIpAddressDetails"
+      ( \x ->
+          PrivateIpAddressDetails'
+            Prelude.<$> (x Data..:? "privateDnsName")
+            Prelude.<*> (x Data..:? "privateIpAddress")
+      )
+
+instance Prelude.Hashable PrivateIpAddressDetails where
+  hashWithSalt _salt PrivateIpAddressDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` privateDnsName
+      `Prelude.hashWithSalt` privateIpAddress
+
+instance Prelude.NFData PrivateIpAddressDetails where
+  rnf PrivateIpAddressDetails' {..} =
+    Prelude.rnf privateDnsName
+      `Prelude.seq` Prelude.rnf privateIpAddress
diff --git a/gen/Amazonka/GuardDuty/Types/ProductCode.hs b/gen/Amazonka/GuardDuty/Types/ProductCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ProductCode.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ProductCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ProductCode where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the product code for the EC2 instance.
+--
+-- /See:/ 'newProductCode' smart constructor.
+data ProductCode = ProductCode'
+  { -- | The product code information.
+    code :: Prelude.Maybe Prelude.Text,
+    -- | The product code type.
+    productType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProductCode' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'code', 'productCode_code' - The product code information.
+--
+-- 'productType', 'productCode_productType' - The product code type.
+newProductCode ::
+  ProductCode
+newProductCode =
+  ProductCode'
+    { code = Prelude.Nothing,
+      productType = Prelude.Nothing
+    }
+
+-- | The product code information.
+productCode_code :: Lens.Lens' ProductCode (Prelude.Maybe Prelude.Text)
+productCode_code = Lens.lens (\ProductCode' {code} -> code) (\s@ProductCode' {} a -> s {code = a} :: ProductCode)
+
+-- | The product code type.
+productCode_productType :: Lens.Lens' ProductCode (Prelude.Maybe Prelude.Text)
+productCode_productType = Lens.lens (\ProductCode' {productType} -> productType) (\s@ProductCode' {} a -> s {productType = a} :: ProductCode)
+
+instance Data.FromJSON ProductCode where
+  parseJSON =
+    Data.withObject
+      "ProductCode"
+      ( \x ->
+          ProductCode'
+            Prelude.<$> (x Data..:? "productCodeId")
+            Prelude.<*> (x Data..:? "productCodeType")
+      )
+
+instance Prelude.Hashable ProductCode where
+  hashWithSalt _salt ProductCode' {..} =
+    _salt
+      `Prelude.hashWithSalt` code
+      `Prelude.hashWithSalt` productType
+
+instance Prelude.NFData ProductCode where
+  rnf ProductCode' {..} =
+    Prelude.rnf code
+      `Prelude.seq` Prelude.rnf productType
diff --git a/gen/Amazonka/GuardDuty/Types/PublicAccess.hs b/gen/Amazonka/GuardDuty/Types/PublicAccess.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/PublicAccess.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.PublicAccess
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.PublicAccess where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.PermissionConfiguration
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes the public access policies that apply to the S3 bucket.
+--
+-- /See:/ 'newPublicAccess' smart constructor.
+data PublicAccess = PublicAccess'
+  { -- | Describes the effective permission on this bucket after factoring all
+    -- attached policies.
+    effectivePermission :: Prelude.Maybe Prelude.Text,
+    -- | Contains information about how permissions are configured for the S3
+    -- bucket.
+    permissionConfiguration :: Prelude.Maybe PermissionConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PublicAccess' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'effectivePermission', 'publicAccess_effectivePermission' - Describes the effective permission on this bucket after factoring all
+-- attached policies.
+--
+-- 'permissionConfiguration', 'publicAccess_permissionConfiguration' - Contains information about how permissions are configured for the S3
+-- bucket.
+newPublicAccess ::
+  PublicAccess
+newPublicAccess =
+  PublicAccess'
+    { effectivePermission =
+        Prelude.Nothing,
+      permissionConfiguration = Prelude.Nothing
+    }
+
+-- | Describes the effective permission on this bucket after factoring all
+-- attached policies.
+publicAccess_effectivePermission :: Lens.Lens' PublicAccess (Prelude.Maybe Prelude.Text)
+publicAccess_effectivePermission = Lens.lens (\PublicAccess' {effectivePermission} -> effectivePermission) (\s@PublicAccess' {} a -> s {effectivePermission = a} :: PublicAccess)
+
+-- | Contains information about how permissions are configured for the S3
+-- bucket.
+publicAccess_permissionConfiguration :: Lens.Lens' PublicAccess (Prelude.Maybe PermissionConfiguration)
+publicAccess_permissionConfiguration = Lens.lens (\PublicAccess' {permissionConfiguration} -> permissionConfiguration) (\s@PublicAccess' {} a -> s {permissionConfiguration = a} :: PublicAccess)
+
+instance Data.FromJSON PublicAccess where
+  parseJSON =
+    Data.withObject
+      "PublicAccess"
+      ( \x ->
+          PublicAccess'
+            Prelude.<$> (x Data..:? "effectivePermission")
+            Prelude.<*> (x Data..:? "permissionConfiguration")
+      )
+
+instance Prelude.Hashable PublicAccess where
+  hashWithSalt _salt PublicAccess' {..} =
+    _salt
+      `Prelude.hashWithSalt` effectivePermission
+      `Prelude.hashWithSalt` permissionConfiguration
+
+instance Prelude.NFData PublicAccess where
+  rnf PublicAccess' {..} =
+    Prelude.rnf effectivePermission
+      `Prelude.seq` Prelude.rnf permissionConfiguration
diff --git a/gen/Amazonka/GuardDuty/Types/PublishingStatus.hs b/gen/Amazonka/GuardDuty/Types/PublishingStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/PublishingStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.PublishingStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.PublishingStatus
+  ( PublishingStatus
+      ( ..,
+        PublishingStatus_PENDING_VERIFICATION,
+        PublishingStatus_PUBLISHING,
+        PublishingStatus_STOPPED,
+        PublishingStatus_UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype PublishingStatus = PublishingStatus'
+  { fromPublishingStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern PublishingStatus_PENDING_VERIFICATION :: PublishingStatus
+pattern PublishingStatus_PENDING_VERIFICATION = PublishingStatus' "PENDING_VERIFICATION"
+
+pattern PublishingStatus_PUBLISHING :: PublishingStatus
+pattern PublishingStatus_PUBLISHING = PublishingStatus' "PUBLISHING"
+
+pattern PublishingStatus_STOPPED :: PublishingStatus
+pattern PublishingStatus_STOPPED = PublishingStatus' "STOPPED"
+
+pattern PublishingStatus_UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY :: PublishingStatus
+pattern PublishingStatus_UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY = PublishingStatus' "UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY"
+
+{-# COMPLETE
+  PublishingStatus_PENDING_VERIFICATION,
+  PublishingStatus_PUBLISHING,
+  PublishingStatus_STOPPED,
+  PublishingStatus_UNABLE_TO_PUBLISH_FIX_DESTINATION_PROPERTY,
+  PublishingStatus'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/RemoteAccountDetails.hs b/gen/Amazonka/GuardDuty/Types/RemoteAccountDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/RemoteAccountDetails.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.RemoteAccountDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.RemoteAccountDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details about the remote Amazon Web Services account that made
+-- the API call.
+--
+-- /See:/ 'newRemoteAccountDetails' smart constructor.
+data RemoteAccountDetails = RemoteAccountDetails'
+  { -- | The Amazon Web Services account ID of the remote API caller.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | Details on whether the Amazon Web Services account of the remote API
+    -- caller is related to your GuardDuty environment. If this value is @True@
+    -- the API caller is affiliated to your account in some way. If it is
+    -- @False@ the API caller is from outside your environment.
+    affiliated :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RemoteAccountDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'remoteAccountDetails_accountId' - The Amazon Web Services account ID of the remote API caller.
+--
+-- 'affiliated', 'remoteAccountDetails_affiliated' - Details on whether the Amazon Web Services account of the remote API
+-- caller is related to your GuardDuty environment. If this value is @True@
+-- the API caller is affiliated to your account in some way. If it is
+-- @False@ the API caller is from outside your environment.
+newRemoteAccountDetails ::
+  RemoteAccountDetails
+newRemoteAccountDetails =
+  RemoteAccountDetails'
+    { accountId = Prelude.Nothing,
+      affiliated = Prelude.Nothing
+    }
+
+-- | The Amazon Web Services account ID of the remote API caller.
+remoteAccountDetails_accountId :: Lens.Lens' RemoteAccountDetails (Prelude.Maybe Prelude.Text)
+remoteAccountDetails_accountId = Lens.lens (\RemoteAccountDetails' {accountId} -> accountId) (\s@RemoteAccountDetails' {} a -> s {accountId = a} :: RemoteAccountDetails)
+
+-- | Details on whether the Amazon Web Services account of the remote API
+-- caller is related to your GuardDuty environment. If this value is @True@
+-- the API caller is affiliated to your account in some way. If it is
+-- @False@ the API caller is from outside your environment.
+remoteAccountDetails_affiliated :: Lens.Lens' RemoteAccountDetails (Prelude.Maybe Prelude.Bool)
+remoteAccountDetails_affiliated = Lens.lens (\RemoteAccountDetails' {affiliated} -> affiliated) (\s@RemoteAccountDetails' {} a -> s {affiliated = a} :: RemoteAccountDetails)
+
+instance Data.FromJSON RemoteAccountDetails where
+  parseJSON =
+    Data.withObject
+      "RemoteAccountDetails"
+      ( \x ->
+          RemoteAccountDetails'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "affiliated")
+      )
+
+instance Prelude.Hashable RemoteAccountDetails where
+  hashWithSalt _salt RemoteAccountDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` affiliated
+
+instance Prelude.NFData RemoteAccountDetails where
+  rnf RemoteAccountDetails' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf affiliated
diff --git a/gen/Amazonka/GuardDuty/Types/RemoteIpDetails.hs b/gen/Amazonka/GuardDuty/Types/RemoteIpDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/RemoteIpDetails.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.RemoteIpDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.RemoteIpDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.City
+import Amazonka.GuardDuty.Types.Country
+import Amazonka.GuardDuty.Types.GeoLocation
+import Amazonka.GuardDuty.Types.Organization
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the remote IP address of the connection.
+--
+-- /See:/ 'newRemoteIpDetails' smart constructor.
+data RemoteIpDetails = RemoteIpDetails'
+  { -- | The city information of the remote IP address.
+    city :: Prelude.Maybe City,
+    -- | The country code of the remote IP address.
+    country :: Prelude.Maybe Country,
+    -- | The location information of the remote IP address.
+    geoLocation :: Prelude.Maybe GeoLocation,
+    -- | The IPv4 remote address of the connection.
+    ipAddressV4 :: Prelude.Maybe Prelude.Text,
+    -- | The ISP organization information of the remote IP address.
+    organization :: Prelude.Maybe Organization
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RemoteIpDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'city', 'remoteIpDetails_city' - The city information of the remote IP address.
+--
+-- 'country', 'remoteIpDetails_country' - The country code of the remote IP address.
+--
+-- 'geoLocation', 'remoteIpDetails_geoLocation' - The location information of the remote IP address.
+--
+-- 'ipAddressV4', 'remoteIpDetails_ipAddressV4' - The IPv4 remote address of the connection.
+--
+-- 'organization', 'remoteIpDetails_organization' - The ISP organization information of the remote IP address.
+newRemoteIpDetails ::
+  RemoteIpDetails
+newRemoteIpDetails =
+  RemoteIpDetails'
+    { city = Prelude.Nothing,
+      country = Prelude.Nothing,
+      geoLocation = Prelude.Nothing,
+      ipAddressV4 = Prelude.Nothing,
+      organization = Prelude.Nothing
+    }
+
+-- | The city information of the remote IP address.
+remoteIpDetails_city :: Lens.Lens' RemoteIpDetails (Prelude.Maybe City)
+remoteIpDetails_city = Lens.lens (\RemoteIpDetails' {city} -> city) (\s@RemoteIpDetails' {} a -> s {city = a} :: RemoteIpDetails)
+
+-- | The country code of the remote IP address.
+remoteIpDetails_country :: Lens.Lens' RemoteIpDetails (Prelude.Maybe Country)
+remoteIpDetails_country = Lens.lens (\RemoteIpDetails' {country} -> country) (\s@RemoteIpDetails' {} a -> s {country = a} :: RemoteIpDetails)
+
+-- | The location information of the remote IP address.
+remoteIpDetails_geoLocation :: Lens.Lens' RemoteIpDetails (Prelude.Maybe GeoLocation)
+remoteIpDetails_geoLocation = Lens.lens (\RemoteIpDetails' {geoLocation} -> geoLocation) (\s@RemoteIpDetails' {} a -> s {geoLocation = a} :: RemoteIpDetails)
+
+-- | The IPv4 remote address of the connection.
+remoteIpDetails_ipAddressV4 :: Lens.Lens' RemoteIpDetails (Prelude.Maybe Prelude.Text)
+remoteIpDetails_ipAddressV4 = Lens.lens (\RemoteIpDetails' {ipAddressV4} -> ipAddressV4) (\s@RemoteIpDetails' {} a -> s {ipAddressV4 = a} :: RemoteIpDetails)
+
+-- | The ISP organization information of the remote IP address.
+remoteIpDetails_organization :: Lens.Lens' RemoteIpDetails (Prelude.Maybe Organization)
+remoteIpDetails_organization = Lens.lens (\RemoteIpDetails' {organization} -> organization) (\s@RemoteIpDetails' {} a -> s {organization = a} :: RemoteIpDetails)
+
+instance Data.FromJSON RemoteIpDetails where
+  parseJSON =
+    Data.withObject
+      "RemoteIpDetails"
+      ( \x ->
+          RemoteIpDetails'
+            Prelude.<$> (x Data..:? "city")
+            Prelude.<*> (x Data..:? "country")
+            Prelude.<*> (x Data..:? "geoLocation")
+            Prelude.<*> (x Data..:? "ipAddressV4")
+            Prelude.<*> (x Data..:? "organization")
+      )
+
+instance Prelude.Hashable RemoteIpDetails where
+  hashWithSalt _salt RemoteIpDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` city
+      `Prelude.hashWithSalt` country
+      `Prelude.hashWithSalt` geoLocation
+      `Prelude.hashWithSalt` ipAddressV4
+      `Prelude.hashWithSalt` organization
+
+instance Prelude.NFData RemoteIpDetails where
+  rnf RemoteIpDetails' {..} =
+    Prelude.rnf city
+      `Prelude.seq` Prelude.rnf country
+      `Prelude.seq` Prelude.rnf geoLocation
+      `Prelude.seq` Prelude.rnf ipAddressV4
+      `Prelude.seq` Prelude.rnf organization
diff --git a/gen/Amazonka/GuardDuty/Types/RemotePortDetails.hs b/gen/Amazonka/GuardDuty/Types/RemotePortDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/RemotePortDetails.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.RemotePortDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.RemotePortDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the remote port.
+--
+-- /See:/ 'newRemotePortDetails' smart constructor.
+data RemotePortDetails = RemotePortDetails'
+  { -- | The port number of the remote connection.
+    port :: Prelude.Maybe Prelude.Int,
+    -- | The port name of the remote connection.
+    portName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RemotePortDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'port', 'remotePortDetails_port' - The port number of the remote connection.
+--
+-- 'portName', 'remotePortDetails_portName' - The port name of the remote connection.
+newRemotePortDetails ::
+  RemotePortDetails
+newRemotePortDetails =
+  RemotePortDetails'
+    { port = Prelude.Nothing,
+      portName = Prelude.Nothing
+    }
+
+-- | The port number of the remote connection.
+remotePortDetails_port :: Lens.Lens' RemotePortDetails (Prelude.Maybe Prelude.Int)
+remotePortDetails_port = Lens.lens (\RemotePortDetails' {port} -> port) (\s@RemotePortDetails' {} a -> s {port = a} :: RemotePortDetails)
+
+-- | The port name of the remote connection.
+remotePortDetails_portName :: Lens.Lens' RemotePortDetails (Prelude.Maybe Prelude.Text)
+remotePortDetails_portName = Lens.lens (\RemotePortDetails' {portName} -> portName) (\s@RemotePortDetails' {} a -> s {portName = a} :: RemotePortDetails)
+
+instance Data.FromJSON RemotePortDetails where
+  parseJSON =
+    Data.withObject
+      "RemotePortDetails"
+      ( \x ->
+          RemotePortDetails'
+            Prelude.<$> (x Data..:? "port")
+            Prelude.<*> (x Data..:? "portName")
+      )
+
+instance Prelude.Hashable RemotePortDetails where
+  hashWithSalt _salt RemotePortDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` portName
+
+instance Prelude.NFData RemotePortDetails where
+  rnf RemotePortDetails' {..} =
+    Prelude.rnf port `Prelude.seq` Prelude.rnf portName
diff --git a/gen/Amazonka/GuardDuty/Types/Resource.hs b/gen/Amazonka/GuardDuty/Types/Resource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Resource.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Resource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Resource where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.AccessKeyDetails
+import Amazonka.GuardDuty.Types.Container
+import Amazonka.GuardDuty.Types.EbsVolumeDetails
+import Amazonka.GuardDuty.Types.EcsClusterDetails
+import Amazonka.GuardDuty.Types.EksClusterDetails
+import Amazonka.GuardDuty.Types.InstanceDetails
+import Amazonka.GuardDuty.Types.KubernetesDetails
+import Amazonka.GuardDuty.Types.S3BucketDetail
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the Amazon Web Services resource associated
+-- with the activity that prompted GuardDuty to generate a finding.
+--
+-- /See:/ 'newResource' smart constructor.
+data Resource = Resource'
+  { -- | The IAM access key details (IAM user information) of a user that engaged
+    -- in the activity that prompted GuardDuty to generate a finding.
+    accessKeyDetails :: Prelude.Maybe AccessKeyDetails,
+    containerDetails :: Prelude.Maybe Container,
+    -- | Contains list of scanned and skipped EBS volumes with details.
+    ebsVolumeDetails :: Prelude.Maybe EbsVolumeDetails,
+    -- | Contains information about the details of the ECS Cluster.
+    ecsClusterDetails :: Prelude.Maybe EcsClusterDetails,
+    -- | Details about the EKS cluster involved in a Kubernetes finding.
+    eksClusterDetails :: Prelude.Maybe EksClusterDetails,
+    -- | The information about the EC2 instance associated with the activity that
+    -- prompted GuardDuty to generate a finding.
+    instanceDetails :: Prelude.Maybe InstanceDetails,
+    -- | Details about the Kubernetes user and workload involved in a Kubernetes
+    -- finding.
+    kubernetesDetails :: Prelude.Maybe KubernetesDetails,
+    -- | The type of Amazon Web Services resource.
+    resourceType :: Prelude.Maybe Prelude.Text,
+    -- | Contains information on the S3 bucket.
+    s3BucketDetails :: Prelude.Maybe [S3BucketDetail]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Resource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessKeyDetails', 'resource_accessKeyDetails' - The IAM access key details (IAM user information) of a user that engaged
+-- in the activity that prompted GuardDuty to generate a finding.
+--
+-- 'containerDetails', 'resource_containerDetails' - Undocumented member.
+--
+-- 'ebsVolumeDetails', 'resource_ebsVolumeDetails' - Contains list of scanned and skipped EBS volumes with details.
+--
+-- 'ecsClusterDetails', 'resource_ecsClusterDetails' - Contains information about the details of the ECS Cluster.
+--
+-- 'eksClusterDetails', 'resource_eksClusterDetails' - Details about the EKS cluster involved in a Kubernetes finding.
+--
+-- 'instanceDetails', 'resource_instanceDetails' - The information about the EC2 instance associated with the activity that
+-- prompted GuardDuty to generate a finding.
+--
+-- 'kubernetesDetails', 'resource_kubernetesDetails' - Details about the Kubernetes user and workload involved in a Kubernetes
+-- finding.
+--
+-- 'resourceType', 'resource_resourceType' - The type of Amazon Web Services resource.
+--
+-- 's3BucketDetails', 'resource_s3BucketDetails' - Contains information on the S3 bucket.
+newResource ::
+  Resource
+newResource =
+  Resource'
+    { accessKeyDetails = Prelude.Nothing,
+      containerDetails = Prelude.Nothing,
+      ebsVolumeDetails = Prelude.Nothing,
+      ecsClusterDetails = Prelude.Nothing,
+      eksClusterDetails = Prelude.Nothing,
+      instanceDetails = Prelude.Nothing,
+      kubernetesDetails = Prelude.Nothing,
+      resourceType = Prelude.Nothing,
+      s3BucketDetails = Prelude.Nothing
+    }
+
+-- | The IAM access key details (IAM user information) of a user that engaged
+-- in the activity that prompted GuardDuty to generate a finding.
+resource_accessKeyDetails :: Lens.Lens' Resource (Prelude.Maybe AccessKeyDetails)
+resource_accessKeyDetails = Lens.lens (\Resource' {accessKeyDetails} -> accessKeyDetails) (\s@Resource' {} a -> s {accessKeyDetails = a} :: Resource)
+
+-- | Undocumented member.
+resource_containerDetails :: Lens.Lens' Resource (Prelude.Maybe Container)
+resource_containerDetails = Lens.lens (\Resource' {containerDetails} -> containerDetails) (\s@Resource' {} a -> s {containerDetails = a} :: Resource)
+
+-- | Contains list of scanned and skipped EBS volumes with details.
+resource_ebsVolumeDetails :: Lens.Lens' Resource (Prelude.Maybe EbsVolumeDetails)
+resource_ebsVolumeDetails = Lens.lens (\Resource' {ebsVolumeDetails} -> ebsVolumeDetails) (\s@Resource' {} a -> s {ebsVolumeDetails = a} :: Resource)
+
+-- | Contains information about the details of the ECS Cluster.
+resource_ecsClusterDetails :: Lens.Lens' Resource (Prelude.Maybe EcsClusterDetails)
+resource_ecsClusterDetails = Lens.lens (\Resource' {ecsClusterDetails} -> ecsClusterDetails) (\s@Resource' {} a -> s {ecsClusterDetails = a} :: Resource)
+
+-- | Details about the EKS cluster involved in a Kubernetes finding.
+resource_eksClusterDetails :: Lens.Lens' Resource (Prelude.Maybe EksClusterDetails)
+resource_eksClusterDetails = Lens.lens (\Resource' {eksClusterDetails} -> eksClusterDetails) (\s@Resource' {} a -> s {eksClusterDetails = a} :: Resource)
+
+-- | The information about the EC2 instance associated with the activity that
+-- prompted GuardDuty to generate a finding.
+resource_instanceDetails :: Lens.Lens' Resource (Prelude.Maybe InstanceDetails)
+resource_instanceDetails = Lens.lens (\Resource' {instanceDetails} -> instanceDetails) (\s@Resource' {} a -> s {instanceDetails = a} :: Resource)
+
+-- | Details about the Kubernetes user and workload involved in a Kubernetes
+-- finding.
+resource_kubernetesDetails :: Lens.Lens' Resource (Prelude.Maybe KubernetesDetails)
+resource_kubernetesDetails = Lens.lens (\Resource' {kubernetesDetails} -> kubernetesDetails) (\s@Resource' {} a -> s {kubernetesDetails = a} :: Resource)
+
+-- | The type of Amazon Web Services resource.
+resource_resourceType :: Lens.Lens' Resource (Prelude.Maybe Prelude.Text)
+resource_resourceType = Lens.lens (\Resource' {resourceType} -> resourceType) (\s@Resource' {} a -> s {resourceType = a} :: Resource)
+
+-- | Contains information on the S3 bucket.
+resource_s3BucketDetails :: Lens.Lens' Resource (Prelude.Maybe [S3BucketDetail])
+resource_s3BucketDetails = Lens.lens (\Resource' {s3BucketDetails} -> s3BucketDetails) (\s@Resource' {} a -> s {s3BucketDetails = a} :: Resource) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON Resource where
+  parseJSON =
+    Data.withObject
+      "Resource"
+      ( \x ->
+          Resource'
+            Prelude.<$> (x Data..:? "accessKeyDetails")
+            Prelude.<*> (x Data..:? "containerDetails")
+            Prelude.<*> (x Data..:? "ebsVolumeDetails")
+            Prelude.<*> (x Data..:? "ecsClusterDetails")
+            Prelude.<*> (x Data..:? "eksClusterDetails")
+            Prelude.<*> (x Data..:? "instanceDetails")
+            Prelude.<*> (x Data..:? "kubernetesDetails")
+            Prelude.<*> (x Data..:? "resourceType")
+            Prelude.<*> ( x
+                            Data..:? "s3BucketDetails"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable Resource where
+  hashWithSalt _salt Resource' {..} =
+    _salt
+      `Prelude.hashWithSalt` accessKeyDetails
+      `Prelude.hashWithSalt` containerDetails
+      `Prelude.hashWithSalt` ebsVolumeDetails
+      `Prelude.hashWithSalt` ecsClusterDetails
+      `Prelude.hashWithSalt` eksClusterDetails
+      `Prelude.hashWithSalt` instanceDetails
+      `Prelude.hashWithSalt` kubernetesDetails
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` s3BucketDetails
+
+instance Prelude.NFData Resource where
+  rnf Resource' {..} =
+    Prelude.rnf accessKeyDetails
+      `Prelude.seq` Prelude.rnf containerDetails
+      `Prelude.seq` Prelude.rnf ebsVolumeDetails
+      `Prelude.seq` Prelude.rnf ecsClusterDetails
+      `Prelude.seq` Prelude.rnf eksClusterDetails
+      `Prelude.seq` Prelude.rnf instanceDetails
+      `Prelude.seq` Prelude.rnf kubernetesDetails
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf s3BucketDetails
diff --git a/gen/Amazonka/GuardDuty/Types/ResourceDetails.hs b/gen/Amazonka/GuardDuty/Types/ResourceDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ResourceDetails.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ResourceDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ResourceDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Represents the resources that were scanned in the scan entry.
+--
+-- /See:/ 'newResourceDetails' smart constructor.
+data ResourceDetails = ResourceDetails'
+  { -- | InstanceArn that was scanned in the scan entry.
+    instanceArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResourceDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'resourceDetails_instanceArn' - InstanceArn that was scanned in the scan entry.
+newResourceDetails ::
+  ResourceDetails
+newResourceDetails =
+  ResourceDetails' {instanceArn = Prelude.Nothing}
+
+-- | InstanceArn that was scanned in the scan entry.
+resourceDetails_instanceArn :: Lens.Lens' ResourceDetails (Prelude.Maybe Prelude.Text)
+resourceDetails_instanceArn = Lens.lens (\ResourceDetails' {instanceArn} -> instanceArn) (\s@ResourceDetails' {} a -> s {instanceArn = a} :: ResourceDetails)
+
+instance Data.FromJSON ResourceDetails where
+  parseJSON =
+    Data.withObject
+      "ResourceDetails"
+      ( \x ->
+          ResourceDetails'
+            Prelude.<$> (x Data..:? "instanceArn")
+      )
+
+instance Prelude.Hashable ResourceDetails where
+  hashWithSalt _salt ResourceDetails' {..} =
+    _salt `Prelude.hashWithSalt` instanceArn
+
+instance Prelude.NFData ResourceDetails where
+  rnf ResourceDetails' {..} = Prelude.rnf instanceArn
diff --git a/gen/Amazonka/GuardDuty/Types/S3BucketDetail.hs b/gen/Amazonka/GuardDuty/Types/S3BucketDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/S3BucketDetail.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.S3BucketDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.S3BucketDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DefaultServerSideEncryption
+import Amazonka.GuardDuty.Types.Owner
+import Amazonka.GuardDuty.Types.PublicAccess
+import Amazonka.GuardDuty.Types.Tag
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the S3 bucket.
+--
+-- /See:/ 'newS3BucketDetail' smart constructor.
+data S3BucketDetail = S3BucketDetail'
+  { -- | The Amazon Resource Name (ARN) of the S3 bucket.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time the bucket was created at.
+    createdAt :: Prelude.Maybe Data.POSIX,
+    -- | Describes the server side encryption method used in the S3 bucket.
+    defaultServerSideEncryption :: Prelude.Maybe DefaultServerSideEncryption,
+    -- | The name of the S3 bucket.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The owner of the S3 bucket.
+    owner :: Prelude.Maybe Owner,
+    -- | Describes the public access policies that apply to the S3 bucket.
+    publicAccess :: Prelude.Maybe PublicAccess,
+    -- | All tags attached to the S3 bucket
+    tags :: Prelude.Maybe [Tag],
+    -- | Describes whether the bucket is a source or destination bucket.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'S3BucketDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 's3BucketDetail_arn' - The Amazon Resource Name (ARN) of the S3 bucket.
+--
+-- 'createdAt', 's3BucketDetail_createdAt' - The date and time the bucket was created at.
+--
+-- 'defaultServerSideEncryption', 's3BucketDetail_defaultServerSideEncryption' - Describes the server side encryption method used in the S3 bucket.
+--
+-- 'name', 's3BucketDetail_name' - The name of the S3 bucket.
+--
+-- 'owner', 's3BucketDetail_owner' - The owner of the S3 bucket.
+--
+-- 'publicAccess', 's3BucketDetail_publicAccess' - Describes the public access policies that apply to the S3 bucket.
+--
+-- 'tags', 's3BucketDetail_tags' - All tags attached to the S3 bucket
+--
+-- 'type'', 's3BucketDetail_type' - Describes whether the bucket is a source or destination bucket.
+newS3BucketDetail ::
+  S3BucketDetail
+newS3BucketDetail =
+  S3BucketDetail'
+    { arn = Prelude.Nothing,
+      createdAt = Prelude.Nothing,
+      defaultServerSideEncryption = Prelude.Nothing,
+      name = Prelude.Nothing,
+      owner = Prelude.Nothing,
+      publicAccess = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the S3 bucket.
+s3BucketDetail_arn :: Lens.Lens' S3BucketDetail (Prelude.Maybe Prelude.Text)
+s3BucketDetail_arn = Lens.lens (\S3BucketDetail' {arn} -> arn) (\s@S3BucketDetail' {} a -> s {arn = a} :: S3BucketDetail)
+
+-- | The date and time the bucket was created at.
+s3BucketDetail_createdAt :: Lens.Lens' S3BucketDetail (Prelude.Maybe Prelude.UTCTime)
+s3BucketDetail_createdAt = Lens.lens (\S3BucketDetail' {createdAt} -> createdAt) (\s@S3BucketDetail' {} a -> s {createdAt = a} :: S3BucketDetail) Prelude.. Lens.mapping Data._Time
+
+-- | Describes the server side encryption method used in the S3 bucket.
+s3BucketDetail_defaultServerSideEncryption :: Lens.Lens' S3BucketDetail (Prelude.Maybe DefaultServerSideEncryption)
+s3BucketDetail_defaultServerSideEncryption = Lens.lens (\S3BucketDetail' {defaultServerSideEncryption} -> defaultServerSideEncryption) (\s@S3BucketDetail' {} a -> s {defaultServerSideEncryption = a} :: S3BucketDetail)
+
+-- | The name of the S3 bucket.
+s3BucketDetail_name :: Lens.Lens' S3BucketDetail (Prelude.Maybe Prelude.Text)
+s3BucketDetail_name = Lens.lens (\S3BucketDetail' {name} -> name) (\s@S3BucketDetail' {} a -> s {name = a} :: S3BucketDetail)
+
+-- | The owner of the S3 bucket.
+s3BucketDetail_owner :: Lens.Lens' S3BucketDetail (Prelude.Maybe Owner)
+s3BucketDetail_owner = Lens.lens (\S3BucketDetail' {owner} -> owner) (\s@S3BucketDetail' {} a -> s {owner = a} :: S3BucketDetail)
+
+-- | Describes the public access policies that apply to the S3 bucket.
+s3BucketDetail_publicAccess :: Lens.Lens' S3BucketDetail (Prelude.Maybe PublicAccess)
+s3BucketDetail_publicAccess = Lens.lens (\S3BucketDetail' {publicAccess} -> publicAccess) (\s@S3BucketDetail' {} a -> s {publicAccess = a} :: S3BucketDetail)
+
+-- | All tags attached to the S3 bucket
+s3BucketDetail_tags :: Lens.Lens' S3BucketDetail (Prelude.Maybe [Tag])
+s3BucketDetail_tags = Lens.lens (\S3BucketDetail' {tags} -> tags) (\s@S3BucketDetail' {} a -> s {tags = a} :: S3BucketDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | Describes whether the bucket is a source or destination bucket.
+s3BucketDetail_type :: Lens.Lens' S3BucketDetail (Prelude.Maybe Prelude.Text)
+s3BucketDetail_type = Lens.lens (\S3BucketDetail' {type'} -> type') (\s@S3BucketDetail' {} a -> s {type' = a} :: S3BucketDetail)
+
+instance Data.FromJSON S3BucketDetail where
+  parseJSON =
+    Data.withObject
+      "S3BucketDetail"
+      ( \x ->
+          S3BucketDetail'
+            Prelude.<$> (x Data..:? "arn")
+            Prelude.<*> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "defaultServerSideEncryption")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "owner")
+            Prelude.<*> (x Data..:? "publicAccess")
+            Prelude.<*> (x Data..:? "tags" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "type")
+      )
+
+instance Prelude.Hashable S3BucketDetail where
+  hashWithSalt _salt S3BucketDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` defaultServerSideEncryption
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` owner
+      `Prelude.hashWithSalt` publicAccess
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData S3BucketDetail where
+  rnf S3BucketDetail' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf defaultServerSideEncryption
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf owner
+      `Prelude.seq` Prelude.rnf publicAccess
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf type'
diff --git a/gen/Amazonka/GuardDuty/Types/S3LogsConfiguration.hs b/gen/Amazonka/GuardDuty/Types/S3LogsConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/S3LogsConfiguration.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.S3LogsConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.S3LogsConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether S3 data event logs will be enabled as a data source.
+--
+-- /See:/ 'newS3LogsConfiguration' smart constructor.
+data S3LogsConfiguration = S3LogsConfiguration'
+  { -- | The status of S3 data event logs as a data source.
+    enable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'S3LogsConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enable', 's3LogsConfiguration_enable' - The status of S3 data event logs as a data source.
+newS3LogsConfiguration ::
+  -- | 'enable'
+  Prelude.Bool ->
+  S3LogsConfiguration
+newS3LogsConfiguration pEnable_ =
+  S3LogsConfiguration' {enable = pEnable_}
+
+-- | The status of S3 data event logs as a data source.
+s3LogsConfiguration_enable :: Lens.Lens' S3LogsConfiguration Prelude.Bool
+s3LogsConfiguration_enable = Lens.lens (\S3LogsConfiguration' {enable} -> enable) (\s@S3LogsConfiguration' {} a -> s {enable = a} :: S3LogsConfiguration)
+
+instance Prelude.Hashable S3LogsConfiguration where
+  hashWithSalt _salt S3LogsConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` enable
+
+instance Prelude.NFData S3LogsConfiguration where
+  rnf S3LogsConfiguration' {..} = Prelude.rnf enable
+
+instance Data.ToJSON S3LogsConfiguration where
+  toJSON S3LogsConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("enable" Data..= enable)]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/S3LogsConfigurationResult.hs b/gen/Amazonka/GuardDuty/Types/S3LogsConfigurationResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/S3LogsConfigurationResult.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.S3LogsConfigurationResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.S3LogsConfigurationResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSourceStatus
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether S3 data event logs will be enabled as a data source.
+--
+-- /See:/ 'newS3LogsConfigurationResult' smart constructor.
+data S3LogsConfigurationResult = S3LogsConfigurationResult'
+  { -- | A value that describes whether S3 data event logs are automatically
+    -- enabled for new members of the organization.
+    status :: DataSourceStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'S3LogsConfigurationResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 's3LogsConfigurationResult_status' - A value that describes whether S3 data event logs are automatically
+-- enabled for new members of the organization.
+newS3LogsConfigurationResult ::
+  -- | 'status'
+  DataSourceStatus ->
+  S3LogsConfigurationResult
+newS3LogsConfigurationResult pStatus_ =
+  S3LogsConfigurationResult' {status = pStatus_}
+
+-- | A value that describes whether S3 data event logs are automatically
+-- enabled for new members of the organization.
+s3LogsConfigurationResult_status :: Lens.Lens' S3LogsConfigurationResult DataSourceStatus
+s3LogsConfigurationResult_status = Lens.lens (\S3LogsConfigurationResult' {status} -> status) (\s@S3LogsConfigurationResult' {} a -> s {status = a} :: S3LogsConfigurationResult)
+
+instance Data.FromJSON S3LogsConfigurationResult where
+  parseJSON =
+    Data.withObject
+      "S3LogsConfigurationResult"
+      ( \x ->
+          S3LogsConfigurationResult'
+            Prelude.<$> (x Data..: "status")
+      )
+
+instance Prelude.Hashable S3LogsConfigurationResult where
+  hashWithSalt _salt S3LogsConfigurationResult' {..} =
+    _salt `Prelude.hashWithSalt` status
+
+instance Prelude.NFData S3LogsConfigurationResult where
+  rnf S3LogsConfigurationResult' {..} =
+    Prelude.rnf status
diff --git a/gen/Amazonka/GuardDuty/Types/Scan.hs b/gen/Amazonka/GuardDuty/Types/Scan.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Scan.hs
@@ -0,0 +1,245 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Scan
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Scan where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ResourceDetails
+import Amazonka.GuardDuty.Types.ScanResultDetails
+import Amazonka.GuardDuty.Types.ScanStatus
+import Amazonka.GuardDuty.Types.TriggerDetails
+import Amazonka.GuardDuty.Types.VolumeDetail
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a malware scan.
+--
+-- /See:/ 'newScan' smart constructor.
+data Scan = Scan'
+  { -- | The ID for the account that belongs to the scan.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The unique detector ID of the administrator account that the request is
+    -- associated with. Note that this value will be the same as the one used
+    -- for @DetectorId@ if the account is an administrator.
+    adminDetectorId :: Prelude.Maybe Prelude.Text,
+    -- | List of volumes that were attached to the original instance to be
+    -- scanned.
+    attachedVolumes :: Prelude.Maybe [VolumeDetail],
+    -- | The unique ID of the detector that the request is associated with.
+    detectorId :: Prelude.Maybe Prelude.Text,
+    -- | Represents the reason for FAILED scan status.
+    failureReason :: Prelude.Maybe Prelude.Text,
+    -- | Represents the number of files that were scanned.
+    fileCount :: Prelude.Maybe Prelude.Natural,
+    -- | Represents the resources that were scanned in the scan entry.
+    resourceDetails :: Prelude.Maybe ResourceDetails,
+    -- | The timestamp of when the scan was finished.
+    scanEndTime :: Prelude.Maybe Data.POSIX,
+    -- | The unique scan ID associated with a scan entry.
+    scanId :: Prelude.Maybe Prelude.Text,
+    -- | Represents the result of the scan.
+    scanResultDetails :: Prelude.Maybe ScanResultDetails,
+    -- | The timestamp of when the scan was triggered.
+    scanStartTime :: Prelude.Maybe Data.POSIX,
+    -- | An enum value representing possible scan statuses.
+    scanStatus :: Prelude.Maybe ScanStatus,
+    -- | Represents total bytes that were scanned.
+    totalBytes :: Prelude.Maybe Prelude.Natural,
+    -- | Specifies the reason why the scan was initiated.
+    triggerDetails :: Prelude.Maybe TriggerDetails
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Scan' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'scan_accountId' - The ID for the account that belongs to the scan.
+--
+-- 'adminDetectorId', 'scan_adminDetectorId' - The unique detector ID of the administrator account that the request is
+-- associated with. Note that this value will be the same as the one used
+-- for @DetectorId@ if the account is an administrator.
+--
+-- 'attachedVolumes', 'scan_attachedVolumes' - List of volumes that were attached to the original instance to be
+-- scanned.
+--
+-- 'detectorId', 'scan_detectorId' - The unique ID of the detector that the request is associated with.
+--
+-- 'failureReason', 'scan_failureReason' - Represents the reason for FAILED scan status.
+--
+-- 'fileCount', 'scan_fileCount' - Represents the number of files that were scanned.
+--
+-- 'resourceDetails', 'scan_resourceDetails' - Represents the resources that were scanned in the scan entry.
+--
+-- 'scanEndTime', 'scan_scanEndTime' - The timestamp of when the scan was finished.
+--
+-- 'scanId', 'scan_scanId' - The unique scan ID associated with a scan entry.
+--
+-- 'scanResultDetails', 'scan_scanResultDetails' - Represents the result of the scan.
+--
+-- 'scanStartTime', 'scan_scanStartTime' - The timestamp of when the scan was triggered.
+--
+-- 'scanStatus', 'scan_scanStatus' - An enum value representing possible scan statuses.
+--
+-- 'totalBytes', 'scan_totalBytes' - Represents total bytes that were scanned.
+--
+-- 'triggerDetails', 'scan_triggerDetails' - Specifies the reason why the scan was initiated.
+newScan ::
+  Scan
+newScan =
+  Scan'
+    { accountId = Prelude.Nothing,
+      adminDetectorId = Prelude.Nothing,
+      attachedVolumes = Prelude.Nothing,
+      detectorId = Prelude.Nothing,
+      failureReason = Prelude.Nothing,
+      fileCount = Prelude.Nothing,
+      resourceDetails = Prelude.Nothing,
+      scanEndTime = Prelude.Nothing,
+      scanId = Prelude.Nothing,
+      scanResultDetails = Prelude.Nothing,
+      scanStartTime = Prelude.Nothing,
+      scanStatus = Prelude.Nothing,
+      totalBytes = Prelude.Nothing,
+      triggerDetails = Prelude.Nothing
+    }
+
+-- | The ID for the account that belongs to the scan.
+scan_accountId :: Lens.Lens' Scan (Prelude.Maybe Prelude.Text)
+scan_accountId = Lens.lens (\Scan' {accountId} -> accountId) (\s@Scan' {} a -> s {accountId = a} :: Scan)
+
+-- | The unique detector ID of the administrator account that the request is
+-- associated with. Note that this value will be the same as the one used
+-- for @DetectorId@ if the account is an administrator.
+scan_adminDetectorId :: Lens.Lens' Scan (Prelude.Maybe Prelude.Text)
+scan_adminDetectorId = Lens.lens (\Scan' {adminDetectorId} -> adminDetectorId) (\s@Scan' {} a -> s {adminDetectorId = a} :: Scan)
+
+-- | List of volumes that were attached to the original instance to be
+-- scanned.
+scan_attachedVolumes :: Lens.Lens' Scan (Prelude.Maybe [VolumeDetail])
+scan_attachedVolumes = Lens.lens (\Scan' {attachedVolumes} -> attachedVolumes) (\s@Scan' {} a -> s {attachedVolumes = a} :: Scan) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique ID of the detector that the request is associated with.
+scan_detectorId :: Lens.Lens' Scan (Prelude.Maybe Prelude.Text)
+scan_detectorId = Lens.lens (\Scan' {detectorId} -> detectorId) (\s@Scan' {} a -> s {detectorId = a} :: Scan)
+
+-- | Represents the reason for FAILED scan status.
+scan_failureReason :: Lens.Lens' Scan (Prelude.Maybe Prelude.Text)
+scan_failureReason = Lens.lens (\Scan' {failureReason} -> failureReason) (\s@Scan' {} a -> s {failureReason = a} :: Scan)
+
+-- | Represents the number of files that were scanned.
+scan_fileCount :: Lens.Lens' Scan (Prelude.Maybe Prelude.Natural)
+scan_fileCount = Lens.lens (\Scan' {fileCount} -> fileCount) (\s@Scan' {} a -> s {fileCount = a} :: Scan)
+
+-- | Represents the resources that were scanned in the scan entry.
+scan_resourceDetails :: Lens.Lens' Scan (Prelude.Maybe ResourceDetails)
+scan_resourceDetails = Lens.lens (\Scan' {resourceDetails} -> resourceDetails) (\s@Scan' {} a -> s {resourceDetails = a} :: Scan)
+
+-- | The timestamp of when the scan was finished.
+scan_scanEndTime :: Lens.Lens' Scan (Prelude.Maybe Prelude.UTCTime)
+scan_scanEndTime = Lens.lens (\Scan' {scanEndTime} -> scanEndTime) (\s@Scan' {} a -> s {scanEndTime = a} :: Scan) Prelude.. Lens.mapping Data._Time
+
+-- | The unique scan ID associated with a scan entry.
+scan_scanId :: Lens.Lens' Scan (Prelude.Maybe Prelude.Text)
+scan_scanId = Lens.lens (\Scan' {scanId} -> scanId) (\s@Scan' {} a -> s {scanId = a} :: Scan)
+
+-- | Represents the result of the scan.
+scan_scanResultDetails :: Lens.Lens' Scan (Prelude.Maybe ScanResultDetails)
+scan_scanResultDetails = Lens.lens (\Scan' {scanResultDetails} -> scanResultDetails) (\s@Scan' {} a -> s {scanResultDetails = a} :: Scan)
+
+-- | The timestamp of when the scan was triggered.
+scan_scanStartTime :: Lens.Lens' Scan (Prelude.Maybe Prelude.UTCTime)
+scan_scanStartTime = Lens.lens (\Scan' {scanStartTime} -> scanStartTime) (\s@Scan' {} a -> s {scanStartTime = a} :: Scan) Prelude.. Lens.mapping Data._Time
+
+-- | An enum value representing possible scan statuses.
+scan_scanStatus :: Lens.Lens' Scan (Prelude.Maybe ScanStatus)
+scan_scanStatus = Lens.lens (\Scan' {scanStatus} -> scanStatus) (\s@Scan' {} a -> s {scanStatus = a} :: Scan)
+
+-- | Represents total bytes that were scanned.
+scan_totalBytes :: Lens.Lens' Scan (Prelude.Maybe Prelude.Natural)
+scan_totalBytes = Lens.lens (\Scan' {totalBytes} -> totalBytes) (\s@Scan' {} a -> s {totalBytes = a} :: Scan)
+
+-- | Specifies the reason why the scan was initiated.
+scan_triggerDetails :: Lens.Lens' Scan (Prelude.Maybe TriggerDetails)
+scan_triggerDetails = Lens.lens (\Scan' {triggerDetails} -> triggerDetails) (\s@Scan' {} a -> s {triggerDetails = a} :: Scan)
+
+instance Data.FromJSON Scan where
+  parseJSON =
+    Data.withObject
+      "Scan"
+      ( \x ->
+          Scan'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "adminDetectorId")
+            Prelude.<*> ( x
+                            Data..:? "attachedVolumes"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "detectorId")
+            Prelude.<*> (x Data..:? "failureReason")
+            Prelude.<*> (x Data..:? "fileCount")
+            Prelude.<*> (x Data..:? "resourceDetails")
+            Prelude.<*> (x Data..:? "scanEndTime")
+            Prelude.<*> (x Data..:? "scanId")
+            Prelude.<*> (x Data..:? "scanResultDetails")
+            Prelude.<*> (x Data..:? "scanStartTime")
+            Prelude.<*> (x Data..:? "scanStatus")
+            Prelude.<*> (x Data..:? "totalBytes")
+            Prelude.<*> (x Data..:? "triggerDetails")
+      )
+
+instance Prelude.Hashable Scan where
+  hashWithSalt _salt Scan' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` adminDetectorId
+      `Prelude.hashWithSalt` attachedVolumes
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` failureReason
+      `Prelude.hashWithSalt` fileCount
+      `Prelude.hashWithSalt` resourceDetails
+      `Prelude.hashWithSalt` scanEndTime
+      `Prelude.hashWithSalt` scanId
+      `Prelude.hashWithSalt` scanResultDetails
+      `Prelude.hashWithSalt` scanStartTime
+      `Prelude.hashWithSalt` scanStatus
+      `Prelude.hashWithSalt` totalBytes
+      `Prelude.hashWithSalt` triggerDetails
+
+instance Prelude.NFData Scan where
+  rnf Scan' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf adminDetectorId
+      `Prelude.seq` Prelude.rnf attachedVolumes
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf failureReason
+      `Prelude.seq` Prelude.rnf fileCount
+      `Prelude.seq` Prelude.rnf resourceDetails
+      `Prelude.seq` Prelude.rnf scanEndTime
+      `Prelude.seq` Prelude.rnf scanId
+      `Prelude.seq` Prelude.rnf scanResultDetails
+      `Prelude.seq` Prelude.rnf scanStartTime
+      `Prelude.seq` Prelude.rnf scanStatus
+      `Prelude.seq` Prelude.rnf totalBytes
+      `Prelude.seq` Prelude.rnf triggerDetails
diff --git a/gen/Amazonka/GuardDuty/Types/ScanCondition.hs b/gen/Amazonka/GuardDuty/Types/ScanCondition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanCondition.hs
@@ -0,0 +1,79 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanCondition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanCondition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanConditionPair
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the condition.
+--
+-- /See:/ 'newScanCondition' smart constructor.
+data ScanCondition = ScanCondition'
+  { -- | Represents an /mapEqual/ ____ condition to be applied to a single field
+    -- when triggering for malware scan.
+    mapEquals :: [ScanConditionPair]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanCondition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mapEquals', 'scanCondition_mapEquals' - Represents an /mapEqual/ ____ condition to be applied to a single field
+-- when triggering for malware scan.
+newScanCondition ::
+  ScanCondition
+newScanCondition =
+  ScanCondition' {mapEquals = Prelude.mempty}
+
+-- | Represents an /mapEqual/ ____ condition to be applied to a single field
+-- when triggering for malware scan.
+scanCondition_mapEquals :: Lens.Lens' ScanCondition [ScanConditionPair]
+scanCondition_mapEquals = Lens.lens (\ScanCondition' {mapEquals} -> mapEquals) (\s@ScanCondition' {} a -> s {mapEquals = a} :: ScanCondition) Prelude.. Lens.coerced
+
+instance Data.FromJSON ScanCondition where
+  parseJSON =
+    Data.withObject
+      "ScanCondition"
+      ( \x ->
+          ScanCondition'
+            Prelude.<$> (x Data..:? "mapEquals" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable ScanCondition where
+  hashWithSalt _salt ScanCondition' {..} =
+    _salt `Prelude.hashWithSalt` mapEquals
+
+instance Prelude.NFData ScanCondition where
+  rnf ScanCondition' {..} = Prelude.rnf mapEquals
+
+instance Data.ToJSON ScanCondition where
+  toJSON ScanCondition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("mapEquals" Data..= mapEquals)]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/ScanConditionPair.hs b/gen/Amazonka/GuardDuty/Types/ScanConditionPair.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanConditionPair.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanConditionPair
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanConditionPair where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Represents key, value pair to be matched against given resource
+-- property.
+--
+-- /See:/ 'newScanConditionPair' smart constructor.
+data ScanConditionPair = ScanConditionPair'
+  { -- | Represents optional /value/ ____ in the map condition. If not specified,
+    -- only /key/ ____ will be matched.
+    value :: Prelude.Maybe Prelude.Text,
+    -- | Represents /key/ ____ in the map condition.
+    key :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanConditionPair' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'value', 'scanConditionPair_value' - Represents optional /value/ ____ in the map condition. If not specified,
+-- only /key/ ____ will be matched.
+--
+-- 'key', 'scanConditionPair_key' - Represents /key/ ____ in the map condition.
+newScanConditionPair ::
+  -- | 'key'
+  Prelude.Text ->
+  ScanConditionPair
+newScanConditionPair pKey_ =
+  ScanConditionPair'
+    { value = Prelude.Nothing,
+      key = pKey_
+    }
+
+-- | Represents optional /value/ ____ in the map condition. If not specified,
+-- only /key/ ____ will be matched.
+scanConditionPair_value :: Lens.Lens' ScanConditionPair (Prelude.Maybe Prelude.Text)
+scanConditionPair_value = Lens.lens (\ScanConditionPair' {value} -> value) (\s@ScanConditionPair' {} a -> s {value = a} :: ScanConditionPair)
+
+-- | Represents /key/ ____ in the map condition.
+scanConditionPair_key :: Lens.Lens' ScanConditionPair Prelude.Text
+scanConditionPair_key = Lens.lens (\ScanConditionPair' {key} -> key) (\s@ScanConditionPair' {} a -> s {key = a} :: ScanConditionPair)
+
+instance Data.FromJSON ScanConditionPair where
+  parseJSON =
+    Data.withObject
+      "ScanConditionPair"
+      ( \x ->
+          ScanConditionPair'
+            Prelude.<$> (x Data..:? "value")
+            Prelude.<*> (x Data..: "key")
+      )
+
+instance Prelude.Hashable ScanConditionPair where
+  hashWithSalt _salt ScanConditionPair' {..} =
+    _salt
+      `Prelude.hashWithSalt` value
+      `Prelude.hashWithSalt` key
+
+instance Prelude.NFData ScanConditionPair where
+  rnf ScanConditionPair' {..} =
+    Prelude.rnf value `Prelude.seq` Prelude.rnf key
+
+instance Data.ToJSON ScanConditionPair where
+  toJSON ScanConditionPair' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("value" Data..=) Prelude.<$> value,
+            Prelude.Just ("key" Data..= key)
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/ScanCriterionKey.hs b/gen/Amazonka/GuardDuty/Types/ScanCriterionKey.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanCriterionKey.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanCriterionKey
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanCriterionKey
+  ( ScanCriterionKey
+      ( ..,
+        ScanCriterionKey_EC2_INSTANCE_TAG
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An enum value representing possible resource properties to match with
+-- given scan condition.
+newtype ScanCriterionKey = ScanCriterionKey'
+  { fromScanCriterionKey ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ScanCriterionKey_EC2_INSTANCE_TAG :: ScanCriterionKey
+pattern ScanCriterionKey_EC2_INSTANCE_TAG = ScanCriterionKey' "EC2_INSTANCE_TAG"
+
+{-# COMPLETE
+  ScanCriterionKey_EC2_INSTANCE_TAG,
+  ScanCriterionKey'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/ScanDetections.hs b/gen/Amazonka/GuardDuty/Types/ScanDetections.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanDetections.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanDetections
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanDetections where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.HighestSeverityThreatDetails
+import Amazonka.GuardDuty.Types.ScannedItemCount
+import Amazonka.GuardDuty.Types.ThreatDetectedByName
+import Amazonka.GuardDuty.Types.ThreatsDetectedItemCount
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains a complete view providing malware scan result details.
+--
+-- /See:/ 'newScanDetections' smart constructor.
+data ScanDetections = ScanDetections'
+  { -- | Details of the highest severity threat detected during malware scan and
+    -- number of infected files.
+    highestSeverityThreatDetails :: Prelude.Maybe HighestSeverityThreatDetails,
+    -- | Total number of scanned files.
+    scannedItemCount :: Prelude.Maybe ScannedItemCount,
+    -- | Contains details about identified threats organized by threat name.
+    threatDetectedByName :: Prelude.Maybe ThreatDetectedByName,
+    -- | Total number of infected files.
+    threatsDetectedItemCount :: Prelude.Maybe ThreatsDetectedItemCount
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanDetections' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'highestSeverityThreatDetails', 'scanDetections_highestSeverityThreatDetails' - Details of the highest severity threat detected during malware scan and
+-- number of infected files.
+--
+-- 'scannedItemCount', 'scanDetections_scannedItemCount' - Total number of scanned files.
+--
+-- 'threatDetectedByName', 'scanDetections_threatDetectedByName' - Contains details about identified threats organized by threat name.
+--
+-- 'threatsDetectedItemCount', 'scanDetections_threatsDetectedItemCount' - Total number of infected files.
+newScanDetections ::
+  ScanDetections
+newScanDetections =
+  ScanDetections'
+    { highestSeverityThreatDetails =
+        Prelude.Nothing,
+      scannedItemCount = Prelude.Nothing,
+      threatDetectedByName = Prelude.Nothing,
+      threatsDetectedItemCount = Prelude.Nothing
+    }
+
+-- | Details of the highest severity threat detected during malware scan and
+-- number of infected files.
+scanDetections_highestSeverityThreatDetails :: Lens.Lens' ScanDetections (Prelude.Maybe HighestSeverityThreatDetails)
+scanDetections_highestSeverityThreatDetails = Lens.lens (\ScanDetections' {highestSeverityThreatDetails} -> highestSeverityThreatDetails) (\s@ScanDetections' {} a -> s {highestSeverityThreatDetails = a} :: ScanDetections)
+
+-- | Total number of scanned files.
+scanDetections_scannedItemCount :: Lens.Lens' ScanDetections (Prelude.Maybe ScannedItemCount)
+scanDetections_scannedItemCount = Lens.lens (\ScanDetections' {scannedItemCount} -> scannedItemCount) (\s@ScanDetections' {} a -> s {scannedItemCount = a} :: ScanDetections)
+
+-- | Contains details about identified threats organized by threat name.
+scanDetections_threatDetectedByName :: Lens.Lens' ScanDetections (Prelude.Maybe ThreatDetectedByName)
+scanDetections_threatDetectedByName = Lens.lens (\ScanDetections' {threatDetectedByName} -> threatDetectedByName) (\s@ScanDetections' {} a -> s {threatDetectedByName = a} :: ScanDetections)
+
+-- | Total number of infected files.
+scanDetections_threatsDetectedItemCount :: Lens.Lens' ScanDetections (Prelude.Maybe ThreatsDetectedItemCount)
+scanDetections_threatsDetectedItemCount = Lens.lens (\ScanDetections' {threatsDetectedItemCount} -> threatsDetectedItemCount) (\s@ScanDetections' {} a -> s {threatsDetectedItemCount = a} :: ScanDetections)
+
+instance Data.FromJSON ScanDetections where
+  parseJSON =
+    Data.withObject
+      "ScanDetections"
+      ( \x ->
+          ScanDetections'
+            Prelude.<$> (x Data..:? "highestSeverityThreatDetails")
+            Prelude.<*> (x Data..:? "scannedItemCount")
+            Prelude.<*> (x Data..:? "threatDetectedByName")
+            Prelude.<*> (x Data..:? "threatsDetectedItemCount")
+      )
+
+instance Prelude.Hashable ScanDetections where
+  hashWithSalt _salt ScanDetections' {..} =
+    _salt
+      `Prelude.hashWithSalt` highestSeverityThreatDetails
+      `Prelude.hashWithSalt` scannedItemCount
+      `Prelude.hashWithSalt` threatDetectedByName
+      `Prelude.hashWithSalt` threatsDetectedItemCount
+
+instance Prelude.NFData ScanDetections where
+  rnf ScanDetections' {..} =
+    Prelude.rnf highestSeverityThreatDetails
+      `Prelude.seq` Prelude.rnf scannedItemCount
+      `Prelude.seq` Prelude.rnf threatDetectedByName
+      `Prelude.seq` Prelude.rnf threatsDetectedItemCount
diff --git a/gen/Amazonka/GuardDuty/Types/ScanEc2InstanceWithFindings.hs b/gen/Amazonka/GuardDuty/Types/ScanEc2InstanceWithFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanEc2InstanceWithFindings.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindings where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes whether Malware Protection for EC2 instances with findings
+-- will be enabled as a data source.
+--
+-- /See:/ 'newScanEc2InstanceWithFindings' smart constructor.
+data ScanEc2InstanceWithFindings = ScanEc2InstanceWithFindings'
+  { -- | Describes the configuration for scanning EBS volumes as data source.
+    ebsVolumes :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanEc2InstanceWithFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ebsVolumes', 'scanEc2InstanceWithFindings_ebsVolumes' - Describes the configuration for scanning EBS volumes as data source.
+newScanEc2InstanceWithFindings ::
+  ScanEc2InstanceWithFindings
+newScanEc2InstanceWithFindings =
+  ScanEc2InstanceWithFindings'
+    { ebsVolumes =
+        Prelude.Nothing
+    }
+
+-- | Describes the configuration for scanning EBS volumes as data source.
+scanEc2InstanceWithFindings_ebsVolumes :: Lens.Lens' ScanEc2InstanceWithFindings (Prelude.Maybe Prelude.Bool)
+scanEc2InstanceWithFindings_ebsVolumes = Lens.lens (\ScanEc2InstanceWithFindings' {ebsVolumes} -> ebsVolumes) (\s@ScanEc2InstanceWithFindings' {} a -> s {ebsVolumes = a} :: ScanEc2InstanceWithFindings)
+
+instance Prelude.Hashable ScanEc2InstanceWithFindings where
+  hashWithSalt _salt ScanEc2InstanceWithFindings' {..} =
+    _salt `Prelude.hashWithSalt` ebsVolumes
+
+instance Prelude.NFData ScanEc2InstanceWithFindings where
+  rnf ScanEc2InstanceWithFindings' {..} =
+    Prelude.rnf ebsVolumes
+
+instance Data.ToJSON ScanEc2InstanceWithFindings where
+  toJSON ScanEc2InstanceWithFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("ebsVolumes" Data..=) Prelude.<$> ebsVolumes]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/ScanEc2InstanceWithFindingsResult.hs b/gen/Amazonka/GuardDuty/Types/ScanEc2InstanceWithFindingsResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanEc2InstanceWithFindingsResult.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindingsResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanEc2InstanceWithFindingsResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.EbsVolumesResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | An object that contains information on the status of whether Malware
+-- Protection for EC2 instances with findings will be enabled as a data
+-- source.
+--
+-- /See:/ 'newScanEc2InstanceWithFindingsResult' smart constructor.
+data ScanEc2InstanceWithFindingsResult = ScanEc2InstanceWithFindingsResult'
+  { -- | Describes the configuration of scanning EBS volumes as a data source.
+    ebsVolumes :: Prelude.Maybe EbsVolumesResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanEc2InstanceWithFindingsResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ebsVolumes', 'scanEc2InstanceWithFindingsResult_ebsVolumes' - Describes the configuration of scanning EBS volumes as a data source.
+newScanEc2InstanceWithFindingsResult ::
+  ScanEc2InstanceWithFindingsResult
+newScanEc2InstanceWithFindingsResult =
+  ScanEc2InstanceWithFindingsResult'
+    { ebsVolumes =
+        Prelude.Nothing
+    }
+
+-- | Describes the configuration of scanning EBS volumes as a data source.
+scanEc2InstanceWithFindingsResult_ebsVolumes :: Lens.Lens' ScanEc2InstanceWithFindingsResult (Prelude.Maybe EbsVolumesResult)
+scanEc2InstanceWithFindingsResult_ebsVolumes = Lens.lens (\ScanEc2InstanceWithFindingsResult' {ebsVolumes} -> ebsVolumes) (\s@ScanEc2InstanceWithFindingsResult' {} a -> s {ebsVolumes = a} :: ScanEc2InstanceWithFindingsResult)
+
+instance
+  Data.FromJSON
+    ScanEc2InstanceWithFindingsResult
+  where
+  parseJSON =
+    Data.withObject
+      "ScanEc2InstanceWithFindingsResult"
+      ( \x ->
+          ScanEc2InstanceWithFindingsResult'
+            Prelude.<$> (x Data..:? "ebsVolumes")
+      )
+
+instance
+  Prelude.Hashable
+    ScanEc2InstanceWithFindingsResult
+  where
+  hashWithSalt
+    _salt
+    ScanEc2InstanceWithFindingsResult' {..} =
+      _salt `Prelude.hashWithSalt` ebsVolumes
+
+instance
+  Prelude.NFData
+    ScanEc2InstanceWithFindingsResult
+  where
+  rnf ScanEc2InstanceWithFindingsResult' {..} =
+    Prelude.rnf ebsVolumes
diff --git a/gen/Amazonka/GuardDuty/Types/ScanFilePath.hs b/gen/Amazonka/GuardDuty/Types/ScanFilePath.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanFilePath.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanFilePath
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanFilePath where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details of infected file including name, file path and hash.
+--
+-- /See:/ 'newScanFilePath' smart constructor.
+data ScanFilePath = ScanFilePath'
+  { -- | File name of the infected file.
+    fileName :: Prelude.Maybe Prelude.Text,
+    -- | The file path of the infected file.
+    filePath :: Prelude.Maybe Prelude.Text,
+    -- | The hash value of the infected file.
+    hash :: Prelude.Maybe Prelude.Text,
+    -- | EBS volume Arn details of the infected file.
+    volumeArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanFilePath' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fileName', 'scanFilePath_fileName' - File name of the infected file.
+--
+-- 'filePath', 'scanFilePath_filePath' - The file path of the infected file.
+--
+-- 'hash', 'scanFilePath_hash' - The hash value of the infected file.
+--
+-- 'volumeArn', 'scanFilePath_volumeArn' - EBS volume Arn details of the infected file.
+newScanFilePath ::
+  ScanFilePath
+newScanFilePath =
+  ScanFilePath'
+    { fileName = Prelude.Nothing,
+      filePath = Prelude.Nothing,
+      hash = Prelude.Nothing,
+      volumeArn = Prelude.Nothing
+    }
+
+-- | File name of the infected file.
+scanFilePath_fileName :: Lens.Lens' ScanFilePath (Prelude.Maybe Prelude.Text)
+scanFilePath_fileName = Lens.lens (\ScanFilePath' {fileName} -> fileName) (\s@ScanFilePath' {} a -> s {fileName = a} :: ScanFilePath)
+
+-- | The file path of the infected file.
+scanFilePath_filePath :: Lens.Lens' ScanFilePath (Prelude.Maybe Prelude.Text)
+scanFilePath_filePath = Lens.lens (\ScanFilePath' {filePath} -> filePath) (\s@ScanFilePath' {} a -> s {filePath = a} :: ScanFilePath)
+
+-- | The hash value of the infected file.
+scanFilePath_hash :: Lens.Lens' ScanFilePath (Prelude.Maybe Prelude.Text)
+scanFilePath_hash = Lens.lens (\ScanFilePath' {hash} -> hash) (\s@ScanFilePath' {} a -> s {hash = a} :: ScanFilePath)
+
+-- | EBS volume Arn details of the infected file.
+scanFilePath_volumeArn :: Lens.Lens' ScanFilePath (Prelude.Maybe Prelude.Text)
+scanFilePath_volumeArn = Lens.lens (\ScanFilePath' {volumeArn} -> volumeArn) (\s@ScanFilePath' {} a -> s {volumeArn = a} :: ScanFilePath)
+
+instance Data.FromJSON ScanFilePath where
+  parseJSON =
+    Data.withObject
+      "ScanFilePath"
+      ( \x ->
+          ScanFilePath'
+            Prelude.<$> (x Data..:? "fileName")
+            Prelude.<*> (x Data..:? "filePath")
+            Prelude.<*> (x Data..:? "hash")
+            Prelude.<*> (x Data..:? "volumeArn")
+      )
+
+instance Prelude.Hashable ScanFilePath where
+  hashWithSalt _salt ScanFilePath' {..} =
+    _salt
+      `Prelude.hashWithSalt` fileName
+      `Prelude.hashWithSalt` filePath
+      `Prelude.hashWithSalt` hash
+      `Prelude.hashWithSalt` volumeArn
+
+instance Prelude.NFData ScanFilePath where
+  rnf ScanFilePath' {..} =
+    Prelude.rnf fileName
+      `Prelude.seq` Prelude.rnf filePath
+      `Prelude.seq` Prelude.rnf hash
+      `Prelude.seq` Prelude.rnf volumeArn
diff --git a/gen/Amazonka/GuardDuty/Types/ScanResourceCriteria.hs b/gen/Amazonka/GuardDuty/Types/ScanResourceCriteria.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanResourceCriteria.hs
@@ -0,0 +1,102 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanResourceCriteria
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanResourceCriteria where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanCondition
+import Amazonka.GuardDuty.Types.ScanCriterionKey
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about criteria used to filter resources before
+-- triggering malware scan.
+--
+-- /See:/ 'newScanResourceCriteria' smart constructor.
+data ScanResourceCriteria = ScanResourceCriteria'
+  { -- | Represents condition that when matched will prevent a malware scan for a
+    -- certain resource.
+    exclude :: Prelude.Maybe (Prelude.HashMap ScanCriterionKey ScanCondition),
+    -- | Represents condition that when matched will allow a malware scan for a
+    -- certain resource.
+    include :: Prelude.Maybe (Prelude.HashMap ScanCriterionKey ScanCondition)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanResourceCriteria' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'exclude', 'scanResourceCriteria_exclude' - Represents condition that when matched will prevent a malware scan for a
+-- certain resource.
+--
+-- 'include', 'scanResourceCriteria_include' - Represents condition that when matched will allow a malware scan for a
+-- certain resource.
+newScanResourceCriteria ::
+  ScanResourceCriteria
+newScanResourceCriteria =
+  ScanResourceCriteria'
+    { exclude = Prelude.Nothing,
+      include = Prelude.Nothing
+    }
+
+-- | Represents condition that when matched will prevent a malware scan for a
+-- certain resource.
+scanResourceCriteria_exclude :: Lens.Lens' ScanResourceCriteria (Prelude.Maybe (Prelude.HashMap ScanCriterionKey ScanCondition))
+scanResourceCriteria_exclude = Lens.lens (\ScanResourceCriteria' {exclude} -> exclude) (\s@ScanResourceCriteria' {} a -> s {exclude = a} :: ScanResourceCriteria) Prelude.. Lens.mapping Lens.coerced
+
+-- | Represents condition that when matched will allow a malware scan for a
+-- certain resource.
+scanResourceCriteria_include :: Lens.Lens' ScanResourceCriteria (Prelude.Maybe (Prelude.HashMap ScanCriterionKey ScanCondition))
+scanResourceCriteria_include = Lens.lens (\ScanResourceCriteria' {include} -> include) (\s@ScanResourceCriteria' {} a -> s {include = a} :: ScanResourceCriteria) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON ScanResourceCriteria where
+  parseJSON =
+    Data.withObject
+      "ScanResourceCriteria"
+      ( \x ->
+          ScanResourceCriteria'
+            Prelude.<$> (x Data..:? "exclude" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "include" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable ScanResourceCriteria where
+  hashWithSalt _salt ScanResourceCriteria' {..} =
+    _salt
+      `Prelude.hashWithSalt` exclude
+      `Prelude.hashWithSalt` include
+
+instance Prelude.NFData ScanResourceCriteria where
+  rnf ScanResourceCriteria' {..} =
+    Prelude.rnf exclude
+      `Prelude.seq` Prelude.rnf include
+
+instance Data.ToJSON ScanResourceCriteria where
+  toJSON ScanResourceCriteria' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("exclude" Data..=) Prelude.<$> exclude,
+            ("include" Data..=) Prelude.<$> include
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/ScanResult.hs b/gen/Amazonka/GuardDuty/Types/ScanResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanResult.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanResult
+  ( ScanResult
+      ( ..,
+        ScanResult_CLEAN,
+        ScanResult_INFECTED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ScanResult = ScanResult'
+  { fromScanResult ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ScanResult_CLEAN :: ScanResult
+pattern ScanResult_CLEAN = ScanResult' "CLEAN"
+
+pattern ScanResult_INFECTED :: ScanResult
+pattern ScanResult_INFECTED = ScanResult' "INFECTED"
+
+{-# COMPLETE
+  ScanResult_CLEAN,
+  ScanResult_INFECTED,
+  ScanResult'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/ScanResultDetails.hs b/gen/Amazonka/GuardDuty/Types/ScanResultDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanResultDetails.hs
@@ -0,0 +1,69 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanResultDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanResultDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | Represents the result of the scan.
+--
+-- /See:/ 'newScanResultDetails' smart constructor.
+data ScanResultDetails = ScanResultDetails'
+  { -- | An enum value representing possible scan results.
+    scanResult :: Prelude.Maybe ScanResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanResultDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scanResult', 'scanResultDetails_scanResult' - An enum value representing possible scan results.
+newScanResultDetails ::
+  ScanResultDetails
+newScanResultDetails =
+  ScanResultDetails' {scanResult = Prelude.Nothing}
+
+-- | An enum value representing possible scan results.
+scanResultDetails_scanResult :: Lens.Lens' ScanResultDetails (Prelude.Maybe ScanResult)
+scanResultDetails_scanResult = Lens.lens (\ScanResultDetails' {scanResult} -> scanResult) (\s@ScanResultDetails' {} a -> s {scanResult = a} :: ScanResultDetails)
+
+instance Data.FromJSON ScanResultDetails where
+  parseJSON =
+    Data.withObject
+      "ScanResultDetails"
+      ( \x ->
+          ScanResultDetails'
+            Prelude.<$> (x Data..:? "scanResult")
+      )
+
+instance Prelude.Hashable ScanResultDetails where
+  hashWithSalt _salt ScanResultDetails' {..} =
+    _salt `Prelude.hashWithSalt` scanResult
+
+instance Prelude.NFData ScanResultDetails where
+  rnf ScanResultDetails' {..} = Prelude.rnf scanResult
diff --git a/gen/Amazonka/GuardDuty/Types/ScanStatus.hs b/gen/Amazonka/GuardDuty/Types/ScanStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanStatus
+  ( ScanStatus
+      ( ..,
+        ScanStatus_COMPLETED,
+        ScanStatus_FAILED,
+        ScanStatus_RUNNING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ScanStatus = ScanStatus'
+  { fromScanStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ScanStatus_COMPLETED :: ScanStatus
+pattern ScanStatus_COMPLETED = ScanStatus' "COMPLETED"
+
+pattern ScanStatus_FAILED :: ScanStatus
+pattern ScanStatus_FAILED = ScanStatus' "FAILED"
+
+pattern ScanStatus_RUNNING :: ScanStatus
+pattern ScanStatus_RUNNING = ScanStatus' "RUNNING"
+
+{-# COMPLETE
+  ScanStatus_COMPLETED,
+  ScanStatus_FAILED,
+  ScanStatus_RUNNING,
+  ScanStatus'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/ScanThreatName.hs b/gen/Amazonka/GuardDuty/Types/ScanThreatName.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScanThreatName.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScanThreatName
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScanThreatName where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanFilePath
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains files infected with the given threat providing details of
+-- malware name and severity.
+--
+-- /See:/ 'newScanThreatName' smart constructor.
+data ScanThreatName = ScanThreatName'
+  { -- | List of infected files in EBS volume with details.
+    filePaths :: Prelude.Maybe [ScanFilePath],
+    -- | Total number of files infected with given threat.
+    itemCount :: Prelude.Maybe Prelude.Int,
+    -- | The name of the identified threat.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Severity of threat identified as part of the malware scan.
+    severity :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScanThreatName' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filePaths', 'scanThreatName_filePaths' - List of infected files in EBS volume with details.
+--
+-- 'itemCount', 'scanThreatName_itemCount' - Total number of files infected with given threat.
+--
+-- 'name', 'scanThreatName_name' - The name of the identified threat.
+--
+-- 'severity', 'scanThreatName_severity' - Severity of threat identified as part of the malware scan.
+newScanThreatName ::
+  ScanThreatName
+newScanThreatName =
+  ScanThreatName'
+    { filePaths = Prelude.Nothing,
+      itemCount = Prelude.Nothing,
+      name = Prelude.Nothing,
+      severity = Prelude.Nothing
+    }
+
+-- | List of infected files in EBS volume with details.
+scanThreatName_filePaths :: Lens.Lens' ScanThreatName (Prelude.Maybe [ScanFilePath])
+scanThreatName_filePaths = Lens.lens (\ScanThreatName' {filePaths} -> filePaths) (\s@ScanThreatName' {} a -> s {filePaths = a} :: ScanThreatName) Prelude.. Lens.mapping Lens.coerced
+
+-- | Total number of files infected with given threat.
+scanThreatName_itemCount :: Lens.Lens' ScanThreatName (Prelude.Maybe Prelude.Int)
+scanThreatName_itemCount = Lens.lens (\ScanThreatName' {itemCount} -> itemCount) (\s@ScanThreatName' {} a -> s {itemCount = a} :: ScanThreatName)
+
+-- | The name of the identified threat.
+scanThreatName_name :: Lens.Lens' ScanThreatName (Prelude.Maybe Prelude.Text)
+scanThreatName_name = Lens.lens (\ScanThreatName' {name} -> name) (\s@ScanThreatName' {} a -> s {name = a} :: ScanThreatName)
+
+-- | Severity of threat identified as part of the malware scan.
+scanThreatName_severity :: Lens.Lens' ScanThreatName (Prelude.Maybe Prelude.Text)
+scanThreatName_severity = Lens.lens (\ScanThreatName' {severity} -> severity) (\s@ScanThreatName' {} a -> s {severity = a} :: ScanThreatName)
+
+instance Data.FromJSON ScanThreatName where
+  parseJSON =
+    Data.withObject
+      "ScanThreatName"
+      ( \x ->
+          ScanThreatName'
+            Prelude.<$> (x Data..:? "filePaths" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "itemCount")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "severity")
+      )
+
+instance Prelude.Hashable ScanThreatName where
+  hashWithSalt _salt ScanThreatName' {..} =
+    _salt
+      `Prelude.hashWithSalt` filePaths
+      `Prelude.hashWithSalt` itemCount
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` severity
+
+instance Prelude.NFData ScanThreatName where
+  rnf ScanThreatName' {..} =
+    Prelude.rnf filePaths
+      `Prelude.seq` Prelude.rnf itemCount
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf severity
diff --git a/gen/Amazonka/GuardDuty/Types/ScannedItemCount.hs b/gen/Amazonka/GuardDuty/Types/ScannedItemCount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ScannedItemCount.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ScannedItemCount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ScannedItemCount where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Total number of scanned files.
+--
+-- /See:/ 'newScannedItemCount' smart constructor.
+data ScannedItemCount = ScannedItemCount'
+  { -- | Number of files scanned.
+    files :: Prelude.Maybe Prelude.Int,
+    -- | Total GB of files scanned for malware.
+    totalGb :: Prelude.Maybe Prelude.Int,
+    -- | Total number of scanned volumes.
+    volumes :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScannedItemCount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'files', 'scannedItemCount_files' - Number of files scanned.
+--
+-- 'totalGb', 'scannedItemCount_totalGb' - Total GB of files scanned for malware.
+--
+-- 'volumes', 'scannedItemCount_volumes' - Total number of scanned volumes.
+newScannedItemCount ::
+  ScannedItemCount
+newScannedItemCount =
+  ScannedItemCount'
+    { files = Prelude.Nothing,
+      totalGb = Prelude.Nothing,
+      volumes = Prelude.Nothing
+    }
+
+-- | Number of files scanned.
+scannedItemCount_files :: Lens.Lens' ScannedItemCount (Prelude.Maybe Prelude.Int)
+scannedItemCount_files = Lens.lens (\ScannedItemCount' {files} -> files) (\s@ScannedItemCount' {} a -> s {files = a} :: ScannedItemCount)
+
+-- | Total GB of files scanned for malware.
+scannedItemCount_totalGb :: Lens.Lens' ScannedItemCount (Prelude.Maybe Prelude.Int)
+scannedItemCount_totalGb = Lens.lens (\ScannedItemCount' {totalGb} -> totalGb) (\s@ScannedItemCount' {} a -> s {totalGb = a} :: ScannedItemCount)
+
+-- | Total number of scanned volumes.
+scannedItemCount_volumes :: Lens.Lens' ScannedItemCount (Prelude.Maybe Prelude.Int)
+scannedItemCount_volumes = Lens.lens (\ScannedItemCount' {volumes} -> volumes) (\s@ScannedItemCount' {} a -> s {volumes = a} :: ScannedItemCount)
+
+instance Data.FromJSON ScannedItemCount where
+  parseJSON =
+    Data.withObject
+      "ScannedItemCount"
+      ( \x ->
+          ScannedItemCount'
+            Prelude.<$> (x Data..:? "files")
+            Prelude.<*> (x Data..:? "totalGb")
+            Prelude.<*> (x Data..:? "volumes")
+      )
+
+instance Prelude.Hashable ScannedItemCount where
+  hashWithSalt _salt ScannedItemCount' {..} =
+    _salt
+      `Prelude.hashWithSalt` files
+      `Prelude.hashWithSalt` totalGb
+      `Prelude.hashWithSalt` volumes
+
+instance Prelude.NFData ScannedItemCount where
+  rnf ScannedItemCount' {..} =
+    Prelude.rnf files
+      `Prelude.seq` Prelude.rnf totalGb
+      `Prelude.seq` Prelude.rnf volumes
diff --git a/gen/Amazonka/GuardDuty/Types/SecurityContext.hs b/gen/Amazonka/GuardDuty/Types/SecurityContext.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/SecurityContext.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.SecurityContext
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.SecurityContext where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Container security context.
+--
+-- /See:/ 'newSecurityContext' smart constructor.
+data SecurityContext = SecurityContext'
+  { -- | Whether the container is privileged.
+    privileged :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SecurityContext' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'privileged', 'securityContext_privileged' - Whether the container is privileged.
+newSecurityContext ::
+  SecurityContext
+newSecurityContext =
+  SecurityContext' {privileged = Prelude.Nothing}
+
+-- | Whether the container is privileged.
+securityContext_privileged :: Lens.Lens' SecurityContext (Prelude.Maybe Prelude.Bool)
+securityContext_privileged = Lens.lens (\SecurityContext' {privileged} -> privileged) (\s@SecurityContext' {} a -> s {privileged = a} :: SecurityContext)
+
+instance Data.FromJSON SecurityContext where
+  parseJSON =
+    Data.withObject
+      "SecurityContext"
+      ( \x ->
+          SecurityContext'
+            Prelude.<$> (x Data..:? "privileged")
+      )
+
+instance Prelude.Hashable SecurityContext where
+  hashWithSalt _salt SecurityContext' {..} =
+    _salt `Prelude.hashWithSalt` privileged
+
+instance Prelude.NFData SecurityContext where
+  rnf SecurityContext' {..} = Prelude.rnf privileged
diff --git a/gen/Amazonka/GuardDuty/Types/SecurityGroup.hs b/gen/Amazonka/GuardDuty/Types/SecurityGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/SecurityGroup.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.SecurityGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.SecurityGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the security groups associated with the EC2
+-- instance.
+--
+-- /See:/ 'newSecurityGroup' smart constructor.
+data SecurityGroup = SecurityGroup'
+  { -- | The security group ID of the EC2 instance.
+    groupId :: Prelude.Maybe Prelude.Text,
+    -- | The security group name of the EC2 instance.
+    groupName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SecurityGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'groupId', 'securityGroup_groupId' - The security group ID of the EC2 instance.
+--
+-- 'groupName', 'securityGroup_groupName' - The security group name of the EC2 instance.
+newSecurityGroup ::
+  SecurityGroup
+newSecurityGroup =
+  SecurityGroup'
+    { groupId = Prelude.Nothing,
+      groupName = Prelude.Nothing
+    }
+
+-- | The security group ID of the EC2 instance.
+securityGroup_groupId :: Lens.Lens' SecurityGroup (Prelude.Maybe Prelude.Text)
+securityGroup_groupId = Lens.lens (\SecurityGroup' {groupId} -> groupId) (\s@SecurityGroup' {} a -> s {groupId = a} :: SecurityGroup)
+
+-- | The security group name of the EC2 instance.
+securityGroup_groupName :: Lens.Lens' SecurityGroup (Prelude.Maybe Prelude.Text)
+securityGroup_groupName = Lens.lens (\SecurityGroup' {groupName} -> groupName) (\s@SecurityGroup' {} a -> s {groupName = a} :: SecurityGroup)
+
+instance Data.FromJSON SecurityGroup where
+  parseJSON =
+    Data.withObject
+      "SecurityGroup"
+      ( \x ->
+          SecurityGroup'
+            Prelude.<$> (x Data..:? "groupId")
+            Prelude.<*> (x Data..:? "groupName")
+      )
+
+instance Prelude.Hashable SecurityGroup where
+  hashWithSalt _salt SecurityGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` groupId
+      `Prelude.hashWithSalt` groupName
+
+instance Prelude.NFData SecurityGroup where
+  rnf SecurityGroup' {..} =
+    Prelude.rnf groupId
+      `Prelude.seq` Prelude.rnf groupName
diff --git a/gen/Amazonka/GuardDuty/Types/ServiceAdditionalInfo.hs b/gen/Amazonka/GuardDuty/Types/ServiceAdditionalInfo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ServiceAdditionalInfo.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ServiceAdditionalInfo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ServiceAdditionalInfo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Additional information about the generated finding.
+--
+-- /See:/ 'newServiceAdditionalInfo' smart constructor.
+data ServiceAdditionalInfo = ServiceAdditionalInfo'
+  { -- | Describes the type of the additional information.
+    type' :: Prelude.Maybe Prelude.Text,
+    -- | This field specifies the value of the additional information.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ServiceAdditionalInfo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'type'', 'serviceAdditionalInfo_type' - Describes the type of the additional information.
+--
+-- 'value', 'serviceAdditionalInfo_value' - This field specifies the value of the additional information.
+newServiceAdditionalInfo ::
+  ServiceAdditionalInfo
+newServiceAdditionalInfo =
+  ServiceAdditionalInfo'
+    { type' = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | Describes the type of the additional information.
+serviceAdditionalInfo_type :: Lens.Lens' ServiceAdditionalInfo (Prelude.Maybe Prelude.Text)
+serviceAdditionalInfo_type = Lens.lens (\ServiceAdditionalInfo' {type'} -> type') (\s@ServiceAdditionalInfo' {} a -> s {type' = a} :: ServiceAdditionalInfo)
+
+-- | This field specifies the value of the additional information.
+serviceAdditionalInfo_value :: Lens.Lens' ServiceAdditionalInfo (Prelude.Maybe Prelude.Text)
+serviceAdditionalInfo_value = Lens.lens (\ServiceAdditionalInfo' {value} -> value) (\s@ServiceAdditionalInfo' {} a -> s {value = a} :: ServiceAdditionalInfo)
+
+instance Data.FromJSON ServiceAdditionalInfo where
+  parseJSON =
+    Data.withObject
+      "ServiceAdditionalInfo"
+      ( \x ->
+          ServiceAdditionalInfo'
+            Prelude.<$> (x Data..:? "type")
+            Prelude.<*> (x Data..:? "value")
+      )
+
+instance Prelude.Hashable ServiceAdditionalInfo where
+  hashWithSalt _salt ServiceAdditionalInfo' {..} =
+    _salt
+      `Prelude.hashWithSalt` type'
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData ServiceAdditionalInfo where
+  rnf ServiceAdditionalInfo' {..} =
+    Prelude.rnf type' `Prelude.seq` Prelude.rnf value
diff --git a/gen/Amazonka/GuardDuty/Types/ServiceInfo.hs b/gen/Amazonka/GuardDuty/Types/ServiceInfo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ServiceInfo.hs
@@ -0,0 +1,229 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ServiceInfo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ServiceInfo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Action
+import Amazonka.GuardDuty.Types.EbsVolumeScanDetails
+import Amazonka.GuardDuty.Types.Evidence
+import Amazonka.GuardDuty.Types.ServiceAdditionalInfo
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains additional information about the generated finding.
+--
+-- /See:/ 'newServiceInfo' smart constructor.
+data ServiceInfo = ServiceInfo'
+  { -- | Information about the activity that is described in a finding.
+    action :: Prelude.Maybe Action,
+    -- | Contains additional information about the generated finding.
+    additionalInfo :: Prelude.Maybe ServiceAdditionalInfo,
+    -- | Indicates whether this finding is archived.
+    archived :: Prelude.Maybe Prelude.Bool,
+    -- | The total count of the occurrences of this finding type.
+    count :: Prelude.Maybe Prelude.Int,
+    -- | The detector ID for the GuardDuty service.
+    detectorId :: Prelude.Maybe Prelude.Text,
+    -- | Returns details from the malware scan that created a finding.
+    ebsVolumeScanDetails :: Prelude.Maybe EbsVolumeScanDetails,
+    -- | The first-seen timestamp of the activity that prompted GuardDuty to
+    -- generate this finding.
+    eventFirstSeen :: Prelude.Maybe Prelude.Text,
+    -- | The last-seen timestamp of the activity that prompted GuardDuty to
+    -- generate this finding.
+    eventLastSeen :: Prelude.Maybe Prelude.Text,
+    -- | An evidence object associated with the service.
+    evidence :: Prelude.Maybe Evidence,
+    -- | The name of the feature that generated a finding.
+    featureName :: Prelude.Maybe Prelude.Text,
+    -- | The resource role information for this finding.
+    resourceRole :: Prelude.Maybe Prelude.Text,
+    -- | The name of the Amazon Web Services service (GuardDuty) that generated a
+    -- finding.
+    serviceName :: Prelude.Maybe Prelude.Text,
+    -- | Feedback that was submitted about the finding.
+    userFeedback :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ServiceInfo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'serviceInfo_action' - Information about the activity that is described in a finding.
+--
+-- 'additionalInfo', 'serviceInfo_additionalInfo' - Contains additional information about the generated finding.
+--
+-- 'archived', 'serviceInfo_archived' - Indicates whether this finding is archived.
+--
+-- 'count', 'serviceInfo_count' - The total count of the occurrences of this finding type.
+--
+-- 'detectorId', 'serviceInfo_detectorId' - The detector ID for the GuardDuty service.
+--
+-- 'ebsVolumeScanDetails', 'serviceInfo_ebsVolumeScanDetails' - Returns details from the malware scan that created a finding.
+--
+-- 'eventFirstSeen', 'serviceInfo_eventFirstSeen' - The first-seen timestamp of the activity that prompted GuardDuty to
+-- generate this finding.
+--
+-- 'eventLastSeen', 'serviceInfo_eventLastSeen' - The last-seen timestamp of the activity that prompted GuardDuty to
+-- generate this finding.
+--
+-- 'evidence', 'serviceInfo_evidence' - An evidence object associated with the service.
+--
+-- 'featureName', 'serviceInfo_featureName' - The name of the feature that generated a finding.
+--
+-- 'resourceRole', 'serviceInfo_resourceRole' - The resource role information for this finding.
+--
+-- 'serviceName', 'serviceInfo_serviceName' - The name of the Amazon Web Services service (GuardDuty) that generated a
+-- finding.
+--
+-- 'userFeedback', 'serviceInfo_userFeedback' - Feedback that was submitted about the finding.
+newServiceInfo ::
+  ServiceInfo
+newServiceInfo =
+  ServiceInfo'
+    { action = Prelude.Nothing,
+      additionalInfo = Prelude.Nothing,
+      archived = Prelude.Nothing,
+      count = Prelude.Nothing,
+      detectorId = Prelude.Nothing,
+      ebsVolumeScanDetails = Prelude.Nothing,
+      eventFirstSeen = Prelude.Nothing,
+      eventLastSeen = Prelude.Nothing,
+      evidence = Prelude.Nothing,
+      featureName = Prelude.Nothing,
+      resourceRole = Prelude.Nothing,
+      serviceName = Prelude.Nothing,
+      userFeedback = Prelude.Nothing
+    }
+
+-- | Information about the activity that is described in a finding.
+serviceInfo_action :: Lens.Lens' ServiceInfo (Prelude.Maybe Action)
+serviceInfo_action = Lens.lens (\ServiceInfo' {action} -> action) (\s@ServiceInfo' {} a -> s {action = a} :: ServiceInfo)
+
+-- | Contains additional information about the generated finding.
+serviceInfo_additionalInfo :: Lens.Lens' ServiceInfo (Prelude.Maybe ServiceAdditionalInfo)
+serviceInfo_additionalInfo = Lens.lens (\ServiceInfo' {additionalInfo} -> additionalInfo) (\s@ServiceInfo' {} a -> s {additionalInfo = a} :: ServiceInfo)
+
+-- | Indicates whether this finding is archived.
+serviceInfo_archived :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Bool)
+serviceInfo_archived = Lens.lens (\ServiceInfo' {archived} -> archived) (\s@ServiceInfo' {} a -> s {archived = a} :: ServiceInfo)
+
+-- | The total count of the occurrences of this finding type.
+serviceInfo_count :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Int)
+serviceInfo_count = Lens.lens (\ServiceInfo' {count} -> count) (\s@ServiceInfo' {} a -> s {count = a} :: ServiceInfo)
+
+-- | The detector ID for the GuardDuty service.
+serviceInfo_detectorId :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Text)
+serviceInfo_detectorId = Lens.lens (\ServiceInfo' {detectorId} -> detectorId) (\s@ServiceInfo' {} a -> s {detectorId = a} :: ServiceInfo)
+
+-- | Returns details from the malware scan that created a finding.
+serviceInfo_ebsVolumeScanDetails :: Lens.Lens' ServiceInfo (Prelude.Maybe EbsVolumeScanDetails)
+serviceInfo_ebsVolumeScanDetails = Lens.lens (\ServiceInfo' {ebsVolumeScanDetails} -> ebsVolumeScanDetails) (\s@ServiceInfo' {} a -> s {ebsVolumeScanDetails = a} :: ServiceInfo)
+
+-- | The first-seen timestamp of the activity that prompted GuardDuty to
+-- generate this finding.
+serviceInfo_eventFirstSeen :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Text)
+serviceInfo_eventFirstSeen = Lens.lens (\ServiceInfo' {eventFirstSeen} -> eventFirstSeen) (\s@ServiceInfo' {} a -> s {eventFirstSeen = a} :: ServiceInfo)
+
+-- | The last-seen timestamp of the activity that prompted GuardDuty to
+-- generate this finding.
+serviceInfo_eventLastSeen :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Text)
+serviceInfo_eventLastSeen = Lens.lens (\ServiceInfo' {eventLastSeen} -> eventLastSeen) (\s@ServiceInfo' {} a -> s {eventLastSeen = a} :: ServiceInfo)
+
+-- | An evidence object associated with the service.
+serviceInfo_evidence :: Lens.Lens' ServiceInfo (Prelude.Maybe Evidence)
+serviceInfo_evidence = Lens.lens (\ServiceInfo' {evidence} -> evidence) (\s@ServiceInfo' {} a -> s {evidence = a} :: ServiceInfo)
+
+-- | The name of the feature that generated a finding.
+serviceInfo_featureName :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Text)
+serviceInfo_featureName = Lens.lens (\ServiceInfo' {featureName} -> featureName) (\s@ServiceInfo' {} a -> s {featureName = a} :: ServiceInfo)
+
+-- | The resource role information for this finding.
+serviceInfo_resourceRole :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Text)
+serviceInfo_resourceRole = Lens.lens (\ServiceInfo' {resourceRole} -> resourceRole) (\s@ServiceInfo' {} a -> s {resourceRole = a} :: ServiceInfo)
+
+-- | The name of the Amazon Web Services service (GuardDuty) that generated a
+-- finding.
+serviceInfo_serviceName :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Text)
+serviceInfo_serviceName = Lens.lens (\ServiceInfo' {serviceName} -> serviceName) (\s@ServiceInfo' {} a -> s {serviceName = a} :: ServiceInfo)
+
+-- | Feedback that was submitted about the finding.
+serviceInfo_userFeedback :: Lens.Lens' ServiceInfo (Prelude.Maybe Prelude.Text)
+serviceInfo_userFeedback = Lens.lens (\ServiceInfo' {userFeedback} -> userFeedback) (\s@ServiceInfo' {} a -> s {userFeedback = a} :: ServiceInfo)
+
+instance Data.FromJSON ServiceInfo where
+  parseJSON =
+    Data.withObject
+      "ServiceInfo"
+      ( \x ->
+          ServiceInfo'
+            Prelude.<$> (x Data..:? "action")
+            Prelude.<*> (x Data..:? "additionalInfo")
+            Prelude.<*> (x Data..:? "archived")
+            Prelude.<*> (x Data..:? "count")
+            Prelude.<*> (x Data..:? "detectorId")
+            Prelude.<*> (x Data..:? "ebsVolumeScanDetails")
+            Prelude.<*> (x Data..:? "eventFirstSeen")
+            Prelude.<*> (x Data..:? "eventLastSeen")
+            Prelude.<*> (x Data..:? "evidence")
+            Prelude.<*> (x Data..:? "featureName")
+            Prelude.<*> (x Data..:? "resourceRole")
+            Prelude.<*> (x Data..:? "serviceName")
+            Prelude.<*> (x Data..:? "userFeedback")
+      )
+
+instance Prelude.Hashable ServiceInfo where
+  hashWithSalt _salt ServiceInfo' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` additionalInfo
+      `Prelude.hashWithSalt` archived
+      `Prelude.hashWithSalt` count
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` ebsVolumeScanDetails
+      `Prelude.hashWithSalt` eventFirstSeen
+      `Prelude.hashWithSalt` eventLastSeen
+      `Prelude.hashWithSalt` evidence
+      `Prelude.hashWithSalt` featureName
+      `Prelude.hashWithSalt` resourceRole
+      `Prelude.hashWithSalt` serviceName
+      `Prelude.hashWithSalt` userFeedback
+
+instance Prelude.NFData ServiceInfo where
+  rnf ServiceInfo' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf additionalInfo
+      `Prelude.seq` Prelude.rnf archived
+      `Prelude.seq` Prelude.rnf count
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf ebsVolumeScanDetails
+      `Prelude.seq` Prelude.rnf eventFirstSeen
+      `Prelude.seq` Prelude.rnf eventLastSeen
+      `Prelude.seq` Prelude.rnf evidence
+      `Prelude.seq` Prelude.rnf featureName
+      `Prelude.seq` Prelude.rnf resourceRole
+      `Prelude.seq` Prelude.rnf serviceName
+      `Prelude.seq` Prelude.rnf userFeedback
diff --git a/gen/Amazonka/GuardDuty/Types/SortCriteria.hs b/gen/Amazonka/GuardDuty/Types/SortCriteria.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/SortCriteria.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.SortCriteria
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.SortCriteria where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.OrderBy
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the criteria used for sorting findings.
+--
+-- /See:/ 'newSortCriteria' smart constructor.
+data SortCriteria = SortCriteria'
+  { -- | Represents the finding attribute (for example, accountId) to sort
+    -- findings by.
+    attributeName :: Prelude.Maybe Prelude.Text,
+    -- | The order by which the sorted findings are to be displayed.
+    orderBy :: Prelude.Maybe OrderBy
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SortCriteria' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attributeName', 'sortCriteria_attributeName' - Represents the finding attribute (for example, accountId) to sort
+-- findings by.
+--
+-- 'orderBy', 'sortCriteria_orderBy' - The order by which the sorted findings are to be displayed.
+newSortCriteria ::
+  SortCriteria
+newSortCriteria =
+  SortCriteria'
+    { attributeName = Prelude.Nothing,
+      orderBy = Prelude.Nothing
+    }
+
+-- | Represents the finding attribute (for example, accountId) to sort
+-- findings by.
+sortCriteria_attributeName :: Lens.Lens' SortCriteria (Prelude.Maybe Prelude.Text)
+sortCriteria_attributeName = Lens.lens (\SortCriteria' {attributeName} -> attributeName) (\s@SortCriteria' {} a -> s {attributeName = a} :: SortCriteria)
+
+-- | The order by which the sorted findings are to be displayed.
+sortCriteria_orderBy :: Lens.Lens' SortCriteria (Prelude.Maybe OrderBy)
+sortCriteria_orderBy = Lens.lens (\SortCriteria' {orderBy} -> orderBy) (\s@SortCriteria' {} a -> s {orderBy = a} :: SortCriteria)
+
+instance Prelude.Hashable SortCriteria where
+  hashWithSalt _salt SortCriteria' {..} =
+    _salt
+      `Prelude.hashWithSalt` attributeName
+      `Prelude.hashWithSalt` orderBy
+
+instance Prelude.NFData SortCriteria where
+  rnf SortCriteria' {..} =
+    Prelude.rnf attributeName
+      `Prelude.seq` Prelude.rnf orderBy
+
+instance Data.ToJSON SortCriteria where
+  toJSON SortCriteria' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("attributeName" Data..=) Prelude.<$> attributeName,
+            ("orderBy" Data..=) Prelude.<$> orderBy
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/Tag.hs b/gen/Amazonka/GuardDuty/Types/Tag.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Tag.hs
@@ -0,0 +1,83 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Tag
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Tag where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about a tag associated with the EC2 instance.
+--
+-- /See:/ 'newTag' smart constructor.
+data Tag = Tag'
+  { -- | The EC2 instance tag key.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | The EC2 instance tag value.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Tag' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'tag_key' - The EC2 instance tag key.
+--
+-- 'value', 'tag_value' - The EC2 instance tag value.
+newTag ::
+  Tag
+newTag =
+  Tag'
+    { key = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The EC2 instance tag key.
+tag_key :: Lens.Lens' Tag (Prelude.Maybe Prelude.Text)
+tag_key = Lens.lens (\Tag' {key} -> key) (\s@Tag' {} a -> s {key = a} :: Tag)
+
+-- | The EC2 instance tag value.
+tag_value :: Lens.Lens' Tag (Prelude.Maybe Prelude.Text)
+tag_value = Lens.lens (\Tag' {value} -> value) (\s@Tag' {} a -> s {value = a} :: Tag)
+
+instance Data.FromJSON Tag where
+  parseJSON =
+    Data.withObject
+      "Tag"
+      ( \x ->
+          Tag'
+            Prelude.<$> (x Data..:? "key")
+            Prelude.<*> (x Data..:? "value")
+      )
+
+instance Prelude.Hashable Tag where
+  hashWithSalt _salt Tag' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData Tag where
+  rnf Tag' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
diff --git a/gen/Amazonka/GuardDuty/Types/ThreatDetectedByName.hs b/gen/Amazonka/GuardDuty/Types/ThreatDetectedByName.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ThreatDetectedByName.hs
@@ -0,0 +1,115 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ThreatDetectedByName
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ThreatDetectedByName where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.ScanThreatName
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains details about identified threats organized by threat name.
+--
+-- /See:/ 'newThreatDetectedByName' smart constructor.
+data ThreatDetectedByName = ThreatDetectedByName'
+  { -- | Total number of infected files identified.
+    itemCount :: Prelude.Maybe Prelude.Int,
+    -- | Flag to determine if the finding contains every single infected
+    -- file-path and\/or every threat.
+    shortened :: Prelude.Maybe Prelude.Bool,
+    -- | List of identified threats with details, organized by threat name.
+    threatNames :: Prelude.Maybe [ScanThreatName],
+    -- | Total number of unique threats by name identified, as part of the
+    -- malware scan.
+    uniqueThreatNameCount :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ThreatDetectedByName' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'itemCount', 'threatDetectedByName_itemCount' - Total number of infected files identified.
+--
+-- 'shortened', 'threatDetectedByName_shortened' - Flag to determine if the finding contains every single infected
+-- file-path and\/or every threat.
+--
+-- 'threatNames', 'threatDetectedByName_threatNames' - List of identified threats with details, organized by threat name.
+--
+-- 'uniqueThreatNameCount', 'threatDetectedByName_uniqueThreatNameCount' - Total number of unique threats by name identified, as part of the
+-- malware scan.
+newThreatDetectedByName ::
+  ThreatDetectedByName
+newThreatDetectedByName =
+  ThreatDetectedByName'
+    { itemCount = Prelude.Nothing,
+      shortened = Prelude.Nothing,
+      threatNames = Prelude.Nothing,
+      uniqueThreatNameCount = Prelude.Nothing
+    }
+
+-- | Total number of infected files identified.
+threatDetectedByName_itemCount :: Lens.Lens' ThreatDetectedByName (Prelude.Maybe Prelude.Int)
+threatDetectedByName_itemCount = Lens.lens (\ThreatDetectedByName' {itemCount} -> itemCount) (\s@ThreatDetectedByName' {} a -> s {itemCount = a} :: ThreatDetectedByName)
+
+-- | Flag to determine if the finding contains every single infected
+-- file-path and\/or every threat.
+threatDetectedByName_shortened :: Lens.Lens' ThreatDetectedByName (Prelude.Maybe Prelude.Bool)
+threatDetectedByName_shortened = Lens.lens (\ThreatDetectedByName' {shortened} -> shortened) (\s@ThreatDetectedByName' {} a -> s {shortened = a} :: ThreatDetectedByName)
+
+-- | List of identified threats with details, organized by threat name.
+threatDetectedByName_threatNames :: Lens.Lens' ThreatDetectedByName (Prelude.Maybe [ScanThreatName])
+threatDetectedByName_threatNames = Lens.lens (\ThreatDetectedByName' {threatNames} -> threatNames) (\s@ThreatDetectedByName' {} a -> s {threatNames = a} :: ThreatDetectedByName) Prelude.. Lens.mapping Lens.coerced
+
+-- | Total number of unique threats by name identified, as part of the
+-- malware scan.
+threatDetectedByName_uniqueThreatNameCount :: Lens.Lens' ThreatDetectedByName (Prelude.Maybe Prelude.Int)
+threatDetectedByName_uniqueThreatNameCount = Lens.lens (\ThreatDetectedByName' {uniqueThreatNameCount} -> uniqueThreatNameCount) (\s@ThreatDetectedByName' {} a -> s {uniqueThreatNameCount = a} :: ThreatDetectedByName)
+
+instance Data.FromJSON ThreatDetectedByName where
+  parseJSON =
+    Data.withObject
+      "ThreatDetectedByName"
+      ( \x ->
+          ThreatDetectedByName'
+            Prelude.<$> (x Data..:? "itemCount")
+            Prelude.<*> (x Data..:? "shortened")
+            Prelude.<*> (x Data..:? "threatNames" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "uniqueThreatNameCount")
+      )
+
+instance Prelude.Hashable ThreatDetectedByName where
+  hashWithSalt _salt ThreatDetectedByName' {..} =
+    _salt
+      `Prelude.hashWithSalt` itemCount
+      `Prelude.hashWithSalt` shortened
+      `Prelude.hashWithSalt` threatNames
+      `Prelude.hashWithSalt` uniqueThreatNameCount
+
+instance Prelude.NFData ThreatDetectedByName where
+  rnf ThreatDetectedByName' {..} =
+    Prelude.rnf itemCount
+      `Prelude.seq` Prelude.rnf shortened
+      `Prelude.seq` Prelude.rnf threatNames
+      `Prelude.seq` Prelude.rnf uniqueThreatNameCount
diff --git a/gen/Amazonka/GuardDuty/Types/ThreatIntelSetFormat.hs b/gen/Amazonka/GuardDuty/Types/ThreatIntelSetFormat.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ThreatIntelSetFormat.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ThreatIntelSetFormat
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ThreatIntelSetFormat
+  ( ThreatIntelSetFormat
+      ( ..,
+        ThreatIntelSetFormat_ALIEN_VAULT,
+        ThreatIntelSetFormat_FIRE_EYE,
+        ThreatIntelSetFormat_OTX_CSV,
+        ThreatIntelSetFormat_PROOF_POINT,
+        ThreatIntelSetFormat_STIX,
+        ThreatIntelSetFormat_TXT
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ThreatIntelSetFormat = ThreatIntelSetFormat'
+  { fromThreatIntelSetFormat ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ThreatIntelSetFormat_ALIEN_VAULT :: ThreatIntelSetFormat
+pattern ThreatIntelSetFormat_ALIEN_VAULT = ThreatIntelSetFormat' "ALIEN_VAULT"
+
+pattern ThreatIntelSetFormat_FIRE_EYE :: ThreatIntelSetFormat
+pattern ThreatIntelSetFormat_FIRE_EYE = ThreatIntelSetFormat' "FIRE_EYE"
+
+pattern ThreatIntelSetFormat_OTX_CSV :: ThreatIntelSetFormat
+pattern ThreatIntelSetFormat_OTX_CSV = ThreatIntelSetFormat' "OTX_CSV"
+
+pattern ThreatIntelSetFormat_PROOF_POINT :: ThreatIntelSetFormat
+pattern ThreatIntelSetFormat_PROOF_POINT = ThreatIntelSetFormat' "PROOF_POINT"
+
+pattern ThreatIntelSetFormat_STIX :: ThreatIntelSetFormat
+pattern ThreatIntelSetFormat_STIX = ThreatIntelSetFormat' "STIX"
+
+pattern ThreatIntelSetFormat_TXT :: ThreatIntelSetFormat
+pattern ThreatIntelSetFormat_TXT = ThreatIntelSetFormat' "TXT"
+
+{-# COMPLETE
+  ThreatIntelSetFormat_ALIEN_VAULT,
+  ThreatIntelSetFormat_FIRE_EYE,
+  ThreatIntelSetFormat_OTX_CSV,
+  ThreatIntelSetFormat_PROOF_POINT,
+  ThreatIntelSetFormat_STIX,
+  ThreatIntelSetFormat_TXT,
+  ThreatIntelSetFormat'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/ThreatIntelSetStatus.hs b/gen/Amazonka/GuardDuty/Types/ThreatIntelSetStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ThreatIntelSetStatus.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ThreatIntelSetStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ThreatIntelSetStatus
+  ( ThreatIntelSetStatus
+      ( ..,
+        ThreatIntelSetStatus_ACTIVATING,
+        ThreatIntelSetStatus_ACTIVE,
+        ThreatIntelSetStatus_DEACTIVATING,
+        ThreatIntelSetStatus_DELETED,
+        ThreatIntelSetStatus_DELETE_PENDING,
+        ThreatIntelSetStatus_ERROR,
+        ThreatIntelSetStatus_INACTIVE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ThreatIntelSetStatus = ThreatIntelSetStatus'
+  { fromThreatIntelSetStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ThreatIntelSetStatus_ACTIVATING :: ThreatIntelSetStatus
+pattern ThreatIntelSetStatus_ACTIVATING = ThreatIntelSetStatus' "ACTIVATING"
+
+pattern ThreatIntelSetStatus_ACTIVE :: ThreatIntelSetStatus
+pattern ThreatIntelSetStatus_ACTIVE = ThreatIntelSetStatus' "ACTIVE"
+
+pattern ThreatIntelSetStatus_DEACTIVATING :: ThreatIntelSetStatus
+pattern ThreatIntelSetStatus_DEACTIVATING = ThreatIntelSetStatus' "DEACTIVATING"
+
+pattern ThreatIntelSetStatus_DELETED :: ThreatIntelSetStatus
+pattern ThreatIntelSetStatus_DELETED = ThreatIntelSetStatus' "DELETED"
+
+pattern ThreatIntelSetStatus_DELETE_PENDING :: ThreatIntelSetStatus
+pattern ThreatIntelSetStatus_DELETE_PENDING = ThreatIntelSetStatus' "DELETE_PENDING"
+
+pattern ThreatIntelSetStatus_ERROR :: ThreatIntelSetStatus
+pattern ThreatIntelSetStatus_ERROR = ThreatIntelSetStatus' "ERROR"
+
+pattern ThreatIntelSetStatus_INACTIVE :: ThreatIntelSetStatus
+pattern ThreatIntelSetStatus_INACTIVE = ThreatIntelSetStatus' "INACTIVE"
+
+{-# COMPLETE
+  ThreatIntelSetStatus_ACTIVATING,
+  ThreatIntelSetStatus_ACTIVE,
+  ThreatIntelSetStatus_DEACTIVATING,
+  ThreatIntelSetStatus_DELETED,
+  ThreatIntelSetStatus_DELETE_PENDING,
+  ThreatIntelSetStatus_ERROR,
+  ThreatIntelSetStatus_INACTIVE,
+  ThreatIntelSetStatus'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/ThreatIntelligenceDetail.hs b/gen/Amazonka/GuardDuty/Types/ThreatIntelligenceDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ThreatIntelligenceDetail.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ThreatIntelligenceDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ThreatIntelligenceDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An instance of a threat intelligence detail that constitutes evidence
+-- for the finding.
+--
+-- /See:/ 'newThreatIntelligenceDetail' smart constructor.
+data ThreatIntelligenceDetail = ThreatIntelligenceDetail'
+  { -- | The name of the threat intelligence list that triggered the finding.
+    threatListName :: Prelude.Maybe Prelude.Text,
+    -- | A list of names of the threats in the threat intelligence list that
+    -- triggered the finding.
+    threatNames :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ThreatIntelligenceDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'threatListName', 'threatIntelligenceDetail_threatListName' - The name of the threat intelligence list that triggered the finding.
+--
+-- 'threatNames', 'threatIntelligenceDetail_threatNames' - A list of names of the threats in the threat intelligence list that
+-- triggered the finding.
+newThreatIntelligenceDetail ::
+  ThreatIntelligenceDetail
+newThreatIntelligenceDetail =
+  ThreatIntelligenceDetail'
+    { threatListName =
+        Prelude.Nothing,
+      threatNames = Prelude.Nothing
+    }
+
+-- | The name of the threat intelligence list that triggered the finding.
+threatIntelligenceDetail_threatListName :: Lens.Lens' ThreatIntelligenceDetail (Prelude.Maybe Prelude.Text)
+threatIntelligenceDetail_threatListName = Lens.lens (\ThreatIntelligenceDetail' {threatListName} -> threatListName) (\s@ThreatIntelligenceDetail' {} a -> s {threatListName = a} :: ThreatIntelligenceDetail)
+
+-- | A list of names of the threats in the threat intelligence list that
+-- triggered the finding.
+threatIntelligenceDetail_threatNames :: Lens.Lens' ThreatIntelligenceDetail (Prelude.Maybe [Prelude.Text])
+threatIntelligenceDetail_threatNames = Lens.lens (\ThreatIntelligenceDetail' {threatNames} -> threatNames) (\s@ThreatIntelligenceDetail' {} a -> s {threatNames = a} :: ThreatIntelligenceDetail) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON ThreatIntelligenceDetail where
+  parseJSON =
+    Data.withObject
+      "ThreatIntelligenceDetail"
+      ( \x ->
+          ThreatIntelligenceDetail'
+            Prelude.<$> (x Data..:? "threatListName")
+            Prelude.<*> (x Data..:? "threatNames" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable ThreatIntelligenceDetail where
+  hashWithSalt _salt ThreatIntelligenceDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` threatListName
+      `Prelude.hashWithSalt` threatNames
+
+instance Prelude.NFData ThreatIntelligenceDetail where
+  rnf ThreatIntelligenceDetail' {..} =
+    Prelude.rnf threatListName
+      `Prelude.seq` Prelude.rnf threatNames
diff --git a/gen/Amazonka/GuardDuty/Types/ThreatsDetectedItemCount.hs b/gen/Amazonka/GuardDuty/Types/ThreatsDetectedItemCount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/ThreatsDetectedItemCount.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.ThreatsDetectedItemCount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.ThreatsDetectedItemCount where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains total number of infected files.
+--
+-- /See:/ 'newThreatsDetectedItemCount' smart constructor.
+data ThreatsDetectedItemCount = ThreatsDetectedItemCount'
+  { -- | Total number of infected files.
+    files :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ThreatsDetectedItemCount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'files', 'threatsDetectedItemCount_files' - Total number of infected files.
+newThreatsDetectedItemCount ::
+  ThreatsDetectedItemCount
+newThreatsDetectedItemCount =
+  ThreatsDetectedItemCount' {files = Prelude.Nothing}
+
+-- | Total number of infected files.
+threatsDetectedItemCount_files :: Lens.Lens' ThreatsDetectedItemCount (Prelude.Maybe Prelude.Int)
+threatsDetectedItemCount_files = Lens.lens (\ThreatsDetectedItemCount' {files} -> files) (\s@ThreatsDetectedItemCount' {} a -> s {files = a} :: ThreatsDetectedItemCount)
+
+instance Data.FromJSON ThreatsDetectedItemCount where
+  parseJSON =
+    Data.withObject
+      "ThreatsDetectedItemCount"
+      ( \x ->
+          ThreatsDetectedItemCount'
+            Prelude.<$> (x Data..:? "files")
+      )
+
+instance Prelude.Hashable ThreatsDetectedItemCount where
+  hashWithSalt _salt ThreatsDetectedItemCount' {..} =
+    _salt `Prelude.hashWithSalt` files
+
+instance Prelude.NFData ThreatsDetectedItemCount where
+  rnf ThreatsDetectedItemCount' {..} = Prelude.rnf files
diff --git a/gen/Amazonka/GuardDuty/Types/Total.hs b/gen/Amazonka/GuardDuty/Types/Total.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Total.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Total
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Total where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the total usage with the corresponding currency unit for that
+-- value.
+--
+-- /See:/ 'newTotal' smart constructor.
+data Total = Total'
+  { -- | The total usage.
+    amount :: Prelude.Maybe Prelude.Text,
+    -- | The currency unit that the amount is given in.
+    unit :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Total' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'amount', 'total_amount' - The total usage.
+--
+-- 'unit', 'total_unit' - The currency unit that the amount is given in.
+newTotal ::
+  Total
+newTotal =
+  Total'
+    { amount = Prelude.Nothing,
+      unit = Prelude.Nothing
+    }
+
+-- | The total usage.
+total_amount :: Lens.Lens' Total (Prelude.Maybe Prelude.Text)
+total_amount = Lens.lens (\Total' {amount} -> amount) (\s@Total' {} a -> s {amount = a} :: Total)
+
+-- | The currency unit that the amount is given in.
+total_unit :: Lens.Lens' Total (Prelude.Maybe Prelude.Text)
+total_unit = Lens.lens (\Total' {unit} -> unit) (\s@Total' {} a -> s {unit = a} :: Total)
+
+instance Data.FromJSON Total where
+  parseJSON =
+    Data.withObject
+      "Total"
+      ( \x ->
+          Total'
+            Prelude.<$> (x Data..:? "amount")
+            Prelude.<*> (x Data..:? "unit")
+      )
+
+instance Prelude.Hashable Total where
+  hashWithSalt _salt Total' {..} =
+    _salt
+      `Prelude.hashWithSalt` amount
+      `Prelude.hashWithSalt` unit
+
+instance Prelude.NFData Total where
+  rnf Total' {..} =
+    Prelude.rnf amount `Prelude.seq` Prelude.rnf unit
diff --git a/gen/Amazonka/GuardDuty/Types/TriggerDetails.hs b/gen/Amazonka/GuardDuty/Types/TriggerDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/TriggerDetails.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.TriggerDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.TriggerDetails where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Represents the reason the scan was triggered.
+--
+-- /See:/ 'newTriggerDetails' smart constructor.
+data TriggerDetails = TriggerDetails'
+  { -- | The description of the scan trigger.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the GuardDuty finding that triggered the BirdDog scan.
+    guardDutyFindingId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TriggerDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'triggerDetails_description' - The description of the scan trigger.
+--
+-- 'guardDutyFindingId', 'triggerDetails_guardDutyFindingId' - The ID of the GuardDuty finding that triggered the BirdDog scan.
+newTriggerDetails ::
+  TriggerDetails
+newTriggerDetails =
+  TriggerDetails'
+    { description = Prelude.Nothing,
+      guardDutyFindingId = Prelude.Nothing
+    }
+
+-- | The description of the scan trigger.
+triggerDetails_description :: Lens.Lens' TriggerDetails (Prelude.Maybe Prelude.Text)
+triggerDetails_description = Lens.lens (\TriggerDetails' {description} -> description) (\s@TriggerDetails' {} a -> s {description = a} :: TriggerDetails)
+
+-- | The ID of the GuardDuty finding that triggered the BirdDog scan.
+triggerDetails_guardDutyFindingId :: Lens.Lens' TriggerDetails (Prelude.Maybe Prelude.Text)
+triggerDetails_guardDutyFindingId = Lens.lens (\TriggerDetails' {guardDutyFindingId} -> guardDutyFindingId) (\s@TriggerDetails' {} a -> s {guardDutyFindingId = a} :: TriggerDetails)
+
+instance Data.FromJSON TriggerDetails where
+  parseJSON =
+    Data.withObject
+      "TriggerDetails"
+      ( \x ->
+          TriggerDetails'
+            Prelude.<$> (x Data..:? "description")
+            Prelude.<*> (x Data..:? "guardDutyFindingId")
+      )
+
+instance Prelude.Hashable TriggerDetails where
+  hashWithSalt _salt TriggerDetails' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` guardDutyFindingId
+
+instance Prelude.NFData TriggerDetails where
+  rnf TriggerDetails' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf guardDutyFindingId
diff --git a/gen/Amazonka/GuardDuty/Types/UnprocessedAccount.hs b/gen/Amazonka/GuardDuty/Types/UnprocessedAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UnprocessedAccount.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UnprocessedAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UnprocessedAccount where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the accounts that weren\'t processed.
+--
+-- /See:/ 'newUnprocessedAccount' smart constructor.
+data UnprocessedAccount = UnprocessedAccount'
+  { -- | The Amazon Web Services account ID.
+    accountId :: Prelude.Text,
+    -- | A reason why the account hasn\'t been processed.
+    result :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UnprocessedAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'unprocessedAccount_accountId' - The Amazon Web Services account ID.
+--
+-- 'result', 'unprocessedAccount_result' - A reason why the account hasn\'t been processed.
+newUnprocessedAccount ::
+  -- | 'accountId'
+  Prelude.Text ->
+  -- | 'result'
+  Prelude.Text ->
+  UnprocessedAccount
+newUnprocessedAccount pAccountId_ pResult_ =
+  UnprocessedAccount'
+    { accountId = pAccountId_,
+      result = pResult_
+    }
+
+-- | The Amazon Web Services account ID.
+unprocessedAccount_accountId :: Lens.Lens' UnprocessedAccount Prelude.Text
+unprocessedAccount_accountId = Lens.lens (\UnprocessedAccount' {accountId} -> accountId) (\s@UnprocessedAccount' {} a -> s {accountId = a} :: UnprocessedAccount)
+
+-- | A reason why the account hasn\'t been processed.
+unprocessedAccount_result :: Lens.Lens' UnprocessedAccount Prelude.Text
+unprocessedAccount_result = Lens.lens (\UnprocessedAccount' {result} -> result) (\s@UnprocessedAccount' {} a -> s {result = a} :: UnprocessedAccount)
+
+instance Data.FromJSON UnprocessedAccount where
+  parseJSON =
+    Data.withObject
+      "UnprocessedAccount"
+      ( \x ->
+          UnprocessedAccount'
+            Prelude.<$> (x Data..: "accountId")
+            Prelude.<*> (x Data..: "result")
+      )
+
+instance Prelude.Hashable UnprocessedAccount where
+  hashWithSalt _salt UnprocessedAccount' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` result
+
+instance Prelude.NFData UnprocessedAccount where
+  rnf UnprocessedAccount' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf result
diff --git a/gen/Amazonka/GuardDuty/Types/UnprocessedDataSourcesResult.hs b/gen/Amazonka/GuardDuty/Types/UnprocessedDataSourcesResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UnprocessedDataSourcesResult.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UnprocessedDataSourcesResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UnprocessedDataSourcesResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.MalwareProtectionConfigurationResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies the names of the data sources that couldn\'t be enabled.
+--
+-- /See:/ 'newUnprocessedDataSourcesResult' smart constructor.
+data UnprocessedDataSourcesResult = UnprocessedDataSourcesResult'
+  { malwareProtection :: Prelude.Maybe MalwareProtectionConfigurationResult
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UnprocessedDataSourcesResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'malwareProtection', 'unprocessedDataSourcesResult_malwareProtection' - Undocumented member.
+newUnprocessedDataSourcesResult ::
+  UnprocessedDataSourcesResult
+newUnprocessedDataSourcesResult =
+  UnprocessedDataSourcesResult'
+    { malwareProtection =
+        Prelude.Nothing
+    }
+
+-- | Undocumented member.
+unprocessedDataSourcesResult_malwareProtection :: Lens.Lens' UnprocessedDataSourcesResult (Prelude.Maybe MalwareProtectionConfigurationResult)
+unprocessedDataSourcesResult_malwareProtection = Lens.lens (\UnprocessedDataSourcesResult' {malwareProtection} -> malwareProtection) (\s@UnprocessedDataSourcesResult' {} a -> s {malwareProtection = a} :: UnprocessedDataSourcesResult)
+
+instance Data.FromJSON UnprocessedDataSourcesResult where
+  parseJSON =
+    Data.withObject
+      "UnprocessedDataSourcesResult"
+      ( \x ->
+          UnprocessedDataSourcesResult'
+            Prelude.<$> (x Data..:? "malwareProtection")
+      )
+
+instance
+  Prelude.Hashable
+    UnprocessedDataSourcesResult
+  where
+  hashWithSalt _salt UnprocessedDataSourcesResult' {..} =
+    _salt `Prelude.hashWithSalt` malwareProtection
+
+instance Prelude.NFData UnprocessedDataSourcesResult where
+  rnf UnprocessedDataSourcesResult' {..} =
+    Prelude.rnf malwareProtection
diff --git a/gen/Amazonka/GuardDuty/Types/UsageAccountResult.hs b/gen/Amazonka/GuardDuty/Types/UsageAccountResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UsageAccountResult.hs
@@ -0,0 +1,85 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UsageAccountResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UsageAccountResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Total
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the total of usage based on account IDs.
+--
+-- /See:/ 'newUsageAccountResult' smart constructor.
+data UsageAccountResult = UsageAccountResult'
+  { -- | The Account ID that generated usage.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | Represents the total of usage for the Account ID.
+    total :: Prelude.Maybe Total
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UsageAccountResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'usageAccountResult_accountId' - The Account ID that generated usage.
+--
+-- 'total', 'usageAccountResult_total' - Represents the total of usage for the Account ID.
+newUsageAccountResult ::
+  UsageAccountResult
+newUsageAccountResult =
+  UsageAccountResult'
+    { accountId = Prelude.Nothing,
+      total = Prelude.Nothing
+    }
+
+-- | The Account ID that generated usage.
+usageAccountResult_accountId :: Lens.Lens' UsageAccountResult (Prelude.Maybe Prelude.Text)
+usageAccountResult_accountId = Lens.lens (\UsageAccountResult' {accountId} -> accountId) (\s@UsageAccountResult' {} a -> s {accountId = a} :: UsageAccountResult)
+
+-- | Represents the total of usage for the Account ID.
+usageAccountResult_total :: Lens.Lens' UsageAccountResult (Prelude.Maybe Total)
+usageAccountResult_total = Lens.lens (\UsageAccountResult' {total} -> total) (\s@UsageAccountResult' {} a -> s {total = a} :: UsageAccountResult)
+
+instance Data.FromJSON UsageAccountResult where
+  parseJSON =
+    Data.withObject
+      "UsageAccountResult"
+      ( \x ->
+          UsageAccountResult'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "total")
+      )
+
+instance Prelude.Hashable UsageAccountResult where
+  hashWithSalt _salt UsageAccountResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` total
+
+instance Prelude.NFData UsageAccountResult where
+  rnf UsageAccountResult' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf total
diff --git a/gen/Amazonka/GuardDuty/Types/UsageCriteria.hs b/gen/Amazonka/GuardDuty/Types/UsageCriteria.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UsageCriteria.hs
@@ -0,0 +1,99 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UsageCriteria
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UsageCriteria where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSource
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information about the criteria used to query usage statistics.
+--
+-- /See:/ 'newUsageCriteria' smart constructor.
+data UsageCriteria = UsageCriteria'
+  { -- | The account IDs to aggregate usage statistics from.
+    accountIds :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The resources to aggregate usage statistics from. Only accepts exact
+    -- resource names.
+    resources :: Prelude.Maybe [Prelude.Text],
+    -- | The data sources to aggregate usage statistics from.
+    dataSources :: [DataSource]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UsageCriteria' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'usageCriteria_accountIds' - The account IDs to aggregate usage statistics from.
+--
+-- 'resources', 'usageCriteria_resources' - The resources to aggregate usage statistics from. Only accepts exact
+-- resource names.
+--
+-- 'dataSources', 'usageCriteria_dataSources' - The data sources to aggregate usage statistics from.
+newUsageCriteria ::
+  UsageCriteria
+newUsageCriteria =
+  UsageCriteria'
+    { accountIds = Prelude.Nothing,
+      resources = Prelude.Nothing,
+      dataSources = Prelude.mempty
+    }
+
+-- | The account IDs to aggregate usage statistics from.
+usageCriteria_accountIds :: Lens.Lens' UsageCriteria (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+usageCriteria_accountIds = Lens.lens (\UsageCriteria' {accountIds} -> accountIds) (\s@UsageCriteria' {} a -> s {accountIds = a} :: UsageCriteria) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resources to aggregate usage statistics from. Only accepts exact
+-- resource names.
+usageCriteria_resources :: Lens.Lens' UsageCriteria (Prelude.Maybe [Prelude.Text])
+usageCriteria_resources = Lens.lens (\UsageCriteria' {resources} -> resources) (\s@UsageCriteria' {} a -> s {resources = a} :: UsageCriteria) Prelude.. Lens.mapping Lens.coerced
+
+-- | The data sources to aggregate usage statistics from.
+usageCriteria_dataSources :: Lens.Lens' UsageCriteria [DataSource]
+usageCriteria_dataSources = Lens.lens (\UsageCriteria' {dataSources} -> dataSources) (\s@UsageCriteria' {} a -> s {dataSources = a} :: UsageCriteria) Prelude.. Lens.coerced
+
+instance Prelude.Hashable UsageCriteria where
+  hashWithSalt _salt UsageCriteria' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountIds
+      `Prelude.hashWithSalt` resources
+      `Prelude.hashWithSalt` dataSources
+
+instance Prelude.NFData UsageCriteria where
+  rnf UsageCriteria' {..} =
+    Prelude.rnf accountIds
+      `Prelude.seq` Prelude.rnf resources
+      `Prelude.seq` Prelude.rnf dataSources
+
+instance Data.ToJSON UsageCriteria where
+  toJSON UsageCriteria' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("accountIds" Data..=) Prelude.<$> accountIds,
+            ("resources" Data..=) Prelude.<$> resources,
+            Prelude.Just ("dataSources" Data..= dataSources)
+          ]
+      )
diff --git a/gen/Amazonka/GuardDuty/Types/UsageDataSourceResult.hs b/gen/Amazonka/GuardDuty/Types/UsageDataSourceResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UsageDataSourceResult.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UsageDataSourceResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UsageDataSourceResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.DataSource
+import Amazonka.GuardDuty.Types.Total
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the result of usage based on data source type.
+--
+-- /See:/ 'newUsageDataSourceResult' smart constructor.
+data UsageDataSourceResult = UsageDataSourceResult'
+  { -- | The data source type that generated usage.
+    dataSource :: Prelude.Maybe DataSource,
+    -- | Represents the total of usage for the specified data source.
+    total :: Prelude.Maybe Total
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UsageDataSourceResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataSource', 'usageDataSourceResult_dataSource' - The data source type that generated usage.
+--
+-- 'total', 'usageDataSourceResult_total' - Represents the total of usage for the specified data source.
+newUsageDataSourceResult ::
+  UsageDataSourceResult
+newUsageDataSourceResult =
+  UsageDataSourceResult'
+    { dataSource =
+        Prelude.Nothing,
+      total = Prelude.Nothing
+    }
+
+-- | The data source type that generated usage.
+usageDataSourceResult_dataSource :: Lens.Lens' UsageDataSourceResult (Prelude.Maybe DataSource)
+usageDataSourceResult_dataSource = Lens.lens (\UsageDataSourceResult' {dataSource} -> dataSource) (\s@UsageDataSourceResult' {} a -> s {dataSource = a} :: UsageDataSourceResult)
+
+-- | Represents the total of usage for the specified data source.
+usageDataSourceResult_total :: Lens.Lens' UsageDataSourceResult (Prelude.Maybe Total)
+usageDataSourceResult_total = Lens.lens (\UsageDataSourceResult' {total} -> total) (\s@UsageDataSourceResult' {} a -> s {total = a} :: UsageDataSourceResult)
+
+instance Data.FromJSON UsageDataSourceResult where
+  parseJSON =
+    Data.withObject
+      "UsageDataSourceResult"
+      ( \x ->
+          UsageDataSourceResult'
+            Prelude.<$> (x Data..:? "dataSource")
+            Prelude.<*> (x Data..:? "total")
+      )
+
+instance Prelude.Hashable UsageDataSourceResult where
+  hashWithSalt _salt UsageDataSourceResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` dataSource
+      `Prelude.hashWithSalt` total
+
+instance Prelude.NFData UsageDataSourceResult where
+  rnf UsageDataSourceResult' {..} =
+    Prelude.rnf dataSource
+      `Prelude.seq` Prelude.rnf total
diff --git a/gen/Amazonka/GuardDuty/Types/UsageResourceResult.hs b/gen/Amazonka/GuardDuty/Types/UsageResourceResult.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UsageResourceResult.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UsageResourceResult
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UsageResourceResult where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.Total
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains information on the sum of usage based on an Amazon Web Services
+-- resource.
+--
+-- /See:/ 'newUsageResourceResult' smart constructor.
+data UsageResourceResult = UsageResourceResult'
+  { -- | The Amazon Web Services resource that generated usage.
+    resource :: Prelude.Maybe Prelude.Text,
+    -- | Represents the sum total of usage for the specified resource type.
+    total :: Prelude.Maybe Total
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UsageResourceResult' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resource', 'usageResourceResult_resource' - The Amazon Web Services resource that generated usage.
+--
+-- 'total', 'usageResourceResult_total' - Represents the sum total of usage for the specified resource type.
+newUsageResourceResult ::
+  UsageResourceResult
+newUsageResourceResult =
+  UsageResourceResult'
+    { resource = Prelude.Nothing,
+      total = Prelude.Nothing
+    }
+
+-- | The Amazon Web Services resource that generated usage.
+usageResourceResult_resource :: Lens.Lens' UsageResourceResult (Prelude.Maybe Prelude.Text)
+usageResourceResult_resource = Lens.lens (\UsageResourceResult' {resource} -> resource) (\s@UsageResourceResult' {} a -> s {resource = a} :: UsageResourceResult)
+
+-- | Represents the sum total of usage for the specified resource type.
+usageResourceResult_total :: Lens.Lens' UsageResourceResult (Prelude.Maybe Total)
+usageResourceResult_total = Lens.lens (\UsageResourceResult' {total} -> total) (\s@UsageResourceResult' {} a -> s {total = a} :: UsageResourceResult)
+
+instance Data.FromJSON UsageResourceResult where
+  parseJSON =
+    Data.withObject
+      "UsageResourceResult"
+      ( \x ->
+          UsageResourceResult'
+            Prelude.<$> (x Data..:? "resource")
+            Prelude.<*> (x Data..:? "total")
+      )
+
+instance Prelude.Hashable UsageResourceResult where
+  hashWithSalt _salt UsageResourceResult' {..} =
+    _salt
+      `Prelude.hashWithSalt` resource
+      `Prelude.hashWithSalt` total
+
+instance Prelude.NFData UsageResourceResult where
+  rnf UsageResourceResult' {..} =
+    Prelude.rnf resource
+      `Prelude.seq` Prelude.rnf total
diff --git a/gen/Amazonka/GuardDuty/Types/UsageStatisticType.hs b/gen/Amazonka/GuardDuty/Types/UsageStatisticType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UsageStatisticType.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UsageStatisticType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UsageStatisticType
+  ( UsageStatisticType
+      ( ..,
+        UsageStatisticType_SUM_BY_ACCOUNT,
+        UsageStatisticType_SUM_BY_DATA_SOURCE,
+        UsageStatisticType_SUM_BY_RESOURCE,
+        UsageStatisticType_TOP_RESOURCES
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype UsageStatisticType = UsageStatisticType'
+  { fromUsageStatisticType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern UsageStatisticType_SUM_BY_ACCOUNT :: UsageStatisticType
+pattern UsageStatisticType_SUM_BY_ACCOUNT = UsageStatisticType' "SUM_BY_ACCOUNT"
+
+pattern UsageStatisticType_SUM_BY_DATA_SOURCE :: UsageStatisticType
+pattern UsageStatisticType_SUM_BY_DATA_SOURCE = UsageStatisticType' "SUM_BY_DATA_SOURCE"
+
+pattern UsageStatisticType_SUM_BY_RESOURCE :: UsageStatisticType
+pattern UsageStatisticType_SUM_BY_RESOURCE = UsageStatisticType' "SUM_BY_RESOURCE"
+
+pattern UsageStatisticType_TOP_RESOURCES :: UsageStatisticType
+pattern UsageStatisticType_TOP_RESOURCES = UsageStatisticType' "TOP_RESOURCES"
+
+{-# COMPLETE
+  UsageStatisticType_SUM_BY_ACCOUNT,
+  UsageStatisticType_SUM_BY_DATA_SOURCE,
+  UsageStatisticType_SUM_BY_RESOURCE,
+  UsageStatisticType_TOP_RESOURCES,
+  UsageStatisticType'
+  #-}
diff --git a/gen/Amazonka/GuardDuty/Types/UsageStatistics.hs b/gen/Amazonka/GuardDuty/Types/UsageStatistics.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/UsageStatistics.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.UsageStatistics
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.UsageStatistics where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.UsageAccountResult
+import Amazonka.GuardDuty.Types.UsageDataSourceResult
+import Amazonka.GuardDuty.Types.UsageResourceResult
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains the result of GuardDuty usage. If a UsageStatisticType is
+-- provided the result for other types will be null.
+--
+-- /See:/ 'newUsageStatistics' smart constructor.
+data UsageStatistics = UsageStatistics'
+  { -- | The usage statistic sum organized by account ID.
+    sumByAccount :: Prelude.Maybe [UsageAccountResult],
+    -- | The usage statistic sum organized by on data source.
+    sumByDataSource :: Prelude.Maybe [UsageDataSourceResult],
+    -- | The usage statistic sum organized by resource.
+    sumByResource :: Prelude.Maybe [UsageResourceResult],
+    -- | Lists the top 50 resources that have generated the most GuardDuty usage,
+    -- in order from most to least expensive.
+    topResources :: Prelude.Maybe [UsageResourceResult]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UsageStatistics' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'sumByAccount', 'usageStatistics_sumByAccount' - The usage statistic sum organized by account ID.
+--
+-- 'sumByDataSource', 'usageStatistics_sumByDataSource' - The usage statistic sum organized by on data source.
+--
+-- 'sumByResource', 'usageStatistics_sumByResource' - The usage statistic sum organized by resource.
+--
+-- 'topResources', 'usageStatistics_topResources' - Lists the top 50 resources that have generated the most GuardDuty usage,
+-- in order from most to least expensive.
+newUsageStatistics ::
+  UsageStatistics
+newUsageStatistics =
+  UsageStatistics'
+    { sumByAccount = Prelude.Nothing,
+      sumByDataSource = Prelude.Nothing,
+      sumByResource = Prelude.Nothing,
+      topResources = Prelude.Nothing
+    }
+
+-- | The usage statistic sum organized by account ID.
+usageStatistics_sumByAccount :: Lens.Lens' UsageStatistics (Prelude.Maybe [UsageAccountResult])
+usageStatistics_sumByAccount = Lens.lens (\UsageStatistics' {sumByAccount} -> sumByAccount) (\s@UsageStatistics' {} a -> s {sumByAccount = a} :: UsageStatistics) Prelude.. Lens.mapping Lens.coerced
+
+-- | The usage statistic sum organized by on data source.
+usageStatistics_sumByDataSource :: Lens.Lens' UsageStatistics (Prelude.Maybe [UsageDataSourceResult])
+usageStatistics_sumByDataSource = Lens.lens (\UsageStatistics' {sumByDataSource} -> sumByDataSource) (\s@UsageStatistics' {} a -> s {sumByDataSource = a} :: UsageStatistics) Prelude.. Lens.mapping Lens.coerced
+
+-- | The usage statistic sum organized by resource.
+usageStatistics_sumByResource :: Lens.Lens' UsageStatistics (Prelude.Maybe [UsageResourceResult])
+usageStatistics_sumByResource = Lens.lens (\UsageStatistics' {sumByResource} -> sumByResource) (\s@UsageStatistics' {} a -> s {sumByResource = a} :: UsageStatistics) Prelude.. Lens.mapping Lens.coerced
+
+-- | Lists the top 50 resources that have generated the most GuardDuty usage,
+-- in order from most to least expensive.
+usageStatistics_topResources :: Lens.Lens' UsageStatistics (Prelude.Maybe [UsageResourceResult])
+usageStatistics_topResources = Lens.lens (\UsageStatistics' {topResources} -> topResources) (\s@UsageStatistics' {} a -> s {topResources = a} :: UsageStatistics) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON UsageStatistics where
+  parseJSON =
+    Data.withObject
+      "UsageStatistics"
+      ( \x ->
+          UsageStatistics'
+            Prelude.<$> (x Data..:? "sumByAccount" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "sumByDataSource"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "sumByResource" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "topResources" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable UsageStatistics where
+  hashWithSalt _salt UsageStatistics' {..} =
+    _salt
+      `Prelude.hashWithSalt` sumByAccount
+      `Prelude.hashWithSalt` sumByDataSource
+      `Prelude.hashWithSalt` sumByResource
+      `Prelude.hashWithSalt` topResources
+
+instance Prelude.NFData UsageStatistics where
+  rnf UsageStatistics' {..} =
+    Prelude.rnf sumByAccount
+      `Prelude.seq` Prelude.rnf sumByDataSource
+      `Prelude.seq` Prelude.rnf sumByResource
+      `Prelude.seq` Prelude.rnf topResources
diff --git a/gen/Amazonka/GuardDuty/Types/Volume.hs b/gen/Amazonka/GuardDuty/Types/Volume.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/Volume.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.Volume
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.Volume where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types.HostPath
+import qualified Amazonka.Prelude as Prelude
+
+-- | Volume used by the Kubernetes workload.
+--
+-- /See:/ 'newVolume' smart constructor.
+data Volume = Volume'
+  { -- | Represents a pre-existing file or directory on the host machine that the
+    -- volume maps to.
+    hostPath :: Prelude.Maybe HostPath,
+    -- | Volume name.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Volume' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'hostPath', 'volume_hostPath' - Represents a pre-existing file or directory on the host machine that the
+-- volume maps to.
+--
+-- 'name', 'volume_name' - Volume name.
+newVolume ::
+  Volume
+newVolume =
+  Volume'
+    { hostPath = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | Represents a pre-existing file or directory on the host machine that the
+-- volume maps to.
+volume_hostPath :: Lens.Lens' Volume (Prelude.Maybe HostPath)
+volume_hostPath = Lens.lens (\Volume' {hostPath} -> hostPath) (\s@Volume' {} a -> s {hostPath = a} :: Volume)
+
+-- | Volume name.
+volume_name :: Lens.Lens' Volume (Prelude.Maybe Prelude.Text)
+volume_name = Lens.lens (\Volume' {name} -> name) (\s@Volume' {} a -> s {name = a} :: Volume)
+
+instance Data.FromJSON Volume where
+  parseJSON =
+    Data.withObject
+      "Volume"
+      ( \x ->
+          Volume'
+            Prelude.<$> (x Data..:? "hostPath")
+            Prelude.<*> (x Data..:? "name")
+      )
+
+instance Prelude.Hashable Volume where
+  hashWithSalt _salt Volume' {..} =
+    _salt
+      `Prelude.hashWithSalt` hostPath
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData Volume where
+  rnf Volume' {..} =
+    Prelude.rnf hostPath `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/GuardDuty/Types/VolumeDetail.hs b/gen/Amazonka/GuardDuty/Types/VolumeDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/VolumeDetail.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.VolumeDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.VolumeDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contains EBS volume details.
+--
+-- /See:/ 'newVolumeDetail' smart constructor.
+data VolumeDetail = VolumeDetail'
+  { -- | The device name for the EBS volume.
+    deviceName :: Prelude.Maybe Prelude.Text,
+    -- | EBS volume encryption type.
+    encryptionType :: Prelude.Maybe Prelude.Text,
+    -- | KMS key Arn used to encrypt the EBS volume.
+    kmsKeyArn :: Prelude.Maybe Prelude.Text,
+    -- | Snapshot Arn of the EBS volume.
+    snapshotArn :: Prelude.Maybe Prelude.Text,
+    -- | EBS volume Arn information.
+    volumeArn :: Prelude.Maybe Prelude.Text,
+    -- | EBS volume size in GB.
+    volumeSizeInGB :: Prelude.Maybe Prelude.Int,
+    -- | The EBS volume type.
+    volumeType :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VolumeDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'deviceName', 'volumeDetail_deviceName' - The device name for the EBS volume.
+--
+-- 'encryptionType', 'volumeDetail_encryptionType' - EBS volume encryption type.
+--
+-- 'kmsKeyArn', 'volumeDetail_kmsKeyArn' - KMS key Arn used to encrypt the EBS volume.
+--
+-- 'snapshotArn', 'volumeDetail_snapshotArn' - Snapshot Arn of the EBS volume.
+--
+-- 'volumeArn', 'volumeDetail_volumeArn' - EBS volume Arn information.
+--
+-- 'volumeSizeInGB', 'volumeDetail_volumeSizeInGB' - EBS volume size in GB.
+--
+-- 'volumeType', 'volumeDetail_volumeType' - The EBS volume type.
+newVolumeDetail ::
+  VolumeDetail
+newVolumeDetail =
+  VolumeDetail'
+    { deviceName = Prelude.Nothing,
+      encryptionType = Prelude.Nothing,
+      kmsKeyArn = Prelude.Nothing,
+      snapshotArn = Prelude.Nothing,
+      volumeArn = Prelude.Nothing,
+      volumeSizeInGB = Prelude.Nothing,
+      volumeType = Prelude.Nothing
+    }
+
+-- | The device name for the EBS volume.
+volumeDetail_deviceName :: Lens.Lens' VolumeDetail (Prelude.Maybe Prelude.Text)
+volumeDetail_deviceName = Lens.lens (\VolumeDetail' {deviceName} -> deviceName) (\s@VolumeDetail' {} a -> s {deviceName = a} :: VolumeDetail)
+
+-- | EBS volume encryption type.
+volumeDetail_encryptionType :: Lens.Lens' VolumeDetail (Prelude.Maybe Prelude.Text)
+volumeDetail_encryptionType = Lens.lens (\VolumeDetail' {encryptionType} -> encryptionType) (\s@VolumeDetail' {} a -> s {encryptionType = a} :: VolumeDetail)
+
+-- | KMS key Arn used to encrypt the EBS volume.
+volumeDetail_kmsKeyArn :: Lens.Lens' VolumeDetail (Prelude.Maybe Prelude.Text)
+volumeDetail_kmsKeyArn = Lens.lens (\VolumeDetail' {kmsKeyArn} -> kmsKeyArn) (\s@VolumeDetail' {} a -> s {kmsKeyArn = a} :: VolumeDetail)
+
+-- | Snapshot Arn of the EBS volume.
+volumeDetail_snapshotArn :: Lens.Lens' VolumeDetail (Prelude.Maybe Prelude.Text)
+volumeDetail_snapshotArn = Lens.lens (\VolumeDetail' {snapshotArn} -> snapshotArn) (\s@VolumeDetail' {} a -> s {snapshotArn = a} :: VolumeDetail)
+
+-- | EBS volume Arn information.
+volumeDetail_volumeArn :: Lens.Lens' VolumeDetail (Prelude.Maybe Prelude.Text)
+volumeDetail_volumeArn = Lens.lens (\VolumeDetail' {volumeArn} -> volumeArn) (\s@VolumeDetail' {} a -> s {volumeArn = a} :: VolumeDetail)
+
+-- | EBS volume size in GB.
+volumeDetail_volumeSizeInGB :: Lens.Lens' VolumeDetail (Prelude.Maybe Prelude.Int)
+volumeDetail_volumeSizeInGB = Lens.lens (\VolumeDetail' {volumeSizeInGB} -> volumeSizeInGB) (\s@VolumeDetail' {} a -> s {volumeSizeInGB = a} :: VolumeDetail)
+
+-- | The EBS volume type.
+volumeDetail_volumeType :: Lens.Lens' VolumeDetail (Prelude.Maybe Prelude.Text)
+volumeDetail_volumeType = Lens.lens (\VolumeDetail' {volumeType} -> volumeType) (\s@VolumeDetail' {} a -> s {volumeType = a} :: VolumeDetail)
+
+instance Data.FromJSON VolumeDetail where
+  parseJSON =
+    Data.withObject
+      "VolumeDetail"
+      ( \x ->
+          VolumeDetail'
+            Prelude.<$> (x Data..:? "deviceName")
+            Prelude.<*> (x Data..:? "encryptionType")
+            Prelude.<*> (x Data..:? "kmsKeyArn")
+            Prelude.<*> (x Data..:? "snapshotArn")
+            Prelude.<*> (x Data..:? "volumeArn")
+            Prelude.<*> (x Data..:? "volumeSizeInGB")
+            Prelude.<*> (x Data..:? "volumeType")
+      )
+
+instance Prelude.Hashable VolumeDetail where
+  hashWithSalt _salt VolumeDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` deviceName
+      `Prelude.hashWithSalt` encryptionType
+      `Prelude.hashWithSalt` kmsKeyArn
+      `Prelude.hashWithSalt` snapshotArn
+      `Prelude.hashWithSalt` volumeArn
+      `Prelude.hashWithSalt` volumeSizeInGB
+      `Prelude.hashWithSalt` volumeType
+
+instance Prelude.NFData VolumeDetail where
+  rnf VolumeDetail' {..} =
+    Prelude.rnf deviceName
+      `Prelude.seq` Prelude.rnf encryptionType
+      `Prelude.seq` Prelude.rnf kmsKeyArn
+      `Prelude.seq` Prelude.rnf snapshotArn
+      `Prelude.seq` Prelude.rnf volumeArn
+      `Prelude.seq` Prelude.rnf volumeSizeInGB
+      `Prelude.seq` Prelude.rnf volumeType
diff --git a/gen/Amazonka/GuardDuty/Types/VolumeMount.hs b/gen/Amazonka/GuardDuty/Types/VolumeMount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Types/VolumeMount.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Types.VolumeMount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Types.VolumeMount where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Container volume mount.
+--
+-- /See:/ 'newVolumeMount' smart constructor.
+data VolumeMount = VolumeMount'
+  { -- | Volume mount path.
+    mountPath :: Prelude.Maybe Prelude.Text,
+    -- | Volume mount name.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VolumeMount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mountPath', 'volumeMount_mountPath' - Volume mount path.
+--
+-- 'name', 'volumeMount_name' - Volume mount name.
+newVolumeMount ::
+  VolumeMount
+newVolumeMount =
+  VolumeMount'
+    { mountPath = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | Volume mount path.
+volumeMount_mountPath :: Lens.Lens' VolumeMount (Prelude.Maybe Prelude.Text)
+volumeMount_mountPath = Lens.lens (\VolumeMount' {mountPath} -> mountPath) (\s@VolumeMount' {} a -> s {mountPath = a} :: VolumeMount)
+
+-- | Volume mount name.
+volumeMount_name :: Lens.Lens' VolumeMount (Prelude.Maybe Prelude.Text)
+volumeMount_name = Lens.lens (\VolumeMount' {name} -> name) (\s@VolumeMount' {} a -> s {name = a} :: VolumeMount)
+
+instance Data.FromJSON VolumeMount where
+  parseJSON =
+    Data.withObject
+      "VolumeMount"
+      ( \x ->
+          VolumeMount'
+            Prelude.<$> (x Data..:? "mountPath")
+            Prelude.<*> (x Data..:? "name")
+      )
+
+instance Prelude.Hashable VolumeMount where
+  hashWithSalt _salt VolumeMount' {..} =
+    _salt
+      `Prelude.hashWithSalt` mountPath
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData VolumeMount where
+  rnf VolumeMount' {..} =
+    Prelude.rnf mountPath
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/GuardDuty/UnarchiveFindings.hs b/gen/Amazonka/GuardDuty/UnarchiveFindings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UnarchiveFindings.hs
@@ -0,0 +1,173 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UnarchiveFindings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Unarchives GuardDuty findings specified by the @findingIds@.
+module Amazonka.GuardDuty.UnarchiveFindings
+  ( -- * Creating a Request
+    UnarchiveFindings (..),
+    newUnarchiveFindings,
+
+    -- * Request Lenses
+    unarchiveFindings_detectorId,
+    unarchiveFindings_findingIds,
+
+    -- * Destructuring the Response
+    UnarchiveFindingsResponse (..),
+    newUnarchiveFindingsResponse,
+
+    -- * Response Lenses
+    unarchiveFindingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUnarchiveFindings' smart constructor.
+data UnarchiveFindings = UnarchiveFindings'
+  { -- | The ID of the detector associated with the findings to unarchive.
+    detectorId :: Prelude.Text,
+    -- | The IDs of the findings to unarchive.
+    findingIds :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UnarchiveFindings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'detectorId', 'unarchiveFindings_detectorId' - The ID of the detector associated with the findings to unarchive.
+--
+-- 'findingIds', 'unarchiveFindings_findingIds' - The IDs of the findings to unarchive.
+newUnarchiveFindings ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  UnarchiveFindings
+newUnarchiveFindings pDetectorId_ =
+  UnarchiveFindings'
+    { detectorId = pDetectorId_,
+      findingIds = Prelude.mempty
+    }
+
+-- | The ID of the detector associated with the findings to unarchive.
+unarchiveFindings_detectorId :: Lens.Lens' UnarchiveFindings Prelude.Text
+unarchiveFindings_detectorId = Lens.lens (\UnarchiveFindings' {detectorId} -> detectorId) (\s@UnarchiveFindings' {} a -> s {detectorId = a} :: UnarchiveFindings)
+
+-- | The IDs of the findings to unarchive.
+unarchiveFindings_findingIds :: Lens.Lens' UnarchiveFindings [Prelude.Text]
+unarchiveFindings_findingIds = Lens.lens (\UnarchiveFindings' {findingIds} -> findingIds) (\s@UnarchiveFindings' {} a -> s {findingIds = a} :: UnarchiveFindings) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UnarchiveFindings where
+  type
+    AWSResponse UnarchiveFindings =
+      UnarchiveFindingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UnarchiveFindingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UnarchiveFindings where
+  hashWithSalt _salt UnarchiveFindings' {..} =
+    _salt
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` findingIds
+
+instance Prelude.NFData UnarchiveFindings where
+  rnf UnarchiveFindings' {..} =
+    Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf findingIds
+
+instance Data.ToHeaders UnarchiveFindings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UnarchiveFindings where
+  toJSON UnarchiveFindings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("findingIds" Data..= findingIds)]
+      )
+
+instance Data.ToPath UnarchiveFindings where
+  toPath UnarchiveFindings' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/findings/unarchive"
+      ]
+
+instance Data.ToQuery UnarchiveFindings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUnarchiveFindingsResponse' smart constructor.
+data UnarchiveFindingsResponse = UnarchiveFindingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UnarchiveFindingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'unarchiveFindingsResponse_httpStatus' - The response's http status code.
+newUnarchiveFindingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UnarchiveFindingsResponse
+newUnarchiveFindingsResponse pHttpStatus_ =
+  UnarchiveFindingsResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+unarchiveFindingsResponse_httpStatus :: Lens.Lens' UnarchiveFindingsResponse Prelude.Int
+unarchiveFindingsResponse_httpStatus = Lens.lens (\UnarchiveFindingsResponse' {httpStatus} -> httpStatus) (\s@UnarchiveFindingsResponse' {} a -> s {httpStatus = a} :: UnarchiveFindingsResponse)
+
+instance Prelude.NFData UnarchiveFindingsResponse where
+  rnf UnarchiveFindingsResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UntagResource.hs b/gen/Amazonka/GuardDuty/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UntagResource.hs
@@ -0,0 +1,163 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes tags from a resource.
+module Amazonka.GuardDuty.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The Amazon Resource Name (ARN) for the resource to remove tags from.
+    resourceArn :: Prelude.Text,
+    -- | The tag keys to remove from the resource.
+    tagKeys :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'untagResource_resourceArn' - The Amazon Resource Name (ARN) for the resource to remove tags from.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - The tag keys to remove from the resource.
+newUntagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'tagKeys'
+  Prelude.NonEmpty Prelude.Text ->
+  UntagResource
+newUntagResource pResourceArn_ pTagKeys_ =
+  UntagResource'
+    { resourceArn = pResourceArn_,
+      tagKeys = Lens.coerced Lens.# pTagKeys_
+    }
+
+-- | The Amazon Resource Name (ARN) for the resource to remove tags from.
+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)
+
+-- | The tag keys to remove from the resource.
+untagResource_tagKeys :: Lens.Lens' UntagResource (Prelude.NonEmpty Prelude.Text)
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath UntagResource' {..} =
+    Prelude.mconcat ["/tags/", Data.toBS resourceArn]
+
+instance Data.ToQuery UntagResource where
+  toQuery UntagResource' {..} =
+    Prelude.mconcat
+      ["tagKeys" Data.=: Data.toQueryList "member" tagKeys]
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UpdateDetector.hs b/gen/Amazonka/GuardDuty/UpdateDetector.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateDetector.hs
@@ -0,0 +1,198 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateDetector
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the Amazon GuardDuty detector specified by the detectorId.
+module Amazonka.GuardDuty.UpdateDetector
+  ( -- * Creating a Request
+    UpdateDetector (..),
+    newUpdateDetector,
+
+    -- * Request Lenses
+    updateDetector_dataSources,
+    updateDetector_enable,
+    updateDetector_findingPublishingFrequency,
+    updateDetector_detectorId,
+
+    -- * Destructuring the Response
+    UpdateDetectorResponse (..),
+    newUpdateDetectorResponse,
+
+    -- * Response Lenses
+    updateDetectorResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateDetector' smart constructor.
+data UpdateDetector = UpdateDetector'
+  { -- | Describes which data sources will be updated.
+    dataSources :: Prelude.Maybe DataSourceConfigurations,
+    -- | Specifies whether the detector is enabled or not enabled.
+    enable :: Prelude.Maybe Prelude.Bool,
+    -- | An enum value that specifies how frequently findings are exported, such
+    -- as to CloudWatch Events.
+    findingPublishingFrequency :: Prelude.Maybe FindingPublishingFrequency,
+    -- | The unique ID of the detector to update.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateDetector' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataSources', 'updateDetector_dataSources' - Describes which data sources will be updated.
+--
+-- 'enable', 'updateDetector_enable' - Specifies whether the detector is enabled or not enabled.
+--
+-- 'findingPublishingFrequency', 'updateDetector_findingPublishingFrequency' - An enum value that specifies how frequently findings are exported, such
+-- as to CloudWatch Events.
+--
+-- 'detectorId', 'updateDetector_detectorId' - The unique ID of the detector to update.
+newUpdateDetector ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  UpdateDetector
+newUpdateDetector pDetectorId_ =
+  UpdateDetector'
+    { dataSources = Prelude.Nothing,
+      enable = Prelude.Nothing,
+      findingPublishingFrequency = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | Describes which data sources will be updated.
+updateDetector_dataSources :: Lens.Lens' UpdateDetector (Prelude.Maybe DataSourceConfigurations)
+updateDetector_dataSources = Lens.lens (\UpdateDetector' {dataSources} -> dataSources) (\s@UpdateDetector' {} a -> s {dataSources = a} :: UpdateDetector)
+
+-- | Specifies whether the detector is enabled or not enabled.
+updateDetector_enable :: Lens.Lens' UpdateDetector (Prelude.Maybe Prelude.Bool)
+updateDetector_enable = Lens.lens (\UpdateDetector' {enable} -> enable) (\s@UpdateDetector' {} a -> s {enable = a} :: UpdateDetector)
+
+-- | An enum value that specifies how frequently findings are exported, such
+-- as to CloudWatch Events.
+updateDetector_findingPublishingFrequency :: Lens.Lens' UpdateDetector (Prelude.Maybe FindingPublishingFrequency)
+updateDetector_findingPublishingFrequency = Lens.lens (\UpdateDetector' {findingPublishingFrequency} -> findingPublishingFrequency) (\s@UpdateDetector' {} a -> s {findingPublishingFrequency = a} :: UpdateDetector)
+
+-- | The unique ID of the detector to update.
+updateDetector_detectorId :: Lens.Lens' UpdateDetector Prelude.Text
+updateDetector_detectorId = Lens.lens (\UpdateDetector' {detectorId} -> detectorId) (\s@UpdateDetector' {} a -> s {detectorId = a} :: UpdateDetector)
+
+instance Core.AWSRequest UpdateDetector where
+  type
+    AWSResponse UpdateDetector =
+      UpdateDetectorResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateDetectorResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateDetector where
+  hashWithSalt _salt UpdateDetector' {..} =
+    _salt
+      `Prelude.hashWithSalt` dataSources
+      `Prelude.hashWithSalt` enable
+      `Prelude.hashWithSalt` findingPublishingFrequency
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData UpdateDetector where
+  rnf UpdateDetector' {..} =
+    Prelude.rnf dataSources
+      `Prelude.seq` Prelude.rnf enable
+      `Prelude.seq` Prelude.rnf findingPublishingFrequency
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders UpdateDetector where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateDetector where
+  toJSON UpdateDetector' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("dataSources" Data..=) Prelude.<$> dataSources,
+            ("enable" Data..=) Prelude.<$> enable,
+            ("findingPublishingFrequency" Data..=)
+              Prelude.<$> findingPublishingFrequency
+          ]
+      )
+
+instance Data.ToPath UpdateDetector where
+  toPath UpdateDetector' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId]
+
+instance Data.ToQuery UpdateDetector where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateDetectorResponse' smart constructor.
+data UpdateDetectorResponse = UpdateDetectorResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateDetectorResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateDetectorResponse_httpStatus' - The response's http status code.
+newUpdateDetectorResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateDetectorResponse
+newUpdateDetectorResponse pHttpStatus_ =
+  UpdateDetectorResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+updateDetectorResponse_httpStatus :: Lens.Lens' UpdateDetectorResponse Prelude.Int
+updateDetectorResponse_httpStatus = Lens.lens (\UpdateDetectorResponse' {httpStatus} -> httpStatus) (\s@UpdateDetectorResponse' {} a -> s {httpStatus = a} :: UpdateDetectorResponse)
+
+instance Prelude.NFData UpdateDetectorResponse where
+  rnf UpdateDetectorResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UpdateFilter.hs b/gen/Amazonka/GuardDuty/UpdateFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateFilter.hs
@@ -0,0 +1,258 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the filter specified by the filter name.
+module Amazonka.GuardDuty.UpdateFilter
+  ( -- * Creating a Request
+    UpdateFilter (..),
+    newUpdateFilter,
+
+    -- * Request Lenses
+    updateFilter_action,
+    updateFilter_description,
+    updateFilter_findingCriteria,
+    updateFilter_rank,
+    updateFilter_detectorId,
+    updateFilter_filterName,
+
+    -- * Destructuring the Response
+    UpdateFilterResponse (..),
+    newUpdateFilterResponse,
+
+    -- * Response Lenses
+    updateFilterResponse_httpStatus,
+    updateFilterResponse_name,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateFilter' smart constructor.
+data UpdateFilter = UpdateFilter'
+  { -- | Specifies the action that is to be applied to the findings that match
+    -- the filter.
+    action :: Prelude.Maybe FilterAction,
+    -- | The description of the filter. Valid special characters include period
+    -- (.), underscore (_), dash (-), and whitespace. The new line character is
+    -- considered to be an invalid input for description.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Represents the criteria to be used in the filter for querying findings.
+    findingCriteria :: Prelude.Maybe FindingCriteria,
+    -- | Specifies the position of the filter in the list of current filters.
+    -- Also specifies the order in which this filter is applied to the
+    -- findings.
+    rank :: Prelude.Maybe Prelude.Natural,
+    -- | The unique ID of the detector that specifies the GuardDuty service where
+    -- you want to update a filter.
+    detectorId :: Prelude.Text,
+    -- | The name of the filter.
+    filterName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'updateFilter_action' - Specifies the action that is to be applied to the findings that match
+-- the filter.
+--
+-- 'description', 'updateFilter_description' - The description of the filter. Valid special characters include period
+-- (.), underscore (_), dash (-), and whitespace. The new line character is
+-- considered to be an invalid input for description.
+--
+-- 'findingCriteria', 'updateFilter_findingCriteria' - Represents the criteria to be used in the filter for querying findings.
+--
+-- 'rank', 'updateFilter_rank' - Specifies the position of the filter in the list of current filters.
+-- Also specifies the order in which this filter is applied to the
+-- findings.
+--
+-- 'detectorId', 'updateFilter_detectorId' - The unique ID of the detector that specifies the GuardDuty service where
+-- you want to update a filter.
+--
+-- 'filterName', 'updateFilter_filterName' - The name of the filter.
+newUpdateFilter ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'filterName'
+  Prelude.Text ->
+  UpdateFilter
+newUpdateFilter pDetectorId_ pFilterName_ =
+  UpdateFilter'
+    { action = Prelude.Nothing,
+      description = Prelude.Nothing,
+      findingCriteria = Prelude.Nothing,
+      rank = Prelude.Nothing,
+      detectorId = pDetectorId_,
+      filterName = pFilterName_
+    }
+
+-- | Specifies the action that is to be applied to the findings that match
+-- the filter.
+updateFilter_action :: Lens.Lens' UpdateFilter (Prelude.Maybe FilterAction)
+updateFilter_action = Lens.lens (\UpdateFilter' {action} -> action) (\s@UpdateFilter' {} a -> s {action = a} :: UpdateFilter)
+
+-- | The description of the filter. Valid special characters include period
+-- (.), underscore (_), dash (-), and whitespace. The new line character is
+-- considered to be an invalid input for description.
+updateFilter_description :: Lens.Lens' UpdateFilter (Prelude.Maybe Prelude.Text)
+updateFilter_description = Lens.lens (\UpdateFilter' {description} -> description) (\s@UpdateFilter' {} a -> s {description = a} :: UpdateFilter)
+
+-- | Represents the criteria to be used in the filter for querying findings.
+updateFilter_findingCriteria :: Lens.Lens' UpdateFilter (Prelude.Maybe FindingCriteria)
+updateFilter_findingCriteria = Lens.lens (\UpdateFilter' {findingCriteria} -> findingCriteria) (\s@UpdateFilter' {} a -> s {findingCriteria = a} :: UpdateFilter)
+
+-- | Specifies the position of the filter in the list of current filters.
+-- Also specifies the order in which this filter is applied to the
+-- findings.
+updateFilter_rank :: Lens.Lens' UpdateFilter (Prelude.Maybe Prelude.Natural)
+updateFilter_rank = Lens.lens (\UpdateFilter' {rank} -> rank) (\s@UpdateFilter' {} a -> s {rank = a} :: UpdateFilter)
+
+-- | The unique ID of the detector that specifies the GuardDuty service where
+-- you want to update a filter.
+updateFilter_detectorId :: Lens.Lens' UpdateFilter Prelude.Text
+updateFilter_detectorId = Lens.lens (\UpdateFilter' {detectorId} -> detectorId) (\s@UpdateFilter' {} a -> s {detectorId = a} :: UpdateFilter)
+
+-- | The name of the filter.
+updateFilter_filterName :: Lens.Lens' UpdateFilter Prelude.Text
+updateFilter_filterName = Lens.lens (\UpdateFilter' {filterName} -> filterName) (\s@UpdateFilter' {} a -> s {filterName = a} :: UpdateFilter)
+
+instance Core.AWSRequest UpdateFilter where
+  type AWSResponse UpdateFilter = UpdateFilterResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateFilterResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "name")
+      )
+
+instance Prelude.Hashable UpdateFilter where
+  hashWithSalt _salt UpdateFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` findingCriteria
+      `Prelude.hashWithSalt` rank
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` filterName
+
+instance Prelude.NFData UpdateFilter where
+  rnf UpdateFilter' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf findingCriteria
+      `Prelude.seq` Prelude.rnf rank
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf filterName
+
+instance Data.ToHeaders UpdateFilter where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFilter where
+  toJSON UpdateFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("action" Data..=) Prelude.<$> action,
+            ("description" Data..=) Prelude.<$> description,
+            ("findingCriteria" Data..=)
+              Prelude.<$> findingCriteria,
+            ("rank" Data..=) Prelude.<$> rank
+          ]
+      )
+
+instance Data.ToPath UpdateFilter where
+  toPath UpdateFilter' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/filter/",
+        Data.toBS filterName
+      ]
+
+instance Data.ToQuery UpdateFilter where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFilterResponse' smart constructor.
+data UpdateFilterResponse = UpdateFilterResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The name of the filter.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFilterResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateFilterResponse_httpStatus' - The response's http status code.
+--
+-- 'name', 'updateFilterResponse_name' - The name of the filter.
+newUpdateFilterResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'name'
+  Prelude.Text ->
+  UpdateFilterResponse
+newUpdateFilterResponse pHttpStatus_ pName_ =
+  UpdateFilterResponse'
+    { httpStatus = pHttpStatus_,
+      name = pName_
+    }
+
+-- | The response's http status code.
+updateFilterResponse_httpStatus :: Lens.Lens' UpdateFilterResponse Prelude.Int
+updateFilterResponse_httpStatus = Lens.lens (\UpdateFilterResponse' {httpStatus} -> httpStatus) (\s@UpdateFilterResponse' {} a -> s {httpStatus = a} :: UpdateFilterResponse)
+
+-- | The name of the filter.
+updateFilterResponse_name :: Lens.Lens' UpdateFilterResponse Prelude.Text
+updateFilterResponse_name = Lens.lens (\UpdateFilterResponse' {name} -> name) (\s@UpdateFilterResponse' {} a -> s {name = a} :: UpdateFilterResponse)
+
+instance Prelude.NFData UpdateFilterResponse where
+  rnf UpdateFilterResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/GuardDuty/UpdateFindingsFeedback.hs b/gen/Amazonka/GuardDuty/UpdateFindingsFeedback.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateFindingsFeedback.hs
@@ -0,0 +1,208 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateFindingsFeedback
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Marks the specified GuardDuty findings as useful or not useful.
+module Amazonka.GuardDuty.UpdateFindingsFeedback
+  ( -- * Creating a Request
+    UpdateFindingsFeedback (..),
+    newUpdateFindingsFeedback,
+
+    -- * Request Lenses
+    updateFindingsFeedback_comments,
+    updateFindingsFeedback_detectorId,
+    updateFindingsFeedback_findingIds,
+    updateFindingsFeedback_feedback,
+
+    -- * Destructuring the Response
+    UpdateFindingsFeedbackResponse (..),
+    newUpdateFindingsFeedbackResponse,
+
+    -- * Response Lenses
+    updateFindingsFeedbackResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateFindingsFeedback' smart constructor.
+data UpdateFindingsFeedback = UpdateFindingsFeedback'
+  { -- | Additional feedback about the GuardDuty findings.
+    comments :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the detector associated with the findings to update feedback
+    -- for.
+    detectorId :: Prelude.Text,
+    -- | The IDs of the findings that you want to mark as useful or not useful.
+    findingIds :: [Prelude.Text],
+    -- | The feedback for the finding.
+    feedback :: Feedback
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindingsFeedback' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'comments', 'updateFindingsFeedback_comments' - Additional feedback about the GuardDuty findings.
+--
+-- 'detectorId', 'updateFindingsFeedback_detectorId' - The ID of the detector associated with the findings to update feedback
+-- for.
+--
+-- 'findingIds', 'updateFindingsFeedback_findingIds' - The IDs of the findings that you want to mark as useful or not useful.
+--
+-- 'feedback', 'updateFindingsFeedback_feedback' - The feedback for the finding.
+newUpdateFindingsFeedback ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'feedback'
+  Feedback ->
+  UpdateFindingsFeedback
+newUpdateFindingsFeedback pDetectorId_ pFeedback_ =
+  UpdateFindingsFeedback'
+    { comments = Prelude.Nothing,
+      detectorId = pDetectorId_,
+      findingIds = Prelude.mempty,
+      feedback = pFeedback_
+    }
+
+-- | Additional feedback about the GuardDuty findings.
+updateFindingsFeedback_comments :: Lens.Lens' UpdateFindingsFeedback (Prelude.Maybe Prelude.Text)
+updateFindingsFeedback_comments = Lens.lens (\UpdateFindingsFeedback' {comments} -> comments) (\s@UpdateFindingsFeedback' {} a -> s {comments = a} :: UpdateFindingsFeedback)
+
+-- | The ID of the detector associated with the findings to update feedback
+-- for.
+updateFindingsFeedback_detectorId :: Lens.Lens' UpdateFindingsFeedback Prelude.Text
+updateFindingsFeedback_detectorId = Lens.lens (\UpdateFindingsFeedback' {detectorId} -> detectorId) (\s@UpdateFindingsFeedback' {} a -> s {detectorId = a} :: UpdateFindingsFeedback)
+
+-- | The IDs of the findings that you want to mark as useful or not useful.
+updateFindingsFeedback_findingIds :: Lens.Lens' UpdateFindingsFeedback [Prelude.Text]
+updateFindingsFeedback_findingIds = Lens.lens (\UpdateFindingsFeedback' {findingIds} -> findingIds) (\s@UpdateFindingsFeedback' {} a -> s {findingIds = a} :: UpdateFindingsFeedback) Prelude.. Lens.coerced
+
+-- | The feedback for the finding.
+updateFindingsFeedback_feedback :: Lens.Lens' UpdateFindingsFeedback Feedback
+updateFindingsFeedback_feedback = Lens.lens (\UpdateFindingsFeedback' {feedback} -> feedback) (\s@UpdateFindingsFeedback' {} a -> s {feedback = a} :: UpdateFindingsFeedback)
+
+instance Core.AWSRequest UpdateFindingsFeedback where
+  type
+    AWSResponse UpdateFindingsFeedback =
+      UpdateFindingsFeedbackResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateFindingsFeedbackResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateFindingsFeedback where
+  hashWithSalt _salt UpdateFindingsFeedback' {..} =
+    _salt
+      `Prelude.hashWithSalt` comments
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` findingIds
+      `Prelude.hashWithSalt` feedback
+
+instance Prelude.NFData UpdateFindingsFeedback where
+  rnf UpdateFindingsFeedback' {..} =
+    Prelude.rnf comments
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf findingIds
+      `Prelude.seq` Prelude.rnf feedback
+
+instance Data.ToHeaders UpdateFindingsFeedback where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFindingsFeedback where
+  toJSON UpdateFindingsFeedback' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("comments" Data..=) Prelude.<$> comments,
+            Prelude.Just ("findingIds" Data..= findingIds),
+            Prelude.Just ("feedback" Data..= feedback)
+          ]
+      )
+
+instance Data.ToPath UpdateFindingsFeedback where
+  toPath UpdateFindingsFeedback' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/findings/feedback"
+      ]
+
+instance Data.ToQuery UpdateFindingsFeedback where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFindingsFeedbackResponse' smart constructor.
+data UpdateFindingsFeedbackResponse = UpdateFindingsFeedbackResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFindingsFeedbackResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateFindingsFeedbackResponse_httpStatus' - The response's http status code.
+newUpdateFindingsFeedbackResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateFindingsFeedbackResponse
+newUpdateFindingsFeedbackResponse pHttpStatus_ =
+  UpdateFindingsFeedbackResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateFindingsFeedbackResponse_httpStatus :: Lens.Lens' UpdateFindingsFeedbackResponse Prelude.Int
+updateFindingsFeedbackResponse_httpStatus = Lens.lens (\UpdateFindingsFeedbackResponse' {httpStatus} -> httpStatus) (\s@UpdateFindingsFeedbackResponse' {} a -> s {httpStatus = a} :: UpdateFindingsFeedbackResponse)
+
+instance
+  Prelude.NFData
+    UpdateFindingsFeedbackResponse
+  where
+  rnf UpdateFindingsFeedbackResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UpdateIPSet.hs b/gen/Amazonka/GuardDuty/UpdateIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateIPSet.hs
@@ -0,0 +1,215 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the IPSet specified by the IPSet ID.
+module Amazonka.GuardDuty.UpdateIPSet
+  ( -- * Creating a Request
+    UpdateIPSet (..),
+    newUpdateIPSet,
+
+    -- * Request Lenses
+    updateIPSet_activate,
+    updateIPSet_location,
+    updateIPSet_name,
+    updateIPSet_detectorId,
+    updateIPSet_ipSetId,
+
+    -- * Destructuring the Response
+    UpdateIPSetResponse (..),
+    newUpdateIPSetResponse,
+
+    -- * Response Lenses
+    updateIPSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateIPSet' smart constructor.
+data UpdateIPSet = UpdateIPSet'
+  { -- | The updated Boolean value that specifies whether the IPSet is active or
+    -- not.
+    activate :: Prelude.Maybe Prelude.Bool,
+    -- | The updated URI of the file that contains the IPSet.
+    location :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID that specifies the IPSet that you want to update.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The detectorID that specifies the GuardDuty service whose IPSet you want
+    -- to update.
+    detectorId :: Prelude.Text,
+    -- | The unique ID that specifies the IPSet that you want to update.
+    ipSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'activate', 'updateIPSet_activate' - The updated Boolean value that specifies whether the IPSet is active or
+-- not.
+--
+-- 'location', 'updateIPSet_location' - The updated URI of the file that contains the IPSet.
+--
+-- 'name', 'updateIPSet_name' - The unique ID that specifies the IPSet that you want to update.
+--
+-- 'detectorId', 'updateIPSet_detectorId' - The detectorID that specifies the GuardDuty service whose IPSet you want
+-- to update.
+--
+-- 'ipSetId', 'updateIPSet_ipSetId' - The unique ID that specifies the IPSet that you want to update.
+newUpdateIPSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'ipSetId'
+  Prelude.Text ->
+  UpdateIPSet
+newUpdateIPSet pDetectorId_ pIpSetId_ =
+  UpdateIPSet'
+    { activate = Prelude.Nothing,
+      location = Prelude.Nothing,
+      name = Prelude.Nothing,
+      detectorId = pDetectorId_,
+      ipSetId = pIpSetId_
+    }
+
+-- | The updated Boolean value that specifies whether the IPSet is active or
+-- not.
+updateIPSet_activate :: Lens.Lens' UpdateIPSet (Prelude.Maybe Prelude.Bool)
+updateIPSet_activate = Lens.lens (\UpdateIPSet' {activate} -> activate) (\s@UpdateIPSet' {} a -> s {activate = a} :: UpdateIPSet)
+
+-- | The updated URI of the file that contains the IPSet.
+updateIPSet_location :: Lens.Lens' UpdateIPSet (Prelude.Maybe Prelude.Text)
+updateIPSet_location = Lens.lens (\UpdateIPSet' {location} -> location) (\s@UpdateIPSet' {} a -> s {location = a} :: UpdateIPSet)
+
+-- | The unique ID that specifies the IPSet that you want to update.
+updateIPSet_name :: Lens.Lens' UpdateIPSet (Prelude.Maybe Prelude.Text)
+updateIPSet_name = Lens.lens (\UpdateIPSet' {name} -> name) (\s@UpdateIPSet' {} a -> s {name = a} :: UpdateIPSet)
+
+-- | The detectorID that specifies the GuardDuty service whose IPSet you want
+-- to update.
+updateIPSet_detectorId :: Lens.Lens' UpdateIPSet Prelude.Text
+updateIPSet_detectorId = Lens.lens (\UpdateIPSet' {detectorId} -> detectorId) (\s@UpdateIPSet' {} a -> s {detectorId = a} :: UpdateIPSet)
+
+-- | The unique ID that specifies the IPSet that you want to update.
+updateIPSet_ipSetId :: Lens.Lens' UpdateIPSet Prelude.Text
+updateIPSet_ipSetId = Lens.lens (\UpdateIPSet' {ipSetId} -> ipSetId) (\s@UpdateIPSet' {} a -> s {ipSetId = a} :: UpdateIPSet)
+
+instance Core.AWSRequest UpdateIPSet where
+  type AWSResponse UpdateIPSet = UpdateIPSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateIPSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateIPSet where
+  hashWithSalt _salt UpdateIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` activate
+      `Prelude.hashWithSalt` location
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` ipSetId
+
+instance Prelude.NFData UpdateIPSet where
+  rnf UpdateIPSet' {..} =
+    Prelude.rnf activate
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf ipSetId
+
+instance Data.ToHeaders UpdateIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateIPSet where
+  toJSON UpdateIPSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("activate" Data..=) Prelude.<$> activate,
+            ("location" Data..=) Prelude.<$> location,
+            ("name" Data..=) Prelude.<$> name
+          ]
+      )
+
+instance Data.ToPath UpdateIPSet where
+  toPath UpdateIPSet' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/ipset/",
+        Data.toBS ipSetId
+      ]
+
+instance Data.ToQuery UpdateIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateIPSetResponse' smart constructor.
+data UpdateIPSetResponse = UpdateIPSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateIPSetResponse_httpStatus' - The response's http status code.
+newUpdateIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateIPSetResponse
+newUpdateIPSetResponse pHttpStatus_ =
+  UpdateIPSetResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+updateIPSetResponse_httpStatus :: Lens.Lens' UpdateIPSetResponse Prelude.Int
+updateIPSetResponse_httpStatus = Lens.lens (\UpdateIPSetResponse' {httpStatus} -> httpStatus) (\s@UpdateIPSetResponse' {} a -> s {httpStatus = a} :: UpdateIPSetResponse)
+
+instance Prelude.NFData UpdateIPSetResponse where
+  rnf UpdateIPSetResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UpdateMalwareScanSettings.hs b/gen/Amazonka/GuardDuty/UpdateMalwareScanSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateMalwareScanSettings.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateMalwareScanSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the malware scan settings.
+module Amazonka.GuardDuty.UpdateMalwareScanSettings
+  ( -- * Creating a Request
+    UpdateMalwareScanSettings (..),
+    newUpdateMalwareScanSettings,
+
+    -- * Request Lenses
+    updateMalwareScanSettings_ebsSnapshotPreservation,
+    updateMalwareScanSettings_scanResourceCriteria,
+    updateMalwareScanSettings_detectorId,
+
+    -- * Destructuring the Response
+    UpdateMalwareScanSettingsResponse (..),
+    newUpdateMalwareScanSettingsResponse,
+
+    -- * Response Lenses
+    updateMalwareScanSettingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateMalwareScanSettings' smart constructor.
+data UpdateMalwareScanSettings = UpdateMalwareScanSettings'
+  { -- | An enum value representing possible snapshot preservation settings.
+    ebsSnapshotPreservation :: Prelude.Maybe EbsSnapshotPreservation,
+    -- | Represents the criteria to be used in the filter for selecting resources
+    -- to scan.
+    scanResourceCriteria :: Prelude.Maybe ScanResourceCriteria,
+    -- | The unique ID of the detector that specifies the GuardDuty service where
+    -- you want to update scan settings.
+    detectorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateMalwareScanSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ebsSnapshotPreservation', 'updateMalwareScanSettings_ebsSnapshotPreservation' - An enum value representing possible snapshot preservation settings.
+--
+-- 'scanResourceCriteria', 'updateMalwareScanSettings_scanResourceCriteria' - Represents the criteria to be used in the filter for selecting resources
+-- to scan.
+--
+-- 'detectorId', 'updateMalwareScanSettings_detectorId' - The unique ID of the detector that specifies the GuardDuty service where
+-- you want to update scan settings.
+newUpdateMalwareScanSettings ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  UpdateMalwareScanSettings
+newUpdateMalwareScanSettings pDetectorId_ =
+  UpdateMalwareScanSettings'
+    { ebsSnapshotPreservation =
+        Prelude.Nothing,
+      scanResourceCriteria = Prelude.Nothing,
+      detectorId = pDetectorId_
+    }
+
+-- | An enum value representing possible snapshot preservation settings.
+updateMalwareScanSettings_ebsSnapshotPreservation :: Lens.Lens' UpdateMalwareScanSettings (Prelude.Maybe EbsSnapshotPreservation)
+updateMalwareScanSettings_ebsSnapshotPreservation = Lens.lens (\UpdateMalwareScanSettings' {ebsSnapshotPreservation} -> ebsSnapshotPreservation) (\s@UpdateMalwareScanSettings' {} a -> s {ebsSnapshotPreservation = a} :: UpdateMalwareScanSettings)
+
+-- | Represents the criteria to be used in the filter for selecting resources
+-- to scan.
+updateMalwareScanSettings_scanResourceCriteria :: Lens.Lens' UpdateMalwareScanSettings (Prelude.Maybe ScanResourceCriteria)
+updateMalwareScanSettings_scanResourceCriteria = Lens.lens (\UpdateMalwareScanSettings' {scanResourceCriteria} -> scanResourceCriteria) (\s@UpdateMalwareScanSettings' {} a -> s {scanResourceCriteria = a} :: UpdateMalwareScanSettings)
+
+-- | The unique ID of the detector that specifies the GuardDuty service where
+-- you want to update scan settings.
+updateMalwareScanSettings_detectorId :: Lens.Lens' UpdateMalwareScanSettings Prelude.Text
+updateMalwareScanSettings_detectorId = Lens.lens (\UpdateMalwareScanSettings' {detectorId} -> detectorId) (\s@UpdateMalwareScanSettings' {} a -> s {detectorId = a} :: UpdateMalwareScanSettings)
+
+instance Core.AWSRequest UpdateMalwareScanSettings where
+  type
+    AWSResponse UpdateMalwareScanSettings =
+      UpdateMalwareScanSettingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateMalwareScanSettingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateMalwareScanSettings where
+  hashWithSalt _salt UpdateMalwareScanSettings' {..} =
+    _salt
+      `Prelude.hashWithSalt` ebsSnapshotPreservation
+      `Prelude.hashWithSalt` scanResourceCriteria
+      `Prelude.hashWithSalt` detectorId
+
+instance Prelude.NFData UpdateMalwareScanSettings where
+  rnf UpdateMalwareScanSettings' {..} =
+    Prelude.rnf ebsSnapshotPreservation
+      `Prelude.seq` Prelude.rnf scanResourceCriteria
+      `Prelude.seq` Prelude.rnf detectorId
+
+instance Data.ToHeaders UpdateMalwareScanSettings where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateMalwareScanSettings where
+  toJSON UpdateMalwareScanSettings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ebsSnapshotPreservation" Data..=)
+              Prelude.<$> ebsSnapshotPreservation,
+            ("scanResourceCriteria" Data..=)
+              Prelude.<$> scanResourceCriteria
+          ]
+      )
+
+instance Data.ToPath UpdateMalwareScanSettings where
+  toPath UpdateMalwareScanSettings' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/malware-scan-settings"
+      ]
+
+instance Data.ToQuery UpdateMalwareScanSettings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateMalwareScanSettingsResponse' smart constructor.
+data UpdateMalwareScanSettingsResponse = UpdateMalwareScanSettingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateMalwareScanSettingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateMalwareScanSettingsResponse_httpStatus' - The response's http status code.
+newUpdateMalwareScanSettingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateMalwareScanSettingsResponse
+newUpdateMalwareScanSettingsResponse pHttpStatus_ =
+  UpdateMalwareScanSettingsResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateMalwareScanSettingsResponse_httpStatus :: Lens.Lens' UpdateMalwareScanSettingsResponse Prelude.Int
+updateMalwareScanSettingsResponse_httpStatus = Lens.lens (\UpdateMalwareScanSettingsResponse' {httpStatus} -> httpStatus) (\s@UpdateMalwareScanSettingsResponse' {} a -> s {httpStatus = a} :: UpdateMalwareScanSettingsResponse)
+
+instance
+  Prelude.NFData
+    UpdateMalwareScanSettingsResponse
+  where
+  rnf UpdateMalwareScanSettingsResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UpdateMemberDetectors.hs b/gen/Amazonka/GuardDuty/UpdateMemberDetectors.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateMemberDetectors.hs
@@ -0,0 +1,208 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateMemberDetectors
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Contains information on member accounts to be updated.
+module Amazonka.GuardDuty.UpdateMemberDetectors
+  ( -- * Creating a Request
+    UpdateMemberDetectors (..),
+    newUpdateMemberDetectors,
+
+    -- * Request Lenses
+    updateMemberDetectors_dataSources,
+    updateMemberDetectors_detectorId,
+    updateMemberDetectors_accountIds,
+
+    -- * Destructuring the Response
+    UpdateMemberDetectorsResponse (..),
+    newUpdateMemberDetectorsResponse,
+
+    -- * Response Lenses
+    updateMemberDetectorsResponse_httpStatus,
+    updateMemberDetectorsResponse_unprocessedAccounts,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateMemberDetectors' smart constructor.
+data UpdateMemberDetectors = UpdateMemberDetectors'
+  { -- | Describes which data sources will be updated.
+    dataSources :: Prelude.Maybe DataSourceConfigurations,
+    -- | The detector ID of the administrator account.
+    detectorId :: Prelude.Text,
+    -- | A list of member account IDs to be updated.
+    accountIds :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateMemberDetectors' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataSources', 'updateMemberDetectors_dataSources' - Describes which data sources will be updated.
+--
+-- 'detectorId', 'updateMemberDetectors_detectorId' - The detector ID of the administrator account.
+--
+-- 'accountIds', 'updateMemberDetectors_accountIds' - A list of member account IDs to be updated.
+newUpdateMemberDetectors ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'accountIds'
+  Prelude.NonEmpty Prelude.Text ->
+  UpdateMemberDetectors
+newUpdateMemberDetectors pDetectorId_ pAccountIds_ =
+  UpdateMemberDetectors'
+    { dataSources =
+        Prelude.Nothing,
+      detectorId = pDetectorId_,
+      accountIds = Lens.coerced Lens.# pAccountIds_
+    }
+
+-- | Describes which data sources will be updated.
+updateMemberDetectors_dataSources :: Lens.Lens' UpdateMemberDetectors (Prelude.Maybe DataSourceConfigurations)
+updateMemberDetectors_dataSources = Lens.lens (\UpdateMemberDetectors' {dataSources} -> dataSources) (\s@UpdateMemberDetectors' {} a -> s {dataSources = a} :: UpdateMemberDetectors)
+
+-- | The detector ID of the administrator account.
+updateMemberDetectors_detectorId :: Lens.Lens' UpdateMemberDetectors Prelude.Text
+updateMemberDetectors_detectorId = Lens.lens (\UpdateMemberDetectors' {detectorId} -> detectorId) (\s@UpdateMemberDetectors' {} a -> s {detectorId = a} :: UpdateMemberDetectors)
+
+-- | A list of member account IDs to be updated.
+updateMemberDetectors_accountIds :: Lens.Lens' UpdateMemberDetectors (Prelude.NonEmpty Prelude.Text)
+updateMemberDetectors_accountIds = Lens.lens (\UpdateMemberDetectors' {accountIds} -> accountIds) (\s@UpdateMemberDetectors' {} a -> s {accountIds = a} :: UpdateMemberDetectors) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UpdateMemberDetectors where
+  type
+    AWSResponse UpdateMemberDetectors =
+      UpdateMemberDetectorsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateMemberDetectorsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "unprocessedAccounts"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable UpdateMemberDetectors where
+  hashWithSalt _salt UpdateMemberDetectors' {..} =
+    _salt
+      `Prelude.hashWithSalt` dataSources
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` accountIds
+
+instance Prelude.NFData UpdateMemberDetectors where
+  rnf UpdateMemberDetectors' {..} =
+    Prelude.rnf dataSources
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf accountIds
+
+instance Data.ToHeaders UpdateMemberDetectors where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateMemberDetectors where
+  toJSON UpdateMemberDetectors' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("dataSources" Data..=) Prelude.<$> dataSources,
+            Prelude.Just ("accountIds" Data..= accountIds)
+          ]
+      )
+
+instance Data.ToPath UpdateMemberDetectors where
+  toPath UpdateMemberDetectors' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/member/detector/update"
+      ]
+
+instance Data.ToQuery UpdateMemberDetectors where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateMemberDetectorsResponse' smart constructor.
+data UpdateMemberDetectorsResponse = UpdateMemberDetectorsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A list of member account IDs that were unable to be processed along with
+    -- an explanation for why they were not processed.
+    unprocessedAccounts :: [UnprocessedAccount]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateMemberDetectorsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateMemberDetectorsResponse_httpStatus' - The response's http status code.
+--
+-- 'unprocessedAccounts', 'updateMemberDetectorsResponse_unprocessedAccounts' - A list of member account IDs that were unable to be processed along with
+-- an explanation for why they were not processed.
+newUpdateMemberDetectorsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateMemberDetectorsResponse
+newUpdateMemberDetectorsResponse pHttpStatus_ =
+  UpdateMemberDetectorsResponse'
+    { httpStatus =
+        pHttpStatus_,
+      unprocessedAccounts = Prelude.mempty
+    }
+
+-- | The response's http status code.
+updateMemberDetectorsResponse_httpStatus :: Lens.Lens' UpdateMemberDetectorsResponse Prelude.Int
+updateMemberDetectorsResponse_httpStatus = Lens.lens (\UpdateMemberDetectorsResponse' {httpStatus} -> httpStatus) (\s@UpdateMemberDetectorsResponse' {} a -> s {httpStatus = a} :: UpdateMemberDetectorsResponse)
+
+-- | A list of member account IDs that were unable to be processed along with
+-- an explanation for why they were not processed.
+updateMemberDetectorsResponse_unprocessedAccounts :: Lens.Lens' UpdateMemberDetectorsResponse [UnprocessedAccount]
+updateMemberDetectorsResponse_unprocessedAccounts = Lens.lens (\UpdateMemberDetectorsResponse' {unprocessedAccounts} -> unprocessedAccounts) (\s@UpdateMemberDetectorsResponse' {} a -> s {unprocessedAccounts = a} :: UpdateMemberDetectorsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData UpdateMemberDetectorsResponse where
+  rnf UpdateMemberDetectorsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf unprocessedAccounts
diff --git a/gen/Amazonka/GuardDuty/UpdateOrganizationConfiguration.hs b/gen/Amazonka/GuardDuty/UpdateOrganizationConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateOrganizationConfiguration.hs
@@ -0,0 +1,210 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateOrganizationConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the delegated administrator account with the values provided.
+module Amazonka.GuardDuty.UpdateOrganizationConfiguration
+  ( -- * Creating a Request
+    UpdateOrganizationConfiguration (..),
+    newUpdateOrganizationConfiguration,
+
+    -- * Request Lenses
+    updateOrganizationConfiguration_dataSources,
+    updateOrganizationConfiguration_detectorId,
+    updateOrganizationConfiguration_autoEnable,
+
+    -- * Destructuring the Response
+    UpdateOrganizationConfigurationResponse (..),
+    newUpdateOrganizationConfigurationResponse,
+
+    -- * Response Lenses
+    updateOrganizationConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateOrganizationConfiguration' smart constructor.
+data UpdateOrganizationConfiguration = UpdateOrganizationConfiguration'
+  { -- | Describes which data sources will be updated.
+    dataSources :: Prelude.Maybe OrganizationDataSourceConfigurations,
+    -- | The ID of the detector to update the delegated administrator for.
+    detectorId :: Prelude.Text,
+    -- | Indicates whether to automatically enable member accounts in the
+    -- organization.
+    autoEnable :: Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateOrganizationConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'dataSources', 'updateOrganizationConfiguration_dataSources' - Describes which data sources will be updated.
+--
+-- 'detectorId', 'updateOrganizationConfiguration_detectorId' - The ID of the detector to update the delegated administrator for.
+--
+-- 'autoEnable', 'updateOrganizationConfiguration_autoEnable' - Indicates whether to automatically enable member accounts in the
+-- organization.
+newUpdateOrganizationConfiguration ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'autoEnable'
+  Prelude.Bool ->
+  UpdateOrganizationConfiguration
+newUpdateOrganizationConfiguration
+  pDetectorId_
+  pAutoEnable_ =
+    UpdateOrganizationConfiguration'
+      { dataSources =
+          Prelude.Nothing,
+        detectorId = pDetectorId_,
+        autoEnable = pAutoEnable_
+      }
+
+-- | Describes which data sources will be updated.
+updateOrganizationConfiguration_dataSources :: Lens.Lens' UpdateOrganizationConfiguration (Prelude.Maybe OrganizationDataSourceConfigurations)
+updateOrganizationConfiguration_dataSources = Lens.lens (\UpdateOrganizationConfiguration' {dataSources} -> dataSources) (\s@UpdateOrganizationConfiguration' {} a -> s {dataSources = a} :: UpdateOrganizationConfiguration)
+
+-- | The ID of the detector to update the delegated administrator for.
+updateOrganizationConfiguration_detectorId :: Lens.Lens' UpdateOrganizationConfiguration Prelude.Text
+updateOrganizationConfiguration_detectorId = Lens.lens (\UpdateOrganizationConfiguration' {detectorId} -> detectorId) (\s@UpdateOrganizationConfiguration' {} a -> s {detectorId = a} :: UpdateOrganizationConfiguration)
+
+-- | Indicates whether to automatically enable member accounts in the
+-- organization.
+updateOrganizationConfiguration_autoEnable :: Lens.Lens' UpdateOrganizationConfiguration Prelude.Bool
+updateOrganizationConfiguration_autoEnable = Lens.lens (\UpdateOrganizationConfiguration' {autoEnable} -> autoEnable) (\s@UpdateOrganizationConfiguration' {} a -> s {autoEnable = a} :: UpdateOrganizationConfiguration)
+
+instance
+  Core.AWSRequest
+    UpdateOrganizationConfiguration
+  where
+  type
+    AWSResponse UpdateOrganizationConfiguration =
+      UpdateOrganizationConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateOrganizationConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateOrganizationConfiguration
+  where
+  hashWithSalt
+    _salt
+    UpdateOrganizationConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` dataSources
+        `Prelude.hashWithSalt` detectorId
+        `Prelude.hashWithSalt` autoEnable
+
+instance
+  Prelude.NFData
+    UpdateOrganizationConfiguration
+  where
+  rnf UpdateOrganizationConfiguration' {..} =
+    Prelude.rnf dataSources
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf autoEnable
+
+instance
+  Data.ToHeaders
+    UpdateOrganizationConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateOrganizationConfiguration where
+  toJSON UpdateOrganizationConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("dataSources" Data..=) Prelude.<$> dataSources,
+            Prelude.Just ("autoEnable" Data..= autoEnable)
+          ]
+      )
+
+instance Data.ToPath UpdateOrganizationConfiguration where
+  toPath UpdateOrganizationConfiguration' {..} =
+    Prelude.mconcat
+      ["/detector/", Data.toBS detectorId, "/admin"]
+
+instance Data.ToQuery UpdateOrganizationConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateOrganizationConfigurationResponse' smart constructor.
+data UpdateOrganizationConfigurationResponse = UpdateOrganizationConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateOrganizationConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateOrganizationConfigurationResponse_httpStatus' - The response's http status code.
+newUpdateOrganizationConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateOrganizationConfigurationResponse
+newUpdateOrganizationConfigurationResponse
+  pHttpStatus_ =
+    UpdateOrganizationConfigurationResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+updateOrganizationConfigurationResponse_httpStatus :: Lens.Lens' UpdateOrganizationConfigurationResponse Prelude.Int
+updateOrganizationConfigurationResponse_httpStatus = Lens.lens (\UpdateOrganizationConfigurationResponse' {httpStatus} -> httpStatus) (\s@UpdateOrganizationConfigurationResponse' {} a -> s {httpStatus = a} :: UpdateOrganizationConfigurationResponse)
+
+instance
+  Prelude.NFData
+    UpdateOrganizationConfigurationResponse
+  where
+  rnf UpdateOrganizationConfigurationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UpdatePublishingDestination.hs b/gen/Amazonka/GuardDuty/UpdatePublishingDestination.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdatePublishingDestination.hs
@@ -0,0 +1,203 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdatePublishingDestination
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates information about the publishing destination specified by the
+-- @destinationId@.
+module Amazonka.GuardDuty.UpdatePublishingDestination
+  ( -- * Creating a Request
+    UpdatePublishingDestination (..),
+    newUpdatePublishingDestination,
+
+    -- * Request Lenses
+    updatePublishingDestination_destinationProperties,
+    updatePublishingDestination_detectorId,
+    updatePublishingDestination_destinationId,
+
+    -- * Destructuring the Response
+    UpdatePublishingDestinationResponse (..),
+    newUpdatePublishingDestinationResponse,
+
+    -- * Response Lenses
+    updatePublishingDestinationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdatePublishingDestination' smart constructor.
+data UpdatePublishingDestination = UpdatePublishingDestination'
+  { -- | A @DestinationProperties@ object that includes the @DestinationArn@ and
+    -- @KmsKeyArn@ of the publishing destination.
+    destinationProperties :: Prelude.Maybe DestinationProperties,
+    -- | The ID of the detector associated with the publishing destinations to
+    -- update.
+    detectorId :: Prelude.Text,
+    -- | The ID of the publishing destination to update.
+    destinationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdatePublishingDestination' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'destinationProperties', 'updatePublishingDestination_destinationProperties' - A @DestinationProperties@ object that includes the @DestinationArn@ and
+-- @KmsKeyArn@ of the publishing destination.
+--
+-- 'detectorId', 'updatePublishingDestination_detectorId' - The ID of the detector associated with the publishing destinations to
+-- update.
+--
+-- 'destinationId', 'updatePublishingDestination_destinationId' - The ID of the publishing destination to update.
+newUpdatePublishingDestination ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'destinationId'
+  Prelude.Text ->
+  UpdatePublishingDestination
+newUpdatePublishingDestination
+  pDetectorId_
+  pDestinationId_ =
+    UpdatePublishingDestination'
+      { destinationProperties =
+          Prelude.Nothing,
+        detectorId = pDetectorId_,
+        destinationId = pDestinationId_
+      }
+
+-- | A @DestinationProperties@ object that includes the @DestinationArn@ and
+-- @KmsKeyArn@ of the publishing destination.
+updatePublishingDestination_destinationProperties :: Lens.Lens' UpdatePublishingDestination (Prelude.Maybe DestinationProperties)
+updatePublishingDestination_destinationProperties = Lens.lens (\UpdatePublishingDestination' {destinationProperties} -> destinationProperties) (\s@UpdatePublishingDestination' {} a -> s {destinationProperties = a} :: UpdatePublishingDestination)
+
+-- | The ID of the detector associated with the publishing destinations to
+-- update.
+updatePublishingDestination_detectorId :: Lens.Lens' UpdatePublishingDestination Prelude.Text
+updatePublishingDestination_detectorId = Lens.lens (\UpdatePublishingDestination' {detectorId} -> detectorId) (\s@UpdatePublishingDestination' {} a -> s {detectorId = a} :: UpdatePublishingDestination)
+
+-- | The ID of the publishing destination to update.
+updatePublishingDestination_destinationId :: Lens.Lens' UpdatePublishingDestination Prelude.Text
+updatePublishingDestination_destinationId = Lens.lens (\UpdatePublishingDestination' {destinationId} -> destinationId) (\s@UpdatePublishingDestination' {} a -> s {destinationId = a} :: UpdatePublishingDestination)
+
+instance Core.AWSRequest UpdatePublishingDestination where
+  type
+    AWSResponse UpdatePublishingDestination =
+      UpdatePublishingDestinationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdatePublishingDestinationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdatePublishingDestination where
+  hashWithSalt _salt UpdatePublishingDestination' {..} =
+    _salt
+      `Prelude.hashWithSalt` destinationProperties
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` destinationId
+
+instance Prelude.NFData UpdatePublishingDestination where
+  rnf UpdatePublishingDestination' {..} =
+    Prelude.rnf destinationProperties
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf destinationId
+
+instance Data.ToHeaders UpdatePublishingDestination where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdatePublishingDestination where
+  toJSON UpdatePublishingDestination' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("destinationProperties" Data..=)
+              Prelude.<$> destinationProperties
+          ]
+      )
+
+instance Data.ToPath UpdatePublishingDestination where
+  toPath UpdatePublishingDestination' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/publishingDestination/",
+        Data.toBS destinationId
+      ]
+
+instance Data.ToQuery UpdatePublishingDestination where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdatePublishingDestinationResponse' smart constructor.
+data UpdatePublishingDestinationResponse = UpdatePublishingDestinationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdatePublishingDestinationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updatePublishingDestinationResponse_httpStatus' - The response's http status code.
+newUpdatePublishingDestinationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdatePublishingDestinationResponse
+newUpdatePublishingDestinationResponse pHttpStatus_ =
+  UpdatePublishingDestinationResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updatePublishingDestinationResponse_httpStatus :: Lens.Lens' UpdatePublishingDestinationResponse Prelude.Int
+updatePublishingDestinationResponse_httpStatus = Lens.lens (\UpdatePublishingDestinationResponse' {httpStatus} -> httpStatus) (\s@UpdatePublishingDestinationResponse' {} a -> s {httpStatus = a} :: UpdatePublishingDestinationResponse)
+
+instance
+  Prelude.NFData
+    UpdatePublishingDestinationResponse
+  where
+  rnf UpdatePublishingDestinationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/UpdateThreatIntelSet.hs b/gen/Amazonka/GuardDuty/UpdateThreatIntelSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/UpdateThreatIntelSet.hs
@@ -0,0 +1,223 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.UpdateThreatIntelSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
+module Amazonka.GuardDuty.UpdateThreatIntelSet
+  ( -- * Creating a Request
+    UpdateThreatIntelSet (..),
+    newUpdateThreatIntelSet,
+
+    -- * Request Lenses
+    updateThreatIntelSet_activate,
+    updateThreatIntelSet_location,
+    updateThreatIntelSet_name,
+    updateThreatIntelSet_detectorId,
+    updateThreatIntelSet_threatIntelSetId,
+
+    -- * Destructuring the Response
+    UpdateThreatIntelSetResponse (..),
+    newUpdateThreatIntelSetResponse,
+
+    -- * Response Lenses
+    updateThreatIntelSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+
+-- | /See:/ 'newUpdateThreatIntelSet' smart constructor.
+data UpdateThreatIntelSet = UpdateThreatIntelSet'
+  { -- | The updated Boolean value that specifies whether the ThreateIntelSet is
+    -- active or not.
+    activate :: Prelude.Maybe Prelude.Bool,
+    -- | The updated URI of the file that contains the ThreateIntelSet.
+    location :: Prelude.Maybe Prelude.Text,
+    -- | The unique ID that specifies the ThreatIntelSet that you want to update.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The detectorID that specifies the GuardDuty service whose ThreatIntelSet
+    -- you want to update.
+    detectorId :: Prelude.Text,
+    -- | The unique ID that specifies the ThreatIntelSet that you want to update.
+    threatIntelSetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateThreatIntelSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'activate', 'updateThreatIntelSet_activate' - The updated Boolean value that specifies whether the ThreateIntelSet is
+-- active or not.
+--
+-- 'location', 'updateThreatIntelSet_location' - The updated URI of the file that contains the ThreateIntelSet.
+--
+-- 'name', 'updateThreatIntelSet_name' - The unique ID that specifies the ThreatIntelSet that you want to update.
+--
+-- 'detectorId', 'updateThreatIntelSet_detectorId' - The detectorID that specifies the GuardDuty service whose ThreatIntelSet
+-- you want to update.
+--
+-- 'threatIntelSetId', 'updateThreatIntelSet_threatIntelSetId' - The unique ID that specifies the ThreatIntelSet that you want to update.
+newUpdateThreatIntelSet ::
+  -- | 'detectorId'
+  Prelude.Text ->
+  -- | 'threatIntelSetId'
+  Prelude.Text ->
+  UpdateThreatIntelSet
+newUpdateThreatIntelSet
+  pDetectorId_
+  pThreatIntelSetId_ =
+    UpdateThreatIntelSet'
+      { activate = Prelude.Nothing,
+        location = Prelude.Nothing,
+        name = Prelude.Nothing,
+        detectorId = pDetectorId_,
+        threatIntelSetId = pThreatIntelSetId_
+      }
+
+-- | The updated Boolean value that specifies whether the ThreateIntelSet is
+-- active or not.
+updateThreatIntelSet_activate :: Lens.Lens' UpdateThreatIntelSet (Prelude.Maybe Prelude.Bool)
+updateThreatIntelSet_activate = Lens.lens (\UpdateThreatIntelSet' {activate} -> activate) (\s@UpdateThreatIntelSet' {} a -> s {activate = a} :: UpdateThreatIntelSet)
+
+-- | The updated URI of the file that contains the ThreateIntelSet.
+updateThreatIntelSet_location :: Lens.Lens' UpdateThreatIntelSet (Prelude.Maybe Prelude.Text)
+updateThreatIntelSet_location = Lens.lens (\UpdateThreatIntelSet' {location} -> location) (\s@UpdateThreatIntelSet' {} a -> s {location = a} :: UpdateThreatIntelSet)
+
+-- | The unique ID that specifies the ThreatIntelSet that you want to update.
+updateThreatIntelSet_name :: Lens.Lens' UpdateThreatIntelSet (Prelude.Maybe Prelude.Text)
+updateThreatIntelSet_name = Lens.lens (\UpdateThreatIntelSet' {name} -> name) (\s@UpdateThreatIntelSet' {} a -> s {name = a} :: UpdateThreatIntelSet)
+
+-- | The detectorID that specifies the GuardDuty service whose ThreatIntelSet
+-- you want to update.
+updateThreatIntelSet_detectorId :: Lens.Lens' UpdateThreatIntelSet Prelude.Text
+updateThreatIntelSet_detectorId = Lens.lens (\UpdateThreatIntelSet' {detectorId} -> detectorId) (\s@UpdateThreatIntelSet' {} a -> s {detectorId = a} :: UpdateThreatIntelSet)
+
+-- | The unique ID that specifies the ThreatIntelSet that you want to update.
+updateThreatIntelSet_threatIntelSetId :: Lens.Lens' UpdateThreatIntelSet Prelude.Text
+updateThreatIntelSet_threatIntelSetId = Lens.lens (\UpdateThreatIntelSet' {threatIntelSetId} -> threatIntelSetId) (\s@UpdateThreatIntelSet' {} a -> s {threatIntelSetId = a} :: UpdateThreatIntelSet)
+
+instance Core.AWSRequest UpdateThreatIntelSet where
+  type
+    AWSResponse UpdateThreatIntelSet =
+      UpdateThreatIntelSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateThreatIntelSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateThreatIntelSet where
+  hashWithSalt _salt UpdateThreatIntelSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` activate
+      `Prelude.hashWithSalt` location
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` detectorId
+      `Prelude.hashWithSalt` threatIntelSetId
+
+instance Prelude.NFData UpdateThreatIntelSet where
+  rnf UpdateThreatIntelSet' {..} =
+    Prelude.rnf activate
+      `Prelude.seq` Prelude.rnf location
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf detectorId
+      `Prelude.seq` Prelude.rnf threatIntelSetId
+
+instance Data.ToHeaders UpdateThreatIntelSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateThreatIntelSet where
+  toJSON UpdateThreatIntelSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("activate" Data..=) Prelude.<$> activate,
+            ("location" Data..=) Prelude.<$> location,
+            ("name" Data..=) Prelude.<$> name
+          ]
+      )
+
+instance Data.ToPath UpdateThreatIntelSet where
+  toPath UpdateThreatIntelSet' {..} =
+    Prelude.mconcat
+      [ "/detector/",
+        Data.toBS detectorId,
+        "/threatintelset/",
+        Data.toBS threatIntelSetId
+      ]
+
+instance Data.ToQuery UpdateThreatIntelSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateThreatIntelSetResponse' smart constructor.
+data UpdateThreatIntelSetResponse = UpdateThreatIntelSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateThreatIntelSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateThreatIntelSetResponse_httpStatus' - The response's http status code.
+newUpdateThreatIntelSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateThreatIntelSetResponse
+newUpdateThreatIntelSetResponse pHttpStatus_ =
+  UpdateThreatIntelSetResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateThreatIntelSetResponse_httpStatus :: Lens.Lens' UpdateThreatIntelSetResponse Prelude.Int
+updateThreatIntelSetResponse_httpStatus = Lens.lens (\UpdateThreatIntelSetResponse' {httpStatus} -> httpStatus) (\s@UpdateThreatIntelSetResponse' {} a -> s {httpStatus = a} :: UpdateThreatIntelSetResponse)
+
+instance Prelude.NFData UpdateThreatIntelSetResponse where
+  rnf UpdateThreatIntelSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/GuardDuty/Waiters.hs b/gen/Amazonka/GuardDuty/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/GuardDuty/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.GuardDuty.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.GuardDuty.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import Amazonka.GuardDuty.Lens
+import Amazonka.GuardDuty.Types
+import qualified Amazonka.Prelude as Prelude
diff --git a/gen/Network/AWS/GuardDuty.hs b/gen/Network/AWS/GuardDuty.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty.hs
+++ /dev/null
@@ -1,531 +0,0 @@
-{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
-{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Assess, monitor, manage, and remediate security issues across your AWS infrastructure, applications, and data.
-module Network.AWS.GuardDuty
-    (
-    -- * Service Configuration
-      guardDuty
-
-    -- * Errors
-    -- $errors
-
-    -- ** InternalServerErrorException
-    , _InternalServerErrorException
-
-    -- ** BadRequestException
-    , _BadRequestException
-
-    -- * Waiters
-    -- $waiters
-
-    -- * Operations
-    -- $operations
-
-    -- ** CreateFilter
-    , module Network.AWS.GuardDuty.CreateFilter
-
-    -- ** ListFindings (Paginated)
-    , module Network.AWS.GuardDuty.ListFindings
-
-    -- ** CreateIPSet
-    , module Network.AWS.GuardDuty.CreateIPSet
-
-    -- ** DeleteThreatIntelSet
-    , module Network.AWS.GuardDuty.DeleteThreatIntelSet
-
-    -- ** UpdateThreatIntelSet
-    , module Network.AWS.GuardDuty.UpdateThreatIntelSet
-
-    -- ** StopMonitoringMembers
-    , module Network.AWS.GuardDuty.StopMonitoringMembers
-
-    -- ** ListThreatIntelSets (Paginated)
-    , module Network.AWS.GuardDuty.ListThreatIntelSets
-
-    -- ** CreateThreatIntelSet
-    , module Network.AWS.GuardDuty.CreateThreatIntelSet
-
-    -- ** DeleteMembers
-    , module Network.AWS.GuardDuty.DeleteMembers
-
-    -- ** GetFindingsStatistics
-    , module Network.AWS.GuardDuty.GetFindingsStatistics
-
-    -- ** GetIPSet
-    , module Network.AWS.GuardDuty.GetIPSet
-
-    -- ** ListInvitations (Paginated)
-    , module Network.AWS.GuardDuty.ListInvitations
-
-    -- ** GetThreatIntelSet
-    , module Network.AWS.GuardDuty.GetThreatIntelSet
-
-    -- ** DeleteInvitations
-    , module Network.AWS.GuardDuty.DeleteInvitations
-
-    -- ** GetMasterAccount
-    , module Network.AWS.GuardDuty.GetMasterAccount
-
-    -- ** CreateDetector
-    , module Network.AWS.GuardDuty.CreateDetector
-
-    -- ** DeclineInvitations
-    , module Network.AWS.GuardDuty.DeclineInvitations
-
-    -- ** UpdateFilter
-    , module Network.AWS.GuardDuty.UpdateFilter
-
-    -- ** DeleteFilter
-    , module Network.AWS.GuardDuty.DeleteFilter
-
-    -- ** DisassociateMembers
-    , module Network.AWS.GuardDuty.DisassociateMembers
-
-    -- ** DisassociateFromMasterAccount
-    , module Network.AWS.GuardDuty.DisassociateFromMasterAccount
-
-    -- ** AcceptInvitation
-    , module Network.AWS.GuardDuty.AcceptInvitation
-
-    -- ** ListFilters (Paginated)
-    , module Network.AWS.GuardDuty.ListFilters
-
-    -- ** ListMembers (Paginated)
-    , module Network.AWS.GuardDuty.ListMembers
-
-    -- ** GetDetector
-    , module Network.AWS.GuardDuty.GetDetector
-
-    -- ** CreateSampleFindings
-    , module Network.AWS.GuardDuty.CreateSampleFindings
-
-    -- ** ArchiveFindings
-    , module Network.AWS.GuardDuty.ArchiveFindings
-
-    -- ** CreateMembers
-    , module Network.AWS.GuardDuty.CreateMembers
-
-    -- ** UnarchiveFindings
-    , module Network.AWS.GuardDuty.UnarchiveFindings
-
-    -- ** GetInvitationsCount
-    , module Network.AWS.GuardDuty.GetInvitationsCount
-
-    -- ** StartMonitoringMembers
-    , module Network.AWS.GuardDuty.StartMonitoringMembers
-
-    -- ** InviteMembers
-    , module Network.AWS.GuardDuty.InviteMembers
-
-    -- ** DeleteIPSet
-    , module Network.AWS.GuardDuty.DeleteIPSet
-
-    -- ** UpdateIPSet
-    , module Network.AWS.GuardDuty.UpdateIPSet
-
-    -- ** ListIPSets (Paginated)
-    , module Network.AWS.GuardDuty.ListIPSets
-
-    -- ** GetMembers
-    , module Network.AWS.GuardDuty.GetMembers
-
-    -- ** GetFindings
-    , module Network.AWS.GuardDuty.GetFindings
-
-    -- ** ListDetectors (Paginated)
-    , module Network.AWS.GuardDuty.ListDetectors
-
-    -- ** UpdateDetector
-    , module Network.AWS.GuardDuty.UpdateDetector
-
-    -- ** DeleteDetector
-    , module Network.AWS.GuardDuty.DeleteDetector
-
-    -- ** UpdateFindingsFeedback
-    , module Network.AWS.GuardDuty.UpdateFindingsFeedback
-
-    -- ** GetFilter
-    , module Network.AWS.GuardDuty.GetFilter
-
-    -- * Types
-
-    -- ** DetectorStatus
-    , DetectorStatus (..)
-
-    -- ** Feedback
-    , Feedback (..)
-
-    -- ** FilterAction
-    , FilterAction (..)
-
-    -- ** FindingStatisticType
-    , FindingStatisticType (..)
-
-    -- ** IPSetFormat
-    , IPSetFormat (..)
-
-    -- ** IPSetStatus
-    , IPSetStatus (..)
-
-    -- ** OrderBy
-    , OrderBy (..)
-
-    -- ** ThreatIntelSetFormat
-    , ThreatIntelSetFormat (..)
-
-    -- ** ThreatIntelSetStatus
-    , ThreatIntelSetStatus (..)
-
-    -- ** AWSAPICallAction
-    , AWSAPICallAction
-    , awsAPICallAction
-    , aacaRemoteIPDetails
-    , aacaCallerType
-    , aacaDomainDetails
-    , aacaServiceName
-    , aacaAPI
-
-    -- ** AccessKeyDetails
-    , AccessKeyDetails
-    , accessKeyDetails
-    , akdPrincipalId
-    , akdUserName
-    , akdAccessKeyId
-    , akdUserType
-
-    -- ** AccountDetail
-    , AccountDetail
-    , accountDetail
-    , adEmail
-    , adAccountId
-
-    -- ** Action
-    , Action
-    , action
-    , aNetworkConnectionAction
-    , aPortProbeAction
-    , aActionType
-    , aDNSRequestAction
-    , aAWSAPICallAction
-
-    -- ** City
-    , City
-    , city
-    , cCityName
-
-    -- ** Condition
-    , Condition
-    , condition
-    , cEQ
-    , cLte
-    , cGT
-    , cNeq
-    , cLT
-    , cGte
-
-    -- ** Country
-    , Country
-    , country
-    , cCountryName
-    , cCountryCode
-
-    -- ** DNSRequestAction
-    , DNSRequestAction
-    , dnsRequestAction
-    , draDomain
-
-    -- ** DomainDetails
-    , DomainDetails
-    , domainDetails
-
-    -- ** Finding
-    , Finding
-    , finding
-    , fService
-    , fConfidence
-    , fPartition
-    , fTitle
-    , fDescription
-    , fAccountId
-    , fSchemaVersion
-    , fCreatedAt
-    , fResource
-    , fSeverity
-    , fUpdatedAt
-    , fType
-    , fRegion
-    , fId
-    , fARN
-
-    -- ** FindingCriteria
-    , FindingCriteria
-    , findingCriteria
-    , fcCriterion
-
-    -- ** FindingStatistics
-    , FindingStatistics
-    , findingStatistics
-    , fsCountBySeverity
-
-    -- ** GeoLocation
-    , GeoLocation
-    , geoLocation
-    , glLat
-    , glLon
-
-    -- ** IAMInstanceProfile
-    , IAMInstanceProfile
-    , iamInstanceProfile
-    , iapARN
-    , iapId
-
-    -- ** InstanceDetails
-    , InstanceDetails
-    , instanceDetails
-    , idInstanceId
-    , idPlatform
-    , idLaunchTime
-    , idNetworkInterfaces
-    , idInstanceType
-    , idAvailabilityZone
-    , idIAMInstanceProfile
-    , idImageId
-    , idProductCodes
-    , idInstanceState
-    , idTags
-    , idImageDescription
-
-    -- ** Invitation
-    , Invitation
-    , invitation
-    , iInvitedAt
-    , iRelationshipStatus
-    , iInvitationId
-    , iAccountId
-
-    -- ** LocalPortDetails
-    , LocalPortDetails
-    , localPortDetails
-    , lpdPortName
-    , lpdPort
-
-    -- ** Master
-    , Master
-    , master
-    , masInvitedAt
-    , masRelationshipStatus
-    , masInvitationId
-    , masAccountId
-
-    -- ** Member
-    , Member
-    , member
-    , mInvitedAt
-    , mDetectorId
-    , mEmail
-    , mAccountId
-    , mMasterId
-    , mUpdatedAt
-    , mRelationshipStatus
-
-    -- ** NetworkConnectionAction
-    , NetworkConnectionAction
-    , networkConnectionAction
-    , ncaRemoteIPDetails
-    , ncaProtocol
-    , ncaRemotePortDetails
-    , ncaBlocked
-    , ncaConnectionDirection
-    , ncaLocalPortDetails
-
-    -- ** NetworkInterface
-    , NetworkInterface
-    , networkInterface
-    , niPrivateIPAddresses
-    , niPublicDNSName
-    , niSecurityGroups
-    , niVPCId
-    , niNetworkInterfaceId
-    , niSubnetId
-    , niPrivateIPAddress
-    , niPublicIP
-    , niPrivateDNSName
-    , niIPv6Addresses
-
-    -- ** Organization
-    , Organization
-    , organization
-    , oOrg
-    , oASNOrg
-    , oASN
-    , oIsp
-
-    -- ** PortProbeAction
-    , PortProbeAction
-    , portProbeAction
-    , ppaPortProbeDetails
-    , ppaBlocked
-
-    -- ** PortProbeDetail
-    , PortProbeDetail
-    , portProbeDetail
-    , ppdRemoteIPDetails
-    , ppdLocalPortDetails
-
-    -- ** PrivateIPAddressDetails
-    , PrivateIPAddressDetails
-    , privateIPAddressDetails
-    , piadPrivateIPAddress
-    , piadPrivateDNSName
-
-    -- ** ProductCode
-    , ProductCode
-    , productCode
-    , pcProductType
-    , pcCode
-
-    -- ** RemoteIPDetails
-    , RemoteIPDetails
-    , remoteIPDetails
-    , ridCountry
-    , ridCity
-    , ridIPAddressV4
-    , ridGeoLocation
-    , ridOrganization
-
-    -- ** RemotePortDetails
-    , RemotePortDetails
-    , remotePortDetails
-    , rpdPortName
-    , rpdPort
-
-    -- ** Resource
-    , Resource
-    , resource
-    , rResourceType
-    , rInstanceDetails
-    , rAccessKeyDetails
-
-    -- ** SecurityGroup
-    , SecurityGroup
-    , securityGroup
-    , sgGroupId
-    , sgGroupName
-
-    -- ** ServiceInfo
-    , ServiceInfo
-    , serviceInfo
-    , siCount
-    , siEventFirstSeen
-    , siAction
-    , siDetectorId
-    , siServiceName
-    , siUserFeedback
-    , siEventLastSeen
-    , siResourceRole
-    , siArchived
-
-    -- ** SortCriteria
-    , SortCriteria
-    , sortCriteria
-    , scOrderBy
-    , scAttributeName
-
-    -- ** Tag
-    , Tag
-    , tag
-    , tagValue
-    , tagKey
-
-    -- ** UnprocessedAccount
-    , UnprocessedAccount
-    , unprocessedAccount
-    , uaAccountId
-    , uaResult
-    ) where
-
-import Network.AWS.GuardDuty.AcceptInvitation
-import Network.AWS.GuardDuty.ArchiveFindings
-import Network.AWS.GuardDuty.CreateDetector
-import Network.AWS.GuardDuty.CreateFilter
-import Network.AWS.GuardDuty.CreateIPSet
-import Network.AWS.GuardDuty.CreateMembers
-import Network.AWS.GuardDuty.CreateSampleFindings
-import Network.AWS.GuardDuty.CreateThreatIntelSet
-import Network.AWS.GuardDuty.DeclineInvitations
-import Network.AWS.GuardDuty.DeleteDetector
-import Network.AWS.GuardDuty.DeleteFilter
-import Network.AWS.GuardDuty.DeleteInvitations
-import Network.AWS.GuardDuty.DeleteIPSet
-import Network.AWS.GuardDuty.DeleteMembers
-import Network.AWS.GuardDuty.DeleteThreatIntelSet
-import Network.AWS.GuardDuty.DisassociateFromMasterAccount
-import Network.AWS.GuardDuty.DisassociateMembers
-import Network.AWS.GuardDuty.GetDetector
-import Network.AWS.GuardDuty.GetFilter
-import Network.AWS.GuardDuty.GetFindings
-import Network.AWS.GuardDuty.GetFindingsStatistics
-import Network.AWS.GuardDuty.GetInvitationsCount
-import Network.AWS.GuardDuty.GetIPSet
-import Network.AWS.GuardDuty.GetMasterAccount
-import Network.AWS.GuardDuty.GetMembers
-import Network.AWS.GuardDuty.GetThreatIntelSet
-import Network.AWS.GuardDuty.InviteMembers
-import Network.AWS.GuardDuty.ListDetectors
-import Network.AWS.GuardDuty.ListFilters
-import Network.AWS.GuardDuty.ListFindings
-import Network.AWS.GuardDuty.ListInvitations
-import Network.AWS.GuardDuty.ListIPSets
-import Network.AWS.GuardDuty.ListMembers
-import Network.AWS.GuardDuty.ListThreatIntelSets
-import Network.AWS.GuardDuty.StartMonitoringMembers
-import Network.AWS.GuardDuty.StopMonitoringMembers
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.UnarchiveFindings
-import Network.AWS.GuardDuty.UpdateDetector
-import Network.AWS.GuardDuty.UpdateFilter
-import Network.AWS.GuardDuty.UpdateFindingsFeedback
-import Network.AWS.GuardDuty.UpdateIPSet
-import Network.AWS.GuardDuty.UpdateThreatIntelSet
-import Network.AWS.GuardDuty.Waiters
-
-{- $errors
-Error matchers are designed for use with the functions provided by
-<http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
-This allows catching (and rethrowing) service specific errors returned
-by 'GuardDuty'.
--}
-
-{- $operations
-Some AWS operations return results that are incomplete and require subsequent
-requests in order to obtain the entire result set. The process of sending
-subsequent requests to continue where a previous request left off is called
-pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
-1000 objects at a time, and you must send subsequent requests with the
-appropriate Marker in order to retrieve the next page of results.
-
-Operations that have an 'AWSPager' instance can transparently perform subsequent
-requests, correctly setting Markers and other request facets to iterate through
-the entire result set of a truncated API operation. Operations which support
-this have an additional note in the documentation.
-
-Many operations have the ability to filter results on the server side. See the
-individual operation parameters for details.
--}
-
-{- $waiters
-Waiters poll by repeatedly sending a request until some remote success condition
-configured by the 'Wait' specification is fulfilled. The 'Wait' specification
-determines how many attempts should be made, in addition to delay and retry strategies.
--}
diff --git a/gen/Network/AWS/GuardDuty/AcceptInvitation.hs b/gen/Network/AWS/GuardDuty/AcceptInvitation.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/AcceptInvitation.hs
+++ /dev/null
@@ -1,144 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.AcceptInvitation
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Accepts the invitation to be monitored by a master GuardDuty account.
-module Network.AWS.GuardDuty.AcceptInvitation
-    (
-    -- * Creating a Request
-      acceptInvitation
-    , AcceptInvitation
-    -- * Request Lenses
-    , aiMasterId
-    , aiInvitationId
-    , aiDetectorId
-
-    -- * Destructuring the Response
-    , acceptInvitationResponse
-    , AcceptInvitationResponse
-    -- * Response Lenses
-    , airsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | AcceptInvitation request body.
---
--- /See:/ 'acceptInvitation' smart constructor.
-data AcceptInvitation = AcceptInvitation'
-  { _aiMasterId     :: !(Maybe Text)
-  , _aiInvitationId :: !(Maybe Text)
-  , _aiDetectorId   :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AcceptInvitation' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'aiMasterId' - The account ID of the master GuardDuty account whose invitation you're accepting.
---
--- * 'aiInvitationId' - This value is used to validate the master account to the member account.
---
--- * 'aiDetectorId' - The unique ID of the detector of the GuardDuty member account.
-acceptInvitation
-    :: Text -- ^ 'aiDetectorId'
-    -> AcceptInvitation
-acceptInvitation pDetectorId_ =
-  AcceptInvitation'
-    { _aiMasterId = Nothing
-    , _aiInvitationId = Nothing
-    , _aiDetectorId = pDetectorId_
-    }
-
-
--- | The account ID of the master GuardDuty account whose invitation you're accepting.
-aiMasterId :: Lens' AcceptInvitation (Maybe Text)
-aiMasterId = lens _aiMasterId (\ s a -> s{_aiMasterId = a})
-
--- | This value is used to validate the master account to the member account.
-aiInvitationId :: Lens' AcceptInvitation (Maybe Text)
-aiInvitationId = lens _aiInvitationId (\ s a -> s{_aiInvitationId = a})
-
--- | The unique ID of the detector of the GuardDuty member account.
-aiDetectorId :: Lens' AcceptInvitation Text
-aiDetectorId = lens _aiDetectorId (\ s a -> s{_aiDetectorId = a})
-
-instance AWSRequest AcceptInvitation where
-        type Rs AcceptInvitation = AcceptInvitationResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 AcceptInvitationResponse' <$> (pure (fromEnum s)))
-
-instance Hashable AcceptInvitation where
-
-instance NFData AcceptInvitation where
-
-instance ToHeaders AcceptInvitation where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON AcceptInvitation where
-        toJSON AcceptInvitation'{..}
-          = object
-              (catMaybes
-                 [("masterId" .=) <$> _aiMasterId,
-                  ("invitationId" .=) <$> _aiInvitationId])
-
-instance ToPath AcceptInvitation where
-        toPath AcceptInvitation'{..}
-          = mconcat
-              ["/detector/", toBS _aiDetectorId, "/master"]
-
-instance ToQuery AcceptInvitation where
-        toQuery = const mempty
-
--- | /See:/ 'acceptInvitationResponse' smart constructor.
-newtype AcceptInvitationResponse = AcceptInvitationResponse'
-  { _airsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AcceptInvitationResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'airsResponseStatus' - -- | The response status code.
-acceptInvitationResponse
-    :: Int -- ^ 'airsResponseStatus'
-    -> AcceptInvitationResponse
-acceptInvitationResponse pResponseStatus_ =
-  AcceptInvitationResponse' {_airsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-airsResponseStatus :: Lens' AcceptInvitationResponse Int
-airsResponseStatus = lens _airsResponseStatus (\ s a -> s{_airsResponseStatus = a})
-
-instance NFData AcceptInvitationResponse where
diff --git a/gen/Network/AWS/GuardDuty/ArchiveFindings.hs b/gen/Network/AWS/GuardDuty/ArchiveFindings.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ArchiveFindings.hs
+++ /dev/null
@@ -1,131 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ArchiveFindings
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Archives Amazon GuardDuty findings specified by the list of finding IDs.
-module Network.AWS.GuardDuty.ArchiveFindings
-    (
-    -- * Creating a Request
-      archiveFindings
-    , ArchiveFindings
-    -- * Request Lenses
-    , afFindingIds
-    , afDetectorId
-
-    -- * Destructuring the Response
-    , archiveFindingsResponse
-    , ArchiveFindingsResponse
-    -- * Response Lenses
-    , afrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | ArchiveFindings request body.
---
--- /See:/ 'archiveFindings' smart constructor.
-data ArchiveFindings = ArchiveFindings'
-  { _afFindingIds :: !(Maybe [Text])
-  , _afDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ArchiveFindings' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'afFindingIds' - IDs of the findings that you want to archive.
---
--- * 'afDetectorId' - The ID of the detector that specifies the GuardDuty service whose findings you want to archive.
-archiveFindings
-    :: Text -- ^ 'afDetectorId'
-    -> ArchiveFindings
-archiveFindings pDetectorId_ =
-  ArchiveFindings' {_afFindingIds = Nothing, _afDetectorId = pDetectorId_}
-
-
--- | IDs of the findings that you want to archive.
-afFindingIds :: Lens' ArchiveFindings [Text]
-afFindingIds = lens _afFindingIds (\ s a -> s{_afFindingIds = a}) . _Default . _Coerce
-
--- | The ID of the detector that specifies the GuardDuty service whose findings you want to archive.
-afDetectorId :: Lens' ArchiveFindings Text
-afDetectorId = lens _afDetectorId (\ s a -> s{_afDetectorId = a})
-
-instance AWSRequest ArchiveFindings where
-        type Rs ArchiveFindings = ArchiveFindingsResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 ArchiveFindingsResponse' <$> (pure (fromEnum s)))
-
-instance Hashable ArchiveFindings where
-
-instance NFData ArchiveFindings where
-
-instance ToHeaders ArchiveFindings where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON ArchiveFindings where
-        toJSON ArchiveFindings'{..}
-          = object
-              (catMaybes [("findingIds" .=) <$> _afFindingIds])
-
-instance ToPath ArchiveFindings where
-        toPath ArchiveFindings'{..}
-          = mconcat
-              ["/detector/", toBS _afDetectorId,
-               "/findings/archive"]
-
-instance ToQuery ArchiveFindings where
-        toQuery = const mempty
-
--- | /See:/ 'archiveFindingsResponse' smart constructor.
-newtype ArchiveFindingsResponse = ArchiveFindingsResponse'
-  { _afrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ArchiveFindingsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'afrsResponseStatus' - -- | The response status code.
-archiveFindingsResponse
-    :: Int -- ^ 'afrsResponseStatus'
-    -> ArchiveFindingsResponse
-archiveFindingsResponse pResponseStatus_ =
-  ArchiveFindingsResponse' {_afrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-afrsResponseStatus :: Lens' ArchiveFindingsResponse Int
-afrsResponseStatus = lens _afrsResponseStatus (\ s a -> s{_afrsResponseStatus = a})
-
-instance NFData ArchiveFindingsResponse where
diff --git a/gen/Network/AWS/GuardDuty/CreateDetector.hs b/gen/Network/AWS/GuardDuty/CreateDetector.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/CreateDetector.hs
+++ /dev/null
@@ -1,127 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.CreateDetector
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Creates a single Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector must be created in order for GuardDuty to become operational.
-module Network.AWS.GuardDuty.CreateDetector
-    (
-    -- * Creating a Request
-      createDetector
-    , CreateDetector
-    -- * Request Lenses
-    , cdEnable
-
-    -- * Destructuring the Response
-    , createDetectorResponse
-    , CreateDetectorResponse
-    -- * Response Lenses
-    , cdrsDetectorId
-    , cdrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | CreateDetector request body.
---
--- /See:/ 'createDetector' smart constructor.
-newtype CreateDetector = CreateDetector'
-  { _cdEnable :: Maybe Bool
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateDetector' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cdEnable' - A boolean value that specifies whether the detector is to be enabled.
-createDetector
-    :: CreateDetector
-createDetector = CreateDetector' {_cdEnable = Nothing}
-
-
--- | A boolean value that specifies whether the detector is to be enabled.
-cdEnable :: Lens' CreateDetector (Maybe Bool)
-cdEnable = lens _cdEnable (\ s a -> s{_cdEnable = a})
-
-instance AWSRequest CreateDetector where
-        type Rs CreateDetector = CreateDetectorResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 CreateDetectorResponse' <$>
-                   (x .?> "detectorId") <*> (pure (fromEnum s)))
-
-instance Hashable CreateDetector where
-
-instance NFData CreateDetector where
-
-instance ToHeaders CreateDetector where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateDetector where
-        toJSON CreateDetector'{..}
-          = object (catMaybes [("enable" .=) <$> _cdEnable])
-
-instance ToPath CreateDetector where
-        toPath = const "/detector"
-
-instance ToQuery CreateDetector where
-        toQuery = const mempty
-
--- | /See:/ 'createDetectorResponse' smart constructor.
-data CreateDetectorResponse = CreateDetectorResponse'
-  { _cdrsDetectorId     :: !(Maybe Text)
-  , _cdrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateDetectorResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cdrsDetectorId' - The unique ID of the created detector.
---
--- * 'cdrsResponseStatus' - -- | The response status code.
-createDetectorResponse
-    :: Int -- ^ 'cdrsResponseStatus'
-    -> CreateDetectorResponse
-createDetectorResponse pResponseStatus_ =
-  CreateDetectorResponse'
-    {_cdrsDetectorId = Nothing, _cdrsResponseStatus = pResponseStatus_}
-
-
--- | The unique ID of the created detector.
-cdrsDetectorId :: Lens' CreateDetectorResponse (Maybe Text)
-cdrsDetectorId = lens _cdrsDetectorId (\ s a -> s{_cdrsDetectorId = a})
-
--- | -- | The response status code.
-cdrsResponseStatus :: Lens' CreateDetectorResponse Int
-cdrsResponseStatus = lens _cdrsResponseStatus (\ s a -> s{_cdrsResponseStatus = a})
-
-instance NFData CreateDetectorResponse where
diff --git a/gen/Network/AWS/GuardDuty/CreateFilter.hs b/gen/Network/AWS/GuardDuty/CreateFilter.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/CreateFilter.hs
+++ /dev/null
@@ -1,193 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.CreateFilter
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Creates a filter using the specified finding criteria.
-module Network.AWS.GuardDuty.CreateFilter
-    (
-    -- * Creating a Request
-      createFilter
-    , CreateFilter
-    -- * Request Lenses
-    , cfClientToken
-    , cfFindingCriteria
-    , cfAction
-    , cfName
-    , cfDescription
-    , cfRank
-    , cfDetectorId
-
-    -- * Destructuring the Response
-    , createFilterResponse
-    , CreateFilterResponse
-    -- * Response Lenses
-    , cfrsName
-    , cfrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | CreateFilterRequest request body.
---
--- /See:/ 'createFilter' smart constructor.
-data CreateFilter = CreateFilter'
-  { _cfClientToken     :: !(Maybe Text)
-  , _cfFindingCriteria :: !(Maybe FindingCriteria)
-  , _cfAction          :: !(Maybe FilterAction)
-  , _cfName            :: !(Maybe Text)
-  , _cfDescription     :: !(Maybe Text)
-  , _cfRank            :: !(Maybe Int)
-  , _cfDetectorId      :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateFilter' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cfClientToken' - The idempotency token for the create request.
---
--- * 'cfFindingCriteria' - Represents the criteria to be used in the filter for querying findings.
---
--- * 'cfAction' - Specifies the action that is to be applied to the findings that match the filter.
---
--- * 'cfName' - The name of the filter.
---
--- * 'cfDescription' - The description of the filter.
---
--- * 'cfRank' - Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
---
--- * 'cfDetectorId' - The unique ID of the detector that you want to update.
-createFilter
-    :: Text -- ^ 'cfDetectorId'
-    -> CreateFilter
-createFilter pDetectorId_ =
-  CreateFilter'
-    { _cfClientToken = Nothing
-    , _cfFindingCriteria = Nothing
-    , _cfAction = Nothing
-    , _cfName = Nothing
-    , _cfDescription = Nothing
-    , _cfRank = Nothing
-    , _cfDetectorId = pDetectorId_
-    }
-
-
--- | The idempotency token for the create request.
-cfClientToken :: Lens' CreateFilter (Maybe Text)
-cfClientToken = lens _cfClientToken (\ s a -> s{_cfClientToken = a})
-
--- | Represents the criteria to be used in the filter for querying findings.
-cfFindingCriteria :: Lens' CreateFilter (Maybe FindingCriteria)
-cfFindingCriteria = lens _cfFindingCriteria (\ s a -> s{_cfFindingCriteria = a})
-
--- | Specifies the action that is to be applied to the findings that match the filter.
-cfAction :: Lens' CreateFilter (Maybe FilterAction)
-cfAction = lens _cfAction (\ s a -> s{_cfAction = a})
-
--- | The name of the filter.
-cfName :: Lens' CreateFilter (Maybe Text)
-cfName = lens _cfName (\ s a -> s{_cfName = a})
-
--- | The description of the filter.
-cfDescription :: Lens' CreateFilter (Maybe Text)
-cfDescription = lens _cfDescription (\ s a -> s{_cfDescription = a})
-
--- | Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
-cfRank :: Lens' CreateFilter (Maybe Int)
-cfRank = lens _cfRank (\ s a -> s{_cfRank = a})
-
--- | The unique ID of the detector that you want to update.
-cfDetectorId :: Lens' CreateFilter Text
-cfDetectorId = lens _cfDetectorId (\ s a -> s{_cfDetectorId = a})
-
-instance AWSRequest CreateFilter where
-        type Rs CreateFilter = CreateFilterResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 CreateFilterResponse' <$>
-                   (x .?> "name") <*> (pure (fromEnum s)))
-
-instance Hashable CreateFilter where
-
-instance NFData CreateFilter where
-
-instance ToHeaders CreateFilter where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateFilter where
-        toJSON CreateFilter'{..}
-          = object
-              (catMaybes
-                 [("clientToken" .=) <$> _cfClientToken,
-                  ("findingCriteria" .=) <$> _cfFindingCriteria,
-                  ("action" .=) <$> _cfAction, ("name" .=) <$> _cfName,
-                  ("description" .=) <$> _cfDescription,
-                  ("rank" .=) <$> _cfRank])
-
-instance ToPath CreateFilter where
-        toPath CreateFilter'{..}
-          = mconcat
-              ["/detector/", toBS _cfDetectorId, "/filter"]
-
-instance ToQuery CreateFilter where
-        toQuery = const mempty
-
--- | /See:/ 'createFilterResponse' smart constructor.
-data CreateFilterResponse = CreateFilterResponse'
-  { _cfrsName           :: !(Maybe Text)
-  , _cfrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateFilterResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cfrsName' - The name of the successfully created filter.
---
--- * 'cfrsResponseStatus' - -- | The response status code.
-createFilterResponse
-    :: Int -- ^ 'cfrsResponseStatus'
-    -> CreateFilterResponse
-createFilterResponse pResponseStatus_ =
-  CreateFilterResponse'
-    {_cfrsName = Nothing, _cfrsResponseStatus = pResponseStatus_}
-
-
--- | The name of the successfully created filter.
-cfrsName :: Lens' CreateFilterResponse (Maybe Text)
-cfrsName = lens _cfrsName (\ s a -> s{_cfrsName = a})
-
--- | -- | The response status code.
-cfrsResponseStatus :: Lens' CreateFilterResponse Int
-cfrsResponseStatus = lens _cfrsResponseStatus (\ s a -> s{_cfrsResponseStatus = a})
-
-instance NFData CreateFilterResponse where
diff --git a/gen/Network/AWS/GuardDuty/CreateIPSet.hs b/gen/Network/AWS/GuardDuty/CreateIPSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/CreateIPSet.hs
+++ /dev/null
@@ -1,174 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.CreateIPSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Creates a new IPSet - a list of trusted IP addresses that have been whitelisted for secure communication with AWS infrastructure and applications.
-module Network.AWS.GuardDuty.CreateIPSet
-    (
-    -- * Creating a Request
-      createIPSet
-    , CreateIPSet
-    -- * Request Lenses
-    , cisLocation
-    , cisFormat
-    , cisActivate
-    , cisName
-    , cisDetectorId
-
-    -- * Destructuring the Response
-    , createIPSetResponse
-    , CreateIPSetResponse
-    -- * Response Lenses
-    , cisrsIPSetId
-    , cisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | CreateIPSet request body.
---
--- /See:/ 'createIPSet' smart constructor.
-data CreateIPSet = CreateIPSet'
-  { _cisLocation   :: !(Maybe Text)
-  , _cisFormat     :: !(Maybe IPSetFormat)
-  , _cisActivate   :: !(Maybe Bool)
-  , _cisName       :: !(Maybe Text)
-  , _cisDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateIPSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cisLocation' - The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
---
--- * 'cisFormat' - The format of the file that contains the IPSet.
---
--- * 'cisActivate' - A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.
---
--- * 'cisName' - The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
---
--- * 'cisDetectorId' - The unique ID of the detector that you want to update.
-createIPSet
-    :: Text -- ^ 'cisDetectorId'
-    -> CreateIPSet
-createIPSet pDetectorId_ =
-  CreateIPSet'
-    { _cisLocation = Nothing
-    , _cisFormat = Nothing
-    , _cisActivate = Nothing
-    , _cisName = Nothing
-    , _cisDetectorId = pDetectorId_
-    }
-
-
--- | The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
-cisLocation :: Lens' CreateIPSet (Maybe Text)
-cisLocation = lens _cisLocation (\ s a -> s{_cisLocation = a})
-
--- | The format of the file that contains the IPSet.
-cisFormat :: Lens' CreateIPSet (Maybe IPSetFormat)
-cisFormat = lens _cisFormat (\ s a -> s{_cisFormat = a})
-
--- | A boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.
-cisActivate :: Lens' CreateIPSet (Maybe Bool)
-cisActivate = lens _cisActivate (\ s a -> s{_cisActivate = a})
-
--- | The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
-cisName :: Lens' CreateIPSet (Maybe Text)
-cisName = lens _cisName (\ s a -> s{_cisName = a})
-
--- | The unique ID of the detector that you want to update.
-cisDetectorId :: Lens' CreateIPSet Text
-cisDetectorId = lens _cisDetectorId (\ s a -> s{_cisDetectorId = a})
-
-instance AWSRequest CreateIPSet where
-        type Rs CreateIPSet = CreateIPSetResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 CreateIPSetResponse' <$>
-                   (x .?> "ipSetId") <*> (pure (fromEnum s)))
-
-instance Hashable CreateIPSet where
-
-instance NFData CreateIPSet where
-
-instance ToHeaders CreateIPSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateIPSet where
-        toJSON CreateIPSet'{..}
-          = object
-              (catMaybes
-                 [("location" .=) <$> _cisLocation,
-                  ("format" .=) <$> _cisFormat,
-                  ("activate" .=) <$> _cisActivate,
-                  ("name" .=) <$> _cisName])
-
-instance ToPath CreateIPSet where
-        toPath CreateIPSet'{..}
-          = mconcat
-              ["/detector/", toBS _cisDetectorId, "/ipset"]
-
-instance ToQuery CreateIPSet where
-        toQuery = const mempty
-
--- | /See:/ 'createIPSetResponse' smart constructor.
-data CreateIPSetResponse = CreateIPSetResponse'
-  { _cisrsIPSetId        :: !(Maybe Text)
-  , _cisrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateIPSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cisrsIPSetId' - Undocumented member.
---
--- * 'cisrsResponseStatus' - -- | The response status code.
-createIPSetResponse
-    :: Int -- ^ 'cisrsResponseStatus'
-    -> CreateIPSetResponse
-createIPSetResponse pResponseStatus_ =
-  CreateIPSetResponse'
-    {_cisrsIPSetId = Nothing, _cisrsResponseStatus = pResponseStatus_}
-
-
--- | Undocumented member.
-cisrsIPSetId :: Lens' CreateIPSetResponse (Maybe Text)
-cisrsIPSetId = lens _cisrsIPSetId (\ s a -> s{_cisrsIPSetId = a})
-
--- | -- | The response status code.
-cisrsResponseStatus :: Lens' CreateIPSetResponse Int
-cisrsResponseStatus = lens _cisrsResponseStatus (\ s a -> s{_cisrsResponseStatus = a})
-
-instance NFData CreateIPSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/CreateMembers.hs b/gen/Network/AWS/GuardDuty/CreateMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/CreateMembers.hs
+++ /dev/null
@@ -1,142 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.CreateMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Creates member accounts of the current AWS account by specifying a list of AWS account IDs. The current AWS account can then invite these members to manage GuardDuty in their accounts.
-module Network.AWS.GuardDuty.CreateMembers
-    (
-    -- * Creating a Request
-      createMembers
-    , CreateMembers
-    -- * Request Lenses
-    , cmAccountDetails
-    , cmDetectorId
-
-    -- * Destructuring the Response
-    , createMembersResponse
-    , CreateMembersResponse
-    -- * Response Lenses
-    , cmrsUnprocessedAccounts
-    , cmrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | CreateMembers request body.
---
--- /See:/ 'createMembers' smart constructor.
-data CreateMembers = CreateMembers'
-  { _cmAccountDetails :: !(Maybe [AccountDetail])
-  , _cmDetectorId     :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cmAccountDetails' - A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account.
---
--- * 'cmDetectorId' - The unique ID of the detector of the GuardDuty account with which you want to associate member accounts.
-createMembers
-    :: Text -- ^ 'cmDetectorId'
-    -> CreateMembers
-createMembers pDetectorId_ =
-  CreateMembers' {_cmAccountDetails = Nothing, _cmDetectorId = pDetectorId_}
-
-
--- | A list of account ID and email address pairs of the accounts that you want to associate with the master GuardDuty account.
-cmAccountDetails :: Lens' CreateMembers [AccountDetail]
-cmAccountDetails = lens _cmAccountDetails (\ s a -> s{_cmAccountDetails = a}) . _Default . _Coerce
-
--- | The unique ID of the detector of the GuardDuty account with which you want to associate member accounts.
-cmDetectorId :: Lens' CreateMembers Text
-cmDetectorId = lens _cmDetectorId (\ s a -> s{_cmDetectorId = a})
-
-instance AWSRequest CreateMembers where
-        type Rs CreateMembers = CreateMembersResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 CreateMembersResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable CreateMembers where
-
-instance NFData CreateMembers where
-
-instance ToHeaders CreateMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateMembers where
-        toJSON CreateMembers'{..}
-          = object
-              (catMaybes
-                 [("accountDetails" .=) <$> _cmAccountDetails])
-
-instance ToPath CreateMembers where
-        toPath CreateMembers'{..}
-          = mconcat
-              ["/detector/", toBS _cmDetectorId, "/member"]
-
-instance ToQuery CreateMembers where
-        toQuery = const mempty
-
--- | /See:/ 'createMembersResponse' smart constructor.
-data CreateMembersResponse = CreateMembersResponse'
-  { _cmrsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _cmrsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cmrsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'cmrsResponseStatus' - -- | The response status code.
-createMembersResponse
-    :: Int -- ^ 'cmrsResponseStatus'
-    -> CreateMembersResponse
-createMembersResponse pResponseStatus_ =
-  CreateMembersResponse'
-    {_cmrsUnprocessedAccounts = Nothing, _cmrsResponseStatus = pResponseStatus_}
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-cmrsUnprocessedAccounts :: Lens' CreateMembersResponse [UnprocessedAccount]
-cmrsUnprocessedAccounts = lens _cmrsUnprocessedAccounts (\ s a -> s{_cmrsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-cmrsResponseStatus :: Lens' CreateMembersResponse Int
-cmrsResponseStatus = lens _cmrsResponseStatus (\ s a -> s{_cmrsResponseStatus = a})
-
-instance NFData CreateMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/CreateSampleFindings.hs b/gen/Network/AWS/GuardDuty/CreateSampleFindings.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/CreateSampleFindings.hs
+++ /dev/null
@@ -1,135 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.CreateSampleFindings
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.
-module Network.AWS.GuardDuty.CreateSampleFindings
-    (
-    -- * Creating a Request
-      createSampleFindings
-    , CreateSampleFindings
-    -- * Request Lenses
-    , csfFindingTypes
-    , csfDetectorId
-
-    -- * Destructuring the Response
-    , createSampleFindingsResponse
-    , CreateSampleFindingsResponse
-    -- * Response Lenses
-    , csfrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | CreateSampleFindings request body.
---
--- /See:/ 'createSampleFindings' smart constructor.
-data CreateSampleFindings = CreateSampleFindings'
-  { _csfFindingTypes :: !(Maybe [Text])
-  , _csfDetectorId   :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateSampleFindings' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'csfFindingTypes' - Types of sample findings that you want to generate.
---
--- * 'csfDetectorId' - The ID of the detector to create sample findings for.
-createSampleFindings
-    :: Text -- ^ 'csfDetectorId'
-    -> CreateSampleFindings
-createSampleFindings pDetectorId_ =
-  CreateSampleFindings'
-    {_csfFindingTypes = Nothing, _csfDetectorId = pDetectorId_}
-
-
--- | Types of sample findings that you want to generate.
-csfFindingTypes :: Lens' CreateSampleFindings [Text]
-csfFindingTypes = lens _csfFindingTypes (\ s a -> s{_csfFindingTypes = a}) . _Default . _Coerce
-
--- | The ID of the detector to create sample findings for.
-csfDetectorId :: Lens' CreateSampleFindings Text
-csfDetectorId = lens _csfDetectorId (\ s a -> s{_csfDetectorId = a})
-
-instance AWSRequest CreateSampleFindings where
-        type Rs CreateSampleFindings =
-             CreateSampleFindingsResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 CreateSampleFindingsResponse' <$>
-                   (pure (fromEnum s)))
-
-instance Hashable CreateSampleFindings where
-
-instance NFData CreateSampleFindings where
-
-instance ToHeaders CreateSampleFindings where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateSampleFindings where
-        toJSON CreateSampleFindings'{..}
-          = object
-              (catMaybes
-                 [("findingTypes" .=) <$> _csfFindingTypes])
-
-instance ToPath CreateSampleFindings where
-        toPath CreateSampleFindings'{..}
-          = mconcat
-              ["/detector/", toBS _csfDetectorId,
-               "/findings/create"]
-
-instance ToQuery CreateSampleFindings where
-        toQuery = const mempty
-
--- | /See:/ 'createSampleFindingsResponse' smart constructor.
-newtype CreateSampleFindingsResponse = CreateSampleFindingsResponse'
-  { _csfrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateSampleFindingsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'csfrsResponseStatus' - -- | The response status code.
-createSampleFindingsResponse
-    :: Int -- ^ 'csfrsResponseStatus'
-    -> CreateSampleFindingsResponse
-createSampleFindingsResponse pResponseStatus_ =
-  CreateSampleFindingsResponse' {_csfrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-csfrsResponseStatus :: Lens' CreateSampleFindingsResponse Int
-csfrsResponseStatus = lens _csfrsResponseStatus (\ s a -> s{_csfrsResponseStatus = a})
-
-instance NFData CreateSampleFindingsResponse where
diff --git a/gen/Network/AWS/GuardDuty/CreateThreatIntelSet.hs b/gen/Network/AWS/GuardDuty/CreateThreatIntelSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/CreateThreatIntelSet.hs
+++ /dev/null
@@ -1,178 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.CreateThreatIntelSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Create a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets.
-module Network.AWS.GuardDuty.CreateThreatIntelSet
-    (
-    -- * Creating a Request
-      createThreatIntelSet
-    , CreateThreatIntelSet
-    -- * Request Lenses
-    , ctisLocation
-    , ctisFormat
-    , ctisActivate
-    , ctisName
-    , ctisDetectorId
-
-    -- * Destructuring the Response
-    , createThreatIntelSetResponse
-    , CreateThreatIntelSetResponse
-    -- * Response Lenses
-    , ctisrsThreatIntelSetId
-    , ctisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | CreateThreatIntelSet request body.
---
--- /See:/ 'createThreatIntelSet' smart constructor.
-data CreateThreatIntelSet = CreateThreatIntelSet'
-  { _ctisLocation   :: !(Maybe Text)
-  , _ctisFormat     :: !(Maybe ThreatIntelSetFormat)
-  , _ctisActivate   :: !(Maybe Bool)
-  , _ctisName       :: !(Maybe Text)
-  , _ctisDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateThreatIntelSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ctisLocation' - The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
---
--- * 'ctisFormat' - The format of the file that contains the ThreatIntelSet.
---
--- * 'ctisActivate' - A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
---
--- * 'ctisName' - A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
---
--- * 'ctisDetectorId' - The unique ID of the detector that you want to update.
-createThreatIntelSet
-    :: Text -- ^ 'ctisDetectorId'
-    -> CreateThreatIntelSet
-createThreatIntelSet pDetectorId_ =
-  CreateThreatIntelSet'
-    { _ctisLocation = Nothing
-    , _ctisFormat = Nothing
-    , _ctisActivate = Nothing
-    , _ctisName = Nothing
-    , _ctisDetectorId = pDetectorId_
-    }
-
-
--- | The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
-ctisLocation :: Lens' CreateThreatIntelSet (Maybe Text)
-ctisLocation = lens _ctisLocation (\ s a -> s{_ctisLocation = a})
-
--- | The format of the file that contains the ThreatIntelSet.
-ctisFormat :: Lens' CreateThreatIntelSet (Maybe ThreatIntelSetFormat)
-ctisFormat = lens _ctisFormat (\ s a -> s{_ctisFormat = a})
-
--- | A boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.
-ctisActivate :: Lens' CreateThreatIntelSet (Maybe Bool)
-ctisActivate = lens _ctisActivate (\ s a -> s{_ctisActivate = a})
-
--- | A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
-ctisName :: Lens' CreateThreatIntelSet (Maybe Text)
-ctisName = lens _ctisName (\ s a -> s{_ctisName = a})
-
--- | The unique ID of the detector that you want to update.
-ctisDetectorId :: Lens' CreateThreatIntelSet Text
-ctisDetectorId = lens _ctisDetectorId (\ s a -> s{_ctisDetectorId = a})
-
-instance AWSRequest CreateThreatIntelSet where
-        type Rs CreateThreatIntelSet =
-             CreateThreatIntelSetResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 CreateThreatIntelSetResponse' <$>
-                   (x .?> "threatIntelSetId") <*> (pure (fromEnum s)))
-
-instance Hashable CreateThreatIntelSet where
-
-instance NFData CreateThreatIntelSet where
-
-instance ToHeaders CreateThreatIntelSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateThreatIntelSet where
-        toJSON CreateThreatIntelSet'{..}
-          = object
-              (catMaybes
-                 [("location" .=) <$> _ctisLocation,
-                  ("format" .=) <$> _ctisFormat,
-                  ("activate" .=) <$> _ctisActivate,
-                  ("name" .=) <$> _ctisName])
-
-instance ToPath CreateThreatIntelSet where
-        toPath CreateThreatIntelSet'{..}
-          = mconcat
-              ["/detector/", toBS _ctisDetectorId,
-               "/threatintelset"]
-
-instance ToQuery CreateThreatIntelSet where
-        toQuery = const mempty
-
--- | /See:/ 'createThreatIntelSetResponse' smart constructor.
-data CreateThreatIntelSetResponse = CreateThreatIntelSetResponse'
-  { _ctisrsThreatIntelSetId :: !(Maybe Text)
-  , _ctisrsResponseStatus   :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateThreatIntelSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ctisrsThreatIntelSetId' - Undocumented member.
---
--- * 'ctisrsResponseStatus' - -- | The response status code.
-createThreatIntelSetResponse
-    :: Int -- ^ 'ctisrsResponseStatus'
-    -> CreateThreatIntelSetResponse
-createThreatIntelSetResponse pResponseStatus_ =
-  CreateThreatIntelSetResponse'
-    { _ctisrsThreatIntelSetId = Nothing
-    , _ctisrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-ctisrsThreatIntelSetId :: Lens' CreateThreatIntelSetResponse (Maybe Text)
-ctisrsThreatIntelSetId = lens _ctisrsThreatIntelSetId (\ s a -> s{_ctisrsThreatIntelSetId = a})
-
--- | -- | The response status code.
-ctisrsResponseStatus :: Lens' CreateThreatIntelSetResponse Int
-ctisrsResponseStatus = lens _ctisrsResponseStatus (\ s a -> s{_ctisrsResponseStatus = a})
-
-instance NFData CreateThreatIntelSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/DeclineInvitations.hs b/gen/Network/AWS/GuardDuty/DeclineInvitations.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DeclineInvitations.hs
+++ /dev/null
@@ -1,132 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DeclineInvitations
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Declines invitations sent to the current member account by AWS account specified by their account IDs.
-module Network.AWS.GuardDuty.DeclineInvitations
-    (
-    -- * Creating a Request
-      declineInvitations
-    , DeclineInvitations
-    -- * Request Lenses
-    , dAccountIds
-
-    -- * Destructuring the Response
-    , declineInvitationsResponse
-    , DeclineInvitationsResponse
-    -- * Response Lenses
-    , disrsUnprocessedAccounts
-    , disrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | DeclineInvitations request body.
---
--- /See:/ 'declineInvitations' smart constructor.
-newtype DeclineInvitations = DeclineInvitations'
-  { _dAccountIds :: Maybe [Text]
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeclineInvitations' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dAccountIds' - A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.
-declineInvitations
-    :: DeclineInvitations
-declineInvitations = DeclineInvitations' {_dAccountIds = Nothing}
-
-
--- | A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.
-dAccountIds :: Lens' DeclineInvitations [Text]
-dAccountIds = lens _dAccountIds (\ s a -> s{_dAccountIds = a}) . _Default . _Coerce
-
-instance AWSRequest DeclineInvitations where
-        type Rs DeclineInvitations =
-             DeclineInvitationsResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 DeclineInvitationsResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable DeclineInvitations where
-
-instance NFData DeclineInvitations where
-
-instance ToHeaders DeclineInvitations where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DeclineInvitations where
-        toJSON DeclineInvitations'{..}
-          = object
-              (catMaybes [("accountIds" .=) <$> _dAccountIds])
-
-instance ToPath DeclineInvitations where
-        toPath = const "/invitation/decline"
-
-instance ToQuery DeclineInvitations where
-        toQuery = const mempty
-
--- | /See:/ 'declineInvitationsResponse' smart constructor.
-data DeclineInvitationsResponse = DeclineInvitationsResponse'
-  { _disrsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _disrsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeclineInvitationsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'disrsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'disrsResponseStatus' - -- | The response status code.
-declineInvitationsResponse
-    :: Int -- ^ 'disrsResponseStatus'
-    -> DeclineInvitationsResponse
-declineInvitationsResponse pResponseStatus_ =
-  DeclineInvitationsResponse'
-    { _disrsUnprocessedAccounts = Nothing
-    , _disrsResponseStatus = pResponseStatus_
-    }
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-disrsUnprocessedAccounts :: Lens' DeclineInvitationsResponse [UnprocessedAccount]
-disrsUnprocessedAccounts = lens _disrsUnprocessedAccounts (\ s a -> s{_disrsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-disrsResponseStatus :: Lens' DeclineInvitationsResponse Int
-disrsResponseStatus = lens _disrsResponseStatus (\ s a -> s{_disrsResponseStatus = a})
-
-instance NFData DeclineInvitationsResponse where
diff --git a/gen/Network/AWS/GuardDuty/DeleteDetector.hs b/gen/Network/AWS/GuardDuty/DeleteDetector.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DeleteDetector.hs
+++ /dev/null
@@ -1,113 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DeleteDetector
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Deletes a Amazon GuardDuty detector specified by the detector ID.
-module Network.AWS.GuardDuty.DeleteDetector
-    (
-    -- * Creating a Request
-      deleteDetector
-    , DeleteDetector
-    -- * Request Lenses
-    , ddDetectorId
-
-    -- * Destructuring the Response
-    , deleteDetectorResponse
-    , DeleteDetectorResponse
-    -- * Response Lenses
-    , ddrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'deleteDetector' smart constructor.
-newtype DeleteDetector = DeleteDetector'
-  { _ddDetectorId :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteDetector' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ddDetectorId' - The unique ID that specifies the detector that you want to delete.
-deleteDetector
-    :: Text -- ^ 'ddDetectorId'
-    -> DeleteDetector
-deleteDetector pDetectorId_ = DeleteDetector' {_ddDetectorId = pDetectorId_}
-
-
--- | The unique ID that specifies the detector that you want to delete.
-ddDetectorId :: Lens' DeleteDetector Text
-ddDetectorId = lens _ddDetectorId (\ s a -> s{_ddDetectorId = a})
-
-instance AWSRequest DeleteDetector where
-        type Rs DeleteDetector = DeleteDetectorResponse
-        request = delete guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 DeleteDetectorResponse' <$> (pure (fromEnum s)))
-
-instance Hashable DeleteDetector where
-
-instance NFData DeleteDetector where
-
-instance ToHeaders DeleteDetector where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath DeleteDetector where
-        toPath DeleteDetector'{..}
-          = mconcat ["/detector/", toBS _ddDetectorId]
-
-instance ToQuery DeleteDetector where
-        toQuery = const mempty
-
--- | /See:/ 'deleteDetectorResponse' smart constructor.
-newtype DeleteDetectorResponse = DeleteDetectorResponse'
-  { _ddrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteDetectorResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ddrsResponseStatus' - -- | The response status code.
-deleteDetectorResponse
-    :: Int -- ^ 'ddrsResponseStatus'
-    -> DeleteDetectorResponse
-deleteDetectorResponse pResponseStatus_ =
-  DeleteDetectorResponse' {_ddrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-ddrsResponseStatus :: Lens' DeleteDetectorResponse Int
-ddrsResponseStatus = lens _ddrsResponseStatus (\ s a -> s{_ddrsResponseStatus = a})
-
-instance NFData DeleteDetectorResponse where
diff --git a/gen/Network/AWS/GuardDuty/DeleteFilter.hs b/gen/Network/AWS/GuardDuty/DeleteFilter.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DeleteFilter.hs
+++ /dev/null
@@ -1,125 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DeleteFilter
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Deletes the filter specified by the filter name.
-module Network.AWS.GuardDuty.DeleteFilter
-    (
-    -- * Creating a Request
-      deleteFilter
-    , DeleteFilter
-    -- * Request Lenses
-    , dfDetectorId
-    , dfFilterName
-
-    -- * Destructuring the Response
-    , deleteFilterResponse
-    , DeleteFilterResponse
-    -- * Response Lenses
-    , dfrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'deleteFilter' smart constructor.
-data DeleteFilter = DeleteFilter'
-  { _dfDetectorId :: !Text
-  , _dfFilterName :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteFilter' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dfDetectorId' - The unique ID that specifies the detector where you want to delete a filter.
---
--- * 'dfFilterName' - The name of the filter.
-deleteFilter
-    :: Text -- ^ 'dfDetectorId'
-    -> Text -- ^ 'dfFilterName'
-    -> DeleteFilter
-deleteFilter pDetectorId_ pFilterName_ =
-  DeleteFilter' {_dfDetectorId = pDetectorId_, _dfFilterName = pFilterName_}
-
-
--- | The unique ID that specifies the detector where you want to delete a filter.
-dfDetectorId :: Lens' DeleteFilter Text
-dfDetectorId = lens _dfDetectorId (\ s a -> s{_dfDetectorId = a})
-
--- | The name of the filter.
-dfFilterName :: Lens' DeleteFilter Text
-dfFilterName = lens _dfFilterName (\ s a -> s{_dfFilterName = a})
-
-instance AWSRequest DeleteFilter where
-        type Rs DeleteFilter = DeleteFilterResponse
-        request = delete guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 DeleteFilterResponse' <$> (pure (fromEnum s)))
-
-instance Hashable DeleteFilter where
-
-instance NFData DeleteFilter where
-
-instance ToHeaders DeleteFilter where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath DeleteFilter where
-        toPath DeleteFilter'{..}
-          = mconcat
-              ["/detector/", toBS _dfDetectorId, "/filter/",
-               toBS _dfFilterName]
-
-instance ToQuery DeleteFilter where
-        toQuery = const mempty
-
--- | /See:/ 'deleteFilterResponse' smart constructor.
-newtype DeleteFilterResponse = DeleteFilterResponse'
-  { _dfrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteFilterResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dfrsResponseStatus' - -- | The response status code.
-deleteFilterResponse
-    :: Int -- ^ 'dfrsResponseStatus'
-    -> DeleteFilterResponse
-deleteFilterResponse pResponseStatus_ =
-  DeleteFilterResponse' {_dfrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-dfrsResponseStatus :: Lens' DeleteFilterResponse Int
-dfrsResponseStatus = lens _dfrsResponseStatus (\ s a -> s{_dfrsResponseStatus = a})
-
-instance NFData DeleteFilterResponse where
diff --git a/gen/Network/AWS/GuardDuty/DeleteIPSet.hs b/gen/Network/AWS/GuardDuty/DeleteIPSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DeleteIPSet.hs
+++ /dev/null
@@ -1,125 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DeleteIPSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Deletes the IPSet specified by the IPSet ID.
-module Network.AWS.GuardDuty.DeleteIPSet
-    (
-    -- * Creating a Request
-      deleteIPSet
-    , DeleteIPSet
-    -- * Request Lenses
-    , disDetectorId
-    , disIPSetId
-
-    -- * Destructuring the Response
-    , deleteIPSetResponse
-    , DeleteIPSetResponse
-    -- * Response Lenses
-    , dipsrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'deleteIPSet' smart constructor.
-data DeleteIPSet = DeleteIPSet'
-  { _disDetectorId :: !Text
-  , _disIPSetId    :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteIPSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'disDetectorId' - The detectorID that specifies the GuardDuty service whose IPSet you want to delete.
---
--- * 'disIPSetId' - The unique ID that specifies the IPSet that you want to delete.
-deleteIPSet
-    :: Text -- ^ 'disDetectorId'
-    -> Text -- ^ 'disIPSetId'
-    -> DeleteIPSet
-deleteIPSet pDetectorId_ pIPSetId_ =
-  DeleteIPSet' {_disDetectorId = pDetectorId_, _disIPSetId = pIPSetId_}
-
-
--- | The detectorID that specifies the GuardDuty service whose IPSet you want to delete.
-disDetectorId :: Lens' DeleteIPSet Text
-disDetectorId = lens _disDetectorId (\ s a -> s{_disDetectorId = a})
-
--- | The unique ID that specifies the IPSet that you want to delete.
-disIPSetId :: Lens' DeleteIPSet Text
-disIPSetId = lens _disIPSetId (\ s a -> s{_disIPSetId = a})
-
-instance AWSRequest DeleteIPSet where
-        type Rs DeleteIPSet = DeleteIPSetResponse
-        request = delete guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 DeleteIPSetResponse' <$> (pure (fromEnum s)))
-
-instance Hashable DeleteIPSet where
-
-instance NFData DeleteIPSet where
-
-instance ToHeaders DeleteIPSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath DeleteIPSet where
-        toPath DeleteIPSet'{..}
-          = mconcat
-              ["/detector/", toBS _disDetectorId, "/ipset/",
-               toBS _disIPSetId]
-
-instance ToQuery DeleteIPSet where
-        toQuery = const mempty
-
--- | /See:/ 'deleteIPSetResponse' smart constructor.
-newtype DeleteIPSetResponse = DeleteIPSetResponse'
-  { _dipsrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteIPSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dipsrsResponseStatus' - -- | The response status code.
-deleteIPSetResponse
-    :: Int -- ^ 'dipsrsResponseStatus'
-    -> DeleteIPSetResponse
-deleteIPSetResponse pResponseStatus_ =
-  DeleteIPSetResponse' {_dipsrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-dipsrsResponseStatus :: Lens' DeleteIPSetResponse Int
-dipsrsResponseStatus = lens _dipsrsResponseStatus (\ s a -> s{_dipsrsResponseStatus = a})
-
-instance NFData DeleteIPSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/DeleteInvitations.hs b/gen/Network/AWS/GuardDuty/DeleteInvitations.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DeleteInvitations.hs
+++ /dev/null
@@ -1,129 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DeleteInvitations
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.
-module Network.AWS.GuardDuty.DeleteInvitations
-    (
-    -- * Creating a Request
-      deleteInvitations
-    , DeleteInvitations
-    -- * Request Lenses
-    , diAccountIds
-
-    -- * Destructuring the Response
-    , deleteInvitationsResponse
-    , DeleteInvitationsResponse
-    -- * Response Lenses
-    , dirsUnprocessedAccounts
-    , dirsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | DeleteInvitations request body.
---
--- /See:/ 'deleteInvitations' smart constructor.
-newtype DeleteInvitations = DeleteInvitations'
-  { _diAccountIds :: Maybe [Text]
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteInvitations' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'diAccountIds' - A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.
-deleteInvitations
-    :: DeleteInvitations
-deleteInvitations = DeleteInvitations' {_diAccountIds = Nothing}
-
-
--- | A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.
-diAccountIds :: Lens' DeleteInvitations [Text]
-diAccountIds = lens _diAccountIds (\ s a -> s{_diAccountIds = a}) . _Default . _Coerce
-
-instance AWSRequest DeleteInvitations where
-        type Rs DeleteInvitations = DeleteInvitationsResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 DeleteInvitationsResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable DeleteInvitations where
-
-instance NFData DeleteInvitations where
-
-instance ToHeaders DeleteInvitations where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DeleteInvitations where
-        toJSON DeleteInvitations'{..}
-          = object
-              (catMaybes [("accountIds" .=) <$> _diAccountIds])
-
-instance ToPath DeleteInvitations where
-        toPath = const "/invitation/delete"
-
-instance ToQuery DeleteInvitations where
-        toQuery = const mempty
-
--- | /See:/ 'deleteInvitationsResponse' smart constructor.
-data DeleteInvitationsResponse = DeleteInvitationsResponse'
-  { _dirsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _dirsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteInvitationsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dirsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'dirsResponseStatus' - -- | The response status code.
-deleteInvitationsResponse
-    :: Int -- ^ 'dirsResponseStatus'
-    -> DeleteInvitationsResponse
-deleteInvitationsResponse pResponseStatus_ =
-  DeleteInvitationsResponse'
-    {_dirsUnprocessedAccounts = Nothing, _dirsResponseStatus = pResponseStatus_}
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-dirsUnprocessedAccounts :: Lens' DeleteInvitationsResponse [UnprocessedAccount]
-dirsUnprocessedAccounts = lens _dirsUnprocessedAccounts (\ s a -> s{_dirsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-dirsResponseStatus :: Lens' DeleteInvitationsResponse Int
-dirsResponseStatus = lens _dirsResponseStatus (\ s a -> s{_dirsResponseStatus = a})
-
-instance NFData DeleteInvitationsResponse where
diff --git a/gen/Network/AWS/GuardDuty/DeleteMembers.hs b/gen/Network/AWS/GuardDuty/DeleteMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DeleteMembers.hs
+++ /dev/null
@@ -1,141 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DeleteMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Deletes GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
-module Network.AWS.GuardDuty.DeleteMembers
-    (
-    -- * Creating a Request
-      deleteMembers
-    , DeleteMembers
-    -- * Request Lenses
-    , dmAccountIds
-    , dmDetectorId
-
-    -- * Destructuring the Response
-    , deleteMembersResponse
-    , DeleteMembersResponse
-    -- * Response Lenses
-    , drsUnprocessedAccounts
-    , drsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | DeleteMembers request body.
---
--- /See:/ 'deleteMembers' smart constructor.
-data DeleteMembers = DeleteMembers'
-  { _dmAccountIds :: !(Maybe [Text])
-  , _dmDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dmAccountIds' - A list of account IDs of the GuardDuty member accounts that you want to delete.
---
--- * 'dmDetectorId' - The unique ID of the detector of the GuardDuty account whose members you want to delete.
-deleteMembers
-    :: Text -- ^ 'dmDetectorId'
-    -> DeleteMembers
-deleteMembers pDetectorId_ =
-  DeleteMembers' {_dmAccountIds = Nothing, _dmDetectorId = pDetectorId_}
-
-
--- | A list of account IDs of the GuardDuty member accounts that you want to delete.
-dmAccountIds :: Lens' DeleteMembers [Text]
-dmAccountIds = lens _dmAccountIds (\ s a -> s{_dmAccountIds = a}) . _Default . _Coerce
-
--- | The unique ID of the detector of the GuardDuty account whose members you want to delete.
-dmDetectorId :: Lens' DeleteMembers Text
-dmDetectorId = lens _dmDetectorId (\ s a -> s{_dmDetectorId = a})
-
-instance AWSRequest DeleteMembers where
-        type Rs DeleteMembers = DeleteMembersResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 DeleteMembersResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable DeleteMembers where
-
-instance NFData DeleteMembers where
-
-instance ToHeaders DeleteMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DeleteMembers where
-        toJSON DeleteMembers'{..}
-          = object
-              (catMaybes [("accountIds" .=) <$> _dmAccountIds])
-
-instance ToPath DeleteMembers where
-        toPath DeleteMembers'{..}
-          = mconcat
-              ["/detector/", toBS _dmDetectorId, "/member/delete"]
-
-instance ToQuery DeleteMembers where
-        toQuery = const mempty
-
--- | /See:/ 'deleteMembersResponse' smart constructor.
-data DeleteMembersResponse = DeleteMembersResponse'
-  { _drsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _drsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'drsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'drsResponseStatus' - -- | The response status code.
-deleteMembersResponse
-    :: Int -- ^ 'drsResponseStatus'
-    -> DeleteMembersResponse
-deleteMembersResponse pResponseStatus_ =
-  DeleteMembersResponse'
-    {_drsUnprocessedAccounts = Nothing, _drsResponseStatus = pResponseStatus_}
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-drsUnprocessedAccounts :: Lens' DeleteMembersResponse [UnprocessedAccount]
-drsUnprocessedAccounts = lens _drsUnprocessedAccounts (\ s a -> s{_drsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-drsResponseStatus :: Lens' DeleteMembersResponse Int
-drsResponseStatus = lens _drsResponseStatus (\ s a -> s{_drsResponseStatus = a})
-
-instance NFData DeleteMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/DeleteThreatIntelSet.hs b/gen/Network/AWS/GuardDuty/DeleteThreatIntelSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DeleteThreatIntelSet.hs
+++ /dev/null
@@ -1,128 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DeleteThreatIntelSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Deletes ThreatIntelSet specified by the ThreatIntelSet ID.
-module Network.AWS.GuardDuty.DeleteThreatIntelSet
-    (
-    -- * Creating a Request
-      deleteThreatIntelSet
-    , DeleteThreatIntelSet
-    -- * Request Lenses
-    , dtisThreatIntelSetId
-    , dtisDetectorId
-
-    -- * Destructuring the Response
-    , deleteThreatIntelSetResponse
-    , DeleteThreatIntelSetResponse
-    -- * Response Lenses
-    , dtisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'deleteThreatIntelSet' smart constructor.
-data DeleteThreatIntelSet = DeleteThreatIntelSet'
-  { _dtisThreatIntelSetId :: !Text
-  , _dtisDetectorId       :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteThreatIntelSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dtisThreatIntelSetId' - The unique ID that specifies the ThreatIntelSet that you want to delete.
---
--- * 'dtisDetectorId' - The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to delete.
-deleteThreatIntelSet
-    :: Text -- ^ 'dtisThreatIntelSetId'
-    -> Text -- ^ 'dtisDetectorId'
-    -> DeleteThreatIntelSet
-deleteThreatIntelSet pThreatIntelSetId_ pDetectorId_ =
-  DeleteThreatIntelSet'
-    {_dtisThreatIntelSetId = pThreatIntelSetId_, _dtisDetectorId = pDetectorId_}
-
-
--- | The unique ID that specifies the ThreatIntelSet that you want to delete.
-dtisThreatIntelSetId :: Lens' DeleteThreatIntelSet Text
-dtisThreatIntelSetId = lens _dtisThreatIntelSetId (\ s a -> s{_dtisThreatIntelSetId = a})
-
--- | The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to delete.
-dtisDetectorId :: Lens' DeleteThreatIntelSet Text
-dtisDetectorId = lens _dtisDetectorId (\ s a -> s{_dtisDetectorId = a})
-
-instance AWSRequest DeleteThreatIntelSet where
-        type Rs DeleteThreatIntelSet =
-             DeleteThreatIntelSetResponse
-        request = delete guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 DeleteThreatIntelSetResponse' <$>
-                   (pure (fromEnum s)))
-
-instance Hashable DeleteThreatIntelSet where
-
-instance NFData DeleteThreatIntelSet where
-
-instance ToHeaders DeleteThreatIntelSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath DeleteThreatIntelSet where
-        toPath DeleteThreatIntelSet'{..}
-          = mconcat
-              ["/detector/", toBS _dtisDetectorId,
-               "/threatintelset/", toBS _dtisThreatIntelSetId]
-
-instance ToQuery DeleteThreatIntelSet where
-        toQuery = const mempty
-
--- | /See:/ 'deleteThreatIntelSetResponse' smart constructor.
-newtype DeleteThreatIntelSetResponse = DeleteThreatIntelSetResponse'
-  { _dtisrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteThreatIntelSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dtisrsResponseStatus' - -- | The response status code.
-deleteThreatIntelSetResponse
-    :: Int -- ^ 'dtisrsResponseStatus'
-    -> DeleteThreatIntelSetResponse
-deleteThreatIntelSetResponse pResponseStatus_ =
-  DeleteThreatIntelSetResponse' {_dtisrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-dtisrsResponseStatus :: Lens' DeleteThreatIntelSetResponse Int
-dtisrsResponseStatus = lens _dtisrsResponseStatus (\ s a -> s{_dtisrsResponseStatus = a})
-
-instance NFData DeleteThreatIntelSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/DisassociateFromMasterAccount.hs b/gen/Network/AWS/GuardDuty/DisassociateFromMasterAccount.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DisassociateFromMasterAccount.hs
+++ /dev/null
@@ -1,125 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DisassociateFromMasterAccount
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Disassociates the current GuardDuty member account from its master account.
-module Network.AWS.GuardDuty.DisassociateFromMasterAccount
-    (
-    -- * Creating a Request
-      disassociateFromMasterAccount
-    , DisassociateFromMasterAccount
-    -- * Request Lenses
-    , dfmaDetectorId
-
-    -- * Destructuring the Response
-    , disassociateFromMasterAccountResponse
-    , DisassociateFromMasterAccountResponse
-    -- * Response Lenses
-    , dfmarsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'disassociateFromMasterAccount' smart constructor.
-newtype DisassociateFromMasterAccount = DisassociateFromMasterAccount'
-  { _dfmaDetectorId :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DisassociateFromMasterAccount' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dfmaDetectorId' - The unique ID of the detector of the GuardDuty member account.
-disassociateFromMasterAccount
-    :: Text -- ^ 'dfmaDetectorId'
-    -> DisassociateFromMasterAccount
-disassociateFromMasterAccount pDetectorId_ =
-  DisassociateFromMasterAccount' {_dfmaDetectorId = pDetectorId_}
-
-
--- | The unique ID of the detector of the GuardDuty member account.
-dfmaDetectorId :: Lens' DisassociateFromMasterAccount Text
-dfmaDetectorId = lens _dfmaDetectorId (\ s a -> s{_dfmaDetectorId = a})
-
-instance AWSRequest DisassociateFromMasterAccount
-         where
-        type Rs DisassociateFromMasterAccount =
-             DisassociateFromMasterAccountResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 DisassociateFromMasterAccountResponse' <$>
-                   (pure (fromEnum s)))
-
-instance Hashable DisassociateFromMasterAccount where
-
-instance NFData DisassociateFromMasterAccount where
-
-instance ToHeaders DisassociateFromMasterAccount
-         where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DisassociateFromMasterAccount where
-        toJSON = const (Object mempty)
-
-instance ToPath DisassociateFromMasterAccount where
-        toPath DisassociateFromMasterAccount'{..}
-          = mconcat
-              ["/detector/", toBS _dfmaDetectorId,
-               "/master/disassociate"]
-
-instance ToQuery DisassociateFromMasterAccount where
-        toQuery = const mempty
-
--- | /See:/ 'disassociateFromMasterAccountResponse' smart constructor.
-newtype DisassociateFromMasterAccountResponse = DisassociateFromMasterAccountResponse'
-  { _dfmarsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DisassociateFromMasterAccountResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dfmarsResponseStatus' - -- | The response status code.
-disassociateFromMasterAccountResponse
-    :: Int -- ^ 'dfmarsResponseStatus'
-    -> DisassociateFromMasterAccountResponse
-disassociateFromMasterAccountResponse pResponseStatus_ =
-  DisassociateFromMasterAccountResponse'
-    {_dfmarsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-dfmarsResponseStatus :: Lens' DisassociateFromMasterAccountResponse Int
-dfmarsResponseStatus = lens _dfmarsResponseStatus (\ s a -> s{_dfmarsResponseStatus = a})
-
-instance NFData DisassociateFromMasterAccountResponse
-         where
diff --git a/gen/Network/AWS/GuardDuty/DisassociateMembers.hs b/gen/Network/AWS/GuardDuty/DisassociateMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/DisassociateMembers.hs
+++ /dev/null
@@ -1,143 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.DisassociateMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Disassociates GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
-module Network.AWS.GuardDuty.DisassociateMembers
-    (
-    -- * Creating a Request
-      disassociateMembers
-    , DisassociateMembers
-    -- * Request Lenses
-    , dmsAccountIds
-    , dmsDetectorId
-
-    -- * Destructuring the Response
-    , disassociateMembersResponse
-    , DisassociateMembersResponse
-    -- * Response Lenses
-    , dmrsUnprocessedAccounts
-    , dmrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | DisassociateMembers request body.
---
--- /See:/ 'disassociateMembers' smart constructor.
-data DisassociateMembers = DisassociateMembers'
-  { _dmsAccountIds :: !(Maybe [Text])
-  , _dmsDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DisassociateMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dmsAccountIds' - A list of account IDs of the GuardDuty member accounts that you want to disassociate from master.
---
--- * 'dmsDetectorId' - The unique ID of the detector of the GuardDuty account whose members you want to disassociate from master.
-disassociateMembers
-    :: Text -- ^ 'dmsDetectorId'
-    -> DisassociateMembers
-disassociateMembers pDetectorId_ =
-  DisassociateMembers' {_dmsAccountIds = Nothing, _dmsDetectorId = pDetectorId_}
-
-
--- | A list of account IDs of the GuardDuty member accounts that you want to disassociate from master.
-dmsAccountIds :: Lens' DisassociateMembers [Text]
-dmsAccountIds = lens _dmsAccountIds (\ s a -> s{_dmsAccountIds = a}) . _Default . _Coerce
-
--- | The unique ID of the detector of the GuardDuty account whose members you want to disassociate from master.
-dmsDetectorId :: Lens' DisassociateMembers Text
-dmsDetectorId = lens _dmsDetectorId (\ s a -> s{_dmsDetectorId = a})
-
-instance AWSRequest DisassociateMembers where
-        type Rs DisassociateMembers =
-             DisassociateMembersResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 DisassociateMembersResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable DisassociateMembers where
-
-instance NFData DisassociateMembers where
-
-instance ToHeaders DisassociateMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DisassociateMembers where
-        toJSON DisassociateMembers'{..}
-          = object
-              (catMaybes [("accountIds" .=) <$> _dmsAccountIds])
-
-instance ToPath DisassociateMembers where
-        toPath DisassociateMembers'{..}
-          = mconcat
-              ["/detector/", toBS _dmsDetectorId,
-               "/member/disassociate"]
-
-instance ToQuery DisassociateMembers where
-        toQuery = const mempty
-
--- | /See:/ 'disassociateMembersResponse' smart constructor.
-data DisassociateMembersResponse = DisassociateMembersResponse'
-  { _dmrsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _dmrsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DisassociateMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dmrsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'dmrsResponseStatus' - -- | The response status code.
-disassociateMembersResponse
-    :: Int -- ^ 'dmrsResponseStatus'
-    -> DisassociateMembersResponse
-disassociateMembersResponse pResponseStatus_ =
-  DisassociateMembersResponse'
-    {_dmrsUnprocessedAccounts = Nothing, _dmrsResponseStatus = pResponseStatus_}
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-dmrsUnprocessedAccounts :: Lens' DisassociateMembersResponse [UnprocessedAccount]
-dmrsUnprocessedAccounts = lens _dmrsUnprocessedAccounts (\ s a -> s{_dmrsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-dmrsResponseStatus :: Lens' DisassociateMembersResponse Int
-dmrsResponseStatus = lens _dmrsResponseStatus (\ s a -> s{_dmrsResponseStatus = a})
-
-instance NFData DisassociateMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetDetector.hs b/gen/Network/AWS/GuardDuty/GetDetector.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetDetector.hs
+++ /dev/null
@@ -1,155 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetDetector
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Retrieves an Amazon GuardDuty detector specified by the detectorId.
-module Network.AWS.GuardDuty.GetDetector
-    (
-    -- * Creating a Request
-      getDetector
-    , GetDetector
-    -- * Request Lenses
-    , gdDetectorId
-
-    -- * Destructuring the Response
-    , getDetectorResponse
-    , GetDetectorResponse
-    -- * Response Lenses
-    , gdrsStatus
-    , gdrsCreatedAt
-    , gdrsUpdatedAt
-    , gdrsServiceRole
-    , gdrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'getDetector' smart constructor.
-newtype GetDetector = GetDetector'
-  { _gdDetectorId :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetDetector' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gdDetectorId' - The unique ID of the detector that you want to retrieve.
-getDetector
-    :: Text -- ^ 'gdDetectorId'
-    -> GetDetector
-getDetector pDetectorId_ = GetDetector' {_gdDetectorId = pDetectorId_}
-
-
--- | The unique ID of the detector that you want to retrieve.
-gdDetectorId :: Lens' GetDetector Text
-gdDetectorId = lens _gdDetectorId (\ s a -> s{_gdDetectorId = a})
-
-instance AWSRequest GetDetector where
-        type Rs GetDetector = GetDetectorResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetDetectorResponse' <$>
-                   (x .?> "status") <*> (x .?> "createdAt") <*>
-                     (x .?> "updatedAt")
-                     <*> (x .?> "serviceRole")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable GetDetector where
-
-instance NFData GetDetector where
-
-instance ToHeaders GetDetector where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath GetDetector where
-        toPath GetDetector'{..}
-          = mconcat ["/detector/", toBS _gdDetectorId]
-
-instance ToQuery GetDetector where
-        toQuery = const mempty
-
--- | /See:/ 'getDetectorResponse' smart constructor.
-data GetDetectorResponse = GetDetectorResponse'
-  { _gdrsStatus         :: !(Maybe DetectorStatus)
-  , _gdrsCreatedAt      :: !(Maybe Text)
-  , _gdrsUpdatedAt      :: !(Maybe Text)
-  , _gdrsServiceRole    :: !(Maybe Text)
-  , _gdrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetDetectorResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gdrsStatus' - Undocumented member.
---
--- * 'gdrsCreatedAt' - Undocumented member.
---
--- * 'gdrsUpdatedAt' - Undocumented member.
---
--- * 'gdrsServiceRole' - Undocumented member.
---
--- * 'gdrsResponseStatus' - -- | The response status code.
-getDetectorResponse
-    :: Int -- ^ 'gdrsResponseStatus'
-    -> GetDetectorResponse
-getDetectorResponse pResponseStatus_ =
-  GetDetectorResponse'
-    { _gdrsStatus = Nothing
-    , _gdrsCreatedAt = Nothing
-    , _gdrsUpdatedAt = Nothing
-    , _gdrsServiceRole = Nothing
-    , _gdrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-gdrsStatus :: Lens' GetDetectorResponse (Maybe DetectorStatus)
-gdrsStatus = lens _gdrsStatus (\ s a -> s{_gdrsStatus = a})
-
--- | Undocumented member.
-gdrsCreatedAt :: Lens' GetDetectorResponse (Maybe Text)
-gdrsCreatedAt = lens _gdrsCreatedAt (\ s a -> s{_gdrsCreatedAt = a})
-
--- | Undocumented member.
-gdrsUpdatedAt :: Lens' GetDetectorResponse (Maybe Text)
-gdrsUpdatedAt = lens _gdrsUpdatedAt (\ s a -> s{_gdrsUpdatedAt = a})
-
--- | Undocumented member.
-gdrsServiceRole :: Lens' GetDetectorResponse (Maybe Text)
-gdrsServiceRole = lens _gdrsServiceRole (\ s a -> s{_gdrsServiceRole = a})
-
--- | -- | The response status code.
-gdrsResponseStatus :: Lens' GetDetectorResponse Int
-gdrsResponseStatus = lens _gdrsResponseStatus (\ s a -> s{_gdrsResponseStatus = a})
-
-instance NFData GetDetectorResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetFilter.hs b/gen/Network/AWS/GuardDuty/GetFilter.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetFilter.hs
+++ /dev/null
@@ -1,177 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetFilter
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Returns the details of the filter specified by the filter name.
-module Network.AWS.GuardDuty.GetFilter
-    (
-    -- * Creating a Request
-      getFilter
-    , GetFilter
-    -- * Request Lenses
-    , gDetectorId
-    , gFilterName
-
-    -- * Destructuring the Response
-    , getFilterResponse
-    , GetFilterResponse
-    -- * Response Lenses
-    , gfrsFindingCriteria
-    , gfrsAction
-    , gfrsName
-    , gfrsDescription
-    , gfrsRank
-    , gfrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'getFilter' smart constructor.
-data GetFilter = GetFilter'
-  { _gDetectorId :: !Text
-  , _gFilterName :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetFilter' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gDetectorId' - The detector ID that specifies the GuardDuty service where you want to list the details of the specified filter.
---
--- * 'gFilterName' - The name of the filter whose details you want to get.
-getFilter
-    :: Text -- ^ 'gDetectorId'
-    -> Text -- ^ 'gFilterName'
-    -> GetFilter
-getFilter pDetectorId_ pFilterName_ =
-  GetFilter' {_gDetectorId = pDetectorId_, _gFilterName = pFilterName_}
-
-
--- | The detector ID that specifies the GuardDuty service where you want to list the details of the specified filter.
-gDetectorId :: Lens' GetFilter Text
-gDetectorId = lens _gDetectorId (\ s a -> s{_gDetectorId = a})
-
--- | The name of the filter whose details you want to get.
-gFilterName :: Lens' GetFilter Text
-gFilterName = lens _gFilterName (\ s a -> s{_gFilterName = a})
-
-instance AWSRequest GetFilter where
-        type Rs GetFilter = GetFilterResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetFilterResponse' <$>
-                   (x .?> "findingCriteria") <*> (x .?> "action") <*>
-                     (x .?> "name")
-                     <*> (x .?> "description")
-                     <*> (x .?> "rank")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable GetFilter where
-
-instance NFData GetFilter where
-
-instance ToHeaders GetFilter where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath GetFilter where
-        toPath GetFilter'{..}
-          = mconcat
-              ["/detector/", toBS _gDetectorId, "/filter/",
-               toBS _gFilterName]
-
-instance ToQuery GetFilter where
-        toQuery = const mempty
-
--- | /See:/ 'getFilterResponse' smart constructor.
-data GetFilterResponse = GetFilterResponse'
-  { _gfrsFindingCriteria :: !(Maybe FindingCriteria)
-  , _gfrsAction          :: !(Maybe FilterAction)
-  , _gfrsName            :: !(Maybe Text)
-  , _gfrsDescription     :: !(Maybe Text)
-  , _gfrsRank            :: !(Maybe Int)
-  , _gfrsResponseStatus  :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetFilterResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gfrsFindingCriteria' - Represents the criteria to be used in the filter for querying findings.
---
--- * 'gfrsAction' - Specifies the action that is to be applied to the findings that match the filter.
---
--- * 'gfrsName' - The name of the filter.
---
--- * 'gfrsDescription' - The description of the filter.
---
--- * 'gfrsRank' - Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
---
--- * 'gfrsResponseStatus' - -- | The response status code.
-getFilterResponse
-    :: Int -- ^ 'gfrsResponseStatus'
-    -> GetFilterResponse
-getFilterResponse pResponseStatus_ =
-  GetFilterResponse'
-    { _gfrsFindingCriteria = Nothing
-    , _gfrsAction = Nothing
-    , _gfrsName = Nothing
-    , _gfrsDescription = Nothing
-    , _gfrsRank = Nothing
-    , _gfrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Represents the criteria to be used in the filter for querying findings.
-gfrsFindingCriteria :: Lens' GetFilterResponse (Maybe FindingCriteria)
-gfrsFindingCriteria = lens _gfrsFindingCriteria (\ s a -> s{_gfrsFindingCriteria = a})
-
--- | Specifies the action that is to be applied to the findings that match the filter.
-gfrsAction :: Lens' GetFilterResponse (Maybe FilterAction)
-gfrsAction = lens _gfrsAction (\ s a -> s{_gfrsAction = a})
-
--- | The name of the filter.
-gfrsName :: Lens' GetFilterResponse (Maybe Text)
-gfrsName = lens _gfrsName (\ s a -> s{_gfrsName = a})
-
--- | The description of the filter.
-gfrsDescription :: Lens' GetFilterResponse (Maybe Text)
-gfrsDescription = lens _gfrsDescription (\ s a -> s{_gfrsDescription = a})
-
--- | Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
-gfrsRank :: Lens' GetFilterResponse (Maybe Int)
-gfrsRank = lens _gfrsRank (\ s a -> s{_gfrsRank = a})
-
--- | -- | The response status code.
-gfrsResponseStatus :: Lens' GetFilterResponse Int
-gfrsResponseStatus = lens _gfrsResponseStatus (\ s a -> s{_gfrsResponseStatus = a})
-
-instance NFData GetFilterResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetFindings.hs b/gen/Network/AWS/GuardDuty/GetFindings.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetFindings.hs
+++ /dev/null
@@ -1,155 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetFindings
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Describes Amazon GuardDuty findings specified by finding IDs.
-module Network.AWS.GuardDuty.GetFindings
-    (
-    -- * Creating a Request
-      getFindings
-    , GetFindings
-    -- * Request Lenses
-    , gfFindingIds
-    , gfSortCriteria
-    , gfDetectorId
-
-    -- * Destructuring the Response
-    , getFindingsResponse
-    , GetFindingsResponse
-    -- * Response Lenses
-    , grsFindings
-    , grsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | GetFindings request body.
---
--- /See:/ 'getFindings' smart constructor.
-data GetFindings = GetFindings'
-  { _gfFindingIds   :: !(Maybe [Text])
-  , _gfSortCriteria :: !(Maybe SortCriteria)
-  , _gfDetectorId   :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetFindings' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gfFindingIds' - IDs of the findings that you want to retrieve.
---
--- * 'gfSortCriteria' - Represents the criteria used for sorting findings.
---
--- * 'gfDetectorId' - The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
-getFindings
-    :: Text -- ^ 'gfDetectorId'
-    -> GetFindings
-getFindings pDetectorId_ =
-  GetFindings'
-    { _gfFindingIds = Nothing
-    , _gfSortCriteria = Nothing
-    , _gfDetectorId = pDetectorId_
-    }
-
-
--- | IDs of the findings that you want to retrieve.
-gfFindingIds :: Lens' GetFindings [Text]
-gfFindingIds = lens _gfFindingIds (\ s a -> s{_gfFindingIds = a}) . _Default . _Coerce
-
--- | Represents the criteria used for sorting findings.
-gfSortCriteria :: Lens' GetFindings (Maybe SortCriteria)
-gfSortCriteria = lens _gfSortCriteria (\ s a -> s{_gfSortCriteria = a})
-
--- | The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.
-gfDetectorId :: Lens' GetFindings Text
-gfDetectorId = lens _gfDetectorId (\ s a -> s{_gfDetectorId = a})
-
-instance AWSRequest GetFindings where
-        type Rs GetFindings = GetFindingsResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetFindingsResponse' <$>
-                   (x .?> "findings" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable GetFindings where
-
-instance NFData GetFindings where
-
-instance ToHeaders GetFindings where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON GetFindings where
-        toJSON GetFindings'{..}
-          = object
-              (catMaybes
-                 [("findingIds" .=) <$> _gfFindingIds,
-                  ("sortCriteria" .=) <$> _gfSortCriteria])
-
-instance ToPath GetFindings where
-        toPath GetFindings'{..}
-          = mconcat
-              ["/detector/", toBS _gfDetectorId, "/findings/get"]
-
-instance ToQuery GetFindings where
-        toQuery = const mempty
-
--- | /See:/ 'getFindingsResponse' smart constructor.
-data GetFindingsResponse = GetFindingsResponse'
-  { _grsFindings       :: !(Maybe [Finding])
-  , _grsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetFindingsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'grsFindings' - Undocumented member.
---
--- * 'grsResponseStatus' - -- | The response status code.
-getFindingsResponse
-    :: Int -- ^ 'grsResponseStatus'
-    -> GetFindingsResponse
-getFindingsResponse pResponseStatus_ =
-  GetFindingsResponse'
-    {_grsFindings = Nothing, _grsResponseStatus = pResponseStatus_}
-
-
--- | Undocumented member.
-grsFindings :: Lens' GetFindingsResponse [Finding]
-grsFindings = lens _grsFindings (\ s a -> s{_grsFindings = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-grsResponseStatus :: Lens' GetFindingsResponse Int
-grsResponseStatus = lens _grsResponseStatus (\ s a -> s{_grsResponseStatus = a})
-
-instance NFData GetFindingsResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetFindingsStatistics.hs b/gen/Network/AWS/GuardDuty/GetFindingsStatistics.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetFindingsStatistics.hs
+++ /dev/null
@@ -1,157 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetFindingsStatistics
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists Amazon GuardDuty findings' statistics for the specified detector ID.
-module Network.AWS.GuardDuty.GetFindingsStatistics
-    (
-    -- * Creating a Request
-      getFindingsStatistics
-    , GetFindingsStatistics
-    -- * Request Lenses
-    , gfsFindingStatisticTypes
-    , gfsFindingCriteria
-    , gfsDetectorId
-
-    -- * Destructuring the Response
-    , getFindingsStatisticsResponse
-    , GetFindingsStatisticsResponse
-    -- * Response Lenses
-    , gfsrsFindingStatistics
-    , gfsrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | GetFindingsStatistics request body.
---
--- /See:/ 'getFindingsStatistics' smart constructor.
-data GetFindingsStatistics = GetFindingsStatistics'
-  { _gfsFindingStatisticTypes :: !(Maybe [FindingStatisticType])
-  , _gfsFindingCriteria       :: !(Maybe FindingCriteria)
-  , _gfsDetectorId            :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetFindingsStatistics' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gfsFindingStatisticTypes' - Types of finding statistics to retrieve.
---
--- * 'gfsFindingCriteria' - Represents the criteria used for querying findings.
---
--- * 'gfsDetectorId' - The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
-getFindingsStatistics
-    :: Text -- ^ 'gfsDetectorId'
-    -> GetFindingsStatistics
-getFindingsStatistics pDetectorId_ =
-  GetFindingsStatistics'
-    { _gfsFindingStatisticTypes = Nothing
-    , _gfsFindingCriteria = Nothing
-    , _gfsDetectorId = pDetectorId_
-    }
-
-
--- | Types of finding statistics to retrieve.
-gfsFindingStatisticTypes :: Lens' GetFindingsStatistics [FindingStatisticType]
-gfsFindingStatisticTypes = lens _gfsFindingStatisticTypes (\ s a -> s{_gfsFindingStatisticTypes = a}) . _Default . _Coerce
-
--- | Represents the criteria used for querying findings.
-gfsFindingCriteria :: Lens' GetFindingsStatistics (Maybe FindingCriteria)
-gfsFindingCriteria = lens _gfsFindingCriteria (\ s a -> s{_gfsFindingCriteria = a})
-
--- | The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.
-gfsDetectorId :: Lens' GetFindingsStatistics Text
-gfsDetectorId = lens _gfsDetectorId (\ s a -> s{_gfsDetectorId = a})
-
-instance AWSRequest GetFindingsStatistics where
-        type Rs GetFindingsStatistics =
-             GetFindingsStatisticsResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetFindingsStatisticsResponse' <$>
-                   (x .?> "findingStatistics") <*> (pure (fromEnum s)))
-
-instance Hashable GetFindingsStatistics where
-
-instance NFData GetFindingsStatistics where
-
-instance ToHeaders GetFindingsStatistics where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON GetFindingsStatistics where
-        toJSON GetFindingsStatistics'{..}
-          = object
-              (catMaybes
-                 [("findingStatisticTypes" .=) <$>
-                    _gfsFindingStatisticTypes,
-                  ("findingCriteria" .=) <$> _gfsFindingCriteria])
-
-instance ToPath GetFindingsStatistics where
-        toPath GetFindingsStatistics'{..}
-          = mconcat
-              ["/detector/", toBS _gfsDetectorId,
-               "/findings/statistics"]
-
-instance ToQuery GetFindingsStatistics where
-        toQuery = const mempty
-
--- | /See:/ 'getFindingsStatisticsResponse' smart constructor.
-data GetFindingsStatisticsResponse = GetFindingsStatisticsResponse'
-  { _gfsrsFindingStatistics :: !(Maybe FindingStatistics)
-  , _gfsrsResponseStatus    :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetFindingsStatisticsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gfsrsFindingStatistics' - Finding statistics object.
---
--- * 'gfsrsResponseStatus' - -- | The response status code.
-getFindingsStatisticsResponse
-    :: Int -- ^ 'gfsrsResponseStatus'
-    -> GetFindingsStatisticsResponse
-getFindingsStatisticsResponse pResponseStatus_ =
-  GetFindingsStatisticsResponse'
-    {_gfsrsFindingStatistics = Nothing, _gfsrsResponseStatus = pResponseStatus_}
-
-
--- | Finding statistics object.
-gfsrsFindingStatistics :: Lens' GetFindingsStatisticsResponse (Maybe FindingStatistics)
-gfsrsFindingStatistics = lens _gfsrsFindingStatistics (\ s a -> s{_gfsrsFindingStatistics = a})
-
--- | -- | The response status code.
-gfsrsResponseStatus :: Lens' GetFindingsStatisticsResponse Int
-gfsrsResponseStatus = lens _gfsrsResponseStatus (\ s a -> s{_gfsrsResponseStatus = a})
-
-instance NFData GetFindingsStatisticsResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetIPSet.hs b/gen/Network/AWS/GuardDuty/GetIPSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetIPSet.hs
+++ /dev/null
@@ -1,167 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetIPSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Retrieves the IPSet specified by the IPSet ID.
-module Network.AWS.GuardDuty.GetIPSet
-    (
-    -- * Creating a Request
-      getIPSet
-    , GetIPSet
-    -- * Request Lenses
-    , gisDetectorId
-    , gisIPSetId
-
-    -- * Destructuring the Response
-    , getIPSetResponse
-    , GetIPSetResponse
-    -- * Response Lenses
-    , gisrsStatus
-    , gisrsLocation
-    , gisrsFormat
-    , gisrsName
-    , gisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'getIPSet' smart constructor.
-data GetIPSet = GetIPSet'
-  { _gisDetectorId :: !Text
-  , _gisIPSetId    :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetIPSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gisDetectorId' - The detectorID that specifies the GuardDuty service whose IPSet you want to retrieve.
---
--- * 'gisIPSetId' - The unique ID that specifies the IPSet that you want to describe.
-getIPSet
-    :: Text -- ^ 'gisDetectorId'
-    -> Text -- ^ 'gisIPSetId'
-    -> GetIPSet
-getIPSet pDetectorId_ pIPSetId_ =
-  GetIPSet' {_gisDetectorId = pDetectorId_, _gisIPSetId = pIPSetId_}
-
-
--- | The detectorID that specifies the GuardDuty service whose IPSet you want to retrieve.
-gisDetectorId :: Lens' GetIPSet Text
-gisDetectorId = lens _gisDetectorId (\ s a -> s{_gisDetectorId = a})
-
--- | The unique ID that specifies the IPSet that you want to describe.
-gisIPSetId :: Lens' GetIPSet Text
-gisIPSetId = lens _gisIPSetId (\ s a -> s{_gisIPSetId = a})
-
-instance AWSRequest GetIPSet where
-        type Rs GetIPSet = GetIPSetResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetIPSetResponse' <$>
-                   (x .?> "status") <*> (x .?> "location") <*>
-                     (x .?> "format")
-                     <*> (x .?> "name")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable GetIPSet where
-
-instance NFData GetIPSet where
-
-instance ToHeaders GetIPSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath GetIPSet where
-        toPath GetIPSet'{..}
-          = mconcat
-              ["/detector/", toBS _gisDetectorId, "/ipset/",
-               toBS _gisIPSetId]
-
-instance ToQuery GetIPSet where
-        toQuery = const mempty
-
--- | /See:/ 'getIPSetResponse' smart constructor.
-data GetIPSetResponse = GetIPSetResponse'
-  { _gisrsStatus         :: !(Maybe IPSetStatus)
-  , _gisrsLocation       :: !(Maybe Text)
-  , _gisrsFormat         :: !(Maybe IPSetFormat)
-  , _gisrsName           :: !(Maybe Text)
-  , _gisrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetIPSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gisrsStatus' - The status of ipSet file uploaded.
---
--- * 'gisrsLocation' - The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
---
--- * 'gisrsFormat' - The format of the file that contains the IPSet.
---
--- * 'gisrsName' - The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
---
--- * 'gisrsResponseStatus' - -- | The response status code.
-getIPSetResponse
-    :: Int -- ^ 'gisrsResponseStatus'
-    -> GetIPSetResponse
-getIPSetResponse pResponseStatus_ =
-  GetIPSetResponse'
-    { _gisrsStatus = Nothing
-    , _gisrsLocation = Nothing
-    , _gisrsFormat = Nothing
-    , _gisrsName = Nothing
-    , _gisrsResponseStatus = pResponseStatus_
-    }
-
-
--- | The status of ipSet file uploaded.
-gisrsStatus :: Lens' GetIPSetResponse (Maybe IPSetStatus)
-gisrsStatus = lens _gisrsStatus (\ s a -> s{_gisrsStatus = a})
-
--- | The URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
-gisrsLocation :: Lens' GetIPSetResponse (Maybe Text)
-gisrsLocation = lens _gisrsLocation (\ s a -> s{_gisrsLocation = a})
-
--- | The format of the file that contains the IPSet.
-gisrsFormat :: Lens' GetIPSetResponse (Maybe IPSetFormat)
-gisrsFormat = lens _gisrsFormat (\ s a -> s{_gisrsFormat = a})
-
--- | The user friendly name to identify the IPSet. This name is displayed in all findings that are triggered by activity that involves IP addresses included in this IPSet.
-gisrsName :: Lens' GetIPSetResponse (Maybe Text)
-gisrsName = lens _gisrsName (\ s a -> s{_gisrsName = a})
-
--- | -- | The response status code.
-gisrsResponseStatus :: Lens' GetIPSetResponse Int
-gisrsResponseStatus = lens _gisrsResponseStatus (\ s a -> s{_gisrsResponseStatus = a})
-
-instance NFData GetIPSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetInvitationsCount.hs b/gen/Network/AWS/GuardDuty/GetInvitationsCount.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetInvitationsCount.hs
+++ /dev/null
@@ -1,113 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetInvitationsCount
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
-module Network.AWS.GuardDuty.GetInvitationsCount
-    (
-    -- * Creating a Request
-      getInvitationsCount
-    , GetInvitationsCount
-
-    -- * Destructuring the Response
-    , getInvitationsCountResponse
-    , GetInvitationsCountResponse
-    -- * Response Lenses
-    , gicrsInvitationsCount
-    , gicrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'getInvitationsCount' smart constructor.
-data GetInvitationsCount =
-  GetInvitationsCount'
-  deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetInvitationsCount' with the minimum fields required to make a request.
---
-getInvitationsCount
-    :: GetInvitationsCount
-getInvitationsCount = GetInvitationsCount'
-
-
-instance AWSRequest GetInvitationsCount where
-        type Rs GetInvitationsCount =
-             GetInvitationsCountResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetInvitationsCountResponse' <$>
-                   (x .?> "invitationsCount") <*> (pure (fromEnum s)))
-
-instance Hashable GetInvitationsCount where
-
-instance NFData GetInvitationsCount where
-
-instance ToHeaders GetInvitationsCount where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath GetInvitationsCount where
-        toPath = const "/invitation/count"
-
-instance ToQuery GetInvitationsCount where
-        toQuery = const mempty
-
--- | /See:/ 'getInvitationsCountResponse' smart constructor.
-data GetInvitationsCountResponse = GetInvitationsCountResponse'
-  { _gicrsInvitationsCount :: !(Maybe Int)
-  , _gicrsResponseStatus   :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetInvitationsCountResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gicrsInvitationsCount' - The number of received invitations.
---
--- * 'gicrsResponseStatus' - -- | The response status code.
-getInvitationsCountResponse
-    :: Int -- ^ 'gicrsResponseStatus'
-    -> GetInvitationsCountResponse
-getInvitationsCountResponse pResponseStatus_ =
-  GetInvitationsCountResponse'
-    {_gicrsInvitationsCount = Nothing, _gicrsResponseStatus = pResponseStatus_}
-
-
--- | The number of received invitations.
-gicrsInvitationsCount :: Lens' GetInvitationsCountResponse (Maybe Int)
-gicrsInvitationsCount = lens _gicrsInvitationsCount (\ s a -> s{_gicrsInvitationsCount = a})
-
--- | -- | The response status code.
-gicrsResponseStatus :: Lens' GetInvitationsCountResponse Int
-gicrsResponseStatus = lens _gicrsResponseStatus (\ s a -> s{_gicrsResponseStatus = a})
-
-instance NFData GetInvitationsCountResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetMasterAccount.hs b/gen/Network/AWS/GuardDuty/GetMasterAccount.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetMasterAccount.hs
+++ /dev/null
@@ -1,125 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetMasterAccount
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Provides the details for the GuardDuty master account to the current GuardDuty member account.
-module Network.AWS.GuardDuty.GetMasterAccount
-    (
-    -- * Creating a Request
-      getMasterAccount
-    , GetMasterAccount
-    -- * Request Lenses
-    , gmaDetectorId
-
-    -- * Destructuring the Response
-    , getMasterAccountResponse
-    , GetMasterAccountResponse
-    -- * Response Lenses
-    , gmarsMaster
-    , gmarsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'getMasterAccount' smart constructor.
-newtype GetMasterAccount = GetMasterAccount'
-  { _gmaDetectorId :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetMasterAccount' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gmaDetectorId' - The unique ID of the detector of the GuardDuty member account.
-getMasterAccount
-    :: Text -- ^ 'gmaDetectorId'
-    -> GetMasterAccount
-getMasterAccount pDetectorId_ =
-  GetMasterAccount' {_gmaDetectorId = pDetectorId_}
-
-
--- | The unique ID of the detector of the GuardDuty member account.
-gmaDetectorId :: Lens' GetMasterAccount Text
-gmaDetectorId = lens _gmaDetectorId (\ s a -> s{_gmaDetectorId = a})
-
-instance AWSRequest GetMasterAccount where
-        type Rs GetMasterAccount = GetMasterAccountResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetMasterAccountResponse' <$>
-                   (x .?> "master") <*> (pure (fromEnum s)))
-
-instance Hashable GetMasterAccount where
-
-instance NFData GetMasterAccount where
-
-instance ToHeaders GetMasterAccount where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath GetMasterAccount where
-        toPath GetMasterAccount'{..}
-          = mconcat
-              ["/detector/", toBS _gmaDetectorId, "/master"]
-
-instance ToQuery GetMasterAccount where
-        toQuery = const mempty
-
--- | /See:/ 'getMasterAccountResponse' smart constructor.
-data GetMasterAccountResponse = GetMasterAccountResponse'
-  { _gmarsMaster         :: !(Maybe Master)
-  , _gmarsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetMasterAccountResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gmarsMaster' - Undocumented member.
---
--- * 'gmarsResponseStatus' - -- | The response status code.
-getMasterAccountResponse
-    :: Int -- ^ 'gmarsResponseStatus'
-    -> GetMasterAccountResponse
-getMasterAccountResponse pResponseStatus_ =
-  GetMasterAccountResponse'
-    {_gmarsMaster = Nothing, _gmarsResponseStatus = pResponseStatus_}
-
-
--- | Undocumented member.
-gmarsMaster :: Lens' GetMasterAccountResponse (Maybe Master)
-gmarsMaster = lens _gmarsMaster (\ s a -> s{_gmarsMaster = a})
-
--- | -- | The response status code.
-gmarsResponseStatus :: Lens' GetMasterAccountResponse Int
-gmarsResponseStatus = lens _gmarsResponseStatus (\ s a -> s{_gmarsResponseStatus = a})
-
-instance NFData GetMasterAccountResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetMembers.hs b/gen/Network/AWS/GuardDuty/GetMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetMembers.hs
+++ /dev/null
@@ -1,153 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Retrieves GuardDuty member accounts (to the current GuardDuty master account) specified by the account IDs.
-module Network.AWS.GuardDuty.GetMembers
-    (
-    -- * Creating a Request
-      getMembers
-    , GetMembers
-    -- * Request Lenses
-    , gmAccountIds
-    , gmDetectorId
-
-    -- * Destructuring the Response
-    , getMembersResponse
-    , GetMembersResponse
-    -- * Response Lenses
-    , gmrsMembers
-    , gmrsUnprocessedAccounts
-    , gmrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | GetMembers request body.
---
--- /See:/ 'getMembers' smart constructor.
-data GetMembers = GetMembers'
-  { _gmAccountIds :: !(Maybe [Text])
-  , _gmDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gmAccountIds' - A list of account IDs of the GuardDuty member accounts that you want to describe.
---
--- * 'gmDetectorId' - The unique ID of the detector of the GuardDuty account whose members you want to retrieve.
-getMembers
-    :: Text -- ^ 'gmDetectorId'
-    -> GetMembers
-getMembers pDetectorId_ =
-  GetMembers' {_gmAccountIds = Nothing, _gmDetectorId = pDetectorId_}
-
-
--- | A list of account IDs of the GuardDuty member accounts that you want to describe.
-gmAccountIds :: Lens' GetMembers [Text]
-gmAccountIds = lens _gmAccountIds (\ s a -> s{_gmAccountIds = a}) . _Default . _Coerce
-
--- | The unique ID of the detector of the GuardDuty account whose members you want to retrieve.
-gmDetectorId :: Lens' GetMembers Text
-gmDetectorId = lens _gmDetectorId (\ s a -> s{_gmDetectorId = a})
-
-instance AWSRequest GetMembers where
-        type Rs GetMembers = GetMembersResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetMembersResponse' <$>
-                   (x .?> "members" .!@ mempty) <*>
-                     (x .?> "unprocessedAccounts" .!@ mempty)
-                     <*> (pure (fromEnum s)))
-
-instance Hashable GetMembers where
-
-instance NFData GetMembers where
-
-instance ToHeaders GetMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON GetMembers where
-        toJSON GetMembers'{..}
-          = object
-              (catMaybes [("accountIds" .=) <$> _gmAccountIds])
-
-instance ToPath GetMembers where
-        toPath GetMembers'{..}
-          = mconcat
-              ["/detector/", toBS _gmDetectorId, "/member/get"]
-
-instance ToQuery GetMembers where
-        toQuery = const mempty
-
--- | /See:/ 'getMembersResponse' smart constructor.
-data GetMembersResponse = GetMembersResponse'
-  { _gmrsMembers             :: !(Maybe [Member])
-  , _gmrsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _gmrsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gmrsMembers' - Undocumented member.
---
--- * 'gmrsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'gmrsResponseStatus' - -- | The response status code.
-getMembersResponse
-    :: Int -- ^ 'gmrsResponseStatus'
-    -> GetMembersResponse
-getMembersResponse pResponseStatus_ =
-  GetMembersResponse'
-    { _gmrsMembers = Nothing
-    , _gmrsUnprocessedAccounts = Nothing
-    , _gmrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-gmrsMembers :: Lens' GetMembersResponse [Member]
-gmrsMembers = lens _gmrsMembers (\ s a -> s{_gmrsMembers = a}) . _Default . _Coerce
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-gmrsUnprocessedAccounts :: Lens' GetMembersResponse [UnprocessedAccount]
-gmrsUnprocessedAccounts = lens _gmrsUnprocessedAccounts (\ s a -> s{_gmrsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-gmrsResponseStatus :: Lens' GetMembersResponse Int
-gmrsResponseStatus = lens _gmrsResponseStatus (\ s a -> s{_gmrsResponseStatus = a})
-
-instance NFData GetMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/GetThreatIntelSet.hs b/gen/Network/AWS/GuardDuty/GetThreatIntelSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/GetThreatIntelSet.hs
+++ /dev/null
@@ -1,168 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.GetThreatIntelSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
-module Network.AWS.GuardDuty.GetThreatIntelSet
-    (
-    -- * Creating a Request
-      getThreatIntelSet
-    , GetThreatIntelSet
-    -- * Request Lenses
-    , gtisThreatIntelSetId
-    , gtisDetectorId
-
-    -- * Destructuring the Response
-    , getThreatIntelSetResponse
-    , GetThreatIntelSetResponse
-    -- * Response Lenses
-    , gtisrsStatus
-    , gtisrsLocation
-    , gtisrsFormat
-    , gtisrsName
-    , gtisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'getThreatIntelSet' smart constructor.
-data GetThreatIntelSet = GetThreatIntelSet'
-  { _gtisThreatIntelSetId :: !Text
-  , _gtisDetectorId       :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetThreatIntelSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gtisThreatIntelSetId' - The unique ID that specifies the ThreatIntelSet that you want to describe.
---
--- * 'gtisDetectorId' - The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to describe.
-getThreatIntelSet
-    :: Text -- ^ 'gtisThreatIntelSetId'
-    -> Text -- ^ 'gtisDetectorId'
-    -> GetThreatIntelSet
-getThreatIntelSet pThreatIntelSetId_ pDetectorId_ =
-  GetThreatIntelSet'
-    {_gtisThreatIntelSetId = pThreatIntelSetId_, _gtisDetectorId = pDetectorId_}
-
-
--- | The unique ID that specifies the ThreatIntelSet that you want to describe.
-gtisThreatIntelSetId :: Lens' GetThreatIntelSet Text
-gtisThreatIntelSetId = lens _gtisThreatIntelSetId (\ s a -> s{_gtisThreatIntelSetId = a})
-
--- | The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to describe.
-gtisDetectorId :: Lens' GetThreatIntelSet Text
-gtisDetectorId = lens _gtisDetectorId (\ s a -> s{_gtisDetectorId = a})
-
-instance AWSRequest GetThreatIntelSet where
-        type Rs GetThreatIntelSet = GetThreatIntelSetResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetThreatIntelSetResponse' <$>
-                   (x .?> "status") <*> (x .?> "location") <*>
-                     (x .?> "format")
-                     <*> (x .?> "name")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable GetThreatIntelSet where
-
-instance NFData GetThreatIntelSet where
-
-instance ToHeaders GetThreatIntelSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath GetThreatIntelSet where
-        toPath GetThreatIntelSet'{..}
-          = mconcat
-              ["/detector/", toBS _gtisDetectorId,
-               "/threatintelset/", toBS _gtisThreatIntelSetId]
-
-instance ToQuery GetThreatIntelSet where
-        toQuery = const mempty
-
--- | /See:/ 'getThreatIntelSetResponse' smart constructor.
-data GetThreatIntelSetResponse = GetThreatIntelSetResponse'
-  { _gtisrsStatus         :: !(Maybe ThreatIntelSetStatus)
-  , _gtisrsLocation       :: !(Maybe Text)
-  , _gtisrsFormat         :: !(Maybe ThreatIntelSetFormat)
-  , _gtisrsName           :: !(Maybe Text)
-  , _gtisrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetThreatIntelSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gtisrsStatus' - The status of threatIntelSet file uploaded.
---
--- * 'gtisrsLocation' - The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
---
--- * 'gtisrsFormat' - The format of the threatIntelSet.
---
--- * 'gtisrsName' - A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
---
--- * 'gtisrsResponseStatus' - -- | The response status code.
-getThreatIntelSetResponse
-    :: Int -- ^ 'gtisrsResponseStatus'
-    -> GetThreatIntelSetResponse
-getThreatIntelSetResponse pResponseStatus_ =
-  GetThreatIntelSetResponse'
-    { _gtisrsStatus = Nothing
-    , _gtisrsLocation = Nothing
-    , _gtisrsFormat = Nothing
-    , _gtisrsName = Nothing
-    , _gtisrsResponseStatus = pResponseStatus_
-    }
-
-
--- | The status of threatIntelSet file uploaded.
-gtisrsStatus :: Lens' GetThreatIntelSetResponse (Maybe ThreatIntelSetStatus)
-gtisrsStatus = lens _gtisrsStatus (\ s a -> s{_gtisrsStatus = a})
-
--- | The URI of the file that contains the ThreatIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
-gtisrsLocation :: Lens' GetThreatIntelSetResponse (Maybe Text)
-gtisrsLocation = lens _gtisrsLocation (\ s a -> s{_gtisrsLocation = a})
-
--- | The format of the threatIntelSet.
-gtisrsFormat :: Lens' GetThreatIntelSetResponse (Maybe ThreatIntelSetFormat)
-gtisrsFormat = lens _gtisrsFormat (\ s a -> s{_gtisrsFormat = a})
-
--- | A user-friendly ThreatIntelSet name that is displayed in all finding generated by activity that involves IP addresses included in this ThreatIntelSet.
-gtisrsName :: Lens' GetThreatIntelSetResponse (Maybe Text)
-gtisrsName = lens _gtisrsName (\ s a -> s{_gtisrsName = a})
-
--- | -- | The response status code.
-gtisrsResponseStatus :: Lens' GetThreatIntelSetResponse Int
-gtisrsResponseStatus = lens _gtisrsResponseStatus (\ s a -> s{_gtisrsResponseStatus = a})
-
-instance NFData GetThreatIntelSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/InviteMembers.hs b/gen/Network/AWS/GuardDuty/InviteMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/InviteMembers.hs
+++ /dev/null
@@ -1,166 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.InviteMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty and allow the current AWS account to view and manage these accounts' GuardDuty findings on their behalf as the master account.
-module Network.AWS.GuardDuty.InviteMembers
-    (
-    -- * Creating a Request
-      inviteMembers
-    , InviteMembers
-    -- * Request Lenses
-    , imAccountIds
-    , imDisableEmailNotification
-    , imMessage
-    , imDetectorId
-
-    -- * Destructuring the Response
-    , inviteMembersResponse
-    , InviteMembersResponse
-    -- * Response Lenses
-    , imrsUnprocessedAccounts
-    , imrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | InviteMembers request body.
---
--- /See:/ 'inviteMembers' smart constructor.
-data InviteMembers = InviteMembers'
-  { _imAccountIds               :: !(Maybe [Text])
-  , _imDisableEmailNotification :: !(Maybe Bool)
-  , _imMessage                  :: !(Maybe Text)
-  , _imDetectorId               :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'InviteMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'imAccountIds' - A list of account IDs of the accounts that you want to invite to GuardDuty as members.
---
--- * 'imDisableEmailNotification' - A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.
---
--- * 'imMessage' - The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.
---
--- * 'imDetectorId' - The unique ID of the detector of the GuardDuty account with which you want to invite members.
-inviteMembers
-    :: Text -- ^ 'imDetectorId'
-    -> InviteMembers
-inviteMembers pDetectorId_ =
-  InviteMembers'
-    { _imAccountIds = Nothing
-    , _imDisableEmailNotification = Nothing
-    , _imMessage = Nothing
-    , _imDetectorId = pDetectorId_
-    }
-
-
--- | A list of account IDs of the accounts that you want to invite to GuardDuty as members.
-imAccountIds :: Lens' InviteMembers [Text]
-imAccountIds = lens _imAccountIds (\ s a -> s{_imAccountIds = a}) . _Default . _Coerce
-
--- | A boolean value that specifies whether you want to disable email notification to the accounts that you’re inviting to GuardDuty as members.
-imDisableEmailNotification :: Lens' InviteMembers (Maybe Bool)
-imDisableEmailNotification = lens _imDisableEmailNotification (\ s a -> s{_imDisableEmailNotification = a})
-
--- | The invitation message that you want to send to the accounts that you’re inviting to GuardDuty as members.
-imMessage :: Lens' InviteMembers (Maybe Text)
-imMessage = lens _imMessage (\ s a -> s{_imMessage = a})
-
--- | The unique ID of the detector of the GuardDuty account with which you want to invite members.
-imDetectorId :: Lens' InviteMembers Text
-imDetectorId = lens _imDetectorId (\ s a -> s{_imDetectorId = a})
-
-instance AWSRequest InviteMembers where
-        type Rs InviteMembers = InviteMembersResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 InviteMembersResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable InviteMembers where
-
-instance NFData InviteMembers where
-
-instance ToHeaders InviteMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON InviteMembers where
-        toJSON InviteMembers'{..}
-          = object
-              (catMaybes
-                 [("accountIds" .=) <$> _imAccountIds,
-                  ("disableEmailNotification" .=) <$>
-                    _imDisableEmailNotification,
-                  ("message" .=) <$> _imMessage])
-
-instance ToPath InviteMembers where
-        toPath InviteMembers'{..}
-          = mconcat
-              ["/detector/", toBS _imDetectorId, "/member/invite"]
-
-instance ToQuery InviteMembers where
-        toQuery = const mempty
-
--- | /See:/ 'inviteMembersResponse' smart constructor.
-data InviteMembersResponse = InviteMembersResponse'
-  { _imrsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _imrsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'InviteMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'imrsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'imrsResponseStatus' - -- | The response status code.
-inviteMembersResponse
-    :: Int -- ^ 'imrsResponseStatus'
-    -> InviteMembersResponse
-inviteMembersResponse pResponseStatus_ =
-  InviteMembersResponse'
-    {_imrsUnprocessedAccounts = Nothing, _imrsResponseStatus = pResponseStatus_}
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-imrsUnprocessedAccounts :: Lens' InviteMembersResponse [UnprocessedAccount]
-imrsUnprocessedAccounts = lens _imrsUnprocessedAccounts (\ s a -> s{_imrsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-imrsResponseStatus :: Lens' InviteMembersResponse Int
-imrsResponseStatus = lens _imrsResponseStatus (\ s a -> s{_imrsResponseStatus = a})
-
-instance NFData InviteMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/ListDetectors.hs b/gen/Network/AWS/GuardDuty/ListDetectors.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ListDetectors.hs
+++ /dev/null
@@ -1,155 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ListDetectors
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists detectorIds of all the existing Amazon GuardDuty detector resources.
---
--- This operation returns paginated results.
-module Network.AWS.GuardDuty.ListDetectors
-    (
-    -- * Creating a Request
-      listDetectors
-    , ListDetectors
-    -- * Request Lenses
-    , ldNextToken
-    , ldMaxResults
-
-    -- * Destructuring the Response
-    , listDetectorsResponse
-    , ListDetectorsResponse
-    -- * Response Lenses
-    , ldrsNextToken
-    , ldrsDetectorIds
-    , ldrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'listDetectors' smart constructor.
-data ListDetectors = ListDetectors'
-  { _ldNextToken  :: !(Maybe Text)
-  , _ldMaxResults :: !(Maybe Nat)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListDetectors' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ldNextToken' - You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListDetectors action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
---
--- * 'ldMaxResults' - You can use this parameter to indicate the maximum number of detectors that you want in the response.
-listDetectors
-    :: ListDetectors
-listDetectors = ListDetectors' {_ldNextToken = Nothing, _ldMaxResults = Nothing}
-
-
--- | You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListDetectors action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
-ldNextToken :: Lens' ListDetectors (Maybe Text)
-ldNextToken = lens _ldNextToken (\ s a -> s{_ldNextToken = a})
-
--- | You can use this parameter to indicate the maximum number of detectors that you want in the response.
-ldMaxResults :: Lens' ListDetectors (Maybe Natural)
-ldMaxResults = lens _ldMaxResults (\ s a -> s{_ldMaxResults = a}) . mapping _Nat
-
-instance AWSPager ListDetectors where
-        page rq rs
-          | stop (rs ^. ldrsNextToken) = Nothing
-          | stop (rs ^. ldrsDetectorIds) = Nothing
-          | otherwise =
-            Just $ rq & ldNextToken .~ rs ^. ldrsNextToken
-
-instance AWSRequest ListDetectors where
-        type Rs ListDetectors = ListDetectorsResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListDetectorsResponse' <$>
-                   (x .?> "nextToken") <*>
-                     (x .?> "detectorIds" .!@ mempty)
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListDetectors where
-
-instance NFData ListDetectors where
-
-instance ToHeaders ListDetectors where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath ListDetectors where
-        toPath = const "/detector"
-
-instance ToQuery ListDetectors where
-        toQuery ListDetectors'{..}
-          = mconcat
-              ["nextToken" =: _ldNextToken,
-               "maxResults" =: _ldMaxResults]
-
--- | /See:/ 'listDetectorsResponse' smart constructor.
-data ListDetectorsResponse = ListDetectorsResponse'
-  { _ldrsNextToken      :: !(Maybe Text)
-  , _ldrsDetectorIds    :: !(Maybe [Text])
-  , _ldrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListDetectorsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ldrsNextToken' - Undocumented member.
---
--- * 'ldrsDetectorIds' - Undocumented member.
---
--- * 'ldrsResponseStatus' - -- | The response status code.
-listDetectorsResponse
-    :: Int -- ^ 'ldrsResponseStatus'
-    -> ListDetectorsResponse
-listDetectorsResponse pResponseStatus_ =
-  ListDetectorsResponse'
-    { _ldrsNextToken = Nothing
-    , _ldrsDetectorIds = Nothing
-    , _ldrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-ldrsNextToken :: Lens' ListDetectorsResponse (Maybe Text)
-ldrsNextToken = lens _ldrsNextToken (\ s a -> s{_ldrsNextToken = a})
-
--- | Undocumented member.
-ldrsDetectorIds :: Lens' ListDetectorsResponse [Text]
-ldrsDetectorIds = lens _ldrsDetectorIds (\ s a -> s{_ldrsDetectorIds = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-ldrsResponseStatus :: Lens' ListDetectorsResponse Int
-ldrsResponseStatus = lens _ldrsResponseStatus (\ s a -> s{_ldrsResponseStatus = a})
-
-instance NFData ListDetectorsResponse where
diff --git a/gen/Network/AWS/GuardDuty/ListFilters.hs b/gen/Network/AWS/GuardDuty/ListFilters.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ListFilters.hs
+++ /dev/null
@@ -1,168 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ListFilters
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Returns a paginated list of the current filters.
---
--- This operation returns paginated results.
-module Network.AWS.GuardDuty.ListFilters
-    (
-    -- * Creating a Request
-      listFilters
-    , ListFilters
-    -- * Request Lenses
-    , lNextToken
-    , lMaxResults
-    , lDetectorId
-
-    -- * Destructuring the Response
-    , listFiltersResponse
-    , ListFiltersResponse
-    -- * Response Lenses
-    , lrsFilterNames
-    , lrsNextToken
-    , lrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'listFilters' smart constructor.
-data ListFilters = ListFilters'
-  { _lNextToken  :: !(Maybe Text)
-  , _lMaxResults :: !(Maybe Nat)
-  , _lDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListFilters' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lNextToken' - Paginates results. Set the value of this parameter to NULL on your first call to the ListFilters operation.For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
---
--- * 'lMaxResults' - Indicates the maximum number of items that you want in the response. The maximum value is 50.
---
--- * 'lDetectorId' - The ID of the detector that specifies the GuardDuty service where you want to list filters.
-listFilters
-    :: Text -- ^ 'lDetectorId'
-    -> ListFilters
-listFilters pDetectorId_ =
-  ListFilters'
-    {_lNextToken = Nothing, _lMaxResults = Nothing, _lDetectorId = pDetectorId_}
-
-
--- | Paginates results. Set the value of this parameter to NULL on your first call to the ListFilters operation.For subsequent calls to the operation, fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
-lNextToken :: Lens' ListFilters (Maybe Text)
-lNextToken = lens _lNextToken (\ s a -> s{_lNextToken = a})
-
--- | Indicates the maximum number of items that you want in the response. The maximum value is 50.
-lMaxResults :: Lens' ListFilters (Maybe Natural)
-lMaxResults = lens _lMaxResults (\ s a -> s{_lMaxResults = a}) . mapping _Nat
-
--- | The ID of the detector that specifies the GuardDuty service where you want to list filters.
-lDetectorId :: Lens' ListFilters Text
-lDetectorId = lens _lDetectorId (\ s a -> s{_lDetectorId = a})
-
-instance AWSPager ListFilters where
-        page rq rs
-          | stop (rs ^. lrsNextToken) = Nothing
-          | stop (rs ^. lrsFilterNames) = Nothing
-          | otherwise =
-            Just $ rq & lNextToken .~ rs ^. lrsNextToken
-
-instance AWSRequest ListFilters where
-        type Rs ListFilters = ListFiltersResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListFiltersResponse' <$>
-                   (x .?> "filterNames" .!@ mempty) <*>
-                     (x .?> "nextToken")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListFilters where
-
-instance NFData ListFilters where
-
-instance ToHeaders ListFilters where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath ListFilters where
-        toPath ListFilters'{..}
-          = mconcat
-              ["/detector/", toBS _lDetectorId, "/filter"]
-
-instance ToQuery ListFilters where
-        toQuery ListFilters'{..}
-          = mconcat
-              ["nextToken" =: _lNextToken,
-               "maxResults" =: _lMaxResults]
-
--- | /See:/ 'listFiltersResponse' smart constructor.
-data ListFiltersResponse = ListFiltersResponse'
-  { _lrsFilterNames    :: !(Maybe [Text])
-  , _lrsNextToken      :: !(Maybe Text)
-  , _lrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListFiltersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lrsFilterNames' - Undocumented member.
---
--- * 'lrsNextToken' - Undocumented member.
---
--- * 'lrsResponseStatus' - -- | The response status code.
-listFiltersResponse
-    :: Int -- ^ 'lrsResponseStatus'
-    -> ListFiltersResponse
-listFiltersResponse pResponseStatus_ =
-  ListFiltersResponse'
-    { _lrsFilterNames = Nothing
-    , _lrsNextToken = Nothing
-    , _lrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-lrsFilterNames :: Lens' ListFiltersResponse [Text]
-lrsFilterNames = lens _lrsFilterNames (\ s a -> s{_lrsFilterNames = a}) . _Default . _Coerce
-
--- | Undocumented member.
-lrsNextToken :: Lens' ListFiltersResponse (Maybe Text)
-lrsNextToken = lens _lrsNextToken (\ s a -> s{_lrsNextToken = a})
-
--- | -- | The response status code.
-lrsResponseStatus :: Lens' ListFiltersResponse Int
-lrsResponseStatus = lens _lrsResponseStatus (\ s a -> s{_lrsResponseStatus = a})
-
-instance NFData ListFiltersResponse where
diff --git a/gen/Network/AWS/GuardDuty/ListFindings.hs b/gen/Network/AWS/GuardDuty/ListFindings.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ListFindings.hs
+++ /dev/null
@@ -1,197 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ListFindings
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists Amazon GuardDuty findings for the specified detector ID.
---
--- This operation returns paginated results.
-module Network.AWS.GuardDuty.ListFindings
-    (
-    -- * Creating a Request
-      listFindings
-    , ListFindings
-    -- * Request Lenses
-    , lfFindingCriteria
-    , lfSortCriteria
-    , lfNextToken
-    , lfMaxResults
-    , lfDetectorId
-
-    -- * Destructuring the Response
-    , listFindingsResponse
-    , ListFindingsResponse
-    -- * Response Lenses
-    , lfrsFindingIds
-    , lfrsNextToken
-    , lfrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | ListFindings request body.
---
--- /See:/ 'listFindings' smart constructor.
-data ListFindings = ListFindings'
-  { _lfFindingCriteria :: !(Maybe FindingCriteria)
-  , _lfSortCriteria    :: !(Maybe SortCriteria)
-  , _lfNextToken       :: !(Maybe Text)
-  , _lfMaxResults      :: !(Maybe Nat)
-  , _lfDetectorId      :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListFindings' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lfFindingCriteria' - Represents the criteria used for querying findings.
---
--- * 'lfSortCriteria' - Represents the criteria used for sorting findings.
---
--- * 'lfNextToken' - You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListFindings action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
---
--- * 'lfMaxResults' - You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
---
--- * 'lfDetectorId' - The ID of the detector that specifies the GuardDuty service whose findings you want to list.
-listFindings
-    :: Text -- ^ 'lfDetectorId'
-    -> ListFindings
-listFindings pDetectorId_ =
-  ListFindings'
-    { _lfFindingCriteria = Nothing
-    , _lfSortCriteria = Nothing
-    , _lfNextToken = Nothing
-    , _lfMaxResults = Nothing
-    , _lfDetectorId = pDetectorId_
-    }
-
-
--- | Represents the criteria used for querying findings.
-lfFindingCriteria :: Lens' ListFindings (Maybe FindingCriteria)
-lfFindingCriteria = lens _lfFindingCriteria (\ s a -> s{_lfFindingCriteria = a})
-
--- | Represents the criteria used for sorting findings.
-lfSortCriteria :: Lens' ListFindings (Maybe SortCriteria)
-lfSortCriteria = lens _lfSortCriteria (\ s a -> s{_lfSortCriteria = a})
-
--- | You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListFindings action. For subsequent calls to the action fill nextToken in the request with the value of nextToken from the previous response to continue listing data.
-lfNextToken :: Lens' ListFindings (Maybe Text)
-lfNextToken = lens _lfNextToken (\ s a -> s{_lfNextToken = a})
-
--- | You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.
-lfMaxResults :: Lens' ListFindings (Maybe Natural)
-lfMaxResults = lens _lfMaxResults (\ s a -> s{_lfMaxResults = a}) . mapping _Nat
-
--- | The ID of the detector that specifies the GuardDuty service whose findings you want to list.
-lfDetectorId :: Lens' ListFindings Text
-lfDetectorId = lens _lfDetectorId (\ s a -> s{_lfDetectorId = a})
-
-instance AWSPager ListFindings where
-        page rq rs
-          | stop (rs ^. lfrsNextToken) = Nothing
-          | stop (rs ^. lfrsFindingIds) = Nothing
-          | otherwise =
-            Just $ rq & lfNextToken .~ rs ^. lfrsNextToken
-
-instance AWSRequest ListFindings where
-        type Rs ListFindings = ListFindingsResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListFindingsResponse' <$>
-                   (x .?> "findingIds" .!@ mempty) <*>
-                     (x .?> "nextToken")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListFindings where
-
-instance NFData ListFindings where
-
-instance ToHeaders ListFindings where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON ListFindings where
-        toJSON ListFindings'{..}
-          = object
-              (catMaybes
-                 [("findingCriteria" .=) <$> _lfFindingCriteria,
-                  ("sortCriteria" .=) <$> _lfSortCriteria,
-                  ("nextToken" .=) <$> _lfNextToken,
-                  ("maxResults" .=) <$> _lfMaxResults])
-
-instance ToPath ListFindings where
-        toPath ListFindings'{..}
-          = mconcat
-              ["/detector/", toBS _lfDetectorId, "/findings"]
-
-instance ToQuery ListFindings where
-        toQuery = const mempty
-
--- | /See:/ 'listFindingsResponse' smart constructor.
-data ListFindingsResponse = ListFindingsResponse'
-  { _lfrsFindingIds     :: !(Maybe [Text])
-  , _lfrsNextToken      :: !(Maybe Text)
-  , _lfrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListFindingsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lfrsFindingIds' - Undocumented member.
---
--- * 'lfrsNextToken' - Undocumented member.
---
--- * 'lfrsResponseStatus' - -- | The response status code.
-listFindingsResponse
-    :: Int -- ^ 'lfrsResponseStatus'
-    -> ListFindingsResponse
-listFindingsResponse pResponseStatus_ =
-  ListFindingsResponse'
-    { _lfrsFindingIds = Nothing
-    , _lfrsNextToken = Nothing
-    , _lfrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-lfrsFindingIds :: Lens' ListFindingsResponse [Text]
-lfrsFindingIds = lens _lfrsFindingIds (\ s a -> s{_lfrsFindingIds = a}) . _Default . _Coerce
-
--- | Undocumented member.
-lfrsNextToken :: Lens' ListFindingsResponse (Maybe Text)
-lfrsNextToken = lens _lfrsNextToken (\ s a -> s{_lfrsNextToken = a})
-
--- | -- | The response status code.
-lfrsResponseStatus :: Lens' ListFindingsResponse Int
-lfrsResponseStatus = lens _lfrsResponseStatus (\ s a -> s{_lfrsResponseStatus = a})
-
-instance NFData ListFindingsResponse where
diff --git a/gen/Network/AWS/GuardDuty/ListIPSets.hs b/gen/Network/AWS/GuardDuty/ListIPSets.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ListIPSets.hs
+++ /dev/null
@@ -1,170 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ListIPSets
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists the IPSets of the GuardDuty service specified by the detector ID.
---
--- This operation returns paginated results.
-module Network.AWS.GuardDuty.ListIPSets
-    (
-    -- * Creating a Request
-      listIPSets
-    , ListIPSets
-    -- * Request Lenses
-    , lisNextToken
-    , lisMaxResults
-    , lisDetectorId
-
-    -- * Destructuring the Response
-    , listIPSetsResponse
-    , ListIPSetsResponse
-    -- * Response Lenses
-    , lisrsNextToken
-    , lisrsIPSetIds
-    , lisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'listIPSets' smart constructor.
-data ListIPSets = ListIPSets'
-  { _lisNextToken  :: !(Maybe Text)
-  , _lisMaxResults :: !(Maybe Nat)
-  , _lisDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListIPSets' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lisNextToken' - You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListIPSet action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
---
--- * 'lisMaxResults' - You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 7. The maximum value is 7.
---
--- * 'lisDetectorId' - The unique ID of the detector that you want to retrieve.
-listIPSets
-    :: Text -- ^ 'lisDetectorId'
-    -> ListIPSets
-listIPSets pDetectorId_ =
-  ListIPSets'
-    { _lisNextToken = Nothing
-    , _lisMaxResults = Nothing
-    , _lisDetectorId = pDetectorId_
-    }
-
-
--- | You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListIPSet action. For subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
-lisNextToken :: Lens' ListIPSets (Maybe Text)
-lisNextToken = lens _lisNextToken (\ s a -> s{_lisNextToken = a})
-
--- | You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 7. The maximum value is 7.
-lisMaxResults :: Lens' ListIPSets (Maybe Natural)
-lisMaxResults = lens _lisMaxResults (\ s a -> s{_lisMaxResults = a}) . mapping _Nat
-
--- | The unique ID of the detector that you want to retrieve.
-lisDetectorId :: Lens' ListIPSets Text
-lisDetectorId = lens _lisDetectorId (\ s a -> s{_lisDetectorId = a})
-
-instance AWSPager ListIPSets where
-        page rq rs
-          | stop (rs ^. lisrsNextToken) = Nothing
-          | stop (rs ^. lisrsIPSetIds) = Nothing
-          | otherwise =
-            Just $ rq & lisNextToken .~ rs ^. lisrsNextToken
-
-instance AWSRequest ListIPSets where
-        type Rs ListIPSets = ListIPSetsResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListIPSetsResponse' <$>
-                   (x .?> "nextToken") <*> (x .?> "ipSetIds" .!@ mempty)
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListIPSets where
-
-instance NFData ListIPSets where
-
-instance ToHeaders ListIPSets where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath ListIPSets where
-        toPath ListIPSets'{..}
-          = mconcat
-              ["/detector/", toBS _lisDetectorId, "/ipset"]
-
-instance ToQuery ListIPSets where
-        toQuery ListIPSets'{..}
-          = mconcat
-              ["nextToken" =: _lisNextToken,
-               "maxResults" =: _lisMaxResults]
-
--- | /See:/ 'listIPSetsResponse' smart constructor.
-data ListIPSetsResponse = ListIPSetsResponse'
-  { _lisrsNextToken      :: !(Maybe Text)
-  , _lisrsIPSetIds       :: !(Maybe [Text])
-  , _lisrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListIPSetsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lisrsNextToken' - Undocumented member.
---
--- * 'lisrsIPSetIds' - Undocumented member.
---
--- * 'lisrsResponseStatus' - -- | The response status code.
-listIPSetsResponse
-    :: Int -- ^ 'lisrsResponseStatus'
-    -> ListIPSetsResponse
-listIPSetsResponse pResponseStatus_ =
-  ListIPSetsResponse'
-    { _lisrsNextToken = Nothing
-    , _lisrsIPSetIds = Nothing
-    , _lisrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-lisrsNextToken :: Lens' ListIPSetsResponse (Maybe Text)
-lisrsNextToken = lens _lisrsNextToken (\ s a -> s{_lisrsNextToken = a})
-
--- | Undocumented member.
-lisrsIPSetIds :: Lens' ListIPSetsResponse [Text]
-lisrsIPSetIds = lens _lisrsIPSetIds (\ s a -> s{_lisrsIPSetIds = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-lisrsResponseStatus :: Lens' ListIPSetsResponse Int
-lisrsResponseStatus = lens _lisrsResponseStatus (\ s a -> s{_lisrsResponseStatus = a})
-
-instance NFData ListIPSetsResponse where
diff --git a/gen/Network/AWS/GuardDuty/ListInvitations.hs b/gen/Network/AWS/GuardDuty/ListInvitations.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ListInvitations.hs
+++ /dev/null
@@ -1,156 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ListInvitations
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists all GuardDuty membership invitations that were sent to the current AWS account.
---
--- This operation returns paginated results.
-module Network.AWS.GuardDuty.ListInvitations
-    (
-    -- * Creating a Request
-      listInvitations
-    , ListInvitations
-    -- * Request Lenses
-    , liNextToken
-    , liMaxResults
-
-    -- * Destructuring the Response
-    , listInvitationsResponse
-    , ListInvitationsResponse
-    -- * Response Lenses
-    , lirsInvitations
-    , lirsNextToken
-    , lirsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'listInvitations' smart constructor.
-data ListInvitations = ListInvitations'
-  { _liNextToken  :: !(Maybe Text)
-  , _liMaxResults :: !(Maybe Nat)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListInvitations' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'liNextToken' - You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListInvitations action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
---
--- * 'liMaxResults' - You can use this parameter to indicate the maximum number of invitations you want in the response. The default value is 50. The maximum value is 50.
-listInvitations
-    :: ListInvitations
-listInvitations =
-  ListInvitations' {_liNextToken = Nothing, _liMaxResults = Nothing}
-
-
--- | You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListInvitations action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
-liNextToken :: Lens' ListInvitations (Maybe Text)
-liNextToken = lens _liNextToken (\ s a -> s{_liNextToken = a})
-
--- | You can use this parameter to indicate the maximum number of invitations you want in the response. The default value is 50. The maximum value is 50.
-liMaxResults :: Lens' ListInvitations (Maybe Natural)
-liMaxResults = lens _liMaxResults (\ s a -> s{_liMaxResults = a}) . mapping _Nat
-
-instance AWSPager ListInvitations where
-        page rq rs
-          | stop (rs ^. lirsNextToken) = Nothing
-          | stop (rs ^. lirsInvitations) = Nothing
-          | otherwise =
-            Just $ rq & liNextToken .~ rs ^. lirsNextToken
-
-instance AWSRequest ListInvitations where
-        type Rs ListInvitations = ListInvitationsResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListInvitationsResponse' <$>
-                   (x .?> "invitations" .!@ mempty) <*>
-                     (x .?> "nextToken")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListInvitations where
-
-instance NFData ListInvitations where
-
-instance ToHeaders ListInvitations where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath ListInvitations where
-        toPath = const "/invitation"
-
-instance ToQuery ListInvitations where
-        toQuery ListInvitations'{..}
-          = mconcat
-              ["nextToken" =: _liNextToken,
-               "maxResults" =: _liMaxResults]
-
--- | /See:/ 'listInvitationsResponse' smart constructor.
-data ListInvitationsResponse = ListInvitationsResponse'
-  { _lirsInvitations    :: !(Maybe [Invitation])
-  , _lirsNextToken      :: !(Maybe Text)
-  , _lirsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListInvitationsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lirsInvitations' - Undocumented member.
---
--- * 'lirsNextToken' - Undocumented member.
---
--- * 'lirsResponseStatus' - -- | The response status code.
-listInvitationsResponse
-    :: Int -- ^ 'lirsResponseStatus'
-    -> ListInvitationsResponse
-listInvitationsResponse pResponseStatus_ =
-  ListInvitationsResponse'
-    { _lirsInvitations = Nothing
-    , _lirsNextToken = Nothing
-    , _lirsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-lirsInvitations :: Lens' ListInvitationsResponse [Invitation]
-lirsInvitations = lens _lirsInvitations (\ s a -> s{_lirsInvitations = a}) . _Default . _Coerce
-
--- | Undocumented member.
-lirsNextToken :: Lens' ListInvitationsResponse (Maybe Text)
-lirsNextToken = lens _lirsNextToken (\ s a -> s{_lirsNextToken = a})
-
--- | -- | The response status code.
-lirsResponseStatus :: Lens' ListInvitationsResponse Int
-lirsResponseStatus = lens _lirsResponseStatus (\ s a -> s{_lirsResponseStatus = a})
-
-instance NFData ListInvitationsResponse where
diff --git a/gen/Network/AWS/GuardDuty/ListMembers.hs b/gen/Network/AWS/GuardDuty/ListMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ListMembers.hs
+++ /dev/null
@@ -1,180 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ListMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists details about all member accounts for the current GuardDuty master account.
---
--- This operation returns paginated results.
-module Network.AWS.GuardDuty.ListMembers
-    (
-    -- * Creating a Request
-      listMembers
-    , ListMembers
-    -- * Request Lenses
-    , lmOnlyAssociated
-    , lmNextToken
-    , lmMaxResults
-    , lmDetectorId
-
-    -- * Destructuring the Response
-    , listMembersResponse
-    , ListMembersResponse
-    -- * Response Lenses
-    , lmrsMembers
-    , lmrsNextToken
-    , lmrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'listMembers' smart constructor.
-data ListMembers = ListMembers'
-  { _lmOnlyAssociated :: !(Maybe Text)
-  , _lmNextToken      :: !(Maybe Text)
-  , _lmMaxResults     :: !(Maybe Nat)
-  , _lmDetectorId     :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lmOnlyAssociated' - Specifies what member accounts the response is to include based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response will include member accounts whose relationship status with the master is set to Enabled, Disabled. If onlyAssociated is set to FALSE, the response will include all existing member accounts.
---
--- * 'lmNextToken' - You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListMembers action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
---
--- * 'lmMaxResults' - You can use this parameter to indicate the maximum number of items you want in the response. The default value is 1. The maximum value is 50.
---
--- * 'lmDetectorId' - The unique ID of the detector of the GuardDuty account whose members you want to list.
-listMembers
-    :: Text -- ^ 'lmDetectorId'
-    -> ListMembers
-listMembers pDetectorId_ =
-  ListMembers'
-    { _lmOnlyAssociated = Nothing
-    , _lmNextToken = Nothing
-    , _lmMaxResults = Nothing
-    , _lmDetectorId = pDetectorId_
-    }
-
-
--- | Specifies what member accounts the response is to include based on their relationship status with the master account. The default value is TRUE. If onlyAssociated is set to TRUE, the response will include member accounts whose relationship status with the master is set to Enabled, Disabled. If onlyAssociated is set to FALSE, the response will include all existing member accounts.
-lmOnlyAssociated :: Lens' ListMembers (Maybe Text)
-lmOnlyAssociated = lens _lmOnlyAssociated (\ s a -> s{_lmOnlyAssociated = a})
-
--- | You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the ListMembers action. Subsequent calls to the action fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
-lmNextToken :: Lens' ListMembers (Maybe Text)
-lmNextToken = lens _lmNextToken (\ s a -> s{_lmNextToken = a})
-
--- | You can use this parameter to indicate the maximum number of items you want in the response. The default value is 1. The maximum value is 50.
-lmMaxResults :: Lens' ListMembers (Maybe Natural)
-lmMaxResults = lens _lmMaxResults (\ s a -> s{_lmMaxResults = a}) . mapping _Nat
-
--- | The unique ID of the detector of the GuardDuty account whose members you want to list.
-lmDetectorId :: Lens' ListMembers Text
-lmDetectorId = lens _lmDetectorId (\ s a -> s{_lmDetectorId = a})
-
-instance AWSPager ListMembers where
-        page rq rs
-          | stop (rs ^. lmrsNextToken) = Nothing
-          | stop (rs ^. lmrsMembers) = Nothing
-          | otherwise =
-            Just $ rq & lmNextToken .~ rs ^. lmrsNextToken
-
-instance AWSRequest ListMembers where
-        type Rs ListMembers = ListMembersResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListMembersResponse' <$>
-                   (x .?> "members" .!@ mempty) <*> (x .?> "nextToken")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListMembers where
-
-instance NFData ListMembers where
-
-instance ToHeaders ListMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath ListMembers where
-        toPath ListMembers'{..}
-          = mconcat
-              ["/detector/", toBS _lmDetectorId, "/member"]
-
-instance ToQuery ListMembers where
-        toQuery ListMembers'{..}
-          = mconcat
-              ["onlyAssociated" =: _lmOnlyAssociated,
-               "nextToken" =: _lmNextToken,
-               "maxResults" =: _lmMaxResults]
-
--- | /See:/ 'listMembersResponse' smart constructor.
-data ListMembersResponse = ListMembersResponse'
-  { _lmrsMembers        :: !(Maybe [Member])
-  , _lmrsNextToken      :: !(Maybe Text)
-  , _lmrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lmrsMembers' - Undocumented member.
---
--- * 'lmrsNextToken' - Undocumented member.
---
--- * 'lmrsResponseStatus' - -- | The response status code.
-listMembersResponse
-    :: Int -- ^ 'lmrsResponseStatus'
-    -> ListMembersResponse
-listMembersResponse pResponseStatus_ =
-  ListMembersResponse'
-    { _lmrsMembers = Nothing
-    , _lmrsNextToken = Nothing
-    , _lmrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-lmrsMembers :: Lens' ListMembersResponse [Member]
-lmrsMembers = lens _lmrsMembers (\ s a -> s{_lmrsMembers = a}) . _Default . _Coerce
-
--- | Undocumented member.
-lmrsNextToken :: Lens' ListMembersResponse (Maybe Text)
-lmrsNextToken = lens _lmrsNextToken (\ s a -> s{_lmrsNextToken = a})
-
--- | -- | The response status code.
-lmrsResponseStatus :: Lens' ListMembersResponse Int
-lmrsResponseStatus = lens _lmrsResponseStatus (\ s a -> s{_lmrsResponseStatus = a})
-
-instance NFData ListMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/ListThreatIntelSets.hs b/gen/Network/AWS/GuardDuty/ListThreatIntelSets.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/ListThreatIntelSets.hs
+++ /dev/null
@@ -1,173 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.ListThreatIntelSets
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID.
---
--- This operation returns paginated results.
-module Network.AWS.GuardDuty.ListThreatIntelSets
-    (
-    -- * Creating a Request
-      listThreatIntelSets
-    , ListThreatIntelSets
-    -- * Request Lenses
-    , ltisNextToken
-    , ltisMaxResults
-    , ltisDetectorId
-
-    -- * Destructuring the Response
-    , listThreatIntelSetsResponse
-    , ListThreatIntelSetsResponse
-    -- * Response Lenses
-    , ltisrsThreatIntelSetIds
-    , ltisrsNextToken
-    , ltisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | /See:/ 'listThreatIntelSets' smart constructor.
-data ListThreatIntelSets = ListThreatIntelSets'
-  { _ltisNextToken  :: !(Maybe Text)
-  , _ltisMaxResults :: !(Maybe Nat)
-  , _ltisDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListThreatIntelSets' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ltisNextToken' - Pagination token to start retrieving threat intel sets from.
---
--- * 'ltisMaxResults' - You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 7. The maximum value is 7.
---
--- * 'ltisDetectorId' - The detectorID that specifies the GuardDuty service whose ThreatIntelSets you want to list.
-listThreatIntelSets
-    :: Text -- ^ 'ltisDetectorId'
-    -> ListThreatIntelSets
-listThreatIntelSets pDetectorId_ =
-  ListThreatIntelSets'
-    { _ltisNextToken = Nothing
-    , _ltisMaxResults = Nothing
-    , _ltisDetectorId = pDetectorId_
-    }
-
-
--- | Pagination token to start retrieving threat intel sets from.
-ltisNextToken :: Lens' ListThreatIntelSets (Maybe Text)
-ltisNextToken = lens _ltisNextToken (\ s a -> s{_ltisNextToken = a})
-
--- | You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 7. The maximum value is 7.
-ltisMaxResults :: Lens' ListThreatIntelSets (Maybe Natural)
-ltisMaxResults = lens _ltisMaxResults (\ s a -> s{_ltisMaxResults = a}) . mapping _Nat
-
--- | The detectorID that specifies the GuardDuty service whose ThreatIntelSets you want to list.
-ltisDetectorId :: Lens' ListThreatIntelSets Text
-ltisDetectorId = lens _ltisDetectorId (\ s a -> s{_ltisDetectorId = a})
-
-instance AWSPager ListThreatIntelSets where
-        page rq rs
-          | stop (rs ^. ltisrsNextToken) = Nothing
-          | stop (rs ^. ltisrsThreatIntelSetIds) = Nothing
-          | otherwise =
-            Just $ rq & ltisNextToken .~ rs ^. ltisrsNextToken
-
-instance AWSRequest ListThreatIntelSets where
-        type Rs ListThreatIntelSets =
-             ListThreatIntelSetsResponse
-        request = get guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListThreatIntelSetsResponse' <$>
-                   (x .?> "threatIntelSetIds" .!@ mempty) <*>
-                     (x .?> "nextToken")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListThreatIntelSets where
-
-instance NFData ListThreatIntelSets where
-
-instance ToHeaders ListThreatIntelSets where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToPath ListThreatIntelSets where
-        toPath ListThreatIntelSets'{..}
-          = mconcat
-              ["/detector/", toBS _ltisDetectorId,
-               "/threatintelset"]
-
-instance ToQuery ListThreatIntelSets where
-        toQuery ListThreatIntelSets'{..}
-          = mconcat
-              ["nextToken" =: _ltisNextToken,
-               "maxResults" =: _ltisMaxResults]
-
--- | /See:/ 'listThreatIntelSetsResponse' smart constructor.
-data ListThreatIntelSetsResponse = ListThreatIntelSetsResponse'
-  { _ltisrsThreatIntelSetIds :: !(Maybe [Text])
-  , _ltisrsNextToken         :: !(Maybe Text)
-  , _ltisrsResponseStatus    :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListThreatIntelSetsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ltisrsThreatIntelSetIds' - Undocumented member.
---
--- * 'ltisrsNextToken' - Undocumented member.
---
--- * 'ltisrsResponseStatus' - -- | The response status code.
-listThreatIntelSetsResponse
-    :: Int -- ^ 'ltisrsResponseStatus'
-    -> ListThreatIntelSetsResponse
-listThreatIntelSetsResponse pResponseStatus_ =
-  ListThreatIntelSetsResponse'
-    { _ltisrsThreatIntelSetIds = Nothing
-    , _ltisrsNextToken = Nothing
-    , _ltisrsResponseStatus = pResponseStatus_
-    }
-
-
--- | Undocumented member.
-ltisrsThreatIntelSetIds :: Lens' ListThreatIntelSetsResponse [Text]
-ltisrsThreatIntelSetIds = lens _ltisrsThreatIntelSetIds (\ s a -> s{_ltisrsThreatIntelSetIds = a}) . _Default . _Coerce
-
--- | Undocumented member.
-ltisrsNextToken :: Lens' ListThreatIntelSetsResponse (Maybe Text)
-ltisrsNextToken = lens _ltisrsNextToken (\ s a -> s{_ltisrsNextToken = a})
-
--- | -- | The response status code.
-ltisrsResponseStatus :: Lens' ListThreatIntelSetsResponse Int
-ltisrsResponseStatus = lens _ltisrsResponseStatus (\ s a -> s{_ltisrsResponseStatus = a})
-
-instance NFData ListThreatIntelSetsResponse where
diff --git a/gen/Network/AWS/GuardDuty/StartMonitoringMembers.hs b/gen/Network/AWS/GuardDuty/StartMonitoringMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/StartMonitoringMembers.hs
+++ /dev/null
@@ -1,142 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.StartMonitoringMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Re-enables GuardDuty to monitor findings of the member accounts specified by the account IDs. A master GuardDuty account can run this command after disabling GuardDuty from monitoring these members' findings by running StopMonitoringMembers.
-module Network.AWS.GuardDuty.StartMonitoringMembers
-    (
-    -- * Creating a Request
-      startMonitoringMembers
-    , StartMonitoringMembers
-    -- * Request Lenses
-    , sAccountIds
-    , sDetectorId
-
-    -- * Destructuring the Response
-    , startMonitoringMembersResponse
-    , StartMonitoringMembersResponse
-    -- * Response Lenses
-    , srsUnprocessedAccounts
-    , srsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | StartMonitoringMembers request body.
---
--- /See:/ 'startMonitoringMembers' smart constructor.
-data StartMonitoringMembers = StartMonitoringMembers'
-  { _sAccountIds :: !(Maybe [Text])
-  , _sDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'StartMonitoringMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'sAccountIds' - A list of account IDs of the GuardDuty member accounts whose findings you want the master account to monitor.
---
--- * 'sDetectorId' - The unique ID of the detector of the GuardDuty account whom you want to re-enable to monitor members' findings.
-startMonitoringMembers
-    :: Text -- ^ 'sDetectorId'
-    -> StartMonitoringMembers
-startMonitoringMembers pDetectorId_ =
-  StartMonitoringMembers' {_sAccountIds = Nothing, _sDetectorId = pDetectorId_}
-
-
--- | A list of account IDs of the GuardDuty member accounts whose findings you want the master account to monitor.
-sAccountIds :: Lens' StartMonitoringMembers [Text]
-sAccountIds = lens _sAccountIds (\ s a -> s{_sAccountIds = a}) . _Default . _Coerce
-
--- | The unique ID of the detector of the GuardDuty account whom you want to re-enable to monitor members' findings.
-sDetectorId :: Lens' StartMonitoringMembers Text
-sDetectorId = lens _sDetectorId (\ s a -> s{_sDetectorId = a})
-
-instance AWSRequest StartMonitoringMembers where
-        type Rs StartMonitoringMembers =
-             StartMonitoringMembersResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 StartMonitoringMembersResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable StartMonitoringMembers where
-
-instance NFData StartMonitoringMembers where
-
-instance ToHeaders StartMonitoringMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON StartMonitoringMembers where
-        toJSON StartMonitoringMembers'{..}
-          = object
-              (catMaybes [("accountIds" .=) <$> _sAccountIds])
-
-instance ToPath StartMonitoringMembers where
-        toPath StartMonitoringMembers'{..}
-          = mconcat
-              ["/detector/", toBS _sDetectorId, "/member/start"]
-
-instance ToQuery StartMonitoringMembers where
-        toQuery = const mempty
-
--- | /See:/ 'startMonitoringMembersResponse' smart constructor.
-data StartMonitoringMembersResponse = StartMonitoringMembersResponse'
-  { _srsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _srsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'StartMonitoringMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'srsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'srsResponseStatus' - -- | The response status code.
-startMonitoringMembersResponse
-    :: Int -- ^ 'srsResponseStatus'
-    -> StartMonitoringMembersResponse
-startMonitoringMembersResponse pResponseStatus_ =
-  StartMonitoringMembersResponse'
-    {_srsUnprocessedAccounts = Nothing, _srsResponseStatus = pResponseStatus_}
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-srsUnprocessedAccounts :: Lens' StartMonitoringMembersResponse [UnprocessedAccount]
-srsUnprocessedAccounts = lens _srsUnprocessedAccounts (\ s a -> s{_srsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-srsResponseStatus :: Lens' StartMonitoringMembersResponse Int
-srsResponseStatus = lens _srsResponseStatus (\ s a -> s{_srsResponseStatus = a})
-
-instance NFData StartMonitoringMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/StopMonitoringMembers.hs b/gen/Network/AWS/GuardDuty/StopMonitoringMembers.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/StopMonitoringMembers.hs
+++ /dev/null
@@ -1,145 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.StopMonitoringMembers
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Disables GuardDuty from monitoring findings of the member accounts specified by the account IDs. After running this command, a master GuardDuty account can run StartMonitoringMembers to re-enable GuardDuty to monitor these members’ findings.
-module Network.AWS.GuardDuty.StopMonitoringMembers
-    (
-    -- * Creating a Request
-      stopMonitoringMembers
-    , StopMonitoringMembers
-    -- * Request Lenses
-    , smmAccountIds
-    , smmDetectorId
-
-    -- * Destructuring the Response
-    , stopMonitoringMembersResponse
-    , StopMonitoringMembersResponse
-    -- * Response Lenses
-    , smmrsUnprocessedAccounts
-    , smmrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | StopMonitoringMembers request body.
---
--- /See:/ 'stopMonitoringMembers' smart constructor.
-data StopMonitoringMembers = StopMonitoringMembers'
-  { _smmAccountIds :: !(Maybe [Text])
-  , _smmDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'StopMonitoringMembers' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'smmAccountIds' - A list of account IDs of the GuardDuty member accounts whose findings you want the master account to stop monitoring.
---
--- * 'smmDetectorId' - The unique ID of the detector of the GuardDuty account that you want to stop from monitor members' findings.
-stopMonitoringMembers
-    :: Text -- ^ 'smmDetectorId'
-    -> StopMonitoringMembers
-stopMonitoringMembers pDetectorId_ =
-  StopMonitoringMembers'
-    {_smmAccountIds = Nothing, _smmDetectorId = pDetectorId_}
-
-
--- | A list of account IDs of the GuardDuty member accounts whose findings you want the master account to stop monitoring.
-smmAccountIds :: Lens' StopMonitoringMembers [Text]
-smmAccountIds = lens _smmAccountIds (\ s a -> s{_smmAccountIds = a}) . _Default . _Coerce
-
--- | The unique ID of the detector of the GuardDuty account that you want to stop from monitor members' findings.
-smmDetectorId :: Lens' StopMonitoringMembers Text
-smmDetectorId = lens _smmDetectorId (\ s a -> s{_smmDetectorId = a})
-
-instance AWSRequest StopMonitoringMembers where
-        type Rs StopMonitoringMembers =
-             StopMonitoringMembersResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 StopMonitoringMembersResponse' <$>
-                   (x .?> "unprocessedAccounts" .!@ mempty) <*>
-                     (pure (fromEnum s)))
-
-instance Hashable StopMonitoringMembers where
-
-instance NFData StopMonitoringMembers where
-
-instance ToHeaders StopMonitoringMembers where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON StopMonitoringMembers where
-        toJSON StopMonitoringMembers'{..}
-          = object
-              (catMaybes [("accountIds" .=) <$> _smmAccountIds])
-
-instance ToPath StopMonitoringMembers where
-        toPath StopMonitoringMembers'{..}
-          = mconcat
-              ["/detector/", toBS _smmDetectorId, "/member/stop"]
-
-instance ToQuery StopMonitoringMembers where
-        toQuery = const mempty
-
--- | /See:/ 'stopMonitoringMembersResponse' smart constructor.
-data StopMonitoringMembersResponse = StopMonitoringMembersResponse'
-  { _smmrsUnprocessedAccounts :: !(Maybe [UnprocessedAccount])
-  , _smmrsResponseStatus      :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'StopMonitoringMembersResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'smmrsUnprocessedAccounts' - A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- * 'smmrsResponseStatus' - -- | The response status code.
-stopMonitoringMembersResponse
-    :: Int -- ^ 'smmrsResponseStatus'
-    -> StopMonitoringMembersResponse
-stopMonitoringMembersResponse pResponseStatus_ =
-  StopMonitoringMembersResponse'
-    { _smmrsUnprocessedAccounts = Nothing
-    , _smmrsResponseStatus = pResponseStatus_
-    }
-
-
--- | A list of objects containing the unprocessed account and a result string explaining why it was unprocessed.
-smmrsUnprocessedAccounts :: Lens' StopMonitoringMembersResponse [UnprocessedAccount]
-smmrsUnprocessedAccounts = lens _smmrsUnprocessedAccounts (\ s a -> s{_smmrsUnprocessedAccounts = a}) . _Default . _Coerce
-
--- | -- | The response status code.
-smmrsResponseStatus :: Lens' StopMonitoringMembersResponse Int
-smmrsResponseStatus = lens _smmrsResponseStatus (\ s a -> s{_smmrsResponseStatus = a})
-
-instance NFData StopMonitoringMembersResponse where
diff --git a/gen/Network/AWS/GuardDuty/Types.hs b/gen/Network/AWS/GuardDuty/Types.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/Types.hs
+++ /dev/null
@@ -1,372 +0,0 @@
-{-# LANGUAGE OverloadedStrings #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.Types
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.GuardDuty.Types
-    (
-    -- * Service Configuration
-      guardDuty
-
-    -- * Errors
-    , _InternalServerErrorException
-    , _BadRequestException
-
-    -- * DetectorStatus
-    , DetectorStatus (..)
-
-    -- * Feedback
-    , Feedback (..)
-
-    -- * FilterAction
-    , FilterAction (..)
-
-    -- * FindingStatisticType
-    , FindingStatisticType (..)
-
-    -- * IPSetFormat
-    , IPSetFormat (..)
-
-    -- * IPSetStatus
-    , IPSetStatus (..)
-
-    -- * OrderBy
-    , OrderBy (..)
-
-    -- * ThreatIntelSetFormat
-    , ThreatIntelSetFormat (..)
-
-    -- * ThreatIntelSetStatus
-    , ThreatIntelSetStatus (..)
-
-    -- * AWSAPICallAction
-    , AWSAPICallAction
-    , awsAPICallAction
-    , aacaRemoteIPDetails
-    , aacaCallerType
-    , aacaDomainDetails
-    , aacaServiceName
-    , aacaAPI
-
-    -- * AccessKeyDetails
-    , AccessKeyDetails
-    , accessKeyDetails
-    , akdPrincipalId
-    , akdUserName
-    , akdAccessKeyId
-    , akdUserType
-
-    -- * AccountDetail
-    , AccountDetail
-    , accountDetail
-    , adEmail
-    , adAccountId
-
-    -- * Action
-    , Action
-    , action
-    , aNetworkConnectionAction
-    , aPortProbeAction
-    , aActionType
-    , aDNSRequestAction
-    , aAWSAPICallAction
-
-    -- * City
-    , City
-    , city
-    , cCityName
-
-    -- * Condition
-    , Condition
-    , condition
-    , cEQ
-    , cLte
-    , cGT
-    , cNeq
-    , cLT
-    , cGte
-
-    -- * Country
-    , Country
-    , country
-    , cCountryName
-    , cCountryCode
-
-    -- * DNSRequestAction
-    , DNSRequestAction
-    , dnsRequestAction
-    , draDomain
-
-    -- * DomainDetails
-    , DomainDetails
-    , domainDetails
-
-    -- * Finding
-    , Finding
-    , finding
-    , fService
-    , fConfidence
-    , fPartition
-    , fTitle
-    , fDescription
-    , fAccountId
-    , fSchemaVersion
-    , fCreatedAt
-    , fResource
-    , fSeverity
-    , fUpdatedAt
-    , fType
-    , fRegion
-    , fId
-    , fARN
-
-    -- * FindingCriteria
-    , FindingCriteria
-    , findingCriteria
-    , fcCriterion
-
-    -- * FindingStatistics
-    , FindingStatistics
-    , findingStatistics
-    , fsCountBySeverity
-
-    -- * GeoLocation
-    , GeoLocation
-    , geoLocation
-    , glLat
-    , glLon
-
-    -- * IAMInstanceProfile
-    , IAMInstanceProfile
-    , iamInstanceProfile
-    , iapARN
-    , iapId
-
-    -- * InstanceDetails
-    , InstanceDetails
-    , instanceDetails
-    , idInstanceId
-    , idPlatform
-    , idLaunchTime
-    , idNetworkInterfaces
-    , idInstanceType
-    , idAvailabilityZone
-    , idIAMInstanceProfile
-    , idImageId
-    , idProductCodes
-    , idInstanceState
-    , idTags
-    , idImageDescription
-
-    -- * Invitation
-    , Invitation
-    , invitation
-    , iInvitedAt
-    , iRelationshipStatus
-    , iInvitationId
-    , iAccountId
-
-    -- * LocalPortDetails
-    , LocalPortDetails
-    , localPortDetails
-    , lpdPortName
-    , lpdPort
-
-    -- * Master
-    , Master
-    , master
-    , masInvitedAt
-    , masRelationshipStatus
-    , masInvitationId
-    , masAccountId
-
-    -- * Member
-    , Member
-    , member
-    , mInvitedAt
-    , mDetectorId
-    , mEmail
-    , mAccountId
-    , mMasterId
-    , mUpdatedAt
-    , mRelationshipStatus
-
-    -- * NetworkConnectionAction
-    , NetworkConnectionAction
-    , networkConnectionAction
-    , ncaRemoteIPDetails
-    , ncaProtocol
-    , ncaRemotePortDetails
-    , ncaBlocked
-    , ncaConnectionDirection
-    , ncaLocalPortDetails
-
-    -- * NetworkInterface
-    , NetworkInterface
-    , networkInterface
-    , niPrivateIPAddresses
-    , niPublicDNSName
-    , niSecurityGroups
-    , niVPCId
-    , niNetworkInterfaceId
-    , niSubnetId
-    , niPrivateIPAddress
-    , niPublicIP
-    , niPrivateDNSName
-    , niIPv6Addresses
-
-    -- * Organization
-    , Organization
-    , organization
-    , oOrg
-    , oASNOrg
-    , oASN
-    , oIsp
-
-    -- * PortProbeAction
-    , PortProbeAction
-    , portProbeAction
-    , ppaPortProbeDetails
-    , ppaBlocked
-
-    -- * PortProbeDetail
-    , PortProbeDetail
-    , portProbeDetail
-    , ppdRemoteIPDetails
-    , ppdLocalPortDetails
-
-    -- * PrivateIPAddressDetails
-    , PrivateIPAddressDetails
-    , privateIPAddressDetails
-    , piadPrivateIPAddress
-    , piadPrivateDNSName
-
-    -- * ProductCode
-    , ProductCode
-    , productCode
-    , pcProductType
-    , pcCode
-
-    -- * RemoteIPDetails
-    , RemoteIPDetails
-    , remoteIPDetails
-    , ridCountry
-    , ridCity
-    , ridIPAddressV4
-    , ridGeoLocation
-    , ridOrganization
-
-    -- * RemotePortDetails
-    , RemotePortDetails
-    , remotePortDetails
-    , rpdPortName
-    , rpdPort
-
-    -- * Resource
-    , Resource
-    , resource
-    , rResourceType
-    , rInstanceDetails
-    , rAccessKeyDetails
-
-    -- * SecurityGroup
-    , SecurityGroup
-    , securityGroup
-    , sgGroupId
-    , sgGroupName
-
-    -- * ServiceInfo
-    , ServiceInfo
-    , serviceInfo
-    , siCount
-    , siEventFirstSeen
-    , siAction
-    , siDetectorId
-    , siServiceName
-    , siUserFeedback
-    , siEventLastSeen
-    , siResourceRole
-    , siArchived
-
-    -- * SortCriteria
-    , SortCriteria
-    , sortCriteria
-    , scOrderBy
-    , scAttributeName
-
-    -- * Tag
-    , Tag
-    , tag
-    , tagValue
-    , tagKey
-
-    -- * UnprocessedAccount
-    , UnprocessedAccount
-    , unprocessedAccount
-    , uaAccountId
-    , uaResult
-    ) where
-
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.GuardDuty.Types.Sum
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Sign.V4
-
--- | API version @2017-11-28@ of the Amazon GuardDuty SDK configuration.
-guardDuty :: Service
-guardDuty =
-  Service
-    { _svcAbbrev = "GuardDuty"
-    , _svcSigner = v4
-    , _svcPrefix = "guardduty"
-    , _svcVersion = "2017-11-28"
-    , _svcEndpoint = defaultEndpoint guardDuty
-    , _svcTimeout = Just 70
-    , _svcCheck = statusSuccess
-    , _svcError = parseJSONError "GuardDuty"
-    , _svcRetry = retry
-    }
-  where
-    retry =
-      Exponential
-        { _retryBase = 5.0e-2
-        , _retryGrowth = 2
-        , _retryAttempts = 5
-        , _retryCheck = check
-        }
-    check e
-      | has (hasCode "ThrottledException" . hasStatus 400) e =
-        Just "throttled_exception"
-      | has (hasStatus 429) e = Just "too_many_requests"
-      | has (hasCode "ThrottlingException" . hasStatus 400) e =
-        Just "throttling_exception"
-      | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"
-      | has (hasStatus 504) e = Just "gateway_timeout"
-      | has (hasCode "RequestThrottledException" . hasStatus 400) e =
-        Just "request_throttled_exception"
-      | has (hasStatus 502) e = Just "bad_gateway"
-      | has (hasStatus 503) e = Just "service_unavailable"
-      | has (hasStatus 500) e = Just "general_server_error"
-      | has (hasStatus 509) e = Just "limit_exceeded"
-      | otherwise = Nothing
-
-
--- | Error response object.
-_InternalServerErrorException :: AsError a => Getting (First ServiceError) a ServiceError
-_InternalServerErrorException =
-  _MatchServiceError guardDuty "InternalServerErrorException" . hasStatus 500
-
-
--- | Error response object.
-_BadRequestException :: AsError a => Getting (First ServiceError) a ServiceError
-_BadRequestException =
-  _MatchServiceError guardDuty "BadRequestException" . hasStatus 400
-
diff --git a/gen/Network/AWS/GuardDuty/Types/Product.hs b/gen/Network/AWS/GuardDuty/Types/Product.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/Types/Product.hs
+++ /dev/null
@@ -1,2052 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.Types.Product
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.GuardDuty.Types.Product where
-
-import Network.AWS.GuardDuty.Types.Sum
-import Network.AWS.Lens
-import Network.AWS.Prelude
-
--- | Information about the AWS_API_CALL action described in this finding.
---
--- /See:/ 'awsAPICallAction' smart constructor.
-data AWSAPICallAction = AWSAPICallAction'
-  { _aacaRemoteIPDetails :: !(Maybe RemoteIPDetails)
-  , _aacaCallerType      :: !(Maybe Text)
-  , _aacaDomainDetails   :: !(Maybe DomainDetails)
-  , _aacaServiceName     :: !(Maybe Text)
-  , _aacaAPI             :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AWSAPICallAction' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'aacaRemoteIPDetails' - Remote IP information of the connection.
---
--- * 'aacaCallerType' - AWS API caller type.
---
--- * 'aacaDomainDetails' - Domain information for the AWS API call.
---
--- * 'aacaServiceName' - AWS service name whose API was invoked.
---
--- * 'aacaAPI' - AWS API name.
-awsAPICallAction
-    :: AWSAPICallAction
-awsAPICallAction =
-  AWSAPICallAction'
-    { _aacaRemoteIPDetails = Nothing
-    , _aacaCallerType = Nothing
-    , _aacaDomainDetails = Nothing
-    , _aacaServiceName = Nothing
-    , _aacaAPI = Nothing
-    }
-
-
--- | Remote IP information of the connection.
-aacaRemoteIPDetails :: Lens' AWSAPICallAction (Maybe RemoteIPDetails)
-aacaRemoteIPDetails = lens _aacaRemoteIPDetails (\ s a -> s{_aacaRemoteIPDetails = a})
-
--- | AWS API caller type.
-aacaCallerType :: Lens' AWSAPICallAction (Maybe Text)
-aacaCallerType = lens _aacaCallerType (\ s a -> s{_aacaCallerType = a})
-
--- | Domain information for the AWS API call.
-aacaDomainDetails :: Lens' AWSAPICallAction (Maybe DomainDetails)
-aacaDomainDetails = lens _aacaDomainDetails (\ s a -> s{_aacaDomainDetails = a})
-
--- | AWS service name whose API was invoked.
-aacaServiceName :: Lens' AWSAPICallAction (Maybe Text)
-aacaServiceName = lens _aacaServiceName (\ s a -> s{_aacaServiceName = a})
-
--- | AWS API name.
-aacaAPI :: Lens' AWSAPICallAction (Maybe Text)
-aacaAPI = lens _aacaAPI (\ s a -> s{_aacaAPI = a})
-
-instance FromJSON AWSAPICallAction where
-        parseJSON
-          = withObject "AWSAPICallAction"
-              (\ x ->
-                 AWSAPICallAction' <$>
-                   (x .:? "remoteIpDetails") <*> (x .:? "callerType")
-                     <*> (x .:? "domainDetails")
-                     <*> (x .:? "serviceName")
-                     <*> (x .:? "api"))
-
-instance Hashable AWSAPICallAction where
-
-instance NFData AWSAPICallAction where
-
--- | The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
---
--- /See:/ 'accessKeyDetails' smart constructor.
-data AccessKeyDetails = AccessKeyDetails'
-  { _akdPrincipalId :: !(Maybe Text)
-  , _akdUserName    :: !(Maybe Text)
-  , _akdAccessKeyId :: !(Maybe Text)
-  , _akdUserType    :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AccessKeyDetails' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'akdPrincipalId' - The principal ID of the user.
---
--- * 'akdUserName' - The name of the user.
---
--- * 'akdAccessKeyId' - Access key ID of the user.
---
--- * 'akdUserType' - The type of the user.
-accessKeyDetails
-    :: AccessKeyDetails
-accessKeyDetails =
-  AccessKeyDetails'
-    { _akdPrincipalId = Nothing
-    , _akdUserName = Nothing
-    , _akdAccessKeyId = Nothing
-    , _akdUserType = Nothing
-    }
-
-
--- | The principal ID of the user.
-akdPrincipalId :: Lens' AccessKeyDetails (Maybe Text)
-akdPrincipalId = lens _akdPrincipalId (\ s a -> s{_akdPrincipalId = a})
-
--- | The name of the user.
-akdUserName :: Lens' AccessKeyDetails (Maybe Text)
-akdUserName = lens _akdUserName (\ s a -> s{_akdUserName = a})
-
--- | Access key ID of the user.
-akdAccessKeyId :: Lens' AccessKeyDetails (Maybe Text)
-akdAccessKeyId = lens _akdAccessKeyId (\ s a -> s{_akdAccessKeyId = a})
-
--- | The type of the user.
-akdUserType :: Lens' AccessKeyDetails (Maybe Text)
-akdUserType = lens _akdUserType (\ s a -> s{_akdUserType = a})
-
-instance FromJSON AccessKeyDetails where
-        parseJSON
-          = withObject "AccessKeyDetails"
-              (\ x ->
-                 AccessKeyDetails' <$>
-                   (x .:? "principalId") <*> (x .:? "userName") <*>
-                     (x .:? "accessKeyId")
-                     <*> (x .:? "userType"))
-
-instance Hashable AccessKeyDetails where
-
-instance NFData AccessKeyDetails where
-
--- | An object containing the member's accountId and email address.
---
--- /See:/ 'accountDetail' smart constructor.
-data AccountDetail = AccountDetail'
-  { _adEmail     :: !Text
-  , _adAccountId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AccountDetail' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'adEmail' - Member account's email address.
---
--- * 'adAccountId' - Member account ID.
-accountDetail
-    :: Text -- ^ 'adEmail'
-    -> Text -- ^ 'adAccountId'
-    -> AccountDetail
-accountDetail pEmail_ pAccountId_ =
-  AccountDetail' {_adEmail = pEmail_, _adAccountId = pAccountId_}
-
-
--- | Member account's email address.
-adEmail :: Lens' AccountDetail Text
-adEmail = lens _adEmail (\ s a -> s{_adEmail = a})
-
--- | Member account ID.
-adAccountId :: Lens' AccountDetail Text
-adAccountId = lens _adAccountId (\ s a -> s{_adAccountId = a})
-
-instance Hashable AccountDetail where
-
-instance NFData AccountDetail where
-
-instance ToJSON AccountDetail where
-        toJSON AccountDetail'{..}
-          = object
-              (catMaybes
-                 [Just ("email" .= _adEmail),
-                  Just ("accountId" .= _adAccountId)])
-
--- | Information about the activity described in a finding.
---
--- /See:/ 'action' smart constructor.
-data Action = Action'
-  { _aNetworkConnectionAction :: !(Maybe NetworkConnectionAction)
-  , _aPortProbeAction         :: !(Maybe PortProbeAction)
-  , _aActionType              :: !(Maybe Text)
-  , _aDNSRequestAction        :: !(Maybe DNSRequestAction)
-  , _aAWSAPICallAction        :: !(Maybe AWSAPICallAction)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Action' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'aNetworkConnectionAction' - Information about the NETWORK_CONNECTION action described in this finding.
---
--- * 'aPortProbeAction' - Information about the PORT_PROBE action described in this finding.
---
--- * 'aActionType' - GuardDuty Finding activity type.
---
--- * 'aDNSRequestAction' - Information about the DNS_REQUEST action described in this finding.
---
--- * 'aAWSAPICallAction' - Information about the AWS_API_CALL action described in this finding.
-action
-    :: Action
-action =
-  Action'
-    { _aNetworkConnectionAction = Nothing
-    , _aPortProbeAction = Nothing
-    , _aActionType = Nothing
-    , _aDNSRequestAction = Nothing
-    , _aAWSAPICallAction = Nothing
-    }
-
-
--- | Information about the NETWORK_CONNECTION action described in this finding.
-aNetworkConnectionAction :: Lens' Action (Maybe NetworkConnectionAction)
-aNetworkConnectionAction = lens _aNetworkConnectionAction (\ s a -> s{_aNetworkConnectionAction = a})
-
--- | Information about the PORT_PROBE action described in this finding.
-aPortProbeAction :: Lens' Action (Maybe PortProbeAction)
-aPortProbeAction = lens _aPortProbeAction (\ s a -> s{_aPortProbeAction = a})
-
--- | GuardDuty Finding activity type.
-aActionType :: Lens' Action (Maybe Text)
-aActionType = lens _aActionType (\ s a -> s{_aActionType = a})
-
--- | Information about the DNS_REQUEST action described in this finding.
-aDNSRequestAction :: Lens' Action (Maybe DNSRequestAction)
-aDNSRequestAction = lens _aDNSRequestAction (\ s a -> s{_aDNSRequestAction = a})
-
--- | Information about the AWS_API_CALL action described in this finding.
-aAWSAPICallAction :: Lens' Action (Maybe AWSAPICallAction)
-aAWSAPICallAction = lens _aAWSAPICallAction (\ s a -> s{_aAWSAPICallAction = a})
-
-instance FromJSON Action where
-        parseJSON
-          = withObject "Action"
-              (\ x ->
-                 Action' <$>
-                   (x .:? "networkConnectionAction") <*>
-                     (x .:? "portProbeAction")
-                     <*> (x .:? "actionType")
-                     <*> (x .:? "dnsRequestAction")
-                     <*> (x .:? "awsApiCallAction"))
-
-instance Hashable Action where
-
-instance NFData Action where
-
--- | City information of the remote IP address.
---
--- /See:/ 'city' smart constructor.
-newtype City = City'
-  { _cCityName :: Maybe Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'City' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cCityName' - City name of the remote IP address.
-city
-    :: City
-city = City' {_cCityName = Nothing}
-
-
--- | City name of the remote IP address.
-cCityName :: Lens' City (Maybe Text)
-cCityName = lens _cCityName (\ s a -> s{_cCityName = a})
-
-instance FromJSON City where
-        parseJSON
-          = withObject "City"
-              (\ x -> City' <$> (x .:? "cityName"))
-
-instance Hashable City where
-
-instance NFData City where
-
--- | Finding attribute (for example, accountId) for which conditions and values must be specified when querying findings.
---
--- /See:/ 'condition' smart constructor.
-data Condition = Condition'
-  { _cEQ  :: !(Maybe [Text])
-  , _cLte :: !(Maybe Int)
-  , _cGT  :: !(Maybe Int)
-  , _cNeq :: !(Maybe [Text])
-  , _cLT  :: !(Maybe Int)
-  , _cGte :: !(Maybe Int)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Condition' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cEQ' - Represents the equal condition to be applied to a single field when querying for findings.
---
--- * 'cLte' - Represents the less than equal condition to be applied to a single field when querying for findings.
---
--- * 'cGT' - Represents the greater than condition to be applied to a single field when querying for findings.
---
--- * 'cNeq' - Represents the not equal condition to be applied to a single field when querying for findings.
---
--- * 'cLT' - Represents the less than condition to be applied to a single field when querying for findings.
---
--- * 'cGte' - Represents the greater than equal condition to be applied to a single field when querying for findings.
-condition
-    :: Condition
-condition =
-  Condition'
-    { _cEQ = Nothing
-    , _cLte = Nothing
-    , _cGT = Nothing
-    , _cNeq = Nothing
-    , _cLT = Nothing
-    , _cGte = Nothing
-    }
-
-
--- | Represents the equal condition to be applied to a single field when querying for findings.
-cEQ :: Lens' Condition [Text]
-cEQ = lens _cEQ (\ s a -> s{_cEQ = a}) . _Default . _Coerce
-
--- | Represents the less than equal condition to be applied to a single field when querying for findings.
-cLte :: Lens' Condition (Maybe Int)
-cLte = lens _cLte (\ s a -> s{_cLte = a})
-
--- | Represents the greater than condition to be applied to a single field when querying for findings.
-cGT :: Lens' Condition (Maybe Int)
-cGT = lens _cGT (\ s a -> s{_cGT = a})
-
--- | Represents the not equal condition to be applied to a single field when querying for findings.
-cNeq :: Lens' Condition [Text]
-cNeq = lens _cNeq (\ s a -> s{_cNeq = a}) . _Default . _Coerce
-
--- | Represents the less than condition to be applied to a single field when querying for findings.
-cLT :: Lens' Condition (Maybe Int)
-cLT = lens _cLT (\ s a -> s{_cLT = a})
-
--- | Represents the greater than equal condition to be applied to a single field when querying for findings.
-cGte :: Lens' Condition (Maybe Int)
-cGte = lens _cGte (\ s a -> s{_cGte = a})
-
-instance FromJSON Condition where
-        parseJSON
-          = withObject "Condition"
-              (\ x ->
-                 Condition' <$>
-                   (x .:? "eq" .!= mempty) <*> (x .:? "lte") <*>
-                     (x .:? "gt")
-                     <*> (x .:? "neq" .!= mempty)
-                     <*> (x .:? "lt")
-                     <*> (x .:? "gte"))
-
-instance Hashable Condition where
-
-instance NFData Condition where
-
-instance ToJSON Condition where
-        toJSON Condition'{..}
-          = object
-              (catMaybes
-                 [("eq" .=) <$> _cEQ, ("lte" .=) <$> _cLte,
-                  ("gt" .=) <$> _cGT, ("neq" .=) <$> _cNeq,
-                  ("lt" .=) <$> _cLT, ("gte" .=) <$> _cGte])
-
--- | Country information of the remote IP address.
---
--- /See:/ 'country' smart constructor.
-data Country = Country'
-  { _cCountryName :: !(Maybe Text)
-  , _cCountryCode :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Country' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cCountryName' - Country name of the remote IP address.
---
--- * 'cCountryCode' - Country code of the remote IP address.
-country
-    :: Country
-country = Country' {_cCountryName = Nothing, _cCountryCode = Nothing}
-
-
--- | Country name of the remote IP address.
-cCountryName :: Lens' Country (Maybe Text)
-cCountryName = lens _cCountryName (\ s a -> s{_cCountryName = a})
-
--- | Country code of the remote IP address.
-cCountryCode :: Lens' Country (Maybe Text)
-cCountryCode = lens _cCountryCode (\ s a -> s{_cCountryCode = a})
-
-instance FromJSON Country where
-        parseJSON
-          = withObject "Country"
-              (\ x ->
-                 Country' <$>
-                   (x .:? "countryName") <*> (x .:? "countryCode"))
-
-instance Hashable Country where
-
-instance NFData Country where
-
--- | Information about the DNS_REQUEST action described in this finding.
---
--- /See:/ 'dnsRequestAction' smart constructor.
-newtype DNSRequestAction = DNSRequestAction'
-  { _draDomain :: Maybe Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DNSRequestAction' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'draDomain' - Domain information for the DNS request.
-dnsRequestAction
-    :: DNSRequestAction
-dnsRequestAction = DNSRequestAction' {_draDomain = Nothing}
-
-
--- | Domain information for the DNS request.
-draDomain :: Lens' DNSRequestAction (Maybe Text)
-draDomain = lens _draDomain (\ s a -> s{_draDomain = a})
-
-instance FromJSON DNSRequestAction where
-        parseJSON
-          = withObject "DNSRequestAction"
-              (\ x -> DNSRequestAction' <$> (x .:? "domain"))
-
-instance Hashable DNSRequestAction where
-
-instance NFData DNSRequestAction where
-
--- | Domain information for the AWS API call.
---
--- /See:/ 'domainDetails' smart constructor.
-data DomainDetails =
-  DomainDetails'
-  deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DomainDetails' with the minimum fields required to make a request.
---
-domainDetails
-    :: DomainDetails
-domainDetails = DomainDetails'
-
-
-instance FromJSON DomainDetails where
-        parseJSON
-          = withObject "DomainDetails"
-              (\ x -> pure DomainDetails')
-
-instance Hashable DomainDetails where
-
-instance NFData DomainDetails where
-
--- | Representation of a abnormal or suspicious activity.
---
--- /See:/ 'finding' smart constructor.
-data Finding = Finding'
-  { _fService       :: !(Maybe ServiceInfo)
-  , _fConfidence    :: !(Maybe Double)
-  , _fPartition     :: !(Maybe Text)
-  , _fTitle         :: !(Maybe Text)
-  , _fDescription   :: !(Maybe Text)
-  , _fAccountId     :: !Text
-  , _fSchemaVersion :: !Text
-  , _fCreatedAt     :: !Text
-  , _fResource      :: !Resource
-  , _fSeverity      :: !Double
-  , _fUpdatedAt     :: !Text
-  , _fType          :: !Text
-  , _fRegion        :: !Text
-  , _fId            :: !Text
-  , _fARN           :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Finding' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'fService' - Additional information assigned to the generated finding by GuardDuty.
---
--- * 'fConfidence' - The confidence level of a finding.
---
--- * 'fPartition' - The AWS resource partition.
---
--- * 'fTitle' - The title of a finding.
---
--- * 'fDescription' - The description of a finding.
---
--- * 'fAccountId' - AWS account ID where the activity occurred that prompted GuardDuty to generate a finding.
---
--- * 'fSchemaVersion' - Findings' schema version.
---
--- * 'fCreatedAt' - The time stamp at which a finding was generated.
---
--- * 'fResource' - The AWS resource associated with the activity that prompted GuardDuty to generate a finding.
---
--- * 'fSeverity' - The severity of a finding.
---
--- * 'fUpdatedAt' - The time stamp at which a finding was last updated.
---
--- * 'fType' - The type of a finding described by the action.
---
--- * 'fRegion' - The AWS region where the activity occurred that prompted GuardDuty to generate a finding.
---
--- * 'fId' - The identifier that corresponds to a finding described by the action.
---
--- * 'fARN' - The ARN of a finding described by the action.
-finding
-    :: Text -- ^ 'fAccountId'
-    -> Text -- ^ 'fSchemaVersion'
-    -> Text -- ^ 'fCreatedAt'
-    -> Resource -- ^ 'fResource'
-    -> Double -- ^ 'fSeverity'
-    -> Text -- ^ 'fUpdatedAt'
-    -> Text -- ^ 'fType'
-    -> Text -- ^ 'fRegion'
-    -> Text -- ^ 'fId'
-    -> Text -- ^ 'fARN'
-    -> Finding
-finding pAccountId_ pSchemaVersion_ pCreatedAt_ pResource_ pSeverity_ pUpdatedAt_ pType_ pRegion_ pId_ pARN_ =
-  Finding'
-    { _fService = Nothing
-    , _fConfidence = Nothing
-    , _fPartition = Nothing
-    , _fTitle = Nothing
-    , _fDescription = Nothing
-    , _fAccountId = pAccountId_
-    , _fSchemaVersion = pSchemaVersion_
-    , _fCreatedAt = pCreatedAt_
-    , _fResource = pResource_
-    , _fSeverity = pSeverity_
-    , _fUpdatedAt = pUpdatedAt_
-    , _fType = pType_
-    , _fRegion = pRegion_
-    , _fId = pId_
-    , _fARN = pARN_
-    }
-
-
--- | Additional information assigned to the generated finding by GuardDuty.
-fService :: Lens' Finding (Maybe ServiceInfo)
-fService = lens _fService (\ s a -> s{_fService = a})
-
--- | The confidence level of a finding.
-fConfidence :: Lens' Finding (Maybe Double)
-fConfidence = lens _fConfidence (\ s a -> s{_fConfidence = a})
-
--- | The AWS resource partition.
-fPartition :: Lens' Finding (Maybe Text)
-fPartition = lens _fPartition (\ s a -> s{_fPartition = a})
-
--- | The title of a finding.
-fTitle :: Lens' Finding (Maybe Text)
-fTitle = lens _fTitle (\ s a -> s{_fTitle = a})
-
--- | The description of a finding.
-fDescription :: Lens' Finding (Maybe Text)
-fDescription = lens _fDescription (\ s a -> s{_fDescription = a})
-
--- | AWS account ID where the activity occurred that prompted GuardDuty to generate a finding.
-fAccountId :: Lens' Finding Text
-fAccountId = lens _fAccountId (\ s a -> s{_fAccountId = a})
-
--- | Findings' schema version.
-fSchemaVersion :: Lens' Finding Text
-fSchemaVersion = lens _fSchemaVersion (\ s a -> s{_fSchemaVersion = a})
-
--- | The time stamp at which a finding was generated.
-fCreatedAt :: Lens' Finding Text
-fCreatedAt = lens _fCreatedAt (\ s a -> s{_fCreatedAt = a})
-
--- | The AWS resource associated with the activity that prompted GuardDuty to generate a finding.
-fResource :: Lens' Finding Resource
-fResource = lens _fResource (\ s a -> s{_fResource = a})
-
--- | The severity of a finding.
-fSeverity :: Lens' Finding Double
-fSeverity = lens _fSeverity (\ s a -> s{_fSeverity = a})
-
--- | The time stamp at which a finding was last updated.
-fUpdatedAt :: Lens' Finding Text
-fUpdatedAt = lens _fUpdatedAt (\ s a -> s{_fUpdatedAt = a})
-
--- | The type of a finding described by the action.
-fType :: Lens' Finding Text
-fType = lens _fType (\ s a -> s{_fType = a})
-
--- | The AWS region where the activity occurred that prompted GuardDuty to generate a finding.
-fRegion :: Lens' Finding Text
-fRegion = lens _fRegion (\ s a -> s{_fRegion = a})
-
--- | The identifier that corresponds to a finding described by the action.
-fId :: Lens' Finding Text
-fId = lens _fId (\ s a -> s{_fId = a})
-
--- | The ARN of a finding described by the action.
-fARN :: Lens' Finding Text
-fARN = lens _fARN (\ s a -> s{_fARN = a})
-
-instance FromJSON Finding where
-        parseJSON
-          = withObject "Finding"
-              (\ x ->
-                 Finding' <$>
-                   (x .:? "service") <*> (x .:? "confidence") <*>
-                     (x .:? "partition")
-                     <*> (x .:? "title")
-                     <*> (x .:? "description")
-                     <*> (x .: "accountId")
-                     <*> (x .: "schemaVersion")
-                     <*> (x .: "createdAt")
-                     <*> (x .: "resource")
-                     <*> (x .: "severity")
-                     <*> (x .: "updatedAt")
-                     <*> (x .: "type")
-                     <*> (x .: "region")
-                     <*> (x .: "id")
-                     <*> (x .: "arn"))
-
-instance Hashable Finding where
-
-instance NFData Finding where
-
--- | Represents the criteria used for querying findings.
---
--- /See:/ 'findingCriteria' smart constructor.
-newtype FindingCriteria = FindingCriteria'
-  { _fcCriterion :: Maybe (Map Text Condition)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'FindingCriteria' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'fcCriterion' - Represents a map of finding properties that match specified conditions and values when querying findings.
-findingCriteria
-    :: FindingCriteria
-findingCriteria = FindingCriteria' {_fcCriterion = Nothing}
-
-
--- | Represents a map of finding properties that match specified conditions and values when querying findings.
-fcCriterion :: Lens' FindingCriteria (HashMap Text Condition)
-fcCriterion = lens _fcCriterion (\ s a -> s{_fcCriterion = a}) . _Default . _Map
-
-instance FromJSON FindingCriteria where
-        parseJSON
-          = withObject "FindingCriteria"
-              (\ x ->
-                 FindingCriteria' <$> (x .:? "criterion" .!= mempty))
-
-instance Hashable FindingCriteria where
-
-instance NFData FindingCriteria where
-
-instance ToJSON FindingCriteria where
-        toJSON FindingCriteria'{..}
-          = object
-              (catMaybes [("criterion" .=) <$> _fcCriterion])
-
--- | Finding statistics object.
---
--- /See:/ 'findingStatistics' smart constructor.
-newtype FindingStatistics = FindingStatistics'
-  { _fsCountBySeverity :: Maybe (Map Text Int)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'FindingStatistics' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'fsCountBySeverity' - Represents a map of severity to count statistic for a set of findings
-findingStatistics
-    :: FindingStatistics
-findingStatistics = FindingStatistics' {_fsCountBySeverity = Nothing}
-
-
--- | Represents a map of severity to count statistic for a set of findings
-fsCountBySeverity :: Lens' FindingStatistics (HashMap Text Int)
-fsCountBySeverity = lens _fsCountBySeverity (\ s a -> s{_fsCountBySeverity = a}) . _Default . _Map
-
-instance FromJSON FindingStatistics where
-        parseJSON
-          = withObject "FindingStatistics"
-              (\ x ->
-                 FindingStatistics' <$>
-                   (x .:? "countBySeverity" .!= mempty))
-
-instance Hashable FindingStatistics where
-
-instance NFData FindingStatistics where
-
--- | Location information of the remote IP address.
---
--- /See:/ 'geoLocation' smart constructor.
-data GeoLocation = GeoLocation'
-  { _glLat :: !(Maybe Double)
-  , _glLon :: !(Maybe Double)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GeoLocation' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'glLat' - Latitude information of remote IP address.
---
--- * 'glLon' - Longitude information of remote IP address.
-geoLocation
-    :: GeoLocation
-geoLocation = GeoLocation' {_glLat = Nothing, _glLon = Nothing}
-
-
--- | Latitude information of remote IP address.
-glLat :: Lens' GeoLocation (Maybe Double)
-glLat = lens _glLat (\ s a -> s{_glLat = a})
-
--- | Longitude information of remote IP address.
-glLon :: Lens' GeoLocation (Maybe Double)
-glLon = lens _glLon (\ s a -> s{_glLon = a})
-
-instance FromJSON GeoLocation where
-        parseJSON
-          = withObject "GeoLocation"
-              (\ x ->
-                 GeoLocation' <$> (x .:? "lat") <*> (x .:? "lon"))
-
-instance Hashable GeoLocation where
-
-instance NFData GeoLocation where
-
--- | The profile information of the EC2 instance.
---
--- /See:/ 'iamInstanceProfile' smart constructor.
-data IAMInstanceProfile = IAMInstanceProfile'
-  { _iapARN :: !(Maybe Text)
-  , _iapId  :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'IAMInstanceProfile' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'iapARN' - AWS EC2 instance profile ARN.
---
--- * 'iapId' - AWS EC2 instance profile ID.
-iamInstanceProfile
-    :: IAMInstanceProfile
-iamInstanceProfile = IAMInstanceProfile' {_iapARN = Nothing, _iapId = Nothing}
-
-
--- | AWS EC2 instance profile ARN.
-iapARN :: Lens' IAMInstanceProfile (Maybe Text)
-iapARN = lens _iapARN (\ s a -> s{_iapARN = a})
-
--- | AWS EC2 instance profile ID.
-iapId :: Lens' IAMInstanceProfile (Maybe Text)
-iapId = lens _iapId (\ s a -> s{_iapId = a})
-
-instance FromJSON IAMInstanceProfile where
-        parseJSON
-          = withObject "IAMInstanceProfile"
-              (\ x ->
-                 IAMInstanceProfile' <$>
-                   (x .:? "arn") <*> (x .:? "id"))
-
-instance Hashable IAMInstanceProfile where
-
-instance NFData IAMInstanceProfile where
-
--- | The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.
---
--- /See:/ 'instanceDetails' smart constructor.
-data InstanceDetails = InstanceDetails'
-  { _idInstanceId         :: !(Maybe Text)
-  , _idPlatform           :: !(Maybe Text)
-  , _idLaunchTime         :: !(Maybe Text)
-  , _idNetworkInterfaces  :: !(Maybe [NetworkInterface])
-  , _idInstanceType       :: !(Maybe Text)
-  , _idAvailabilityZone   :: !(Maybe Text)
-  , _idIAMInstanceProfile :: !(Maybe IAMInstanceProfile)
-  , _idImageId            :: !(Maybe Text)
-  , _idProductCodes       :: !(Maybe [ProductCode])
-  , _idInstanceState      :: !(Maybe Text)
-  , _idTags               :: !(Maybe [Tag])
-  , _idImageDescription   :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'InstanceDetails' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'idInstanceId' - The ID of the EC2 instance.
---
--- * 'idPlatform' - The platform of the EC2 instance.
---
--- * 'idLaunchTime' - The launch time of the EC2 instance.
---
--- * 'idNetworkInterfaces' - The network interface information of the EC2 instance.
---
--- * 'idInstanceType' - The type of the EC2 instance.
---
--- * 'idAvailabilityZone' - The availability zone of the EC2 instance.
---
--- * 'idIAMInstanceProfile' - Undocumented member.
---
--- * 'idImageId' - The image ID of the EC2 instance.
---
--- * 'idProductCodes' - The product code of the EC2 instance.
---
--- * 'idInstanceState' - The state of the EC2 instance.
---
--- * 'idTags' - The tags of the EC2 instance.
---
--- * 'idImageDescription' - The image description of the EC2 instance.
-instanceDetails
-    :: InstanceDetails
-instanceDetails =
-  InstanceDetails'
-    { _idInstanceId = Nothing
-    , _idPlatform = Nothing
-    , _idLaunchTime = Nothing
-    , _idNetworkInterfaces = Nothing
-    , _idInstanceType = Nothing
-    , _idAvailabilityZone = Nothing
-    , _idIAMInstanceProfile = Nothing
-    , _idImageId = Nothing
-    , _idProductCodes = Nothing
-    , _idInstanceState = Nothing
-    , _idTags = Nothing
-    , _idImageDescription = Nothing
-    }
-
-
--- | The ID of the EC2 instance.
-idInstanceId :: Lens' InstanceDetails (Maybe Text)
-idInstanceId = lens _idInstanceId (\ s a -> s{_idInstanceId = a})
-
--- | The platform of the EC2 instance.
-idPlatform :: Lens' InstanceDetails (Maybe Text)
-idPlatform = lens _idPlatform (\ s a -> s{_idPlatform = a})
-
--- | The launch time of the EC2 instance.
-idLaunchTime :: Lens' InstanceDetails (Maybe Text)
-idLaunchTime = lens _idLaunchTime (\ s a -> s{_idLaunchTime = a})
-
--- | The network interface information of the EC2 instance.
-idNetworkInterfaces :: Lens' InstanceDetails [NetworkInterface]
-idNetworkInterfaces = lens _idNetworkInterfaces (\ s a -> s{_idNetworkInterfaces = a}) . _Default . _Coerce
-
--- | The type of the EC2 instance.
-idInstanceType :: Lens' InstanceDetails (Maybe Text)
-idInstanceType = lens _idInstanceType (\ s a -> s{_idInstanceType = a})
-
--- | The availability zone of the EC2 instance.
-idAvailabilityZone :: Lens' InstanceDetails (Maybe Text)
-idAvailabilityZone = lens _idAvailabilityZone (\ s a -> s{_idAvailabilityZone = a})
-
--- | Undocumented member.
-idIAMInstanceProfile :: Lens' InstanceDetails (Maybe IAMInstanceProfile)
-idIAMInstanceProfile = lens _idIAMInstanceProfile (\ s a -> s{_idIAMInstanceProfile = a})
-
--- | The image ID of the EC2 instance.
-idImageId :: Lens' InstanceDetails (Maybe Text)
-idImageId = lens _idImageId (\ s a -> s{_idImageId = a})
-
--- | The product code of the EC2 instance.
-idProductCodes :: Lens' InstanceDetails [ProductCode]
-idProductCodes = lens _idProductCodes (\ s a -> s{_idProductCodes = a}) . _Default . _Coerce
-
--- | The state of the EC2 instance.
-idInstanceState :: Lens' InstanceDetails (Maybe Text)
-idInstanceState = lens _idInstanceState (\ s a -> s{_idInstanceState = a})
-
--- | The tags of the EC2 instance.
-idTags :: Lens' InstanceDetails [Tag]
-idTags = lens _idTags (\ s a -> s{_idTags = a}) . _Default . _Coerce
-
--- | The image description of the EC2 instance.
-idImageDescription :: Lens' InstanceDetails (Maybe Text)
-idImageDescription = lens _idImageDescription (\ s a -> s{_idImageDescription = a})
-
-instance FromJSON InstanceDetails where
-        parseJSON
-          = withObject "InstanceDetails"
-              (\ x ->
-                 InstanceDetails' <$>
-                   (x .:? "instanceId") <*> (x .:? "platform") <*>
-                     (x .:? "launchTime")
-                     <*> (x .:? "networkInterfaces" .!= mempty)
-                     <*> (x .:? "instanceType")
-                     <*> (x .:? "availabilityZone")
-                     <*> (x .:? "iamInstanceProfile")
-                     <*> (x .:? "imageId")
-                     <*> (x .:? "productCodes" .!= mempty)
-                     <*> (x .:? "instanceState")
-                     <*> (x .:? "tags" .!= mempty)
-                     <*> (x .:? "imageDescription"))
-
-instance Hashable InstanceDetails where
-
-instance NFData InstanceDetails where
-
--- | Invitation from an AWS account to become the current account's master.
---
--- /See:/ 'invitation' smart constructor.
-data Invitation = Invitation'
-  { _iInvitedAt          :: !(Maybe Text)
-  , _iRelationshipStatus :: !(Maybe Text)
-  , _iInvitationId       :: !(Maybe Text)
-  , _iAccountId          :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Invitation' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'iInvitedAt' - Timestamp at which the invitation was sent
---
--- * 'iRelationshipStatus' - The status of the relationship between the inviter and invitee accounts.
---
--- * 'iInvitationId' - This value is used to validate the inviter account to the member account.
---
--- * 'iAccountId' - Inviter account ID
-invitation
-    :: Invitation
-invitation =
-  Invitation'
-    { _iInvitedAt = Nothing
-    , _iRelationshipStatus = Nothing
-    , _iInvitationId = Nothing
-    , _iAccountId = Nothing
-    }
-
-
--- | Timestamp at which the invitation was sent
-iInvitedAt :: Lens' Invitation (Maybe Text)
-iInvitedAt = lens _iInvitedAt (\ s a -> s{_iInvitedAt = a})
-
--- | The status of the relationship between the inviter and invitee accounts.
-iRelationshipStatus :: Lens' Invitation (Maybe Text)
-iRelationshipStatus = lens _iRelationshipStatus (\ s a -> s{_iRelationshipStatus = a})
-
--- | This value is used to validate the inviter account to the member account.
-iInvitationId :: Lens' Invitation (Maybe Text)
-iInvitationId = lens _iInvitationId (\ s a -> s{_iInvitationId = a})
-
--- | Inviter account ID
-iAccountId :: Lens' Invitation (Maybe Text)
-iAccountId = lens _iAccountId (\ s a -> s{_iAccountId = a})
-
-instance FromJSON Invitation where
-        parseJSON
-          = withObject "Invitation"
-              (\ x ->
-                 Invitation' <$>
-                   (x .:? "invitedAt") <*> (x .:? "relationshipStatus")
-                     <*> (x .:? "invitationId")
-                     <*> (x .:? "accountId"))
-
-instance Hashable Invitation where
-
-instance NFData Invitation where
-
--- | Local port information of the connection.
---
--- /See:/ 'localPortDetails' smart constructor.
-data LocalPortDetails = LocalPortDetails'
-  { _lpdPortName :: !(Maybe Text)
-  , _lpdPort     :: !(Maybe Int)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'LocalPortDetails' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lpdPortName' - Port name of the local connection.
---
--- * 'lpdPort' - Port number of the local connection.
-localPortDetails
-    :: LocalPortDetails
-localPortDetails =
-  LocalPortDetails' {_lpdPortName = Nothing, _lpdPort = Nothing}
-
-
--- | Port name of the local connection.
-lpdPortName :: Lens' LocalPortDetails (Maybe Text)
-lpdPortName = lens _lpdPortName (\ s a -> s{_lpdPortName = a})
-
--- | Port number of the local connection.
-lpdPort :: Lens' LocalPortDetails (Maybe Int)
-lpdPort = lens _lpdPort (\ s a -> s{_lpdPort = a})
-
-instance FromJSON LocalPortDetails where
-        parseJSON
-          = withObject "LocalPortDetails"
-              (\ x ->
-                 LocalPortDetails' <$>
-                   (x .:? "portName") <*> (x .:? "port"))
-
-instance Hashable LocalPortDetails where
-
-instance NFData LocalPortDetails where
-
--- | Contains details about the master account.
---
--- /See:/ 'master' smart constructor.
-data Master = Master'
-  { _masInvitedAt          :: !(Maybe Text)
-  , _masRelationshipStatus :: !(Maybe Text)
-  , _masInvitationId       :: !(Maybe Text)
-  , _masAccountId          :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Master' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'masInvitedAt' - Timestamp at which the invitation was sent
---
--- * 'masRelationshipStatus' - The status of the relationship between the master and member accounts.
---
--- * 'masInvitationId' - This value is used to validate the master account to the member account.
---
--- * 'masAccountId' - Master account ID
-master
-    :: Master
-master =
-  Master'
-    { _masInvitedAt = Nothing
-    , _masRelationshipStatus = Nothing
-    , _masInvitationId = Nothing
-    , _masAccountId = Nothing
-    }
-
-
--- | Timestamp at which the invitation was sent
-masInvitedAt :: Lens' Master (Maybe Text)
-masInvitedAt = lens _masInvitedAt (\ s a -> s{_masInvitedAt = a})
-
--- | The status of the relationship between the master and member accounts.
-masRelationshipStatus :: Lens' Master (Maybe Text)
-masRelationshipStatus = lens _masRelationshipStatus (\ s a -> s{_masRelationshipStatus = a})
-
--- | This value is used to validate the master account to the member account.
-masInvitationId :: Lens' Master (Maybe Text)
-masInvitationId = lens _masInvitationId (\ s a -> s{_masInvitationId = a})
-
--- | Master account ID
-masAccountId :: Lens' Master (Maybe Text)
-masAccountId = lens _masAccountId (\ s a -> s{_masAccountId = a})
-
-instance FromJSON Master where
-        parseJSON
-          = withObject "Master"
-              (\ x ->
-                 Master' <$>
-                   (x .:? "invitedAt") <*> (x .:? "relationshipStatus")
-                     <*> (x .:? "invitationId")
-                     <*> (x .:? "accountId"))
-
-instance Hashable Master where
-
-instance NFData Master where
-
--- | Contains details about the member account.
---
--- /See:/ 'member' smart constructor.
-data Member = Member'
-  { _mInvitedAt          :: !(Maybe Text)
-  , _mDetectorId         :: !(Maybe Text)
-  , _mEmail              :: !Text
-  , _mAccountId          :: !Text
-  , _mMasterId           :: !Text
-  , _mUpdatedAt          :: !Text
-  , _mRelationshipStatus :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Member' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'mInvitedAt' - Timestamp at which the invitation was sent
---
--- * 'mDetectorId' - Undocumented member.
---
--- * 'mEmail' - Member account's email address.
---
--- * 'mAccountId' - Undocumented member.
---
--- * 'mMasterId' - Undocumented member.
---
--- * 'mUpdatedAt' - Undocumented member.
---
--- * 'mRelationshipStatus' - The status of the relationship between the member and the master.
-member
-    :: Text -- ^ 'mEmail'
-    -> Text -- ^ 'mAccountId'
-    -> Text -- ^ 'mMasterId'
-    -> Text -- ^ 'mUpdatedAt'
-    -> Text -- ^ 'mRelationshipStatus'
-    -> Member
-member pEmail_ pAccountId_ pMasterId_ pUpdatedAt_ pRelationshipStatus_ =
-  Member'
-    { _mInvitedAt = Nothing
-    , _mDetectorId = Nothing
-    , _mEmail = pEmail_
-    , _mAccountId = pAccountId_
-    , _mMasterId = pMasterId_
-    , _mUpdatedAt = pUpdatedAt_
-    , _mRelationshipStatus = pRelationshipStatus_
-    }
-
-
--- | Timestamp at which the invitation was sent
-mInvitedAt :: Lens' Member (Maybe Text)
-mInvitedAt = lens _mInvitedAt (\ s a -> s{_mInvitedAt = a})
-
--- | Undocumented member.
-mDetectorId :: Lens' Member (Maybe Text)
-mDetectorId = lens _mDetectorId (\ s a -> s{_mDetectorId = a})
-
--- | Member account's email address.
-mEmail :: Lens' Member Text
-mEmail = lens _mEmail (\ s a -> s{_mEmail = a})
-
--- | Undocumented member.
-mAccountId :: Lens' Member Text
-mAccountId = lens _mAccountId (\ s a -> s{_mAccountId = a})
-
--- | Undocumented member.
-mMasterId :: Lens' Member Text
-mMasterId = lens _mMasterId (\ s a -> s{_mMasterId = a})
-
--- | Undocumented member.
-mUpdatedAt :: Lens' Member Text
-mUpdatedAt = lens _mUpdatedAt (\ s a -> s{_mUpdatedAt = a})
-
--- | The status of the relationship between the member and the master.
-mRelationshipStatus :: Lens' Member Text
-mRelationshipStatus = lens _mRelationshipStatus (\ s a -> s{_mRelationshipStatus = a})
-
-instance FromJSON Member where
-        parseJSON
-          = withObject "Member"
-              (\ x ->
-                 Member' <$>
-                   (x .:? "invitedAt") <*> (x .:? "detectorId") <*>
-                     (x .: "email")
-                     <*> (x .: "accountId")
-                     <*> (x .: "masterId")
-                     <*> (x .: "updatedAt")
-                     <*> (x .: "relationshipStatus"))
-
-instance Hashable Member where
-
-instance NFData Member where
-
--- | Information about the NETWORK_CONNECTION action described in this finding.
---
--- /See:/ 'networkConnectionAction' smart constructor.
-data NetworkConnectionAction = NetworkConnectionAction'
-  { _ncaRemoteIPDetails     :: !(Maybe RemoteIPDetails)
-  , _ncaProtocol            :: !(Maybe Text)
-  , _ncaRemotePortDetails   :: !(Maybe RemotePortDetails)
-  , _ncaBlocked             :: !(Maybe Bool)
-  , _ncaConnectionDirection :: !(Maybe Text)
-  , _ncaLocalPortDetails    :: !(Maybe LocalPortDetails)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'NetworkConnectionAction' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ncaRemoteIPDetails' - Remote IP information of the connection.
---
--- * 'ncaProtocol' - Network connection protocol.
---
--- * 'ncaRemotePortDetails' - Remote port information of the connection.
---
--- * 'ncaBlocked' - Network connection blocked information.
---
--- * 'ncaConnectionDirection' - Network connection direction.
---
--- * 'ncaLocalPortDetails' - Local port information of the connection.
-networkConnectionAction
-    :: NetworkConnectionAction
-networkConnectionAction =
-  NetworkConnectionAction'
-    { _ncaRemoteIPDetails = Nothing
-    , _ncaProtocol = Nothing
-    , _ncaRemotePortDetails = Nothing
-    , _ncaBlocked = Nothing
-    , _ncaConnectionDirection = Nothing
-    , _ncaLocalPortDetails = Nothing
-    }
-
-
--- | Remote IP information of the connection.
-ncaRemoteIPDetails :: Lens' NetworkConnectionAction (Maybe RemoteIPDetails)
-ncaRemoteIPDetails = lens _ncaRemoteIPDetails (\ s a -> s{_ncaRemoteIPDetails = a})
-
--- | Network connection protocol.
-ncaProtocol :: Lens' NetworkConnectionAction (Maybe Text)
-ncaProtocol = lens _ncaProtocol (\ s a -> s{_ncaProtocol = a})
-
--- | Remote port information of the connection.
-ncaRemotePortDetails :: Lens' NetworkConnectionAction (Maybe RemotePortDetails)
-ncaRemotePortDetails = lens _ncaRemotePortDetails (\ s a -> s{_ncaRemotePortDetails = a})
-
--- | Network connection blocked information.
-ncaBlocked :: Lens' NetworkConnectionAction (Maybe Bool)
-ncaBlocked = lens _ncaBlocked (\ s a -> s{_ncaBlocked = a})
-
--- | Network connection direction.
-ncaConnectionDirection :: Lens' NetworkConnectionAction (Maybe Text)
-ncaConnectionDirection = lens _ncaConnectionDirection (\ s a -> s{_ncaConnectionDirection = a})
-
--- | Local port information of the connection.
-ncaLocalPortDetails :: Lens' NetworkConnectionAction (Maybe LocalPortDetails)
-ncaLocalPortDetails = lens _ncaLocalPortDetails (\ s a -> s{_ncaLocalPortDetails = a})
-
-instance FromJSON NetworkConnectionAction where
-        parseJSON
-          = withObject "NetworkConnectionAction"
-              (\ x ->
-                 NetworkConnectionAction' <$>
-                   (x .:? "remoteIpDetails") <*> (x .:? "protocol") <*>
-                     (x .:? "remotePortDetails")
-                     <*> (x .:? "blocked")
-                     <*> (x .:? "connectionDirection")
-                     <*> (x .:? "localPortDetails"))
-
-instance Hashable NetworkConnectionAction where
-
-instance NFData NetworkConnectionAction where
-
--- | The network interface information of the EC2 instance.
---
--- /See:/ 'networkInterface' smart constructor.
-data NetworkInterface = NetworkInterface'
-  { _niPrivateIPAddresses :: !(Maybe [PrivateIPAddressDetails])
-  , _niPublicDNSName      :: !(Maybe Text)
-  , _niSecurityGroups     :: !(Maybe [SecurityGroup])
-  , _niVPCId              :: !(Maybe Text)
-  , _niNetworkInterfaceId :: !(Maybe Text)
-  , _niSubnetId           :: !(Maybe Text)
-  , _niPrivateIPAddress   :: !(Maybe Text)
-  , _niPublicIP           :: !(Maybe Text)
-  , _niPrivateDNSName     :: !(Maybe Text)
-  , _niIPv6Addresses      :: !(Maybe [Text])
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'NetworkInterface' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'niPrivateIPAddresses' - Other private IP address information of the EC2 instance.
---
--- * 'niPublicDNSName' - Public DNS name of the EC2 instance.
---
--- * 'niSecurityGroups' - Security groups associated with the EC2 instance.
---
--- * 'niVPCId' - The VPC ID of the EC2 instance.
---
--- * 'niNetworkInterfaceId' - The ID of the network interface
---
--- * 'niSubnetId' - The subnet ID of the EC2 instance.
---
--- * 'niPrivateIPAddress' - Private IP address of the EC2 instance.
---
--- * 'niPublicIP' - Public IP address of the EC2 instance.
---
--- * 'niPrivateDNSName' - Private DNS name of the EC2 instance.
---
--- * 'niIPv6Addresses' - A list of EC2 instance IPv6 address information.
-networkInterface
-    :: NetworkInterface
-networkInterface =
-  NetworkInterface'
-    { _niPrivateIPAddresses = Nothing
-    , _niPublicDNSName = Nothing
-    , _niSecurityGroups = Nothing
-    , _niVPCId = Nothing
-    , _niNetworkInterfaceId = Nothing
-    , _niSubnetId = Nothing
-    , _niPrivateIPAddress = Nothing
-    , _niPublicIP = Nothing
-    , _niPrivateDNSName = Nothing
-    , _niIPv6Addresses = Nothing
-    }
-
-
--- | Other private IP address information of the EC2 instance.
-niPrivateIPAddresses :: Lens' NetworkInterface [PrivateIPAddressDetails]
-niPrivateIPAddresses = lens _niPrivateIPAddresses (\ s a -> s{_niPrivateIPAddresses = a}) . _Default . _Coerce
-
--- | Public DNS name of the EC2 instance.
-niPublicDNSName :: Lens' NetworkInterface (Maybe Text)
-niPublicDNSName = lens _niPublicDNSName (\ s a -> s{_niPublicDNSName = a})
-
--- | Security groups associated with the EC2 instance.
-niSecurityGroups :: Lens' NetworkInterface [SecurityGroup]
-niSecurityGroups = lens _niSecurityGroups (\ s a -> s{_niSecurityGroups = a}) . _Default . _Coerce
-
--- | The VPC ID of the EC2 instance.
-niVPCId :: Lens' NetworkInterface (Maybe Text)
-niVPCId = lens _niVPCId (\ s a -> s{_niVPCId = a})
-
--- | The ID of the network interface
-niNetworkInterfaceId :: Lens' NetworkInterface (Maybe Text)
-niNetworkInterfaceId = lens _niNetworkInterfaceId (\ s a -> s{_niNetworkInterfaceId = a})
-
--- | The subnet ID of the EC2 instance.
-niSubnetId :: Lens' NetworkInterface (Maybe Text)
-niSubnetId = lens _niSubnetId (\ s a -> s{_niSubnetId = a})
-
--- | Private IP address of the EC2 instance.
-niPrivateIPAddress :: Lens' NetworkInterface (Maybe Text)
-niPrivateIPAddress = lens _niPrivateIPAddress (\ s a -> s{_niPrivateIPAddress = a})
-
--- | Public IP address of the EC2 instance.
-niPublicIP :: Lens' NetworkInterface (Maybe Text)
-niPublicIP = lens _niPublicIP (\ s a -> s{_niPublicIP = a})
-
--- | Private DNS name of the EC2 instance.
-niPrivateDNSName :: Lens' NetworkInterface (Maybe Text)
-niPrivateDNSName = lens _niPrivateDNSName (\ s a -> s{_niPrivateDNSName = a})
-
--- | A list of EC2 instance IPv6 address information.
-niIPv6Addresses :: Lens' NetworkInterface [Text]
-niIPv6Addresses = lens _niIPv6Addresses (\ s a -> s{_niIPv6Addresses = a}) . _Default . _Coerce
-
-instance FromJSON NetworkInterface where
-        parseJSON
-          = withObject "NetworkInterface"
-              (\ x ->
-                 NetworkInterface' <$>
-                   (x .:? "privateIpAddresses" .!= mempty) <*>
-                     (x .:? "publicDnsName")
-                     <*> (x .:? "securityGroups" .!= mempty)
-                     <*> (x .:? "vpcId")
-                     <*> (x .:? "networkInterfaceId")
-                     <*> (x .:? "subnetId")
-                     <*> (x .:? "privateIpAddress")
-                     <*> (x .:? "publicIp")
-                     <*> (x .:? "privateDnsName")
-                     <*> (x .:? "ipv6Addresses" .!= mempty))
-
-instance Hashable NetworkInterface where
-
-instance NFData NetworkInterface where
-
--- | ISP Organization information of the remote IP address.
---
--- /See:/ 'organization' smart constructor.
-data Organization = Organization'
-  { _oOrg    :: !(Maybe Text)
-  , _oASNOrg :: !(Maybe Text)
-  , _oASN    :: !(Maybe Text)
-  , _oIsp    :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Organization' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'oOrg' - Name of the internet provider.
---
--- * 'oASNOrg' - Organization that registered this ASN.
---
--- * 'oASN' - Autonomous system number of the internet provider of the remote IP address.
---
--- * 'oIsp' - ISP information for the internet provider.
-organization
-    :: Organization
-organization =
-  Organization'
-    {_oOrg = Nothing, _oASNOrg = Nothing, _oASN = Nothing, _oIsp = Nothing}
-
-
--- | Name of the internet provider.
-oOrg :: Lens' Organization (Maybe Text)
-oOrg = lens _oOrg (\ s a -> s{_oOrg = a})
-
--- | Organization that registered this ASN.
-oASNOrg :: Lens' Organization (Maybe Text)
-oASNOrg = lens _oASNOrg (\ s a -> s{_oASNOrg = a})
-
--- | Autonomous system number of the internet provider of the remote IP address.
-oASN :: Lens' Organization (Maybe Text)
-oASN = lens _oASN (\ s a -> s{_oASN = a})
-
--- | ISP information for the internet provider.
-oIsp :: Lens' Organization (Maybe Text)
-oIsp = lens _oIsp (\ s a -> s{_oIsp = a})
-
-instance FromJSON Organization where
-        parseJSON
-          = withObject "Organization"
-              (\ x ->
-                 Organization' <$>
-                   (x .:? "org") <*> (x .:? "asnOrg") <*> (x .:? "asn")
-                     <*> (x .:? "isp"))
-
-instance Hashable Organization where
-
-instance NFData Organization where
-
--- | Information about the PORT_PROBE action described in this finding.
---
--- /See:/ 'portProbeAction' smart constructor.
-data PortProbeAction = PortProbeAction'
-  { _ppaPortProbeDetails :: !(Maybe [PortProbeDetail])
-  , _ppaBlocked          :: !(Maybe Bool)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'PortProbeAction' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ppaPortProbeDetails' - A list of port probe details objects.
---
--- * 'ppaBlocked' - Port probe blocked information.
-portProbeAction
-    :: PortProbeAction
-portProbeAction =
-  PortProbeAction' {_ppaPortProbeDetails = Nothing, _ppaBlocked = Nothing}
-
-
--- | A list of port probe details objects.
-ppaPortProbeDetails :: Lens' PortProbeAction [PortProbeDetail]
-ppaPortProbeDetails = lens _ppaPortProbeDetails (\ s a -> s{_ppaPortProbeDetails = a}) . _Default . _Coerce
-
--- | Port probe blocked information.
-ppaBlocked :: Lens' PortProbeAction (Maybe Bool)
-ppaBlocked = lens _ppaBlocked (\ s a -> s{_ppaBlocked = a})
-
-instance FromJSON PortProbeAction where
-        parseJSON
-          = withObject "PortProbeAction"
-              (\ x ->
-                 PortProbeAction' <$>
-                   (x .:? "portProbeDetails" .!= mempty) <*>
-                     (x .:? "blocked"))
-
-instance Hashable PortProbeAction where
-
-instance NFData PortProbeAction where
-
--- | Details about the port probe finding.
---
--- /See:/ 'portProbeDetail' smart constructor.
-data PortProbeDetail = PortProbeDetail'
-  { _ppdRemoteIPDetails  :: !(Maybe RemoteIPDetails)
-  , _ppdLocalPortDetails :: !(Maybe LocalPortDetails)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'PortProbeDetail' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ppdRemoteIPDetails' - Remote IP information of the connection.
---
--- * 'ppdLocalPortDetails' - Local port information of the connection.
-portProbeDetail
-    :: PortProbeDetail
-portProbeDetail =
-  PortProbeDetail'
-    {_ppdRemoteIPDetails = Nothing, _ppdLocalPortDetails = Nothing}
-
-
--- | Remote IP information of the connection.
-ppdRemoteIPDetails :: Lens' PortProbeDetail (Maybe RemoteIPDetails)
-ppdRemoteIPDetails = lens _ppdRemoteIPDetails (\ s a -> s{_ppdRemoteIPDetails = a})
-
--- | Local port information of the connection.
-ppdLocalPortDetails :: Lens' PortProbeDetail (Maybe LocalPortDetails)
-ppdLocalPortDetails = lens _ppdLocalPortDetails (\ s a -> s{_ppdLocalPortDetails = a})
-
-instance FromJSON PortProbeDetail where
-        parseJSON
-          = withObject "PortProbeDetail"
-              (\ x ->
-                 PortProbeDetail' <$>
-                   (x .:? "remoteIpDetails") <*>
-                     (x .:? "localPortDetails"))
-
-instance Hashable PortProbeDetail where
-
-instance NFData PortProbeDetail where
-
--- | Other private IP address information of the EC2 instance.
---
--- /See:/ 'privateIPAddressDetails' smart constructor.
-data PrivateIPAddressDetails = PrivateIPAddressDetails'
-  { _piadPrivateIPAddress :: !(Maybe Text)
-  , _piadPrivateDNSName   :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'PrivateIPAddressDetails' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'piadPrivateIPAddress' - Private IP address of the EC2 instance.
---
--- * 'piadPrivateDNSName' - Private DNS name of the EC2 instance.
-privateIPAddressDetails
-    :: PrivateIPAddressDetails
-privateIPAddressDetails =
-  PrivateIPAddressDetails'
-    {_piadPrivateIPAddress = Nothing, _piadPrivateDNSName = Nothing}
-
-
--- | Private IP address of the EC2 instance.
-piadPrivateIPAddress :: Lens' PrivateIPAddressDetails (Maybe Text)
-piadPrivateIPAddress = lens _piadPrivateIPAddress (\ s a -> s{_piadPrivateIPAddress = a})
-
--- | Private DNS name of the EC2 instance.
-piadPrivateDNSName :: Lens' PrivateIPAddressDetails (Maybe Text)
-piadPrivateDNSName = lens _piadPrivateDNSName (\ s a -> s{_piadPrivateDNSName = a})
-
-instance FromJSON PrivateIPAddressDetails where
-        parseJSON
-          = withObject "PrivateIPAddressDetails"
-              (\ x ->
-                 PrivateIPAddressDetails' <$>
-                   (x .:? "privateIpAddress") <*>
-                     (x .:? "privateDnsName"))
-
-instance Hashable PrivateIPAddressDetails where
-
-instance NFData PrivateIPAddressDetails where
-
--- | The product code of the EC2 instance.
---
--- /See:/ 'productCode' smart constructor.
-data ProductCode = ProductCode'
-  { _pcProductType :: !(Maybe Text)
-  , _pcCode        :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ProductCode' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'pcProductType' - Product code type.
---
--- * 'pcCode' - Product code information.
-productCode
-    :: ProductCode
-productCode = ProductCode' {_pcProductType = Nothing, _pcCode = Nothing}
-
-
--- | Product code type.
-pcProductType :: Lens' ProductCode (Maybe Text)
-pcProductType = lens _pcProductType (\ s a -> s{_pcProductType = a})
-
--- | Product code information.
-pcCode :: Lens' ProductCode (Maybe Text)
-pcCode = lens _pcCode (\ s a -> s{_pcCode = a})
-
-instance FromJSON ProductCode where
-        parseJSON
-          = withObject "ProductCode"
-              (\ x ->
-                 ProductCode' <$>
-                   (x .:? "productType") <*> (x .:? "code"))
-
-instance Hashable ProductCode where
-
-instance NFData ProductCode where
-
--- | Remote IP information of the connection.
---
--- /See:/ 'remoteIPDetails' smart constructor.
-data RemoteIPDetails = RemoteIPDetails'
-  { _ridCountry      :: !(Maybe Country)
-  , _ridCity         :: !(Maybe City)
-  , _ridIPAddressV4  :: !(Maybe Text)
-  , _ridGeoLocation  :: !(Maybe GeoLocation)
-  , _ridOrganization :: !(Maybe Organization)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'RemoteIPDetails' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ridCountry' - Country code of the remote IP address.
---
--- * 'ridCity' - City information of the remote IP address.
---
--- * 'ridIPAddressV4' - IPV4 remote address of the connection.
---
--- * 'ridGeoLocation' - Location information of the remote IP address.
---
--- * 'ridOrganization' - ISP Organization information of the remote IP address.
-remoteIPDetails
-    :: RemoteIPDetails
-remoteIPDetails =
-  RemoteIPDetails'
-    { _ridCountry = Nothing
-    , _ridCity = Nothing
-    , _ridIPAddressV4 = Nothing
-    , _ridGeoLocation = Nothing
-    , _ridOrganization = Nothing
-    }
-
-
--- | Country code of the remote IP address.
-ridCountry :: Lens' RemoteIPDetails (Maybe Country)
-ridCountry = lens _ridCountry (\ s a -> s{_ridCountry = a})
-
--- | City information of the remote IP address.
-ridCity :: Lens' RemoteIPDetails (Maybe City)
-ridCity = lens _ridCity (\ s a -> s{_ridCity = a})
-
--- | IPV4 remote address of the connection.
-ridIPAddressV4 :: Lens' RemoteIPDetails (Maybe Text)
-ridIPAddressV4 = lens _ridIPAddressV4 (\ s a -> s{_ridIPAddressV4 = a})
-
--- | Location information of the remote IP address.
-ridGeoLocation :: Lens' RemoteIPDetails (Maybe GeoLocation)
-ridGeoLocation = lens _ridGeoLocation (\ s a -> s{_ridGeoLocation = a})
-
--- | ISP Organization information of the remote IP address.
-ridOrganization :: Lens' RemoteIPDetails (Maybe Organization)
-ridOrganization = lens _ridOrganization (\ s a -> s{_ridOrganization = a})
-
-instance FromJSON RemoteIPDetails where
-        parseJSON
-          = withObject "RemoteIPDetails"
-              (\ x ->
-                 RemoteIPDetails' <$>
-                   (x .:? "country") <*> (x .:? "city") <*>
-                     (x .:? "ipAddressV4")
-                     <*> (x .:? "geoLocation")
-                     <*> (x .:? "organization"))
-
-instance Hashable RemoteIPDetails where
-
-instance NFData RemoteIPDetails where
-
--- | Remote port information of the connection.
---
--- /See:/ 'remotePortDetails' smart constructor.
-data RemotePortDetails = RemotePortDetails'
-  { _rpdPortName :: !(Maybe Text)
-  , _rpdPort     :: !(Maybe Int)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'RemotePortDetails' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'rpdPortName' - Port name of the remote connection.
---
--- * 'rpdPort' - Port number of the remote connection.
-remotePortDetails
-    :: RemotePortDetails
-remotePortDetails =
-  RemotePortDetails' {_rpdPortName = Nothing, _rpdPort = Nothing}
-
-
--- | Port name of the remote connection.
-rpdPortName :: Lens' RemotePortDetails (Maybe Text)
-rpdPortName = lens _rpdPortName (\ s a -> s{_rpdPortName = a})
-
--- | Port number of the remote connection.
-rpdPort :: Lens' RemotePortDetails (Maybe Int)
-rpdPort = lens _rpdPort (\ s a -> s{_rpdPort = a})
-
-instance FromJSON RemotePortDetails where
-        parseJSON
-          = withObject "RemotePortDetails"
-              (\ x ->
-                 RemotePortDetails' <$>
-                   (x .:? "portName") <*> (x .:? "port"))
-
-instance Hashable RemotePortDetails where
-
-instance NFData RemotePortDetails where
-
--- | The AWS resource associated with the activity that prompted GuardDuty to generate a finding.
---
--- /See:/ 'resource' smart constructor.
-data Resource = Resource'
-  { _rResourceType     :: !(Maybe Text)
-  , _rInstanceDetails  :: !(Maybe InstanceDetails)
-  , _rAccessKeyDetails :: !(Maybe AccessKeyDetails)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Resource' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'rResourceType' - The type of the AWS resource.
---
--- * 'rInstanceDetails' - Undocumented member.
---
--- * 'rAccessKeyDetails' - Undocumented member.
-resource
-    :: Resource
-resource =
-  Resource'
-    { _rResourceType = Nothing
-    , _rInstanceDetails = Nothing
-    , _rAccessKeyDetails = Nothing
-    }
-
-
--- | The type of the AWS resource.
-rResourceType :: Lens' Resource (Maybe Text)
-rResourceType = lens _rResourceType (\ s a -> s{_rResourceType = a})
-
--- | Undocumented member.
-rInstanceDetails :: Lens' Resource (Maybe InstanceDetails)
-rInstanceDetails = lens _rInstanceDetails (\ s a -> s{_rInstanceDetails = a})
-
--- | Undocumented member.
-rAccessKeyDetails :: Lens' Resource (Maybe AccessKeyDetails)
-rAccessKeyDetails = lens _rAccessKeyDetails (\ s a -> s{_rAccessKeyDetails = a})
-
-instance FromJSON Resource where
-        parseJSON
-          = withObject "Resource"
-              (\ x ->
-                 Resource' <$>
-                   (x .:? "resourceType") <*> (x .:? "instanceDetails")
-                     <*> (x .:? "accessKeyDetails"))
-
-instance Hashable Resource where
-
-instance NFData Resource where
-
--- | Security groups associated with the EC2 instance.
---
--- /See:/ 'securityGroup' smart constructor.
-data SecurityGroup = SecurityGroup'
-  { _sgGroupId   :: !(Maybe Text)
-  , _sgGroupName :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'SecurityGroup' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'sgGroupId' - EC2 instance's security group ID.
---
--- * 'sgGroupName' - EC2 instance's security group name.
-securityGroup
-    :: SecurityGroup
-securityGroup = SecurityGroup' {_sgGroupId = Nothing, _sgGroupName = Nothing}
-
-
--- | EC2 instance's security group ID.
-sgGroupId :: Lens' SecurityGroup (Maybe Text)
-sgGroupId = lens _sgGroupId (\ s a -> s{_sgGroupId = a})
-
--- | EC2 instance's security group name.
-sgGroupName :: Lens' SecurityGroup (Maybe Text)
-sgGroupName = lens _sgGroupName (\ s a -> s{_sgGroupName = a})
-
-instance FromJSON SecurityGroup where
-        parseJSON
-          = withObject "SecurityGroup"
-              (\ x ->
-                 SecurityGroup' <$>
-                   (x .:? "groupId") <*> (x .:? "groupName"))
-
-instance Hashable SecurityGroup where
-
-instance NFData SecurityGroup where
-
--- | Additional information assigned to the generated finding by GuardDuty.
---
--- /See:/ 'serviceInfo' smart constructor.
-data ServiceInfo = ServiceInfo'
-  { _siCount          :: !(Maybe Int)
-  , _siEventFirstSeen :: !(Maybe Text)
-  , _siAction         :: !(Maybe Action)
-  , _siDetectorId     :: !(Maybe Text)
-  , _siServiceName    :: !(Maybe Text)
-  , _siUserFeedback   :: !(Maybe Text)
-  , _siEventLastSeen  :: !(Maybe Text)
-  , _siResourceRole   :: !(Maybe Text)
-  , _siArchived       :: !(Maybe Bool)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ServiceInfo' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'siCount' - Total count of the occurrences of this finding type.
---
--- * 'siEventFirstSeen' - First seen timestamp of the activity that prompted GuardDuty to generate this finding.
---
--- * 'siAction' - Information about the activity described in a finding.
---
--- * 'siDetectorId' - Detector ID for the GuardDuty service.
---
--- * 'siServiceName' - The name of the AWS service (GuardDuty) that generated a finding.
---
--- * 'siUserFeedback' - Feedback left about the finding.
---
--- * 'siEventLastSeen' - Last seen timestamp of the activity that prompted GuardDuty to generate this finding.
---
--- * 'siResourceRole' - Resource role information for this finding.
---
--- * 'siArchived' - Indicates whether this finding is archived.
-serviceInfo
-    :: ServiceInfo
-serviceInfo =
-  ServiceInfo'
-    { _siCount = Nothing
-    , _siEventFirstSeen = Nothing
-    , _siAction = Nothing
-    , _siDetectorId = Nothing
-    , _siServiceName = Nothing
-    , _siUserFeedback = Nothing
-    , _siEventLastSeen = Nothing
-    , _siResourceRole = Nothing
-    , _siArchived = Nothing
-    }
-
-
--- | Total count of the occurrences of this finding type.
-siCount :: Lens' ServiceInfo (Maybe Int)
-siCount = lens _siCount (\ s a -> s{_siCount = a})
-
--- | First seen timestamp of the activity that prompted GuardDuty to generate this finding.
-siEventFirstSeen :: Lens' ServiceInfo (Maybe Text)
-siEventFirstSeen = lens _siEventFirstSeen (\ s a -> s{_siEventFirstSeen = a})
-
--- | Information about the activity described in a finding.
-siAction :: Lens' ServiceInfo (Maybe Action)
-siAction = lens _siAction (\ s a -> s{_siAction = a})
-
--- | Detector ID for the GuardDuty service.
-siDetectorId :: Lens' ServiceInfo (Maybe Text)
-siDetectorId = lens _siDetectorId (\ s a -> s{_siDetectorId = a})
-
--- | The name of the AWS service (GuardDuty) that generated a finding.
-siServiceName :: Lens' ServiceInfo (Maybe Text)
-siServiceName = lens _siServiceName (\ s a -> s{_siServiceName = a})
-
--- | Feedback left about the finding.
-siUserFeedback :: Lens' ServiceInfo (Maybe Text)
-siUserFeedback = lens _siUserFeedback (\ s a -> s{_siUserFeedback = a})
-
--- | Last seen timestamp of the activity that prompted GuardDuty to generate this finding.
-siEventLastSeen :: Lens' ServiceInfo (Maybe Text)
-siEventLastSeen = lens _siEventLastSeen (\ s a -> s{_siEventLastSeen = a})
-
--- | Resource role information for this finding.
-siResourceRole :: Lens' ServiceInfo (Maybe Text)
-siResourceRole = lens _siResourceRole (\ s a -> s{_siResourceRole = a})
-
--- | Indicates whether this finding is archived.
-siArchived :: Lens' ServiceInfo (Maybe Bool)
-siArchived = lens _siArchived (\ s a -> s{_siArchived = a})
-
-instance FromJSON ServiceInfo where
-        parseJSON
-          = withObject "ServiceInfo"
-              (\ x ->
-                 ServiceInfo' <$>
-                   (x .:? "count") <*> (x .:? "eventFirstSeen") <*>
-                     (x .:? "action")
-                     <*> (x .:? "detectorId")
-                     <*> (x .:? "serviceName")
-                     <*> (x .:? "userFeedback")
-                     <*> (x .:? "eventLastSeen")
-                     <*> (x .:? "resourceRole")
-                     <*> (x .:? "archived"))
-
-instance Hashable ServiceInfo where
-
-instance NFData ServiceInfo where
-
--- | Represents the criteria used for sorting findings.
---
--- /See:/ 'sortCriteria' smart constructor.
-data SortCriteria = SortCriteria'
-  { _scOrderBy       :: !(Maybe OrderBy)
-  , _scAttributeName :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'SortCriteria' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'scOrderBy' - Order by which the sorted findings are to be displayed.
---
--- * 'scAttributeName' - Represents the finding attribute (for example, accountId) by which to sort findings.
-sortCriteria
-    :: SortCriteria
-sortCriteria = SortCriteria' {_scOrderBy = Nothing, _scAttributeName = Nothing}
-
-
--- | Order by which the sorted findings are to be displayed.
-scOrderBy :: Lens' SortCriteria (Maybe OrderBy)
-scOrderBy = lens _scOrderBy (\ s a -> s{_scOrderBy = a})
-
--- | Represents the finding attribute (for example, accountId) by which to sort findings.
-scAttributeName :: Lens' SortCriteria (Maybe Text)
-scAttributeName = lens _scAttributeName (\ s a -> s{_scAttributeName = a})
-
-instance Hashable SortCriteria where
-
-instance NFData SortCriteria where
-
-instance ToJSON SortCriteria where
-        toJSON SortCriteria'{..}
-          = object
-              (catMaybes
-                 [("orderBy" .=) <$> _scOrderBy,
-                  ("attributeName" .=) <$> _scAttributeName])
-
--- | A tag of the EC2 instance.
---
--- /See:/ 'tag' smart constructor.
-data Tag = Tag'
-  { _tagValue :: !(Maybe Text)
-  , _tagKey   :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Tag' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'tagValue' - EC2 instance tag value.
---
--- * 'tagKey' - EC2 instance tag key.
-tag
-    :: Tag
-tag = Tag' {_tagValue = Nothing, _tagKey = Nothing}
-
-
--- | EC2 instance tag value.
-tagValue :: Lens' Tag (Maybe Text)
-tagValue = lens _tagValue (\ s a -> s{_tagValue = a})
-
--- | EC2 instance tag key.
-tagKey :: Lens' Tag (Maybe Text)
-tagKey = lens _tagKey (\ s a -> s{_tagKey = a})
-
-instance FromJSON Tag where
-        parseJSON
-          = withObject "Tag"
-              (\ x -> Tag' <$> (x .:? "value") <*> (x .:? "key"))
-
-instance Hashable Tag where
-
-instance NFData Tag where
-
--- | An object containing the unprocessed account and a result string explaining why it was unprocessed.
---
--- /See:/ 'unprocessedAccount' smart constructor.
-data UnprocessedAccount = UnprocessedAccount'
-  { _uaAccountId :: !Text
-  , _uaResult    :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UnprocessedAccount' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'uaAccountId' - AWS Account ID.
---
--- * 'uaResult' - A reason why the account hasn't been processed.
-unprocessedAccount
-    :: Text -- ^ 'uaAccountId'
-    -> Text -- ^ 'uaResult'
-    -> UnprocessedAccount
-unprocessedAccount pAccountId_ pResult_ =
-  UnprocessedAccount' {_uaAccountId = pAccountId_, _uaResult = pResult_}
-
-
--- | AWS Account ID.
-uaAccountId :: Lens' UnprocessedAccount Text
-uaAccountId = lens _uaAccountId (\ s a -> s{_uaAccountId = a})
-
--- | A reason why the account hasn't been processed.
-uaResult :: Lens' UnprocessedAccount Text
-uaResult = lens _uaResult (\ s a -> s{_uaResult = a})
-
-instance FromJSON UnprocessedAccount where
-        parseJSON
-          = withObject "UnprocessedAccount"
-              (\ x ->
-                 UnprocessedAccount' <$>
-                   (x .: "accountId") <*> (x .: "result"))
-
-instance Hashable UnprocessedAccount where
-
-instance NFData UnprocessedAccount where
diff --git a/gen/Network/AWS/GuardDuty/Types/Sum.hs b/gen/Network/AWS/GuardDuty/Types/Sum.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/Types/Sum.hs
+++ /dev/null
@@ -1,331 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE LambdaCase         #-}
-{-# LANGUAGE OverloadedStrings  #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.Types.Sum
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.GuardDuty.Types.Sum where
-
-import Network.AWS.Prelude
-
--- | The status of detector.
-data DetectorStatus
-  = Disabled
-  | Enabled
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText DetectorStatus where
-    parser = takeLowerText >>= \case
-        "disabled" -> pure Disabled
-        "enabled" -> pure Enabled
-        e -> fromTextError $ "Failure parsing DetectorStatus from value: '" <> e
-           <> "'. Accepted values: disabled, enabled"
-
-instance ToText DetectorStatus where
-    toText = \case
-        Disabled -> "DISABLED"
-        Enabled -> "ENABLED"
-
-instance Hashable     DetectorStatus
-instance NFData       DetectorStatus
-instance ToByteString DetectorStatus
-instance ToQuery      DetectorStatus
-instance ToHeader     DetectorStatus
-
-instance FromJSON DetectorStatus where
-    parseJSON = parseJSONText "DetectorStatus"
-
--- | Finding Feedback Value
-data Feedback
-  = NotUseful
-  | Useful
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText Feedback where
-    parser = takeLowerText >>= \case
-        "not_useful" -> pure NotUseful
-        "useful" -> pure Useful
-        e -> fromTextError $ "Failure parsing Feedback from value: '" <> e
-           <> "'. Accepted values: not_useful, useful"
-
-instance ToText Feedback where
-    toText = \case
-        NotUseful -> "NOT_USEFUL"
-        Useful -> "USEFUL"
-
-instance Hashable     Feedback
-instance NFData       Feedback
-instance ToByteString Feedback
-instance ToQuery      Feedback
-instance ToHeader     Feedback
-
-instance ToJSON Feedback where
-    toJSON = toJSONText
-
--- | The action associated with a filter.
-data FilterAction
-  = Archive
-  | Noop
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText FilterAction where
-    parser = takeLowerText >>= \case
-        "archive" -> pure Archive
-        "noop" -> pure Noop
-        e -> fromTextError $ "Failure parsing FilterAction from value: '" <> e
-           <> "'. Accepted values: archive, noop"
-
-instance ToText FilterAction where
-    toText = \case
-        Archive -> "ARCHIVE"
-        Noop -> "NOOP"
-
-instance Hashable     FilterAction
-instance NFData       FilterAction
-instance ToByteString FilterAction
-instance ToQuery      FilterAction
-instance ToHeader     FilterAction
-
-instance ToJSON FilterAction where
-    toJSON = toJSONText
-
-instance FromJSON FilterAction where
-    parseJSON = parseJSONText "FilterAction"
-
--- | The types of finding statistics.
-data FindingStatisticType =
-  CountBySeverity
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText FindingStatisticType where
-    parser = takeLowerText >>= \case
-        "count_by_severity" -> pure CountBySeverity
-        e -> fromTextError $ "Failure parsing FindingStatisticType from value: '" <> e
-           <> "'. Accepted values: count_by_severity"
-
-instance ToText FindingStatisticType where
-    toText = \case
-        CountBySeverity -> "COUNT_BY_SEVERITY"
-
-instance Hashable     FindingStatisticType
-instance NFData       FindingStatisticType
-instance ToByteString FindingStatisticType
-instance ToQuery      FindingStatisticType
-instance ToHeader     FindingStatisticType
-
-instance ToJSON FindingStatisticType where
-    toJSON = toJSONText
-
--- | The format of the ipSet.
-data IPSetFormat
-  = AlienVault
-  | FireEye
-  | OtxCSV
-  | ProofPoint
-  | Stix
-  | Txt
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText IPSetFormat where
-    parser = takeLowerText >>= \case
-        "alien_vault" -> pure AlienVault
-        "fire_eye" -> pure FireEye
-        "otx_csv" -> pure OtxCSV
-        "proof_point" -> pure ProofPoint
-        "stix" -> pure Stix
-        "txt" -> pure Txt
-        e -> fromTextError $ "Failure parsing IPSetFormat from value: '" <> e
-           <> "'. Accepted values: alien_vault, fire_eye, otx_csv, proof_point, stix, txt"
-
-instance ToText IPSetFormat where
-    toText = \case
-        AlienVault -> "ALIEN_VAULT"
-        FireEye -> "FIRE_EYE"
-        OtxCSV -> "OTX_CSV"
-        ProofPoint -> "PROOF_POINT"
-        Stix -> "STIX"
-        Txt -> "TXT"
-
-instance Hashable     IPSetFormat
-instance NFData       IPSetFormat
-instance ToByteString IPSetFormat
-instance ToQuery      IPSetFormat
-instance ToHeader     IPSetFormat
-
-instance ToJSON IPSetFormat where
-    toJSON = toJSONText
-
-instance FromJSON IPSetFormat where
-    parseJSON = parseJSONText "IPSetFormat"
-
--- | The status of ipSet file uploaded.
-data IPSetStatus
-  = ISSActivating
-  | ISSActive
-  | ISSDeactivating
-  | ISSDeletePending
-  | ISSDeleted
-  | ISSError'
-  | ISSInactive
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText IPSetStatus where
-    parser = takeLowerText >>= \case
-        "activating" -> pure ISSActivating
-        "active" -> pure ISSActive
-        "deactivating" -> pure ISSDeactivating
-        "delete_pending" -> pure ISSDeletePending
-        "deleted" -> pure ISSDeleted
-        "error" -> pure ISSError'
-        "inactive" -> pure ISSInactive
-        e -> fromTextError $ "Failure parsing IPSetStatus from value: '" <> e
-           <> "'. Accepted values: activating, active, deactivating, delete_pending, deleted, error, inactive"
-
-instance ToText IPSetStatus where
-    toText = \case
-        ISSActivating -> "ACTIVATING"
-        ISSActive -> "ACTIVE"
-        ISSDeactivating -> "DEACTIVATING"
-        ISSDeletePending -> "DELETE_PENDING"
-        ISSDeleted -> "DELETED"
-        ISSError' -> "ERROR"
-        ISSInactive -> "INACTIVE"
-
-instance Hashable     IPSetStatus
-instance NFData       IPSetStatus
-instance ToByteString IPSetStatus
-instance ToQuery      IPSetStatus
-instance ToHeader     IPSetStatus
-
-instance FromJSON IPSetStatus where
-    parseJSON = parseJSONText "IPSetStatus"
-
-data OrderBy
-  = Asc
-  | Desc
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText OrderBy where
-    parser = takeLowerText >>= \case
-        "asc" -> pure Asc
-        "desc" -> pure Desc
-        e -> fromTextError $ "Failure parsing OrderBy from value: '" <> e
-           <> "'. Accepted values: asc, desc"
-
-instance ToText OrderBy where
-    toText = \case
-        Asc -> "ASC"
-        Desc -> "DESC"
-
-instance Hashable     OrderBy
-instance NFData       OrderBy
-instance ToByteString OrderBy
-instance ToQuery      OrderBy
-instance ToHeader     OrderBy
-
-instance ToJSON OrderBy where
-    toJSON = toJSONText
-
--- | The format of the threatIntelSet.
-data ThreatIntelSetFormat
-  = TISFAlienVault
-  | TISFFireEye
-  | TISFOtxCSV
-  | TISFProofPoint
-  | TISFStix
-  | TISFTxt
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText ThreatIntelSetFormat where
-    parser = takeLowerText >>= \case
-        "alien_vault" -> pure TISFAlienVault
-        "fire_eye" -> pure TISFFireEye
-        "otx_csv" -> pure TISFOtxCSV
-        "proof_point" -> pure TISFProofPoint
-        "stix" -> pure TISFStix
-        "txt" -> pure TISFTxt
-        e -> fromTextError $ "Failure parsing ThreatIntelSetFormat from value: '" <> e
-           <> "'. Accepted values: alien_vault, fire_eye, otx_csv, proof_point, stix, txt"
-
-instance ToText ThreatIntelSetFormat where
-    toText = \case
-        TISFAlienVault -> "ALIEN_VAULT"
-        TISFFireEye -> "FIRE_EYE"
-        TISFOtxCSV -> "OTX_CSV"
-        TISFProofPoint -> "PROOF_POINT"
-        TISFStix -> "STIX"
-        TISFTxt -> "TXT"
-
-instance Hashable     ThreatIntelSetFormat
-instance NFData       ThreatIntelSetFormat
-instance ToByteString ThreatIntelSetFormat
-instance ToQuery      ThreatIntelSetFormat
-instance ToHeader     ThreatIntelSetFormat
-
-instance ToJSON ThreatIntelSetFormat where
-    toJSON = toJSONText
-
-instance FromJSON ThreatIntelSetFormat where
-    parseJSON = parseJSONText "ThreatIntelSetFormat"
-
--- | The status of threatIntelSet file uploaded.
-data ThreatIntelSetStatus
-  = Activating
-  | Active
-  | Deactivating
-  | DeletePending
-  | Deleted
-  | Error'
-  | Inactive
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText ThreatIntelSetStatus where
-    parser = takeLowerText >>= \case
-        "activating" -> pure Activating
-        "active" -> pure Active
-        "deactivating" -> pure Deactivating
-        "delete_pending" -> pure DeletePending
-        "deleted" -> pure Deleted
-        "error" -> pure Error'
-        "inactive" -> pure Inactive
-        e -> fromTextError $ "Failure parsing ThreatIntelSetStatus from value: '" <> e
-           <> "'. Accepted values: activating, active, deactivating, delete_pending, deleted, error, inactive"
-
-instance ToText ThreatIntelSetStatus where
-    toText = \case
-        Activating -> "ACTIVATING"
-        Active -> "ACTIVE"
-        Deactivating -> "DEACTIVATING"
-        DeletePending -> "DELETE_PENDING"
-        Deleted -> "DELETED"
-        Error' -> "ERROR"
-        Inactive -> "INACTIVE"
-
-instance Hashable     ThreatIntelSetStatus
-instance NFData       ThreatIntelSetStatus
-instance ToByteString ThreatIntelSetStatus
-instance ToQuery      ThreatIntelSetStatus
-instance ToHeader     ThreatIntelSetStatus
-
-instance FromJSON ThreatIntelSetStatus where
-    parseJSON = parseJSONText "ThreatIntelSetStatus"
diff --git a/gen/Network/AWS/GuardDuty/UnarchiveFindings.hs b/gen/Network/AWS/GuardDuty/UnarchiveFindings.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/UnarchiveFindings.hs
+++ /dev/null
@@ -1,131 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.UnarchiveFindings
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Unarchives Amazon GuardDuty findings specified by the list of finding IDs.
-module Network.AWS.GuardDuty.UnarchiveFindings
-    (
-    -- * Creating a Request
-      unarchiveFindings
-    , UnarchiveFindings
-    -- * Request Lenses
-    , uFindingIds
-    , uDetectorId
-
-    -- * Destructuring the Response
-    , unarchiveFindingsResponse
-    , UnarchiveFindingsResponse
-    -- * Response Lenses
-    , ursResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | UnarchiveFindings request body.
---
--- /See:/ 'unarchiveFindings' smart constructor.
-data UnarchiveFindings = UnarchiveFindings'
-  { _uFindingIds :: !(Maybe [Text])
-  , _uDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UnarchiveFindings' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'uFindingIds' - IDs of the findings that you want to unarchive.
---
--- * 'uDetectorId' - The ID of the detector that specifies the GuardDuty service whose findings you want to unarchive.
-unarchiveFindings
-    :: Text -- ^ 'uDetectorId'
-    -> UnarchiveFindings
-unarchiveFindings pDetectorId_ =
-  UnarchiveFindings' {_uFindingIds = Nothing, _uDetectorId = pDetectorId_}
-
-
--- | IDs of the findings that you want to unarchive.
-uFindingIds :: Lens' UnarchiveFindings [Text]
-uFindingIds = lens _uFindingIds (\ s a -> s{_uFindingIds = a}) . _Default . _Coerce
-
--- | The ID of the detector that specifies the GuardDuty service whose findings you want to unarchive.
-uDetectorId :: Lens' UnarchiveFindings Text
-uDetectorId = lens _uDetectorId (\ s a -> s{_uDetectorId = a})
-
-instance AWSRequest UnarchiveFindings where
-        type Rs UnarchiveFindings = UnarchiveFindingsResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 UnarchiveFindingsResponse' <$> (pure (fromEnum s)))
-
-instance Hashable UnarchiveFindings where
-
-instance NFData UnarchiveFindings where
-
-instance ToHeaders UnarchiveFindings where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON UnarchiveFindings where
-        toJSON UnarchiveFindings'{..}
-          = object
-              (catMaybes [("findingIds" .=) <$> _uFindingIds])
-
-instance ToPath UnarchiveFindings where
-        toPath UnarchiveFindings'{..}
-          = mconcat
-              ["/detector/", toBS _uDetectorId,
-               "/findings/unarchive"]
-
-instance ToQuery UnarchiveFindings where
-        toQuery = const mempty
-
--- | /See:/ 'unarchiveFindingsResponse' smart constructor.
-newtype UnarchiveFindingsResponse = UnarchiveFindingsResponse'
-  { _ursResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UnarchiveFindingsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ursResponseStatus' - -- | The response status code.
-unarchiveFindingsResponse
-    :: Int -- ^ 'ursResponseStatus'
-    -> UnarchiveFindingsResponse
-unarchiveFindingsResponse pResponseStatus_ =
-  UnarchiveFindingsResponse' {_ursResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-ursResponseStatus :: Lens' UnarchiveFindingsResponse Int
-ursResponseStatus = lens _ursResponseStatus (\ s a -> s{_ursResponseStatus = a})
-
-instance NFData UnarchiveFindingsResponse where
diff --git a/gen/Network/AWS/GuardDuty/UpdateDetector.hs b/gen/Network/AWS/GuardDuty/UpdateDetector.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/UpdateDetector.hs
+++ /dev/null
@@ -1,128 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.UpdateDetector
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Updates an Amazon GuardDuty detector specified by the detectorId.
-module Network.AWS.GuardDuty.UpdateDetector
-    (
-    -- * Creating a Request
-      updateDetector
-    , UpdateDetector
-    -- * Request Lenses
-    , udEnable
-    , udDetectorId
-
-    -- * Destructuring the Response
-    , updateDetectorResponse
-    , UpdateDetectorResponse
-    -- * Response Lenses
-    , udrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | UpdateDetector request body.
---
--- /See:/ 'updateDetector' smart constructor.
-data UpdateDetector = UpdateDetector'
-  { _udEnable     :: !(Maybe Bool)
-  , _udDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateDetector' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'udEnable' - Updated boolean value for the detector that specifies whether the detector is enabled.
---
--- * 'udDetectorId' - The unique ID of the detector that you want to update.
-updateDetector
-    :: Text -- ^ 'udDetectorId'
-    -> UpdateDetector
-updateDetector pDetectorId_ =
-  UpdateDetector' {_udEnable = Nothing, _udDetectorId = pDetectorId_}
-
-
--- | Updated boolean value for the detector that specifies whether the detector is enabled.
-udEnable :: Lens' UpdateDetector (Maybe Bool)
-udEnable = lens _udEnable (\ s a -> s{_udEnable = a})
-
--- | The unique ID of the detector that you want to update.
-udDetectorId :: Lens' UpdateDetector Text
-udDetectorId = lens _udDetectorId (\ s a -> s{_udDetectorId = a})
-
-instance AWSRequest UpdateDetector where
-        type Rs UpdateDetector = UpdateDetectorResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 UpdateDetectorResponse' <$> (pure (fromEnum s)))
-
-instance Hashable UpdateDetector where
-
-instance NFData UpdateDetector where
-
-instance ToHeaders UpdateDetector where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON UpdateDetector where
-        toJSON UpdateDetector'{..}
-          = object (catMaybes [("enable" .=) <$> _udEnable])
-
-instance ToPath UpdateDetector where
-        toPath UpdateDetector'{..}
-          = mconcat ["/detector/", toBS _udDetectorId]
-
-instance ToQuery UpdateDetector where
-        toQuery = const mempty
-
--- | /See:/ 'updateDetectorResponse' smart constructor.
-newtype UpdateDetectorResponse = UpdateDetectorResponse'
-  { _udrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateDetectorResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'udrsResponseStatus' - -- | The response status code.
-updateDetectorResponse
-    :: Int -- ^ 'udrsResponseStatus'
-    -> UpdateDetectorResponse
-updateDetectorResponse pResponseStatus_ =
-  UpdateDetectorResponse' {_udrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-udrsResponseStatus :: Lens' UpdateDetectorResponse Int
-udrsResponseStatus = lens _udrsResponseStatus (\ s a -> s{_udrsResponseStatus = a})
-
-instance NFData UpdateDetectorResponse where
diff --git a/gen/Network/AWS/GuardDuty/UpdateFilter.hs b/gen/Network/AWS/GuardDuty/UpdateFilter.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/UpdateFilter.hs
+++ /dev/null
@@ -1,185 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.UpdateFilter
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Updates the filter specified by the filter name.
-module Network.AWS.GuardDuty.UpdateFilter
-    (
-    -- * Creating a Request
-      updateFilter
-    , UpdateFilter
-    -- * Request Lenses
-    , ufFindingCriteria
-    , ufAction
-    , ufDescription
-    , ufRank
-    , ufDetectorId
-    , ufFilterName
-
-    -- * Destructuring the Response
-    , updateFilterResponse
-    , UpdateFilterResponse
-    -- * Response Lenses
-    , ufrsName
-    , ufrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | UpdateFilterRequest request body.
---
--- /See:/ 'updateFilter' smart constructor.
-data UpdateFilter = UpdateFilter'
-  { _ufFindingCriteria :: !(Maybe FindingCriteria)
-  , _ufAction          :: !(Maybe FilterAction)
-  , _ufDescription     :: !(Maybe Text)
-  , _ufRank            :: !(Maybe Int)
-  , _ufDetectorId      :: !Text
-  , _ufFilterName      :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateFilter' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ufFindingCriteria' - Represents the criteria to be used in the filter for querying findings.
---
--- * 'ufAction' - Specifies the action that is to be applied to the findings that match the filter.
---
--- * 'ufDescription' - The description of the filter.
---
--- * 'ufRank' - Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
---
--- * 'ufDetectorId' - The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
---
--- * 'ufFilterName' - The name of the filter.
-updateFilter
-    :: Text -- ^ 'ufDetectorId'
-    -> Text -- ^ 'ufFilterName'
-    -> UpdateFilter
-updateFilter pDetectorId_ pFilterName_ =
-  UpdateFilter'
-    { _ufFindingCriteria = Nothing
-    , _ufAction = Nothing
-    , _ufDescription = Nothing
-    , _ufRank = Nothing
-    , _ufDetectorId = pDetectorId_
-    , _ufFilterName = pFilterName_
-    }
-
-
--- | Represents the criteria to be used in the filter for querying findings.
-ufFindingCriteria :: Lens' UpdateFilter (Maybe FindingCriteria)
-ufFindingCriteria = lens _ufFindingCriteria (\ s a -> s{_ufFindingCriteria = a})
-
--- | Specifies the action that is to be applied to the findings that match the filter.
-ufAction :: Lens' UpdateFilter (Maybe FilterAction)
-ufAction = lens _ufAction (\ s a -> s{_ufAction = a})
-
--- | The description of the filter.
-ufDescription :: Lens' UpdateFilter (Maybe Text)
-ufDescription = lens _ufDescription (\ s a -> s{_ufDescription = a})
-
--- | Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.
-ufRank :: Lens' UpdateFilter (Maybe Int)
-ufRank = lens _ufRank (\ s a -> s{_ufRank = a})
-
--- | The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.
-ufDetectorId :: Lens' UpdateFilter Text
-ufDetectorId = lens _ufDetectorId (\ s a -> s{_ufDetectorId = a})
-
--- | The name of the filter.
-ufFilterName :: Lens' UpdateFilter Text
-ufFilterName = lens _ufFilterName (\ s a -> s{_ufFilterName = a})
-
-instance AWSRequest UpdateFilter where
-        type Rs UpdateFilter = UpdateFilterResponse
-        request = postJSON guardDuty
-        response
-          = receiveJSON
-              (\ s h x ->
-                 UpdateFilterResponse' <$>
-                   (x .?> "name") <*> (pure (fromEnum s)))
-
-instance Hashable UpdateFilter where
-
-instance NFData UpdateFilter where
-
-instance ToHeaders UpdateFilter where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON UpdateFilter where
-        toJSON UpdateFilter'{..}
-          = object
-              (catMaybes
-                 [("findingCriteria" .=) <$> _ufFindingCriteria,
-                  ("action" .=) <$> _ufAction,
-                  ("description" .=) <$> _ufDescription,
-                  ("rank" .=) <$> _ufRank])
-
-instance ToPath UpdateFilter where
-        toPath UpdateFilter'{..}
-          = mconcat
-              ["/detector/", toBS _ufDetectorId, "/filter/",
-               toBS _ufFilterName]
-
-instance ToQuery UpdateFilter where
-        toQuery = const mempty
-
--- | /See:/ 'updateFilterResponse' smart constructor.
-data UpdateFilterResponse = UpdateFilterResponse'
-  { _ufrsName           :: !(Maybe Text)
-  , _ufrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateFilterResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'ufrsName' - The name of the filter.
---
--- * 'ufrsResponseStatus' - -- | The response status code.
-updateFilterResponse
-    :: Int -- ^ 'ufrsResponseStatus'
-    -> UpdateFilterResponse
-updateFilterResponse pResponseStatus_ =
-  UpdateFilterResponse'
-    {_ufrsName = Nothing, _ufrsResponseStatus = pResponseStatus_}
-
-
--- | The name of the filter.
-ufrsName :: Lens' UpdateFilterResponse (Maybe Text)
-ufrsName = lens _ufrsName (\ s a -> s{_ufrsName = a})
-
--- | -- | The response status code.
-ufrsResponseStatus :: Lens' UpdateFilterResponse Int
-ufrsResponseStatus = lens _ufrsResponseStatus (\ s a -> s{_ufrsResponseStatus = a})
-
-instance NFData UpdateFilterResponse where
diff --git a/gen/Network/AWS/GuardDuty/UpdateFindingsFeedback.hs b/gen/Network/AWS/GuardDuty/UpdateFindingsFeedback.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/UpdateFindingsFeedback.hs
+++ /dev/null
@@ -1,157 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.UpdateFindingsFeedback
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Marks specified Amazon GuardDuty findings as useful or not useful.
-module Network.AWS.GuardDuty.UpdateFindingsFeedback
-    (
-    -- * Creating a Request
-      updateFindingsFeedback
-    , UpdateFindingsFeedback
-    -- * Request Lenses
-    , uffFindingIds
-    , uffComments
-    , uffFeedback
-    , uffDetectorId
-
-    -- * Destructuring the Response
-    , updateFindingsFeedbackResponse
-    , UpdateFindingsFeedbackResponse
-    -- * Response Lenses
-    , uffrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | UpdateFindingsFeedback request body.
---
--- /See:/ 'updateFindingsFeedback' smart constructor.
-data UpdateFindingsFeedback = UpdateFindingsFeedback'
-  { _uffFindingIds :: !(Maybe [Text])
-  , _uffComments   :: !(Maybe Text)
-  , _uffFeedback   :: !(Maybe Feedback)
-  , _uffDetectorId :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateFindingsFeedback' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'uffFindingIds' - IDs of the findings that you want to mark as useful or not useful.
---
--- * 'uffComments' - Additional feedback about the GuardDuty findings.
---
--- * 'uffFeedback' - Valid values: USEFUL | NOT_USEFUL
---
--- * 'uffDetectorId' - The ID of the detector that specifies the GuardDuty service whose findings you want to mark as useful or not useful.
-updateFindingsFeedback
-    :: Text -- ^ 'uffDetectorId'
-    -> UpdateFindingsFeedback
-updateFindingsFeedback pDetectorId_ =
-  UpdateFindingsFeedback'
-    { _uffFindingIds = Nothing
-    , _uffComments = Nothing
-    , _uffFeedback = Nothing
-    , _uffDetectorId = pDetectorId_
-    }
-
-
--- | IDs of the findings that you want to mark as useful or not useful.
-uffFindingIds :: Lens' UpdateFindingsFeedback [Text]
-uffFindingIds = lens _uffFindingIds (\ s a -> s{_uffFindingIds = a}) . _Default . _Coerce
-
--- | Additional feedback about the GuardDuty findings.
-uffComments :: Lens' UpdateFindingsFeedback (Maybe Text)
-uffComments = lens _uffComments (\ s a -> s{_uffComments = a})
-
--- | Valid values: USEFUL | NOT_USEFUL
-uffFeedback :: Lens' UpdateFindingsFeedback (Maybe Feedback)
-uffFeedback = lens _uffFeedback (\ s a -> s{_uffFeedback = a})
-
--- | The ID of the detector that specifies the GuardDuty service whose findings you want to mark as useful or not useful.
-uffDetectorId :: Lens' UpdateFindingsFeedback Text
-uffDetectorId = lens _uffDetectorId (\ s a -> s{_uffDetectorId = a})
-
-instance AWSRequest UpdateFindingsFeedback where
-        type Rs UpdateFindingsFeedback =
-             UpdateFindingsFeedbackResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 UpdateFindingsFeedbackResponse' <$>
-                   (pure (fromEnum s)))
-
-instance Hashable UpdateFindingsFeedback where
-
-instance NFData UpdateFindingsFeedback where
-
-instance ToHeaders UpdateFindingsFeedback where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON UpdateFindingsFeedback where
-        toJSON UpdateFindingsFeedback'{..}
-          = object
-              (catMaybes
-                 [("findingIds" .=) <$> _uffFindingIds,
-                  ("comments" .=) <$> _uffComments,
-                  ("feedback" .=) <$> _uffFeedback])
-
-instance ToPath UpdateFindingsFeedback where
-        toPath UpdateFindingsFeedback'{..}
-          = mconcat
-              ["/detector/", toBS _uffDetectorId,
-               "/findings/feedback"]
-
-instance ToQuery UpdateFindingsFeedback where
-        toQuery = const mempty
-
--- | /See:/ 'updateFindingsFeedbackResponse' smart constructor.
-newtype UpdateFindingsFeedbackResponse = UpdateFindingsFeedbackResponse'
-  { _uffrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateFindingsFeedbackResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'uffrsResponseStatus' - -- | The response status code.
-updateFindingsFeedbackResponse
-    :: Int -- ^ 'uffrsResponseStatus'
-    -> UpdateFindingsFeedbackResponse
-updateFindingsFeedbackResponse pResponseStatus_ =
-  UpdateFindingsFeedbackResponse' {_uffrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-uffrsResponseStatus :: Lens' UpdateFindingsFeedbackResponse Int
-uffrsResponseStatus = lens _uffrsResponseStatus (\ s a -> s{_uffrsResponseStatus = a})
-
-instance NFData UpdateFindingsFeedbackResponse where
diff --git a/gen/Network/AWS/GuardDuty/UpdateIPSet.hs b/gen/Network/AWS/GuardDuty/UpdateIPSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/UpdateIPSet.hs
+++ /dev/null
@@ -1,165 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.UpdateIPSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Updates the IPSet specified by the IPSet ID.
-module Network.AWS.GuardDuty.UpdateIPSet
-    (
-    -- * Creating a Request
-      updateIPSet
-    , UpdateIPSet
-    -- * Request Lenses
-    , uisLocation
-    , uisActivate
-    , uisName
-    , uisDetectorId
-    , uisIPSetId
-
-    -- * Destructuring the Response
-    , updateIPSetResponse
-    , UpdateIPSetResponse
-    -- * Response Lenses
-    , uisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | UpdateIPSet request body.
---
--- /See:/ 'updateIPSet' smart constructor.
-data UpdateIPSet = UpdateIPSet'
-  { _uisLocation   :: !(Maybe Text)
-  , _uisActivate   :: !(Maybe Bool)
-  , _uisName       :: !(Maybe Text)
-  , _uisDetectorId :: !Text
-  , _uisIPSetId    :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateIPSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'uisLocation' - The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
---
--- * 'uisActivate' - The updated boolean value that specifies whether the IPSet is active or not.
---
--- * 'uisName' - The unique ID that specifies the IPSet that you want to update.
---
--- * 'uisDetectorId' - The detectorID that specifies the GuardDuty service whose IPSet you want to update.
---
--- * 'uisIPSetId' - The unique ID that specifies the IPSet that you want to update.
-updateIPSet
-    :: Text -- ^ 'uisDetectorId'
-    -> Text -- ^ 'uisIPSetId'
-    -> UpdateIPSet
-updateIPSet pDetectorId_ pIPSetId_ =
-  UpdateIPSet'
-    { _uisLocation = Nothing
-    , _uisActivate = Nothing
-    , _uisName = Nothing
-    , _uisDetectorId = pDetectorId_
-    , _uisIPSetId = pIPSetId_
-    }
-
-
--- | The updated URI of the file that contains the IPSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key).
-uisLocation :: Lens' UpdateIPSet (Maybe Text)
-uisLocation = lens _uisLocation (\ s a -> s{_uisLocation = a})
-
--- | The updated boolean value that specifies whether the IPSet is active or not.
-uisActivate :: Lens' UpdateIPSet (Maybe Bool)
-uisActivate = lens _uisActivate (\ s a -> s{_uisActivate = a})
-
--- | The unique ID that specifies the IPSet that you want to update.
-uisName :: Lens' UpdateIPSet (Maybe Text)
-uisName = lens _uisName (\ s a -> s{_uisName = a})
-
--- | The detectorID that specifies the GuardDuty service whose IPSet you want to update.
-uisDetectorId :: Lens' UpdateIPSet Text
-uisDetectorId = lens _uisDetectorId (\ s a -> s{_uisDetectorId = a})
-
--- | The unique ID that specifies the IPSet that you want to update.
-uisIPSetId :: Lens' UpdateIPSet Text
-uisIPSetId = lens _uisIPSetId (\ s a -> s{_uisIPSetId = a})
-
-instance AWSRequest UpdateIPSet where
-        type Rs UpdateIPSet = UpdateIPSetResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 UpdateIPSetResponse' <$> (pure (fromEnum s)))
-
-instance Hashable UpdateIPSet where
-
-instance NFData UpdateIPSet where
-
-instance ToHeaders UpdateIPSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON UpdateIPSet where
-        toJSON UpdateIPSet'{..}
-          = object
-              (catMaybes
-                 [("location" .=) <$> _uisLocation,
-                  ("activate" .=) <$> _uisActivate,
-                  ("name" .=) <$> _uisName])
-
-instance ToPath UpdateIPSet where
-        toPath UpdateIPSet'{..}
-          = mconcat
-              ["/detector/", toBS _uisDetectorId, "/ipset/",
-               toBS _uisIPSetId]
-
-instance ToQuery UpdateIPSet where
-        toQuery = const mempty
-
--- | /See:/ 'updateIPSetResponse' smart constructor.
-newtype UpdateIPSetResponse = UpdateIPSetResponse'
-  { _uisrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateIPSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'uisrsResponseStatus' - -- | The response status code.
-updateIPSetResponse
-    :: Int -- ^ 'uisrsResponseStatus'
-    -> UpdateIPSetResponse
-updateIPSetResponse pResponseStatus_ =
-  UpdateIPSetResponse' {_uisrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-uisrsResponseStatus :: Lens' UpdateIPSetResponse Int
-uisrsResponseStatus = lens _uisrsResponseStatus (\ s a -> s{_uisrsResponseStatus = a})
-
-instance NFData UpdateIPSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/UpdateThreatIntelSet.hs b/gen/Network/AWS/GuardDuty/UpdateThreatIntelSet.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/UpdateThreatIntelSet.hs
+++ /dev/null
@@ -1,167 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.UpdateThreatIntelSet
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Updates the ThreatIntelSet specified by ThreatIntelSet ID.
-module Network.AWS.GuardDuty.UpdateThreatIntelSet
-    (
-    -- * Creating a Request
-      updateThreatIntelSet
-    , UpdateThreatIntelSet
-    -- * Request Lenses
-    , utisLocation
-    , utisActivate
-    , utisName
-    , utisThreatIntelSetId
-    , utisDetectorId
-
-    -- * Destructuring the Response
-    , updateThreatIntelSetResponse
-    , UpdateThreatIntelSetResponse
-    -- * Response Lenses
-    , utisrsResponseStatus
-    ) where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.GuardDuty.Types.Product
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-
--- | UpdateThreatIntelSet request body.
---
--- /See:/ 'updateThreatIntelSet' smart constructor.
-data UpdateThreatIntelSet = UpdateThreatIntelSet'
-  { _utisLocation         :: !(Maybe Text)
-  , _utisActivate         :: !(Maybe Bool)
-  , _utisName             :: !(Maybe Text)
-  , _utisThreatIntelSetId :: !Text
-  , _utisDetectorId       :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateThreatIntelSet' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'utisLocation' - The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
---
--- * 'utisActivate' - The updated boolean value that specifies whether the ThreateIntelSet is active or not.
---
--- * 'utisName' - The unique ID that specifies the ThreatIntelSet that you want to update.
---
--- * 'utisThreatIntelSetId' - The unique ID that specifies the ThreatIntelSet that you want to update.
---
--- * 'utisDetectorId' - The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
-updateThreatIntelSet
-    :: Text -- ^ 'utisThreatIntelSetId'
-    -> Text -- ^ 'utisDetectorId'
-    -> UpdateThreatIntelSet
-updateThreatIntelSet pThreatIntelSetId_ pDetectorId_ =
-  UpdateThreatIntelSet'
-    { _utisLocation = Nothing
-    , _utisActivate = Nothing
-    , _utisName = Nothing
-    , _utisThreatIntelSetId = pThreatIntelSetId_
-    , _utisDetectorId = pDetectorId_
-    }
-
-
--- | The updated URI of the file that contains the ThreateIntelSet. For example (https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key)
-utisLocation :: Lens' UpdateThreatIntelSet (Maybe Text)
-utisLocation = lens _utisLocation (\ s a -> s{_utisLocation = a})
-
--- | The updated boolean value that specifies whether the ThreateIntelSet is active or not.
-utisActivate :: Lens' UpdateThreatIntelSet (Maybe Bool)
-utisActivate = lens _utisActivate (\ s a -> s{_utisActivate = a})
-
--- | The unique ID that specifies the ThreatIntelSet that you want to update.
-utisName :: Lens' UpdateThreatIntelSet (Maybe Text)
-utisName = lens _utisName (\ s a -> s{_utisName = a})
-
--- | The unique ID that specifies the ThreatIntelSet that you want to update.
-utisThreatIntelSetId :: Lens' UpdateThreatIntelSet Text
-utisThreatIntelSetId = lens _utisThreatIntelSetId (\ s a -> s{_utisThreatIntelSetId = a})
-
--- | The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.
-utisDetectorId :: Lens' UpdateThreatIntelSet Text
-utisDetectorId = lens _utisDetectorId (\ s a -> s{_utisDetectorId = a})
-
-instance AWSRequest UpdateThreatIntelSet where
-        type Rs UpdateThreatIntelSet =
-             UpdateThreatIntelSetResponse
-        request = postJSON guardDuty
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 UpdateThreatIntelSetResponse' <$>
-                   (pure (fromEnum s)))
-
-instance Hashable UpdateThreatIntelSet where
-
-instance NFData UpdateThreatIntelSet where
-
-instance ToHeaders UpdateThreatIntelSet where
-        toHeaders
-          = const
-              (mconcat
-                 ["Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON UpdateThreatIntelSet where
-        toJSON UpdateThreatIntelSet'{..}
-          = object
-              (catMaybes
-                 [("location" .=) <$> _utisLocation,
-                  ("activate" .=) <$> _utisActivate,
-                  ("name" .=) <$> _utisName])
-
-instance ToPath UpdateThreatIntelSet where
-        toPath UpdateThreatIntelSet'{..}
-          = mconcat
-              ["/detector/", toBS _utisDetectorId,
-               "/threatintelset/", toBS _utisThreatIntelSetId]
-
-instance ToQuery UpdateThreatIntelSet where
-        toQuery = const mempty
-
--- | /See:/ 'updateThreatIntelSetResponse' smart constructor.
-newtype UpdateThreatIntelSetResponse = UpdateThreatIntelSetResponse'
-  { _utisrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'UpdateThreatIntelSetResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'utisrsResponseStatus' - -- | The response status code.
-updateThreatIntelSetResponse
-    :: Int -- ^ 'utisrsResponseStatus'
-    -> UpdateThreatIntelSetResponse
-updateThreatIntelSetResponse pResponseStatus_ =
-  UpdateThreatIntelSetResponse' {_utisrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-utisrsResponseStatus :: Lens' UpdateThreatIntelSetResponse Int
-utisrsResponseStatus = lens _utisrsResponseStatus (\ s a -> s{_utisrsResponseStatus = a})
-
-instance NFData UpdateThreatIntelSetResponse where
diff --git a/gen/Network/AWS/GuardDuty/Waiters.hs b/gen/Network/AWS/GuardDuty/Waiters.hs
deleted file mode 100644
--- a/gen/Network/AWS/GuardDuty/Waiters.hs
+++ /dev/null
@@ -1,21 +0,0 @@
-{-# LANGUAGE OverloadedStrings #-}
-{-# LANGUAGE TypeFamilies      #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.GuardDuty.Waiters
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.GuardDuty.Waiters where
-
-import Network.AWS.GuardDuty.Types
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Waiter
diff --git a/test/Main.hs b/test/Main.hs
--- a/test/Main.hs
+++ b/test/Main.hs
@@ -2,20 +2,22 @@
 
 -- |
 -- Module      : Main
--- Copyright   : (c) 2013-2018 Brendan Hay
+-- Copyright   : (c) 2013-2023 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
+-- Maintainer  : Brendan Hay
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
---
 module Main (main) where
 
+import Test.Amazonka.GuardDuty
+import Test.Amazonka.GuardDuty.Internal
 import Test.Tasty
-import Test.AWS.GuardDuty
-import Test.AWS.GuardDuty.Internal
 
 main :: IO ()
-main = defaultMain $ testGroup "GuardDuty"
-    [ testGroup "tests"    tests
-    , testGroup "fixtures" fixtures
-    ]
+main =
+  defaultMain $
+    testGroup
+      "GuardDuty"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/AWS/Gen/GuardDuty.hs b/test/Test/AWS/Gen/GuardDuty.hs
deleted file mode 100644
--- a/test/Test/AWS/Gen/GuardDuty.hs
+++ /dev/null
@@ -1,795 +0,0 @@
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-orphans        #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Test.AWS.Gen.GuardDuty
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Test.AWS.Gen.GuardDuty where
-
-import Data.Proxy
-import Network.AWS.GuardDuty
-import Test.AWS.Fixture
-import Test.AWS.GuardDuty.Internal
-import Test.AWS.Prelude
-import Test.Tasty
-
--- Auto-generated: the actual test selection needs to be manually placed into
--- the top-level so that real test data can be incrementally added.
---
--- This commented snippet is what the entire set should look like:
-
--- fixtures :: TestTree
--- fixtures =
---     [ testGroup "request"
---         [ requestCreateFilter $
---             createFilter
---
---         , requestListFindings $
---             listFindings
---
---         , requestCreateIPSet $
---             createIPSet
---
---         , requestDeleteThreatIntelSet $
---             deleteThreatIntelSet
---
---         , requestUpdateThreatIntelSet $
---             updateThreatIntelSet
---
---         , requestStopMonitoringMembers $
---             stopMonitoringMembers
---
---         , requestListThreatIntelSets $
---             listThreatIntelSets
---
---         , requestCreateThreatIntelSet $
---             createThreatIntelSet
---
---         , requestDeleteMembers $
---             deleteMembers
---
---         , requestGetFindingsStatistics $
---             getFindingsStatistics
---
---         , requestGetIPSet $
---             getIPSet
---
---         , requestListInvitations $
---             listInvitations
---
---         , requestGetThreatIntelSet $
---             getThreatIntelSet
---
---         , requestDeleteInvitations $
---             deleteInvitations
---
---         , requestGetMasterAccount $
---             getMasterAccount
---
---         , requestCreateDetector $
---             createDetector
---
---         , requestDeclineInvitations $
---             declineInvitations
---
---         , requestUpdateFilter $
---             updateFilter
---
---         , requestDeleteFilter $
---             deleteFilter
---
---         , requestDisassociateMembers $
---             disassociateMembers
---
---         , requestDisassociateFromMasterAccount $
---             disassociateFromMasterAccount
---
---         , requestAcceptInvitation $
---             acceptInvitation
---
---         , requestListFilters $
---             listFilters
---
---         , requestListMembers $
---             listMembers
---
---         , requestGetDetector $
---             getDetector
---
---         , requestCreateSampleFindings $
---             createSampleFindings
---
---         , requestArchiveFindings $
---             archiveFindings
---
---         , requestCreateMembers $
---             createMembers
---
---         , requestUnarchiveFindings $
---             unarchiveFindings
---
---         , requestGetInvitationsCount $
---             getInvitationsCount
---
---         , requestStartMonitoringMembers $
---             startMonitoringMembers
---
---         , requestInviteMembers $
---             inviteMembers
---
---         , requestDeleteIPSet $
---             deleteIPSet
---
---         , requestUpdateIPSet $
---             updateIPSet
---
---         , requestListIPSets $
---             listIPSets
---
---         , requestGetMembers $
---             getMembers
---
---         , requestGetFindings $
---             getFindings
---
---         , requestListDetectors $
---             listDetectors
---
---         , requestUpdateDetector $
---             updateDetector
---
---         , requestDeleteDetector $
---             deleteDetector
---
---         , requestUpdateFindingsFeedback $
---             updateFindingsFeedback
---
---         , requestGetFilter $
---             getFilter
---
---           ]
-
---     , testGroup "response"
---         [ responseCreateFilter $
---             createFilterResponse
---
---         , responseListFindings $
---             listFindingsResponse
---
---         , responseCreateIPSet $
---             createIPSetResponse
---
---         , responseDeleteThreatIntelSet $
---             deleteThreatIntelSetResponse
---
---         , responseUpdateThreatIntelSet $
---             updateThreatIntelSetResponse
---
---         , responseStopMonitoringMembers $
---             stopMonitoringMembersResponse
---
---         , responseListThreatIntelSets $
---             listThreatIntelSetsResponse
---
---         , responseCreateThreatIntelSet $
---             createThreatIntelSetResponse
---
---         , responseDeleteMembers $
---             deleteMembersResponse
---
---         , responseGetFindingsStatistics $
---             getFindingsStatisticsResponse
---
---         , responseGetIPSet $
---             getIPSetResponse
---
---         , responseListInvitations $
---             listInvitationsResponse
---
---         , responseGetThreatIntelSet $
---             getThreatIntelSetResponse
---
---         , responseDeleteInvitations $
---             deleteInvitationsResponse
---
---         , responseGetMasterAccount $
---             getMasterAccountResponse
---
---         , responseCreateDetector $
---             createDetectorResponse
---
---         , responseDeclineInvitations $
---             declineInvitationsResponse
---
---         , responseUpdateFilter $
---             updateFilterResponse
---
---         , responseDeleteFilter $
---             deleteFilterResponse
---
---         , responseDisassociateMembers $
---             disassociateMembersResponse
---
---         , responseDisassociateFromMasterAccount $
---             disassociateFromMasterAccountResponse
---
---         , responseAcceptInvitation $
---             acceptInvitationResponse
---
---         , responseListFilters $
---             listFiltersResponse
---
---         , responseListMembers $
---             listMembersResponse
---
---         , responseGetDetector $
---             getDetectorResponse
---
---         , responseCreateSampleFindings $
---             createSampleFindingsResponse
---
---         , responseArchiveFindings $
---             archiveFindingsResponse
---
---         , responseCreateMembers $
---             createMembersResponse
---
---         , responseUnarchiveFindings $
---             unarchiveFindingsResponse
---
---         , responseGetInvitationsCount $
---             getInvitationsCountResponse
---
---         , responseStartMonitoringMembers $
---             startMonitoringMembersResponse
---
---         , responseInviteMembers $
---             inviteMembersResponse
---
---         , responseDeleteIPSet $
---             deleteIPSetResponse
---
---         , responseUpdateIPSet $
---             updateIPSetResponse
---
---         , responseListIPSets $
---             listIPSetsResponse
---
---         , responseGetMembers $
---             getMembersResponse
---
---         , responseGetFindings $
---             getFindingsResponse
---
---         , responseListDetectors $
---             listDetectorsResponse
---
---         , responseUpdateDetector $
---             updateDetectorResponse
---
---         , responseDeleteDetector $
---             deleteDetectorResponse
---
---         , responseUpdateFindingsFeedback $
---             updateFindingsFeedbackResponse
---
---         , responseGetFilter $
---             getFilterResponse
---
---           ]
---     ]
-
--- Requests
-
-requestCreateFilter :: CreateFilter -> TestTree
-requestCreateFilter = req
-    "CreateFilter"
-    "fixture/CreateFilter.yaml"
-
-requestListFindings :: ListFindings -> TestTree
-requestListFindings = req
-    "ListFindings"
-    "fixture/ListFindings.yaml"
-
-requestCreateIPSet :: CreateIPSet -> TestTree
-requestCreateIPSet = req
-    "CreateIPSet"
-    "fixture/CreateIPSet.yaml"
-
-requestDeleteThreatIntelSet :: DeleteThreatIntelSet -> TestTree
-requestDeleteThreatIntelSet = req
-    "DeleteThreatIntelSet"
-    "fixture/DeleteThreatIntelSet.yaml"
-
-requestUpdateThreatIntelSet :: UpdateThreatIntelSet -> TestTree
-requestUpdateThreatIntelSet = req
-    "UpdateThreatIntelSet"
-    "fixture/UpdateThreatIntelSet.yaml"
-
-requestStopMonitoringMembers :: StopMonitoringMembers -> TestTree
-requestStopMonitoringMembers = req
-    "StopMonitoringMembers"
-    "fixture/StopMonitoringMembers.yaml"
-
-requestListThreatIntelSets :: ListThreatIntelSets -> TestTree
-requestListThreatIntelSets = req
-    "ListThreatIntelSets"
-    "fixture/ListThreatIntelSets.yaml"
-
-requestCreateThreatIntelSet :: CreateThreatIntelSet -> TestTree
-requestCreateThreatIntelSet = req
-    "CreateThreatIntelSet"
-    "fixture/CreateThreatIntelSet.yaml"
-
-requestDeleteMembers :: DeleteMembers -> TestTree
-requestDeleteMembers = req
-    "DeleteMembers"
-    "fixture/DeleteMembers.yaml"
-
-requestGetFindingsStatistics :: GetFindingsStatistics -> TestTree
-requestGetFindingsStatistics = req
-    "GetFindingsStatistics"
-    "fixture/GetFindingsStatistics.yaml"
-
-requestGetIPSet :: GetIPSet -> TestTree
-requestGetIPSet = req
-    "GetIPSet"
-    "fixture/GetIPSet.yaml"
-
-requestListInvitations :: ListInvitations -> TestTree
-requestListInvitations = req
-    "ListInvitations"
-    "fixture/ListInvitations.yaml"
-
-requestGetThreatIntelSet :: GetThreatIntelSet -> TestTree
-requestGetThreatIntelSet = req
-    "GetThreatIntelSet"
-    "fixture/GetThreatIntelSet.yaml"
-
-requestDeleteInvitations :: DeleteInvitations -> TestTree
-requestDeleteInvitations = req
-    "DeleteInvitations"
-    "fixture/DeleteInvitations.yaml"
-
-requestGetMasterAccount :: GetMasterAccount -> TestTree
-requestGetMasterAccount = req
-    "GetMasterAccount"
-    "fixture/GetMasterAccount.yaml"
-
-requestCreateDetector :: CreateDetector -> TestTree
-requestCreateDetector = req
-    "CreateDetector"
-    "fixture/CreateDetector.yaml"
-
-requestDeclineInvitations :: DeclineInvitations -> TestTree
-requestDeclineInvitations = req
-    "DeclineInvitations"
-    "fixture/DeclineInvitations.yaml"
-
-requestUpdateFilter :: UpdateFilter -> TestTree
-requestUpdateFilter = req
-    "UpdateFilter"
-    "fixture/UpdateFilter.yaml"
-
-requestDeleteFilter :: DeleteFilter -> TestTree
-requestDeleteFilter = req
-    "DeleteFilter"
-    "fixture/DeleteFilter.yaml"
-
-requestDisassociateMembers :: DisassociateMembers -> TestTree
-requestDisassociateMembers = req
-    "DisassociateMembers"
-    "fixture/DisassociateMembers.yaml"
-
-requestDisassociateFromMasterAccount :: DisassociateFromMasterAccount -> TestTree
-requestDisassociateFromMasterAccount = req
-    "DisassociateFromMasterAccount"
-    "fixture/DisassociateFromMasterAccount.yaml"
-
-requestAcceptInvitation :: AcceptInvitation -> TestTree
-requestAcceptInvitation = req
-    "AcceptInvitation"
-    "fixture/AcceptInvitation.yaml"
-
-requestListFilters :: ListFilters -> TestTree
-requestListFilters = req
-    "ListFilters"
-    "fixture/ListFilters.yaml"
-
-requestListMembers :: ListMembers -> TestTree
-requestListMembers = req
-    "ListMembers"
-    "fixture/ListMembers.yaml"
-
-requestGetDetector :: GetDetector -> TestTree
-requestGetDetector = req
-    "GetDetector"
-    "fixture/GetDetector.yaml"
-
-requestCreateSampleFindings :: CreateSampleFindings -> TestTree
-requestCreateSampleFindings = req
-    "CreateSampleFindings"
-    "fixture/CreateSampleFindings.yaml"
-
-requestArchiveFindings :: ArchiveFindings -> TestTree
-requestArchiveFindings = req
-    "ArchiveFindings"
-    "fixture/ArchiveFindings.yaml"
-
-requestCreateMembers :: CreateMembers -> TestTree
-requestCreateMembers = req
-    "CreateMembers"
-    "fixture/CreateMembers.yaml"
-
-requestUnarchiveFindings :: UnarchiveFindings -> TestTree
-requestUnarchiveFindings = req
-    "UnarchiveFindings"
-    "fixture/UnarchiveFindings.yaml"
-
-requestGetInvitationsCount :: GetInvitationsCount -> TestTree
-requestGetInvitationsCount = req
-    "GetInvitationsCount"
-    "fixture/GetInvitationsCount.yaml"
-
-requestStartMonitoringMembers :: StartMonitoringMembers -> TestTree
-requestStartMonitoringMembers = req
-    "StartMonitoringMembers"
-    "fixture/StartMonitoringMembers.yaml"
-
-requestInviteMembers :: InviteMembers -> TestTree
-requestInviteMembers = req
-    "InviteMembers"
-    "fixture/InviteMembers.yaml"
-
-requestDeleteIPSet :: DeleteIPSet -> TestTree
-requestDeleteIPSet = req
-    "DeleteIPSet"
-    "fixture/DeleteIPSet.yaml"
-
-requestUpdateIPSet :: UpdateIPSet -> TestTree
-requestUpdateIPSet = req
-    "UpdateIPSet"
-    "fixture/UpdateIPSet.yaml"
-
-requestListIPSets :: ListIPSets -> TestTree
-requestListIPSets = req
-    "ListIPSets"
-    "fixture/ListIPSets.yaml"
-
-requestGetMembers :: GetMembers -> TestTree
-requestGetMembers = req
-    "GetMembers"
-    "fixture/GetMembers.yaml"
-
-requestGetFindings :: GetFindings -> TestTree
-requestGetFindings = req
-    "GetFindings"
-    "fixture/GetFindings.yaml"
-
-requestListDetectors :: ListDetectors -> TestTree
-requestListDetectors = req
-    "ListDetectors"
-    "fixture/ListDetectors.yaml"
-
-requestUpdateDetector :: UpdateDetector -> TestTree
-requestUpdateDetector = req
-    "UpdateDetector"
-    "fixture/UpdateDetector.yaml"
-
-requestDeleteDetector :: DeleteDetector -> TestTree
-requestDeleteDetector = req
-    "DeleteDetector"
-    "fixture/DeleteDetector.yaml"
-
-requestUpdateFindingsFeedback :: UpdateFindingsFeedback -> TestTree
-requestUpdateFindingsFeedback = req
-    "UpdateFindingsFeedback"
-    "fixture/UpdateFindingsFeedback.yaml"
-
-requestGetFilter :: GetFilter -> TestTree
-requestGetFilter = req
-    "GetFilter"
-    "fixture/GetFilter.yaml"
-
--- Responses
-
-responseCreateFilter :: CreateFilterResponse -> TestTree
-responseCreateFilter = res
-    "CreateFilterResponse"
-    "fixture/CreateFilterResponse.proto"
-    guardDuty
-    (Proxy :: Proxy CreateFilter)
-
-responseListFindings :: ListFindingsResponse -> TestTree
-responseListFindings = res
-    "ListFindingsResponse"
-    "fixture/ListFindingsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ListFindings)
-
-responseCreateIPSet :: CreateIPSetResponse -> TestTree
-responseCreateIPSet = res
-    "CreateIPSetResponse"
-    "fixture/CreateIPSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy CreateIPSet)
-
-responseDeleteThreatIntelSet :: DeleteThreatIntelSetResponse -> TestTree
-responseDeleteThreatIntelSet = res
-    "DeleteThreatIntelSetResponse"
-    "fixture/DeleteThreatIntelSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DeleteThreatIntelSet)
-
-responseUpdateThreatIntelSet :: UpdateThreatIntelSetResponse -> TestTree
-responseUpdateThreatIntelSet = res
-    "UpdateThreatIntelSetResponse"
-    "fixture/UpdateThreatIntelSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy UpdateThreatIntelSet)
-
-responseStopMonitoringMembers :: StopMonitoringMembersResponse -> TestTree
-responseStopMonitoringMembers = res
-    "StopMonitoringMembersResponse"
-    "fixture/StopMonitoringMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy StopMonitoringMembers)
-
-responseListThreatIntelSets :: ListThreatIntelSetsResponse -> TestTree
-responseListThreatIntelSets = res
-    "ListThreatIntelSetsResponse"
-    "fixture/ListThreatIntelSetsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ListThreatIntelSets)
-
-responseCreateThreatIntelSet :: CreateThreatIntelSetResponse -> TestTree
-responseCreateThreatIntelSet = res
-    "CreateThreatIntelSetResponse"
-    "fixture/CreateThreatIntelSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy CreateThreatIntelSet)
-
-responseDeleteMembers :: DeleteMembersResponse -> TestTree
-responseDeleteMembers = res
-    "DeleteMembersResponse"
-    "fixture/DeleteMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DeleteMembers)
-
-responseGetFindingsStatistics :: GetFindingsStatisticsResponse -> TestTree
-responseGetFindingsStatistics = res
-    "GetFindingsStatisticsResponse"
-    "fixture/GetFindingsStatisticsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetFindingsStatistics)
-
-responseGetIPSet :: GetIPSetResponse -> TestTree
-responseGetIPSet = res
-    "GetIPSetResponse"
-    "fixture/GetIPSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetIPSet)
-
-responseListInvitations :: ListInvitationsResponse -> TestTree
-responseListInvitations = res
-    "ListInvitationsResponse"
-    "fixture/ListInvitationsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ListInvitations)
-
-responseGetThreatIntelSet :: GetThreatIntelSetResponse -> TestTree
-responseGetThreatIntelSet = res
-    "GetThreatIntelSetResponse"
-    "fixture/GetThreatIntelSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetThreatIntelSet)
-
-responseDeleteInvitations :: DeleteInvitationsResponse -> TestTree
-responseDeleteInvitations = res
-    "DeleteInvitationsResponse"
-    "fixture/DeleteInvitationsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DeleteInvitations)
-
-responseGetMasterAccount :: GetMasterAccountResponse -> TestTree
-responseGetMasterAccount = res
-    "GetMasterAccountResponse"
-    "fixture/GetMasterAccountResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetMasterAccount)
-
-responseCreateDetector :: CreateDetectorResponse -> TestTree
-responseCreateDetector = res
-    "CreateDetectorResponse"
-    "fixture/CreateDetectorResponse.proto"
-    guardDuty
-    (Proxy :: Proxy CreateDetector)
-
-responseDeclineInvitations :: DeclineInvitationsResponse -> TestTree
-responseDeclineInvitations = res
-    "DeclineInvitationsResponse"
-    "fixture/DeclineInvitationsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DeclineInvitations)
-
-responseUpdateFilter :: UpdateFilterResponse -> TestTree
-responseUpdateFilter = res
-    "UpdateFilterResponse"
-    "fixture/UpdateFilterResponse.proto"
-    guardDuty
-    (Proxy :: Proxy UpdateFilter)
-
-responseDeleteFilter :: DeleteFilterResponse -> TestTree
-responseDeleteFilter = res
-    "DeleteFilterResponse"
-    "fixture/DeleteFilterResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DeleteFilter)
-
-responseDisassociateMembers :: DisassociateMembersResponse -> TestTree
-responseDisassociateMembers = res
-    "DisassociateMembersResponse"
-    "fixture/DisassociateMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DisassociateMembers)
-
-responseDisassociateFromMasterAccount :: DisassociateFromMasterAccountResponse -> TestTree
-responseDisassociateFromMasterAccount = res
-    "DisassociateFromMasterAccountResponse"
-    "fixture/DisassociateFromMasterAccountResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DisassociateFromMasterAccount)
-
-responseAcceptInvitation :: AcceptInvitationResponse -> TestTree
-responseAcceptInvitation = res
-    "AcceptInvitationResponse"
-    "fixture/AcceptInvitationResponse.proto"
-    guardDuty
-    (Proxy :: Proxy AcceptInvitation)
-
-responseListFilters :: ListFiltersResponse -> TestTree
-responseListFilters = res
-    "ListFiltersResponse"
-    "fixture/ListFiltersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ListFilters)
-
-responseListMembers :: ListMembersResponse -> TestTree
-responseListMembers = res
-    "ListMembersResponse"
-    "fixture/ListMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ListMembers)
-
-responseGetDetector :: GetDetectorResponse -> TestTree
-responseGetDetector = res
-    "GetDetectorResponse"
-    "fixture/GetDetectorResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetDetector)
-
-responseCreateSampleFindings :: CreateSampleFindingsResponse -> TestTree
-responseCreateSampleFindings = res
-    "CreateSampleFindingsResponse"
-    "fixture/CreateSampleFindingsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy CreateSampleFindings)
-
-responseArchiveFindings :: ArchiveFindingsResponse -> TestTree
-responseArchiveFindings = res
-    "ArchiveFindingsResponse"
-    "fixture/ArchiveFindingsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ArchiveFindings)
-
-responseCreateMembers :: CreateMembersResponse -> TestTree
-responseCreateMembers = res
-    "CreateMembersResponse"
-    "fixture/CreateMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy CreateMembers)
-
-responseUnarchiveFindings :: UnarchiveFindingsResponse -> TestTree
-responseUnarchiveFindings = res
-    "UnarchiveFindingsResponse"
-    "fixture/UnarchiveFindingsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy UnarchiveFindings)
-
-responseGetInvitationsCount :: GetInvitationsCountResponse -> TestTree
-responseGetInvitationsCount = res
-    "GetInvitationsCountResponse"
-    "fixture/GetInvitationsCountResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetInvitationsCount)
-
-responseStartMonitoringMembers :: StartMonitoringMembersResponse -> TestTree
-responseStartMonitoringMembers = res
-    "StartMonitoringMembersResponse"
-    "fixture/StartMonitoringMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy StartMonitoringMembers)
-
-responseInviteMembers :: InviteMembersResponse -> TestTree
-responseInviteMembers = res
-    "InviteMembersResponse"
-    "fixture/InviteMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy InviteMembers)
-
-responseDeleteIPSet :: DeleteIPSetResponse -> TestTree
-responseDeleteIPSet = res
-    "DeleteIPSetResponse"
-    "fixture/DeleteIPSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DeleteIPSet)
-
-responseUpdateIPSet :: UpdateIPSetResponse -> TestTree
-responseUpdateIPSet = res
-    "UpdateIPSetResponse"
-    "fixture/UpdateIPSetResponse.proto"
-    guardDuty
-    (Proxy :: Proxy UpdateIPSet)
-
-responseListIPSets :: ListIPSetsResponse -> TestTree
-responseListIPSets = res
-    "ListIPSetsResponse"
-    "fixture/ListIPSetsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ListIPSets)
-
-responseGetMembers :: GetMembersResponse -> TestTree
-responseGetMembers = res
-    "GetMembersResponse"
-    "fixture/GetMembersResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetMembers)
-
-responseGetFindings :: GetFindingsResponse -> TestTree
-responseGetFindings = res
-    "GetFindingsResponse"
-    "fixture/GetFindingsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetFindings)
-
-responseListDetectors :: ListDetectorsResponse -> TestTree
-responseListDetectors = res
-    "ListDetectorsResponse"
-    "fixture/ListDetectorsResponse.proto"
-    guardDuty
-    (Proxy :: Proxy ListDetectors)
-
-responseUpdateDetector :: UpdateDetectorResponse -> TestTree
-responseUpdateDetector = res
-    "UpdateDetectorResponse"
-    "fixture/UpdateDetectorResponse.proto"
-    guardDuty
-    (Proxy :: Proxy UpdateDetector)
-
-responseDeleteDetector :: DeleteDetectorResponse -> TestTree
-responseDeleteDetector = res
-    "DeleteDetectorResponse"
-    "fixture/DeleteDetectorResponse.proto"
-    guardDuty
-    (Proxy :: Proxy DeleteDetector)
-
-responseUpdateFindingsFeedback :: UpdateFindingsFeedbackResponse -> TestTree
-responseUpdateFindingsFeedback = res
-    "UpdateFindingsFeedbackResponse"
-    "fixture/UpdateFindingsFeedbackResponse.proto"
-    guardDuty
-    (Proxy :: Proxy UpdateFindingsFeedback)
-
-responseGetFilter :: GetFilterResponse -> TestTree
-responseGetFilter = res
-    "GetFilterResponse"
-    "fixture/GetFilterResponse.proto"
-    guardDuty
-    (Proxy :: Proxy GetFilter)
diff --git a/test/Test/AWS/GuardDuty.hs b/test/Test/AWS/GuardDuty.hs
deleted file mode 100644
--- a/test/Test/AWS/GuardDuty.hs
+++ /dev/null
@@ -1,20 +0,0 @@
--- |
--- Module      : Test.AWS.GuardDuty
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Test.AWS.GuardDuty
-    ( tests
-    , fixtures
-    ) where
-
-import Test.Tasty (TestTree)
-
-tests :: [TestTree]
-tests = []
-
-fixtures :: [TestTree]
-fixtures = []
diff --git a/test/Test/AWS/GuardDuty/Internal.hs b/test/Test/AWS/GuardDuty/Internal.hs
deleted file mode 100644
--- a/test/Test/AWS/GuardDuty/Internal.hs
+++ /dev/null
@@ -1,9 +0,0 @@
--- |
--- Module      : Test.AWS.GuardDuty.Internal
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Test.AWS.GuardDuty.Internal where
diff --git a/test/Test/Amazonka/Gen/GuardDuty.hs b/test/Test/Amazonka/Gen/GuardDuty.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/GuardDuty.hs
@@ -0,0 +1,1278 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.GuardDuty
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.GuardDuty where
+
+import Amazonka.GuardDuty
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.GuardDuty.Internal
+import Test.Amazonka.Prelude
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestAcceptAdministratorInvitation $
+--             newAcceptAdministratorInvitation
+--
+--         , requestArchiveFindings $
+--             newArchiveFindings
+--
+--         , requestCreateDetector $
+--             newCreateDetector
+--
+--         , requestCreateFilter $
+--             newCreateFilter
+--
+--         , requestCreateIPSet $
+--             newCreateIPSet
+--
+--         , requestCreateMembers $
+--             newCreateMembers
+--
+--         , requestCreatePublishingDestination $
+--             newCreatePublishingDestination
+--
+--         , requestCreateSampleFindings $
+--             newCreateSampleFindings
+--
+--         , requestCreateThreatIntelSet $
+--             newCreateThreatIntelSet
+--
+--         , requestDeclineInvitations $
+--             newDeclineInvitations
+--
+--         , requestDeleteDetector $
+--             newDeleteDetector
+--
+--         , requestDeleteFilter $
+--             newDeleteFilter
+--
+--         , requestDeleteIPSet $
+--             newDeleteIPSet
+--
+--         , requestDeleteInvitations $
+--             newDeleteInvitations
+--
+--         , requestDeleteMembers $
+--             newDeleteMembers
+--
+--         , requestDeletePublishingDestination $
+--             newDeletePublishingDestination
+--
+--         , requestDeleteThreatIntelSet $
+--             newDeleteThreatIntelSet
+--
+--         , requestDescribeMalwareScans $
+--             newDescribeMalwareScans
+--
+--         , requestDescribeOrganizationConfiguration $
+--             newDescribeOrganizationConfiguration
+--
+--         , requestDescribePublishingDestination $
+--             newDescribePublishingDestination
+--
+--         , requestDisableOrganizationAdminAccount $
+--             newDisableOrganizationAdminAccount
+--
+--         , requestDisassociateFromAdministratorAccount $
+--             newDisassociateFromAdministratorAccount
+--
+--         , requestDisassociateMembers $
+--             newDisassociateMembers
+--
+--         , requestEnableOrganizationAdminAccount $
+--             newEnableOrganizationAdminAccount
+--
+--         , requestGetAdministratorAccount $
+--             newGetAdministratorAccount
+--
+--         , requestGetDetector $
+--             newGetDetector
+--
+--         , requestGetFilter $
+--             newGetFilter
+--
+--         , requestGetFindings $
+--             newGetFindings
+--
+--         , requestGetFindingsStatistics $
+--             newGetFindingsStatistics
+--
+--         , requestGetIPSet $
+--             newGetIPSet
+--
+--         , requestGetInvitationsCount $
+--             newGetInvitationsCount
+--
+--         , requestGetMalwareScanSettings $
+--             newGetMalwareScanSettings
+--
+--         , requestGetMemberDetectors $
+--             newGetMemberDetectors
+--
+--         , requestGetMembers $
+--             newGetMembers
+--
+--         , requestGetRemainingFreeTrialDays $
+--             newGetRemainingFreeTrialDays
+--
+--         , requestGetThreatIntelSet $
+--             newGetThreatIntelSet
+--
+--         , requestGetUsageStatistics $
+--             newGetUsageStatistics
+--
+--         , requestInviteMembers $
+--             newInviteMembers
+--
+--         , requestListDetectors $
+--             newListDetectors
+--
+--         , requestListFilters $
+--             newListFilters
+--
+--         , requestListFindings $
+--             newListFindings
+--
+--         , requestListIPSets $
+--             newListIPSets
+--
+--         , requestListInvitations $
+--             newListInvitations
+--
+--         , requestListMembers $
+--             newListMembers
+--
+--         , requestListOrganizationAdminAccounts $
+--             newListOrganizationAdminAccounts
+--
+--         , requestListPublishingDestinations $
+--             newListPublishingDestinations
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestListThreatIntelSets $
+--             newListThreatIntelSets
+--
+--         , requestStartMonitoringMembers $
+--             newStartMonitoringMembers
+--
+--         , requestStopMonitoringMembers $
+--             newStopMonitoringMembers
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUnarchiveFindings $
+--             newUnarchiveFindings
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateDetector $
+--             newUpdateDetector
+--
+--         , requestUpdateFilter $
+--             newUpdateFilter
+--
+--         , requestUpdateFindingsFeedback $
+--             newUpdateFindingsFeedback
+--
+--         , requestUpdateIPSet $
+--             newUpdateIPSet
+--
+--         , requestUpdateMalwareScanSettings $
+--             newUpdateMalwareScanSettings
+--
+--         , requestUpdateMemberDetectors $
+--             newUpdateMemberDetectors
+--
+--         , requestUpdateOrganizationConfiguration $
+--             newUpdateOrganizationConfiguration
+--
+--         , requestUpdatePublishingDestination $
+--             newUpdatePublishingDestination
+--
+--         , requestUpdateThreatIntelSet $
+--             newUpdateThreatIntelSet
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseAcceptAdministratorInvitation $
+--             newAcceptAdministratorInvitationResponse
+--
+--         , responseArchiveFindings $
+--             newArchiveFindingsResponse
+--
+--         , responseCreateDetector $
+--             newCreateDetectorResponse
+--
+--         , responseCreateFilter $
+--             newCreateFilterResponse
+--
+--         , responseCreateIPSet $
+--             newCreateIPSetResponse
+--
+--         , responseCreateMembers $
+--             newCreateMembersResponse
+--
+--         , responseCreatePublishingDestination $
+--             newCreatePublishingDestinationResponse
+--
+--         , responseCreateSampleFindings $
+--             newCreateSampleFindingsResponse
+--
+--         , responseCreateThreatIntelSet $
+--             newCreateThreatIntelSetResponse
+--
+--         , responseDeclineInvitations $
+--             newDeclineInvitationsResponse
+--
+--         , responseDeleteDetector $
+--             newDeleteDetectorResponse
+--
+--         , responseDeleteFilter $
+--             newDeleteFilterResponse
+--
+--         , responseDeleteIPSet $
+--             newDeleteIPSetResponse
+--
+--         , responseDeleteInvitations $
+--             newDeleteInvitationsResponse
+--
+--         , responseDeleteMembers $
+--             newDeleteMembersResponse
+--
+--         , responseDeletePublishingDestination $
+--             newDeletePublishingDestinationResponse
+--
+--         , responseDeleteThreatIntelSet $
+--             newDeleteThreatIntelSetResponse
+--
+--         , responseDescribeMalwareScans $
+--             newDescribeMalwareScansResponse
+--
+--         , responseDescribeOrganizationConfiguration $
+--             newDescribeOrganizationConfigurationResponse
+--
+--         , responseDescribePublishingDestination $
+--             newDescribePublishingDestinationResponse
+--
+--         , responseDisableOrganizationAdminAccount $
+--             newDisableOrganizationAdminAccountResponse
+--
+--         , responseDisassociateFromAdministratorAccount $
+--             newDisassociateFromAdministratorAccountResponse
+--
+--         , responseDisassociateMembers $
+--             newDisassociateMembersResponse
+--
+--         , responseEnableOrganizationAdminAccount $
+--             newEnableOrganizationAdminAccountResponse
+--
+--         , responseGetAdministratorAccount $
+--             newGetAdministratorAccountResponse
+--
+--         , responseGetDetector $
+--             newGetDetectorResponse
+--
+--         , responseGetFilter $
+--             newGetFilterResponse
+--
+--         , responseGetFindings $
+--             newGetFindingsResponse
+--
+--         , responseGetFindingsStatistics $
+--             newGetFindingsStatisticsResponse
+--
+--         , responseGetIPSet $
+--             newGetIPSetResponse
+--
+--         , responseGetInvitationsCount $
+--             newGetInvitationsCountResponse
+--
+--         , responseGetMalwareScanSettings $
+--             newGetMalwareScanSettingsResponse
+--
+--         , responseGetMemberDetectors $
+--             newGetMemberDetectorsResponse
+--
+--         , responseGetMembers $
+--             newGetMembersResponse
+--
+--         , responseGetRemainingFreeTrialDays $
+--             newGetRemainingFreeTrialDaysResponse
+--
+--         , responseGetThreatIntelSet $
+--             newGetThreatIntelSetResponse
+--
+--         , responseGetUsageStatistics $
+--             newGetUsageStatisticsResponse
+--
+--         , responseInviteMembers $
+--             newInviteMembersResponse
+--
+--         , responseListDetectors $
+--             newListDetectorsResponse
+--
+--         , responseListFilters $
+--             newListFiltersResponse
+--
+--         , responseListFindings $
+--             newListFindingsResponse
+--
+--         , responseListIPSets $
+--             newListIPSetsResponse
+--
+--         , responseListInvitations $
+--             newListInvitationsResponse
+--
+--         , responseListMembers $
+--             newListMembersResponse
+--
+--         , responseListOrganizationAdminAccounts $
+--             newListOrganizationAdminAccountsResponse
+--
+--         , responseListPublishingDestinations $
+--             newListPublishingDestinationsResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseListThreatIntelSets $
+--             newListThreatIntelSetsResponse
+--
+--         , responseStartMonitoringMembers $
+--             newStartMonitoringMembersResponse
+--
+--         , responseStopMonitoringMembers $
+--             newStopMonitoringMembersResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUnarchiveFindings $
+--             newUnarchiveFindingsResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateDetector $
+--             newUpdateDetectorResponse
+--
+--         , responseUpdateFilter $
+--             newUpdateFilterResponse
+--
+--         , responseUpdateFindingsFeedback $
+--             newUpdateFindingsFeedbackResponse
+--
+--         , responseUpdateIPSet $
+--             newUpdateIPSetResponse
+--
+--         , responseUpdateMalwareScanSettings $
+--             newUpdateMalwareScanSettingsResponse
+--
+--         , responseUpdateMemberDetectors $
+--             newUpdateMemberDetectorsResponse
+--
+--         , responseUpdateOrganizationConfiguration $
+--             newUpdateOrganizationConfigurationResponse
+--
+--         , responseUpdatePublishingDestination $
+--             newUpdatePublishingDestinationResponse
+--
+--         , responseUpdateThreatIntelSet $
+--             newUpdateThreatIntelSetResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestAcceptAdministratorInvitation :: AcceptAdministratorInvitation -> TestTree
+requestAcceptAdministratorInvitation =
+  req
+    "AcceptAdministratorInvitation"
+    "fixture/AcceptAdministratorInvitation.yaml"
+
+requestArchiveFindings :: ArchiveFindings -> TestTree
+requestArchiveFindings =
+  req
+    "ArchiveFindings"
+    "fixture/ArchiveFindings.yaml"
+
+requestCreateDetector :: CreateDetector -> TestTree
+requestCreateDetector =
+  req
+    "CreateDetector"
+    "fixture/CreateDetector.yaml"
+
+requestCreateFilter :: CreateFilter -> TestTree
+requestCreateFilter =
+  req
+    "CreateFilter"
+    "fixture/CreateFilter.yaml"
+
+requestCreateIPSet :: CreateIPSet -> TestTree
+requestCreateIPSet =
+  req
+    "CreateIPSet"
+    "fixture/CreateIPSet.yaml"
+
+requestCreateMembers :: CreateMembers -> TestTree
+requestCreateMembers =
+  req
+    "CreateMembers"
+    "fixture/CreateMembers.yaml"
+
+requestCreatePublishingDestination :: CreatePublishingDestination -> TestTree
+requestCreatePublishingDestination =
+  req
+    "CreatePublishingDestination"
+    "fixture/CreatePublishingDestination.yaml"
+
+requestCreateSampleFindings :: CreateSampleFindings -> TestTree
+requestCreateSampleFindings =
+  req
+    "CreateSampleFindings"
+    "fixture/CreateSampleFindings.yaml"
+
+requestCreateThreatIntelSet :: CreateThreatIntelSet -> TestTree
+requestCreateThreatIntelSet =
+  req
+    "CreateThreatIntelSet"
+    "fixture/CreateThreatIntelSet.yaml"
+
+requestDeclineInvitations :: DeclineInvitations -> TestTree
+requestDeclineInvitations =
+  req
+    "DeclineInvitations"
+    "fixture/DeclineInvitations.yaml"
+
+requestDeleteDetector :: DeleteDetector -> TestTree
+requestDeleteDetector =
+  req
+    "DeleteDetector"
+    "fixture/DeleteDetector.yaml"
+
+requestDeleteFilter :: DeleteFilter -> TestTree
+requestDeleteFilter =
+  req
+    "DeleteFilter"
+    "fixture/DeleteFilter.yaml"
+
+requestDeleteIPSet :: DeleteIPSet -> TestTree
+requestDeleteIPSet =
+  req
+    "DeleteIPSet"
+    "fixture/DeleteIPSet.yaml"
+
+requestDeleteInvitations :: DeleteInvitations -> TestTree
+requestDeleteInvitations =
+  req
+    "DeleteInvitations"
+    "fixture/DeleteInvitations.yaml"
+
+requestDeleteMembers :: DeleteMembers -> TestTree
+requestDeleteMembers =
+  req
+    "DeleteMembers"
+    "fixture/DeleteMembers.yaml"
+
+requestDeletePublishingDestination :: DeletePublishingDestination -> TestTree
+requestDeletePublishingDestination =
+  req
+    "DeletePublishingDestination"
+    "fixture/DeletePublishingDestination.yaml"
+
+requestDeleteThreatIntelSet :: DeleteThreatIntelSet -> TestTree
+requestDeleteThreatIntelSet =
+  req
+    "DeleteThreatIntelSet"
+    "fixture/DeleteThreatIntelSet.yaml"
+
+requestDescribeMalwareScans :: DescribeMalwareScans -> TestTree
+requestDescribeMalwareScans =
+  req
+    "DescribeMalwareScans"
+    "fixture/DescribeMalwareScans.yaml"
+
+requestDescribeOrganizationConfiguration :: DescribeOrganizationConfiguration -> TestTree
+requestDescribeOrganizationConfiguration =
+  req
+    "DescribeOrganizationConfiguration"
+    "fixture/DescribeOrganizationConfiguration.yaml"
+
+requestDescribePublishingDestination :: DescribePublishingDestination -> TestTree
+requestDescribePublishingDestination =
+  req
+    "DescribePublishingDestination"
+    "fixture/DescribePublishingDestination.yaml"
+
+requestDisableOrganizationAdminAccount :: DisableOrganizationAdminAccount -> TestTree
+requestDisableOrganizationAdminAccount =
+  req
+    "DisableOrganizationAdminAccount"
+    "fixture/DisableOrganizationAdminAccount.yaml"
+
+requestDisassociateFromAdministratorAccount :: DisassociateFromAdministratorAccount -> TestTree
+requestDisassociateFromAdministratorAccount =
+  req
+    "DisassociateFromAdministratorAccount"
+    "fixture/DisassociateFromAdministratorAccount.yaml"
+
+requestDisassociateMembers :: DisassociateMembers -> TestTree
+requestDisassociateMembers =
+  req
+    "DisassociateMembers"
+    "fixture/DisassociateMembers.yaml"
+
+requestEnableOrganizationAdminAccount :: EnableOrganizationAdminAccount -> TestTree
+requestEnableOrganizationAdminAccount =
+  req
+    "EnableOrganizationAdminAccount"
+    "fixture/EnableOrganizationAdminAccount.yaml"
+
+requestGetAdministratorAccount :: GetAdministratorAccount -> TestTree
+requestGetAdministratorAccount =
+  req
+    "GetAdministratorAccount"
+    "fixture/GetAdministratorAccount.yaml"
+
+requestGetDetector :: GetDetector -> TestTree
+requestGetDetector =
+  req
+    "GetDetector"
+    "fixture/GetDetector.yaml"
+
+requestGetFilter :: GetFilter -> TestTree
+requestGetFilter =
+  req
+    "GetFilter"
+    "fixture/GetFilter.yaml"
+
+requestGetFindings :: GetFindings -> TestTree
+requestGetFindings =
+  req
+    "GetFindings"
+    "fixture/GetFindings.yaml"
+
+requestGetFindingsStatistics :: GetFindingsStatistics -> TestTree
+requestGetFindingsStatistics =
+  req
+    "GetFindingsStatistics"
+    "fixture/GetFindingsStatistics.yaml"
+
+requestGetIPSet :: GetIPSet -> TestTree
+requestGetIPSet =
+  req
+    "GetIPSet"
+    "fixture/GetIPSet.yaml"
+
+requestGetInvitationsCount :: GetInvitationsCount -> TestTree
+requestGetInvitationsCount =
+  req
+    "GetInvitationsCount"
+    "fixture/GetInvitationsCount.yaml"
+
+requestGetMalwareScanSettings :: GetMalwareScanSettings -> TestTree
+requestGetMalwareScanSettings =
+  req
+    "GetMalwareScanSettings"
+    "fixture/GetMalwareScanSettings.yaml"
+
+requestGetMemberDetectors :: GetMemberDetectors -> TestTree
+requestGetMemberDetectors =
+  req
+    "GetMemberDetectors"
+    "fixture/GetMemberDetectors.yaml"
+
+requestGetMembers :: GetMembers -> TestTree
+requestGetMembers =
+  req
+    "GetMembers"
+    "fixture/GetMembers.yaml"
+
+requestGetRemainingFreeTrialDays :: GetRemainingFreeTrialDays -> TestTree
+requestGetRemainingFreeTrialDays =
+  req
+    "GetRemainingFreeTrialDays"
+    "fixture/GetRemainingFreeTrialDays.yaml"
+
+requestGetThreatIntelSet :: GetThreatIntelSet -> TestTree
+requestGetThreatIntelSet =
+  req
+    "GetThreatIntelSet"
+    "fixture/GetThreatIntelSet.yaml"
+
+requestGetUsageStatistics :: GetUsageStatistics -> TestTree
+requestGetUsageStatistics =
+  req
+    "GetUsageStatistics"
+    "fixture/GetUsageStatistics.yaml"
+
+requestInviteMembers :: InviteMembers -> TestTree
+requestInviteMembers =
+  req
+    "InviteMembers"
+    "fixture/InviteMembers.yaml"
+
+requestListDetectors :: ListDetectors -> TestTree
+requestListDetectors =
+  req
+    "ListDetectors"
+    "fixture/ListDetectors.yaml"
+
+requestListFilters :: ListFilters -> TestTree
+requestListFilters =
+  req
+    "ListFilters"
+    "fixture/ListFilters.yaml"
+
+requestListFindings :: ListFindings -> TestTree
+requestListFindings =
+  req
+    "ListFindings"
+    "fixture/ListFindings.yaml"
+
+requestListIPSets :: ListIPSets -> TestTree
+requestListIPSets =
+  req
+    "ListIPSets"
+    "fixture/ListIPSets.yaml"
+
+requestListInvitations :: ListInvitations -> TestTree
+requestListInvitations =
+  req
+    "ListInvitations"
+    "fixture/ListInvitations.yaml"
+
+requestListMembers :: ListMembers -> TestTree
+requestListMembers =
+  req
+    "ListMembers"
+    "fixture/ListMembers.yaml"
+
+requestListOrganizationAdminAccounts :: ListOrganizationAdminAccounts -> TestTree
+requestListOrganizationAdminAccounts =
+  req
+    "ListOrganizationAdminAccounts"
+    "fixture/ListOrganizationAdminAccounts.yaml"
+
+requestListPublishingDestinations :: ListPublishingDestinations -> TestTree
+requestListPublishingDestinations =
+  req
+    "ListPublishingDestinations"
+    "fixture/ListPublishingDestinations.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestListThreatIntelSets :: ListThreatIntelSets -> TestTree
+requestListThreatIntelSets =
+  req
+    "ListThreatIntelSets"
+    "fixture/ListThreatIntelSets.yaml"
+
+requestStartMonitoringMembers :: StartMonitoringMembers -> TestTree
+requestStartMonitoringMembers =
+  req
+    "StartMonitoringMembers"
+    "fixture/StartMonitoringMembers.yaml"
+
+requestStopMonitoringMembers :: StopMonitoringMembers -> TestTree
+requestStopMonitoringMembers =
+  req
+    "StopMonitoringMembers"
+    "fixture/StopMonitoringMembers.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUnarchiveFindings :: UnarchiveFindings -> TestTree
+requestUnarchiveFindings =
+  req
+    "UnarchiveFindings"
+    "fixture/UnarchiveFindings.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateDetector :: UpdateDetector -> TestTree
+requestUpdateDetector =
+  req
+    "UpdateDetector"
+    "fixture/UpdateDetector.yaml"
+
+requestUpdateFilter :: UpdateFilter -> TestTree
+requestUpdateFilter =
+  req
+    "UpdateFilter"
+    "fixture/UpdateFilter.yaml"
+
+requestUpdateFindingsFeedback :: UpdateFindingsFeedback -> TestTree
+requestUpdateFindingsFeedback =
+  req
+    "UpdateFindingsFeedback"
+    "fixture/UpdateFindingsFeedback.yaml"
+
+requestUpdateIPSet :: UpdateIPSet -> TestTree
+requestUpdateIPSet =
+  req
+    "UpdateIPSet"
+    "fixture/UpdateIPSet.yaml"
+
+requestUpdateMalwareScanSettings :: UpdateMalwareScanSettings -> TestTree
+requestUpdateMalwareScanSettings =
+  req
+    "UpdateMalwareScanSettings"
+    "fixture/UpdateMalwareScanSettings.yaml"
+
+requestUpdateMemberDetectors :: UpdateMemberDetectors -> TestTree
+requestUpdateMemberDetectors =
+  req
+    "UpdateMemberDetectors"
+    "fixture/UpdateMemberDetectors.yaml"
+
+requestUpdateOrganizationConfiguration :: UpdateOrganizationConfiguration -> TestTree
+requestUpdateOrganizationConfiguration =
+  req
+    "UpdateOrganizationConfiguration"
+    "fixture/UpdateOrganizationConfiguration.yaml"
+
+requestUpdatePublishingDestination :: UpdatePublishingDestination -> TestTree
+requestUpdatePublishingDestination =
+  req
+    "UpdatePublishingDestination"
+    "fixture/UpdatePublishingDestination.yaml"
+
+requestUpdateThreatIntelSet :: UpdateThreatIntelSet -> TestTree
+requestUpdateThreatIntelSet =
+  req
+    "UpdateThreatIntelSet"
+    "fixture/UpdateThreatIntelSet.yaml"
+
+-- Responses
+
+responseAcceptAdministratorInvitation :: AcceptAdministratorInvitationResponse -> TestTree
+responseAcceptAdministratorInvitation =
+  res
+    "AcceptAdministratorInvitationResponse"
+    "fixture/AcceptAdministratorInvitationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AcceptAdministratorInvitation)
+
+responseArchiveFindings :: ArchiveFindingsResponse -> TestTree
+responseArchiveFindings =
+  res
+    "ArchiveFindingsResponse"
+    "fixture/ArchiveFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ArchiveFindings)
+
+responseCreateDetector :: CreateDetectorResponse -> TestTree
+responseCreateDetector =
+  res
+    "CreateDetectorResponse"
+    "fixture/CreateDetectorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateDetector)
+
+responseCreateFilter :: CreateFilterResponse -> TestTree
+responseCreateFilter =
+  res
+    "CreateFilterResponse"
+    "fixture/CreateFilterResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateFilter)
+
+responseCreateIPSet :: CreateIPSetResponse -> TestTree
+responseCreateIPSet =
+  res
+    "CreateIPSetResponse"
+    "fixture/CreateIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateIPSet)
+
+responseCreateMembers :: CreateMembersResponse -> TestTree
+responseCreateMembers =
+  res
+    "CreateMembersResponse"
+    "fixture/CreateMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateMembers)
+
+responseCreatePublishingDestination :: CreatePublishingDestinationResponse -> TestTree
+responseCreatePublishingDestination =
+  res
+    "CreatePublishingDestinationResponse"
+    "fixture/CreatePublishingDestinationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreatePublishingDestination)
+
+responseCreateSampleFindings :: CreateSampleFindingsResponse -> TestTree
+responseCreateSampleFindings =
+  res
+    "CreateSampleFindingsResponse"
+    "fixture/CreateSampleFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateSampleFindings)
+
+responseCreateThreatIntelSet :: CreateThreatIntelSetResponse -> TestTree
+responseCreateThreatIntelSet =
+  res
+    "CreateThreatIntelSetResponse"
+    "fixture/CreateThreatIntelSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateThreatIntelSet)
+
+responseDeclineInvitations :: DeclineInvitationsResponse -> TestTree
+responseDeclineInvitations =
+  res
+    "DeclineInvitationsResponse"
+    "fixture/DeclineInvitationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeclineInvitations)
+
+responseDeleteDetector :: DeleteDetectorResponse -> TestTree
+responseDeleteDetector =
+  res
+    "DeleteDetectorResponse"
+    "fixture/DeleteDetectorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteDetector)
+
+responseDeleteFilter :: DeleteFilterResponse -> TestTree
+responseDeleteFilter =
+  res
+    "DeleteFilterResponse"
+    "fixture/DeleteFilterResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteFilter)
+
+responseDeleteIPSet :: DeleteIPSetResponse -> TestTree
+responseDeleteIPSet =
+  res
+    "DeleteIPSetResponse"
+    "fixture/DeleteIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteIPSet)
+
+responseDeleteInvitations :: DeleteInvitationsResponse -> TestTree
+responseDeleteInvitations =
+  res
+    "DeleteInvitationsResponse"
+    "fixture/DeleteInvitationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteInvitations)
+
+responseDeleteMembers :: DeleteMembersResponse -> TestTree
+responseDeleteMembers =
+  res
+    "DeleteMembersResponse"
+    "fixture/DeleteMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteMembers)
+
+responseDeletePublishingDestination :: DeletePublishingDestinationResponse -> TestTree
+responseDeletePublishingDestination =
+  res
+    "DeletePublishingDestinationResponse"
+    "fixture/DeletePublishingDestinationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeletePublishingDestination)
+
+responseDeleteThreatIntelSet :: DeleteThreatIntelSetResponse -> TestTree
+responseDeleteThreatIntelSet =
+  res
+    "DeleteThreatIntelSetResponse"
+    "fixture/DeleteThreatIntelSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteThreatIntelSet)
+
+responseDescribeMalwareScans :: DescribeMalwareScansResponse -> TestTree
+responseDescribeMalwareScans =
+  res
+    "DescribeMalwareScansResponse"
+    "fixture/DescribeMalwareScansResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeMalwareScans)
+
+responseDescribeOrganizationConfiguration :: DescribeOrganizationConfigurationResponse -> TestTree
+responseDescribeOrganizationConfiguration =
+  res
+    "DescribeOrganizationConfigurationResponse"
+    "fixture/DescribeOrganizationConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeOrganizationConfiguration)
+
+responseDescribePublishingDestination :: DescribePublishingDestinationResponse -> TestTree
+responseDescribePublishingDestination =
+  res
+    "DescribePublishingDestinationResponse"
+    "fixture/DescribePublishingDestinationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribePublishingDestination)
+
+responseDisableOrganizationAdminAccount :: DisableOrganizationAdminAccountResponse -> TestTree
+responseDisableOrganizationAdminAccount =
+  res
+    "DisableOrganizationAdminAccountResponse"
+    "fixture/DisableOrganizationAdminAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableOrganizationAdminAccount)
+
+responseDisassociateFromAdministratorAccount :: DisassociateFromAdministratorAccountResponse -> TestTree
+responseDisassociateFromAdministratorAccount =
+  res
+    "DisassociateFromAdministratorAccountResponse"
+    "fixture/DisassociateFromAdministratorAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateFromAdministratorAccount)
+
+responseDisassociateMembers :: DisassociateMembersResponse -> TestTree
+responseDisassociateMembers =
+  res
+    "DisassociateMembersResponse"
+    "fixture/DisassociateMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateMembers)
+
+responseEnableOrganizationAdminAccount :: EnableOrganizationAdminAccountResponse -> TestTree
+responseEnableOrganizationAdminAccount =
+  res
+    "EnableOrganizationAdminAccountResponse"
+    "fixture/EnableOrganizationAdminAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableOrganizationAdminAccount)
+
+responseGetAdministratorAccount :: GetAdministratorAccountResponse -> TestTree
+responseGetAdministratorAccount =
+  res
+    "GetAdministratorAccountResponse"
+    "fixture/GetAdministratorAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetAdministratorAccount)
+
+responseGetDetector :: GetDetectorResponse -> TestTree
+responseGetDetector =
+  res
+    "GetDetectorResponse"
+    "fixture/GetDetectorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetDetector)
+
+responseGetFilter :: GetFilterResponse -> TestTree
+responseGetFilter =
+  res
+    "GetFilterResponse"
+    "fixture/GetFilterResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFilter)
+
+responseGetFindings :: GetFindingsResponse -> TestTree
+responseGetFindings =
+  res
+    "GetFindingsResponse"
+    "fixture/GetFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFindings)
+
+responseGetFindingsStatistics :: GetFindingsStatisticsResponse -> TestTree
+responseGetFindingsStatistics =
+  res
+    "GetFindingsStatisticsResponse"
+    "fixture/GetFindingsStatisticsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFindingsStatistics)
+
+responseGetIPSet :: GetIPSetResponse -> TestTree
+responseGetIPSet =
+  res
+    "GetIPSetResponse"
+    "fixture/GetIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetIPSet)
+
+responseGetInvitationsCount :: GetInvitationsCountResponse -> TestTree
+responseGetInvitationsCount =
+  res
+    "GetInvitationsCountResponse"
+    "fixture/GetInvitationsCountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetInvitationsCount)
+
+responseGetMalwareScanSettings :: GetMalwareScanSettingsResponse -> TestTree
+responseGetMalwareScanSettings =
+  res
+    "GetMalwareScanSettingsResponse"
+    "fixture/GetMalwareScanSettingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetMalwareScanSettings)
+
+responseGetMemberDetectors :: GetMemberDetectorsResponse -> TestTree
+responseGetMemberDetectors =
+  res
+    "GetMemberDetectorsResponse"
+    "fixture/GetMemberDetectorsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetMemberDetectors)
+
+responseGetMembers :: GetMembersResponse -> TestTree
+responseGetMembers =
+  res
+    "GetMembersResponse"
+    "fixture/GetMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetMembers)
+
+responseGetRemainingFreeTrialDays :: GetRemainingFreeTrialDaysResponse -> TestTree
+responseGetRemainingFreeTrialDays =
+  res
+    "GetRemainingFreeTrialDaysResponse"
+    "fixture/GetRemainingFreeTrialDaysResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetRemainingFreeTrialDays)
+
+responseGetThreatIntelSet :: GetThreatIntelSetResponse -> TestTree
+responseGetThreatIntelSet =
+  res
+    "GetThreatIntelSetResponse"
+    "fixture/GetThreatIntelSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetThreatIntelSet)
+
+responseGetUsageStatistics :: GetUsageStatisticsResponse -> TestTree
+responseGetUsageStatistics =
+  res
+    "GetUsageStatisticsResponse"
+    "fixture/GetUsageStatisticsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetUsageStatistics)
+
+responseInviteMembers :: InviteMembersResponse -> TestTree
+responseInviteMembers =
+  res
+    "InviteMembersResponse"
+    "fixture/InviteMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy InviteMembers)
+
+responseListDetectors :: ListDetectorsResponse -> TestTree
+responseListDetectors =
+  res
+    "ListDetectorsResponse"
+    "fixture/ListDetectorsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListDetectors)
+
+responseListFilters :: ListFiltersResponse -> TestTree
+responseListFilters =
+  res
+    "ListFiltersResponse"
+    "fixture/ListFiltersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFilters)
+
+responseListFindings :: ListFindingsResponse -> TestTree
+responseListFindings =
+  res
+    "ListFindingsResponse"
+    "fixture/ListFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFindings)
+
+responseListIPSets :: ListIPSetsResponse -> TestTree
+responseListIPSets =
+  res
+    "ListIPSetsResponse"
+    "fixture/ListIPSetsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListIPSets)
+
+responseListInvitations :: ListInvitationsResponse -> TestTree
+responseListInvitations =
+  res
+    "ListInvitationsResponse"
+    "fixture/ListInvitationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListInvitations)
+
+responseListMembers :: ListMembersResponse -> TestTree
+responseListMembers =
+  res
+    "ListMembersResponse"
+    "fixture/ListMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListMembers)
+
+responseListOrganizationAdminAccounts :: ListOrganizationAdminAccountsResponse -> TestTree
+responseListOrganizationAdminAccounts =
+  res
+    "ListOrganizationAdminAccountsResponse"
+    "fixture/ListOrganizationAdminAccountsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListOrganizationAdminAccounts)
+
+responseListPublishingDestinations :: ListPublishingDestinationsResponse -> TestTree
+responseListPublishingDestinations =
+  res
+    "ListPublishingDestinationsResponse"
+    "fixture/ListPublishingDestinationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListPublishingDestinations)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseListThreatIntelSets :: ListThreatIntelSetsResponse -> TestTree
+responseListThreatIntelSets =
+  res
+    "ListThreatIntelSetsResponse"
+    "fixture/ListThreatIntelSetsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListThreatIntelSets)
+
+responseStartMonitoringMembers :: StartMonitoringMembersResponse -> TestTree
+responseStartMonitoringMembers =
+  res
+    "StartMonitoringMembersResponse"
+    "fixture/StartMonitoringMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy StartMonitoringMembers)
+
+responseStopMonitoringMembers :: StopMonitoringMembersResponse -> TestTree
+responseStopMonitoringMembers =
+  res
+    "StopMonitoringMembersResponse"
+    "fixture/StopMonitoringMembersResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy StopMonitoringMembers)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUnarchiveFindings :: UnarchiveFindingsResponse -> TestTree
+responseUnarchiveFindings =
+  res
+    "UnarchiveFindingsResponse"
+    "fixture/UnarchiveFindingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UnarchiveFindings)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateDetector :: UpdateDetectorResponse -> TestTree
+responseUpdateDetector =
+  res
+    "UpdateDetectorResponse"
+    "fixture/UpdateDetectorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateDetector)
+
+responseUpdateFilter :: UpdateFilterResponse -> TestTree
+responseUpdateFilter =
+  res
+    "UpdateFilterResponse"
+    "fixture/UpdateFilterResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFilter)
+
+responseUpdateFindingsFeedback :: UpdateFindingsFeedbackResponse -> TestTree
+responseUpdateFindingsFeedback =
+  res
+    "UpdateFindingsFeedbackResponse"
+    "fixture/UpdateFindingsFeedbackResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFindingsFeedback)
+
+responseUpdateIPSet :: UpdateIPSetResponse -> TestTree
+responseUpdateIPSet =
+  res
+    "UpdateIPSetResponse"
+    "fixture/UpdateIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateIPSet)
+
+responseUpdateMalwareScanSettings :: UpdateMalwareScanSettingsResponse -> TestTree
+responseUpdateMalwareScanSettings =
+  res
+    "UpdateMalwareScanSettingsResponse"
+    "fixture/UpdateMalwareScanSettingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateMalwareScanSettings)
+
+responseUpdateMemberDetectors :: UpdateMemberDetectorsResponse -> TestTree
+responseUpdateMemberDetectors =
+  res
+    "UpdateMemberDetectorsResponse"
+    "fixture/UpdateMemberDetectorsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateMemberDetectors)
+
+responseUpdateOrganizationConfiguration :: UpdateOrganizationConfigurationResponse -> TestTree
+responseUpdateOrganizationConfiguration =
+  res
+    "UpdateOrganizationConfigurationResponse"
+    "fixture/UpdateOrganizationConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateOrganizationConfiguration)
+
+responseUpdatePublishingDestination :: UpdatePublishingDestinationResponse -> TestTree
+responseUpdatePublishingDestination =
+  res
+    "UpdatePublishingDestinationResponse"
+    "fixture/UpdatePublishingDestinationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdatePublishingDestination)
+
+responseUpdateThreatIntelSet :: UpdateThreatIntelSetResponse -> TestTree
+responseUpdateThreatIntelSet =
+  res
+    "UpdateThreatIntelSetResponse"
+    "fixture/UpdateThreatIntelSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateThreatIntelSet)
diff --git a/test/Test/Amazonka/GuardDuty.hs b/test/Test/Amazonka/GuardDuty.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/GuardDuty.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.GuardDuty
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.GuardDuty
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/GuardDuty/Internal.hs b/test/Test/Amazonka/GuardDuty/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/GuardDuty/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.GuardDuty.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.GuardDuty.Internal where
