diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 
 ## Version
 
-`1.3.1`
+`1.3.2`
 
 
 ## Description
@@ -68,9 +68,6 @@
 -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html IAM Best Practices>.
     This topic presents a list of suggestions for using the IAM service
     to help secure your AWS resources.
--   <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>.
-    This guide describes how to create and use temporary security
-    credentials.
 -   <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>.
     This set of topics walk you through the process of signing a request
     using an access key ID and secret access key.
diff --git a/amazonka-iam.cabal b/amazonka-iam.cabal
--- a/amazonka-iam.cabal
+++ b/amazonka-iam.cabal
@@ -1,5 +1,5 @@
 name:                  amazonka-iam
-version:               1.3.1
+version:               1.3.2
 synopsis:              Amazon Identity and Access Management SDK.
 homepage:              https://github.com/brendanhay/amazonka
 bug-reports:           https://github.com/brendanhay/amazonka/issues
@@ -68,9 +68,6 @@
     -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html IAM Best Practices>.
         This topic presents a list of suggestions for using the IAM service
         to help secure your AWS resources.
-    -   <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>.
-        This guide describes how to create and use temporary security
-        credentials.
     -   <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>.
         This set of topics walk you through the process of signing a request
         using an access key ID and secret access key.
@@ -149,6 +146,8 @@
         , Network.AWS.IAM.GetAccountAuthorizationDetails
         , Network.AWS.IAM.GetAccountPasswordPolicy
         , Network.AWS.IAM.GetAccountSummary
+        , Network.AWS.IAM.GetContextKeysForCustomPolicy
+        , Network.AWS.IAM.GetContextKeysForPrincipalPolicy
         , Network.AWS.IAM.GetCredentialReport
         , Network.AWS.IAM.GetGroup
         , Network.AWS.IAM.GetGroupPolicy
@@ -196,6 +195,8 @@
         , Network.AWS.IAM.RemoveUserFromGroup
         , Network.AWS.IAM.ResyncMFADevice
         , Network.AWS.IAM.SetDefaultPolicyVersion
+        , Network.AWS.IAM.SimulateCustomPolicy
+        , Network.AWS.IAM.SimulatePrincipalPolicy
         , Network.AWS.IAM.Types
         , Network.AWS.IAM.UpdateAccessKey
         , Network.AWS.IAM.UpdateAccountPasswordPolicy
@@ -218,7 +219,7 @@
         , Network.AWS.IAM.Types.Sum
 
     build-depends:
-          amazonka-core == 1.3.1.*
+          amazonka-core == 1.3.2.*
         , base          >= 4.7     && < 5
 
 test-suite amazonka-iam-test
@@ -238,9 +239,9 @@
         , Test.AWS.IAM.Internal
 
     build-depends:
-          amazonka-core == 1.3.1.*
-        , amazonka-test == 1.3.1.*
-        , amazonka-iam == 1.3.1.*
+          amazonka-core == 1.3.2.*
+        , amazonka-test == 1.3.2.*
+        , amazonka-iam == 1.3.2.*
         , base
         , bytestring
         , lens
diff --git a/fixture/GetContextKeysForCustomPolicy.yaml b/fixture/GetContextKeysForCustomPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetContextKeysForCustomPolicy.yaml
diff --git a/fixture/GetContextKeysForCustomPolicyResponse.proto b/fixture/GetContextKeysForCustomPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetContextKeysForCustomPolicyResponse.proto
diff --git a/fixture/GetContextKeysForPrincipalPolicy.yaml b/fixture/GetContextKeysForPrincipalPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetContextKeysForPrincipalPolicy.yaml
diff --git a/fixture/GetContextKeysForPrincipalPolicyResponse.proto b/fixture/GetContextKeysForPrincipalPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetContextKeysForPrincipalPolicyResponse.proto
diff --git a/fixture/SimulateCustomPolicy.yaml b/fixture/SimulateCustomPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/SimulateCustomPolicy.yaml
diff --git a/fixture/SimulateCustomPolicyResponse.proto b/fixture/SimulateCustomPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/SimulateCustomPolicyResponse.proto
diff --git a/fixture/SimulatePrincipalPolicy.yaml b/fixture/SimulatePrincipalPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/SimulatePrincipalPolicy.yaml
diff --git a/fixture/SimulatePrincipalPolicyResponse.proto b/fixture/SimulatePrincipalPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/SimulatePrincipalPolicyResponse.proto
diff --git a/gen/Network/AWS/IAM.hs b/gen/Network/AWS/IAM.hs
--- a/gen/Network/AWS/IAM.hs
+++ b/gen/Network/AWS/IAM.hs
@@ -66,9 +66,6 @@
 -- -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html IAM Best Practices>.
 --     This topic presents a list of suggestions for using the IAM service
 --     to help secure your AWS resources.
--- -   <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>.
---     This guide describes how to create and use temporary security
---     credentials.
 -- -   <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>.
 --     This set of topics walk you through the process of signing a request
 --     using an access key ID and secret access key.
@@ -139,6 +136,9 @@
     -- ** KeyPairMismatchException
     , _KeyPairMismatchException
 
+    -- ** PolicyEvaluationException
+    , _PolicyEvaluationException
+
     -- ** PasswordPolicyViolationException
     , _PasswordPolicyViolationException
 
@@ -157,6 +157,9 @@
     -- * Operations
     -- $operations
 
+    -- ** GetContextKeysForPrincipalPolicy
+    , module Network.AWS.IAM.GetContextKeysForPrincipalPolicy
+
     -- ** ListPolicies (Paginated)
     , module Network.AWS.IAM.ListPolicies
 
@@ -223,6 +226,9 @@
     -- ** UploadSSHPublicKey
     , module Network.AWS.IAM.UploadSSHPublicKey
 
+    -- ** SimulateCustomPolicy
+    , module Network.AWS.IAM.SimulateCustomPolicy
+
     -- ** DeleteRole
     , module Network.AWS.IAM.DeleteRole
 
@@ -337,6 +343,9 @@
     -- ** AddUserToGroup
     , module Network.AWS.IAM.AddUserToGroup
 
+    -- ** SimulatePrincipalPolicy
+    , module Network.AWS.IAM.SimulatePrincipalPolicy
+
     -- ** GetPolicyVersion
     , module Network.AWS.IAM.GetPolicyVersion
 
@@ -388,6 +397,9 @@
     -- ** PutRolePolicy
     , module Network.AWS.IAM.PutRolePolicy
 
+    -- ** GetContextKeysForCustomPolicy
+    , module Network.AWS.IAM.GetContextKeysForCustomPolicy
+
     -- ** UploadSigningCertificate
     , module Network.AWS.IAM.UploadSigningCertificate
 
@@ -489,15 +501,24 @@
     -- ** AssignmentStatusType
     , AssignmentStatusType (..)
 
+    -- ** ContextKeyTypeEnum
+    , ContextKeyTypeEnum (..)
+
     -- ** EncodingType
     , EncodingType (..)
 
     -- ** EntityType
     , EntityType (..)
 
+    -- ** PolicyEvaluationDecisionType
+    , PolicyEvaluationDecisionType (..)
+
     -- ** PolicyScopeType
     , PolicyScopeType (..)
 
+    -- ** PolicySourceType
+    , PolicySourceType (..)
+
     -- ** ReportFormatType
     , ReportFormatType (..)
 
@@ -540,6 +561,27 @@
     , apPolicyName
     , apPolicyARN
 
+    -- ** ContextEntry
+    , ContextEntry
+    , contextEntry
+    , ceContextKeyValues
+    , ceContextKeyName
+    , ceContextKeyType
+
+    -- ** EvaluationResult
+    , EvaluationResult
+    , evaluationResult
+    , erMatchedStatements
+    , erMissingContextValues
+    , erEvalActionName
+    , erEvalResourceName
+    , erEvalDecision
+
+    -- ** GetContextKeysForPolicyResponse
+    , GetContextKeysForPolicyResponse
+    , getContextKeysForPolicyResponse
+    , gckfpContextKeyNames
+
     -- ** Group
     , Group
     , group'
@@ -661,6 +703,12 @@
     , pvDocument
     , pvIsDefaultVersion
 
+    -- ** Position
+    , Position
+    , position
+    , pLine
+    , pColumn
+
     -- ** Role
     , Role
     , role
@@ -735,6 +783,21 @@
     , scCertificateBody
     , scStatus
 
+    -- ** SimulatePolicyResponse
+    , SimulatePolicyResponse
+    , simulatePolicyResponse
+    , spEvaluationResults
+    , spMarker
+    , spIsTruncated
+
+    -- ** Statement
+    , Statement
+    , statement
+    , sSourcePolicyType
+    , sSourcePolicyId
+    , sEndPosition
+    , sStartPosition
+
     -- ** User
     , User
     , user
@@ -815,6 +878,8 @@
 import           Network.AWS.IAM.GetAccountAuthorizationDetails
 import           Network.AWS.IAM.GetAccountPasswordPolicy
 import           Network.AWS.IAM.GetAccountSummary
+import           Network.AWS.IAM.GetContextKeysForCustomPolicy
+import           Network.AWS.IAM.GetContextKeysForPrincipalPolicy
 import           Network.AWS.IAM.GetCredentialReport
 import           Network.AWS.IAM.GetGroup
 import           Network.AWS.IAM.GetGroupPolicy
@@ -862,6 +927,8 @@
 import           Network.AWS.IAM.RemoveUserFromGroup
 import           Network.AWS.IAM.ResyncMFADevice
 import           Network.AWS.IAM.SetDefaultPolicyVersion
+import           Network.AWS.IAM.SimulateCustomPolicy
+import           Network.AWS.IAM.SimulatePrincipalPolicy
 import           Network.AWS.IAM.Types
 import           Network.AWS.IAM.UpdateAccessKey
 import           Network.AWS.IAM.UpdateAccountPasswordPolicy
diff --git a/gen/Network/AWS/IAM/AttachGroupPolicy.hs b/gen/Network/AWS/IAM/AttachGroupPolicy.hs
--- a/gen/Network/AWS/IAM/AttachGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/AttachGroupPolicy.hs
@@ -25,7 +25,7 @@
 --
 -- For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachGroupPolicy.html AWS API Reference> for AttachGroupPolicy.
 module Network.AWS.IAM.AttachGroupPolicy
diff --git a/gen/Network/AWS/IAM/AttachRolePolicy.hs b/gen/Network/AWS/IAM/AttachRolePolicy.hs
--- a/gen/Network/AWS/IAM/AttachRolePolicy.hs
+++ b/gen/Network/AWS/IAM/AttachRolePolicy.hs
@@ -30,7 +30,7 @@
 -- policy in a role, use PutRolePolicy. For more information about
 -- policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html AWS API Reference> for AttachRolePolicy.
 module Network.AWS.IAM.AttachRolePolicy
diff --git a/gen/Network/AWS/IAM/AttachUserPolicy.hs b/gen/Network/AWS/IAM/AttachUserPolicy.hs
--- a/gen/Network/AWS/IAM/AttachUserPolicy.hs
+++ b/gen/Network/AWS/IAM/AttachUserPolicy.hs
@@ -25,7 +25,7 @@
 --
 -- For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html AWS API Reference> for AttachUserPolicy.
 module Network.AWS.IAM.AttachUserPolicy
diff --git a/gen/Network/AWS/IAM/ChangePassword.hs b/gen/Network/AWS/IAM/ChangePassword.hs
--- a/gen/Network/AWS/IAM/ChangePassword.hs
+++ b/gen/Network/AWS/IAM/ChangePassword.hs
@@ -24,7 +24,7 @@
 -- To change the password for a different user, see UpdateLoginProfile. For
 -- more information about modifying passwords, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html Managing Passwords>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html AWS API Reference> for ChangePassword.
 module Network.AWS.IAM.ChangePassword
diff --git a/gen/Network/AWS/IAM/CreateAccessKey.hs b/gen/Network/AWS/IAM/CreateAccessKey.hs
--- a/gen/Network/AWS/IAM/CreateAccessKey.hs
+++ b/gen/Network/AWS/IAM/CreateAccessKey.hs
@@ -29,7 +29,7 @@
 --
 -- For information about limits on the number of keys you can create, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- To ensure the security of your AWS account, the secret access key is
 -- accessible only during key and user creation. You must save the key (for
diff --git a/gen/Network/AWS/IAM/CreateAccountAlias.hs b/gen/Network/AWS/IAM/CreateAccountAlias.hs
--- a/gen/Network/AWS/IAM/CreateAccountAlias.hs
+++ b/gen/Network/AWS/IAM/CreateAccountAlias.hs
@@ -21,7 +21,7 @@
 -- Creates an alias for your AWS account. For information about using an
 -- AWS account alias, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html Using an Alias for Your AWS Account ID>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccountAlias.html AWS API Reference> for CreateAccountAlias.
 module Network.AWS.IAM.CreateAccountAlias
diff --git a/gen/Network/AWS/IAM/CreateGroup.hs b/gen/Network/AWS/IAM/CreateGroup.hs
--- a/gen/Network/AWS/IAM/CreateGroup.hs
+++ b/gen/Network/AWS/IAM/CreateGroup.hs
@@ -22,7 +22,7 @@
 --
 -- For information about the number of groups you can create, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html AWS API Reference> for CreateGroup.
 module Network.AWS.IAM.CreateGroup
diff --git a/gen/Network/AWS/IAM/CreateInstanceProfile.hs b/gen/Network/AWS/IAM/CreateInstanceProfile.hs
--- a/gen/Network/AWS/IAM/CreateInstanceProfile.hs
+++ b/gen/Network/AWS/IAM/CreateInstanceProfile.hs
@@ -25,7 +25,7 @@
 -- For information about the number of instance profiles you can create,
 -- see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateInstanceProfile.html AWS API Reference> for CreateInstanceProfile.
 module Network.AWS.IAM.CreateInstanceProfile
diff --git a/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs b/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs
--- a/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs
+++ b/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs
@@ -137,7 +137,7 @@
 -- For more information about obtaining the OIDC provider\'s thumbprint,
 -- see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the Thumbprint for an OpenID Connect Provider>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 coicpThumbprintList :: Lens' CreateOpenIdConnectProvider [Text]
 coicpThumbprintList = lens _coicpThumbprintList (\ s a -> s{_coicpThumbprintList = a}) . _Coerce;
 
diff --git a/gen/Network/AWS/IAM/CreatePolicy.hs b/gen/Network/AWS/IAM/CreatePolicy.hs
--- a/gen/Network/AWS/IAM/CreatePolicy.hs
+++ b/gen/Network/AWS/IAM/CreatePolicy.hs
@@ -24,11 +24,11 @@
 -- 'v1' and sets v1 as the policy\'s default version. For more information
 -- about policy versions, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- For more information about managed policies in general, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html AWS API Reference> for CreatePolicy.
 module Network.AWS.IAM.CreatePolicy
@@ -91,7 +91,7 @@
 --
 -- For more information about paths, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- This parameter is optional. If it is not included, it defaults to a
 -- slash (\/).
diff --git a/gen/Network/AWS/IAM/CreatePolicyVersion.hs b/gen/Network/AWS/IAM/CreatePolicyVersion.hs
--- a/gen/Network/AWS/IAM/CreatePolicyVersion.hs
+++ b/gen/Network/AWS/IAM/CreatePolicyVersion.hs
@@ -31,7 +31,7 @@
 --
 -- For more information about managed policy versions, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicyVersion.html AWS API Reference> for CreatePolicyVersion.
 module Network.AWS.IAM.CreatePolicyVersion
@@ -93,7 +93,7 @@
 --
 -- For more information about managed policy versions, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 cpvSetAsDefault :: Lens' CreatePolicyVersion (Maybe Bool)
 cpvSetAsDefault = lens _cpvSetAsDefault (\ s a -> s{_cpvSetAsDefault = a});
 
diff --git a/gen/Network/AWS/IAM/CreateRole.hs b/gen/Network/AWS/IAM/CreateRole.hs
--- a/gen/Network/AWS/IAM/CreateRole.hs
+++ b/gen/Network/AWS/IAM/CreateRole.hs
@@ -24,7 +24,7 @@
 -- For information about limitations on role names and the number of roles
 -- you can create, go to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- The policy in the following example grants permission to an EC2 instance
 -- to assume the role.
diff --git a/gen/Network/AWS/IAM/CreateSAMLProvider.hs b/gen/Network/AWS/IAM/CreateSAMLProvider.hs
--- a/gen/Network/AWS/IAM/CreateSAMLProvider.hs
+++ b/gen/Network/AWS/IAM/CreateSAMLProvider.hs
@@ -38,10 +38,10 @@
 -- <http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4>.
 --
 -- For more information, see
--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/STSMgmtConsole-SAML.html Giving Console Access Using SAML>
+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html Enabling SAML 2.0 Federated Users to Access the AWS Management Console>
 -- and
--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html Creating Temporary Security Credentials for SAML Federation>
--- in the /Using Temporary Credentials/ guide.
+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html About SAML 2.0-based Federation>
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateSAMLProvider.html AWS API Reference> for CreateSAMLProvider.
 module Network.AWS.IAM.CreateSAMLProvider
@@ -98,8 +98,8 @@
 -- software that is used as your organization\'s IdP.
 --
 -- For more information, see
--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html Creating Temporary Security Credentials for SAML Federation>
--- in the /Using Temporary Security Credentials/ guide.
+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html About SAML 2.0-based Federation>
+-- in the /IAM User Guide/
 csamlpSAMLMetadataDocument :: Lens' CreateSAMLProvider Text
 csamlpSAMLMetadataDocument = lens _csamlpSAMLMetadataDocument (\ s a -> s{_csamlpSAMLMetadataDocument = a});
 
diff --git a/gen/Network/AWS/IAM/CreateUser.hs b/gen/Network/AWS/IAM/CreateUser.hs
--- a/gen/Network/AWS/IAM/CreateUser.hs
+++ b/gen/Network/AWS/IAM/CreateUser.hs
@@ -23,7 +23,7 @@
 -- For information about limitations on the number of users you can create,
 -- see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html AWS API Reference> for CreateUser.
 module Network.AWS.IAM.CreateUser
diff --git a/gen/Network/AWS/IAM/DeleteAccountAlias.hs b/gen/Network/AWS/IAM/DeleteAccountAlias.hs
--- a/gen/Network/AWS/IAM/DeleteAccountAlias.hs
+++ b/gen/Network/AWS/IAM/DeleteAccountAlias.hs
@@ -21,7 +21,7 @@
 -- Deletes the specified AWS account alias. For information about using an
 -- AWS account alias, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html Using an Alias for Your AWS Account ID>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccountAlias.html AWS API Reference> for DeleteAccountAlias.
 module Network.AWS.IAM.DeleteAccountAlias
diff --git a/gen/Network/AWS/IAM/DeleteGroupPolicy.hs b/gen/Network/AWS/IAM/DeleteGroupPolicy.hs
--- a/gen/Network/AWS/IAM/DeleteGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/DeleteGroupPolicy.hs
@@ -25,7 +25,7 @@
 -- managed policy from a group, use DetachGroupPolicy. For more information
 -- about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroupPolicy.html AWS API Reference> for DeleteGroupPolicy.
 module Network.AWS.IAM.DeleteGroupPolicy
diff --git a/gen/Network/AWS/IAM/DeletePolicy.hs b/gen/Network/AWS/IAM/DeletePolicy.hs
--- a/gen/Network/AWS/IAM/DeletePolicy.hs
+++ b/gen/Network/AWS/IAM/DeletePolicy.hs
@@ -39,7 +39,7 @@
 --
 -- For information about managed policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicy.html AWS API Reference> for DeletePolicy.
 module Network.AWS.IAM.DeletePolicy
diff --git a/gen/Network/AWS/IAM/DeletePolicyVersion.hs b/gen/Network/AWS/IAM/DeletePolicyVersion.hs
--- a/gen/Network/AWS/IAM/DeletePolicyVersion.hs
+++ b/gen/Network/AWS/IAM/DeletePolicyVersion.hs
@@ -27,7 +27,7 @@
 --
 -- For information about versions for managed policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeletePolicyVersion.html AWS API Reference> for DeletePolicyVersion.
 module Network.AWS.IAM.DeletePolicyVersion
@@ -81,7 +81,7 @@
 --
 -- For more information about managed policy versions, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 dpvVersionId :: Lens' DeletePolicyVersion Text
 dpvVersionId = lens _dpvVersionId (\ s a -> s{_dpvVersionId = a});
 
diff --git a/gen/Network/AWS/IAM/DeleteRolePolicy.hs b/gen/Network/AWS/IAM/DeleteRolePolicy.hs
--- a/gen/Network/AWS/IAM/DeleteRolePolicy.hs
+++ b/gen/Network/AWS/IAM/DeleteRolePolicy.hs
@@ -25,7 +25,7 @@
 -- managed policy from a role, use DetachRolePolicy. For more information
 -- about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteRolePolicy.html AWS API Reference> for DeleteRolePolicy.
 module Network.AWS.IAM.DeleteRolePolicy
diff --git a/gen/Network/AWS/IAM/DeleteUserPolicy.hs b/gen/Network/AWS/IAM/DeleteUserPolicy.hs
--- a/gen/Network/AWS/IAM/DeleteUserPolicy.hs
+++ b/gen/Network/AWS/IAM/DeleteUserPolicy.hs
@@ -25,7 +25,7 @@
 -- managed policy from a user, use DetachUserPolicy. For more information
 -- about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUserPolicy.html AWS API Reference> for DeleteUserPolicy.
 module Network.AWS.IAM.DeleteUserPolicy
diff --git a/gen/Network/AWS/IAM/DetachGroupPolicy.hs b/gen/Network/AWS/IAM/DetachGroupPolicy.hs
--- a/gen/Network/AWS/IAM/DetachGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/DetachGroupPolicy.hs
@@ -24,7 +24,7 @@
 -- inline policy, use the DeleteGroupPolicy API. For information about
 -- policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachGroupPolicy.html AWS API Reference> for DetachGroupPolicy.
 module Network.AWS.IAM.DetachGroupPolicy
diff --git a/gen/Network/AWS/IAM/DetachRolePolicy.hs b/gen/Network/AWS/IAM/DetachRolePolicy.hs
--- a/gen/Network/AWS/IAM/DetachRolePolicy.hs
+++ b/gen/Network/AWS/IAM/DetachRolePolicy.hs
@@ -24,7 +24,7 @@
 -- inline policy, use the DeleteRolePolicy API. For information about
 -- policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html AWS API Reference> for DetachRolePolicy.
 module Network.AWS.IAM.DetachRolePolicy
diff --git a/gen/Network/AWS/IAM/DetachUserPolicy.hs b/gen/Network/AWS/IAM/DetachUserPolicy.hs
--- a/gen/Network/AWS/IAM/DetachUserPolicy.hs
+++ b/gen/Network/AWS/IAM/DetachUserPolicy.hs
@@ -24,7 +24,7 @@
 -- inline policy, use the DeleteUserPolicy API. For information about
 -- policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachUserPolicy.html AWS API Reference> for DetachUserPolicy.
 module Network.AWS.IAM.DetachUserPolicy
diff --git a/gen/Network/AWS/IAM/GenerateCredentialReport.hs b/gen/Network/AWS/IAM/GenerateCredentialReport.hs
--- a/gen/Network/AWS/IAM/GenerateCredentialReport.hs
+++ b/gen/Network/AWS/IAM/GenerateCredentialReport.hs
@@ -21,7 +21,7 @@
 -- Generates a credential report for the AWS account. For more information
 -- about the credential report, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Getting Credential Reports>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html AWS API Reference> for GenerateCredentialReport.
 module Network.AWS.IAM.GenerateCredentialReport
diff --git a/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs b/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs
--- a/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs
+++ b/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs
@@ -81,9 +81,10 @@
     , _gaadFilter = Nothing
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 gaadMarker :: Lens' GetAccountAuthorizationDetails (Maybe Text)
 gaadMarker = lens _gaadMarker (\ s a -> s{_gaadMarker = a});
 
@@ -92,7 +93,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 gaadMaxItems :: Lens' GetAccountAuthorizationDetails (Maybe Natural)
 gaadMaxItems = lens _gaadMaxItems (\ s a -> s{_gaadMaxItems = a}) . mapping _Nat;
 
@@ -208,7 +212,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 gaadrsIsTruncated :: Lens' GetAccountAuthorizationDetailsResponse (Maybe Bool)
 gaadrsIsTruncated = lens _gaadrsIsTruncated (\ s a -> s{_gaadrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/GetAccountSummary.hs b/gen/Network/AWS/IAM/GetAccountSummary.hs
--- a/gen/Network/AWS/IAM/GetAccountSummary.hs
+++ b/gen/Network/AWS/IAM/GetAccountSummary.hs
@@ -23,7 +23,7 @@
 --
 -- For information about limitations on IAM entities, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html AWS API Reference> for GetAccountSummary.
 module Network.AWS.IAM.GetAccountSummary
diff --git a/gen/Network/AWS/IAM/GetContextKeysForCustomPolicy.hs b/gen/Network/AWS/IAM/GetContextKeysForCustomPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/IAM/GetContextKeysForCustomPolicy.hs
@@ -0,0 +1,102 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.IAM.GetContextKeysForCustomPolicy
+-- Copyright   : (c) 2013-2015 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets a list of all of the context keys referenced in 'Condition'
+-- elements in the input policies. The policies are supplied as a list of
+-- one or more strings. To get the context keys from policies associated
+-- with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
+--
+-- Context keys are variables maintained by AWS and its services that
+-- provide details about the context of an API query request, and can be
+-- evaluated by using the 'Condition' element of an IAM policy. Use
+-- GetContextKeysForCustomPolicy to understand what key names and values
+-- you must supply when you call SimulateCustomPolicy. Note that all
+-- parameters are shown in unencoded form here for clarity, but must be URL
+-- encoded to be included as a part of a real HTML request.
+--
+-- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForCustomPolicy.html AWS API Reference> for GetContextKeysForCustomPolicy.
+module Network.AWS.IAM.GetContextKeysForCustomPolicy
+    (
+    -- * Creating a Request
+      getContextKeysForCustomPolicy
+    , GetContextKeysForCustomPolicy
+    -- * Request Lenses
+    , gckfcpPolicyInputList
+
+    -- * Destructuring the Response
+    , getContextKeysForPolicyResponse
+    , GetContextKeysForPolicyResponse
+    -- * Response Lenses
+    , gckfpContextKeyNames
+    ) where
+
+import           Network.AWS.IAM.Types
+import           Network.AWS.IAM.Types.Product
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | /See:/ 'getContextKeysForCustomPolicy' smart constructor.
+newtype GetContextKeysForCustomPolicy = GetContextKeysForCustomPolicy'
+    { _gckfcpPolicyInputList :: [Text]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'GetContextKeysForCustomPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'gckfcpPolicyInputList'
+getContextKeysForCustomPolicy
+    :: GetContextKeysForCustomPolicy
+getContextKeysForCustomPolicy =
+    GetContextKeysForCustomPolicy'
+    { _gckfcpPolicyInputList = mempty
+    }
+
+-- | A list of policies for which you want list of context keys used in
+-- 'Condition' elements.
+gckfcpPolicyInputList :: Lens' GetContextKeysForCustomPolicy [Text]
+gckfcpPolicyInputList = lens _gckfcpPolicyInputList (\ s a -> s{_gckfcpPolicyInputList = a}) . _Coerce;
+
+instance AWSRequest GetContextKeysForCustomPolicy
+         where
+        type Rs GetContextKeysForCustomPolicy =
+             GetContextKeysForPolicyResponse
+        request = postQuery iAM
+        response
+          = receiveXMLWrapper
+              "GetContextKeysForCustomPolicyResult"
+              (\ s h x -> parseXML x)
+
+instance ToHeaders GetContextKeysForCustomPolicy
+         where
+        toHeaders = const mempty
+
+instance ToPath GetContextKeysForCustomPolicy where
+        toPath = const "/"
+
+instance ToQuery GetContextKeysForCustomPolicy where
+        toQuery GetContextKeysForCustomPolicy'{..}
+          = mconcat
+              ["Action" =:
+                 ("GetContextKeysForCustomPolicy" :: ByteString),
+               "Version" =: ("2010-05-08" :: ByteString),
+               "PolicyInputList" =:
+                 toQueryList "member" _gckfcpPolicyInputList]
diff --git a/gen/Network/AWS/IAM/GetContextKeysForPrincipalPolicy.hs b/gen/Network/AWS/IAM/GetContextKeysForPrincipalPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/IAM/GetContextKeysForPrincipalPolicy.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.IAM.GetContextKeysForPrincipalPolicy
+-- Copyright   : (c) 2013-2015 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets a list of all of the context keys referenced in 'Condition'
+-- elements in all of the IAM policies attached to the specified IAM
+-- entity. The entity can be an IAM user, group, or role. If you specify a
+-- user, then the request also includes all of the policies attached to
+-- groups that the user is a member of.
+--
+-- You can optionally include a list of one or more additional policies,
+-- specified as strings. If you want to include only a list of policies by
+-- string, use GetContextKeysForCustomPolicy instead.
+--
+-- __Note:__ This API discloses information about the permissions granted
+-- to other users. If you do not want users to see other user\'s
+-- permissions, then consider allowing them to use
+-- GetContextKeysForCustomPolicy instead.
+--
+-- Context keys are variables maintained by AWS and its services that
+-- provide details about the context of an API query request, and can be
+-- evaluated by using the 'Condition' element of an IAM policy. Use
+-- GetContextKeysForPrincipalPolicy to understand what key names and values
+-- you must supply when you call SimulatePrincipalPolicy.
+--
+-- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetContextKeysForPrincipalPolicy.html AWS API Reference> for GetContextKeysForPrincipalPolicy.
+module Network.AWS.IAM.GetContextKeysForPrincipalPolicy
+    (
+    -- * Creating a Request
+      getContextKeysForPrincipalPolicy
+    , GetContextKeysForPrincipalPolicy
+    -- * Request Lenses
+    , gckfppPolicyInputList
+    , gckfppPolicySourceARN
+
+    -- * Destructuring the Response
+    , getContextKeysForPolicyResponse
+    , GetContextKeysForPolicyResponse
+    -- * Response Lenses
+    , gckfpContextKeyNames
+    ) where
+
+import           Network.AWS.IAM.Types
+import           Network.AWS.IAM.Types.Product
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | /See:/ 'getContextKeysForPrincipalPolicy' smart constructor.
+data GetContextKeysForPrincipalPolicy = GetContextKeysForPrincipalPolicy'
+    { _gckfppPolicyInputList :: !(Maybe [Text])
+    , _gckfppPolicySourceARN :: !Text
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'GetContextKeysForPrincipalPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'gckfppPolicyInputList'
+--
+-- * 'gckfppPolicySourceARN'
+getContextKeysForPrincipalPolicy
+    :: Text -- ^ 'gckfppPolicySourceARN'
+    -> GetContextKeysForPrincipalPolicy
+getContextKeysForPrincipalPolicy pPolicySourceARN_ =
+    GetContextKeysForPrincipalPolicy'
+    { _gckfppPolicyInputList = Nothing
+    , _gckfppPolicySourceARN = pPolicySourceARN_
+    }
+
+-- | A optional list of additional policies for which you want list of
+-- context keys used in 'Condition' elements.
+gckfppPolicyInputList :: Lens' GetContextKeysForPrincipalPolicy [Text]
+gckfppPolicyInputList = lens _gckfppPolicyInputList (\ s a -> s{_gckfppPolicyInputList = a}) . _Default . _Coerce;
+
+-- | The ARN of a user, group, or role whose policies contain the context
+-- keys that you want listed. If you specify a user, the list includes
+-- context keys that are found in all policies attached to the user as well
+-- as to all groups that the user is a member of. If you pick a group or a
+-- role, then it includes only those context keys that are found in
+-- policies attached to that entity. Note that all parameters are shown in
+-- unencoded form here for clarity, but must be URL encoded to be included
+-- as a part of a real HTML request.
+gckfppPolicySourceARN :: Lens' GetContextKeysForPrincipalPolicy Text
+gckfppPolicySourceARN = lens _gckfppPolicySourceARN (\ s a -> s{_gckfppPolicySourceARN = a});
+
+instance AWSRequest GetContextKeysForPrincipalPolicy
+         where
+        type Rs GetContextKeysForPrincipalPolicy =
+             GetContextKeysForPolicyResponse
+        request = postQuery iAM
+        response
+          = receiveXMLWrapper
+              "GetContextKeysForPrincipalPolicyResult"
+              (\ s h x -> parseXML x)
+
+instance ToHeaders GetContextKeysForPrincipalPolicy
+         where
+        toHeaders = const mempty
+
+instance ToPath GetContextKeysForPrincipalPolicy
+         where
+        toPath = const "/"
+
+instance ToQuery GetContextKeysForPrincipalPolicy
+         where
+        toQuery GetContextKeysForPrincipalPolicy'{..}
+          = mconcat
+              ["Action" =:
+                 ("GetContextKeysForPrincipalPolicy" :: ByteString),
+               "Version" =: ("2010-05-08" :: ByteString),
+               "PolicyInputList" =:
+                 toQuery
+                   (toQueryList "member" <$> _gckfppPolicyInputList),
+               "PolicySourceArn" =: _gckfppPolicySourceARN]
diff --git a/gen/Network/AWS/IAM/GetCredentialReport.hs b/gen/Network/AWS/IAM/GetCredentialReport.hs
--- a/gen/Network/AWS/IAM/GetCredentialReport.hs
+++ b/gen/Network/AWS/IAM/GetCredentialReport.hs
@@ -21,7 +21,7 @@
 -- Retrieves a credential report for the AWS account. For more information
 -- about the credential report, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Getting Credential Reports>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetCredentialReport.html AWS API Reference> for GetCredentialReport.
 module Network.AWS.IAM.GetCredentialReport
diff --git a/gen/Network/AWS/IAM/GetGroup.hs b/gen/Network/AWS/IAM/GetGroup.hs
--- a/gen/Network/AWS/IAM/GetGroup.hs
+++ b/gen/Network/AWS/IAM/GetGroup.hs
@@ -78,9 +78,10 @@
     , _ggGroupName = pGroupName_
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 ggMarker :: Lens' GetGroup (Maybe Text)
 ggMarker = lens _ggMarker (\ s a -> s{_ggMarker = a});
 
@@ -89,7 +90,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 ggMaxItems :: Lens' GetGroup (Maybe Natural)
 ggMaxItems = lens _ggMaxItems (\ s a -> s{_ggMaxItems = a}) . mapping _Nat;
 
@@ -176,7 +180,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 ggrsIsTruncated :: Lens' GetGroupResponse (Maybe Bool)
 ggrsIsTruncated = lens _ggrsIsTruncated (\ s a -> s{_ggrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/GetGroupPolicy.hs b/gen/Network/AWS/IAM/GetGroupPolicy.hs
--- a/gen/Network/AWS/IAM/GetGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/GetGroupPolicy.hs
@@ -28,7 +28,7 @@
 --
 -- For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetGroupPolicy.html AWS API Reference> for GetGroupPolicy.
 module Network.AWS.IAM.GetGroupPolicy
diff --git a/gen/Network/AWS/IAM/GetPolicy.hs b/gen/Network/AWS/IAM/GetPolicy.hs
--- a/gen/Network/AWS/IAM/GetPolicy.hs
+++ b/gen/Network/AWS/IAM/GetPolicy.hs
@@ -32,7 +32,7 @@
 --
 -- For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html AWS API Reference> for GetPolicy.
 module Network.AWS.IAM.GetPolicy
diff --git a/gen/Network/AWS/IAM/GetPolicyVersion.hs b/gen/Network/AWS/IAM/GetPolicyVersion.hs
--- a/gen/Network/AWS/IAM/GetPolicyVersion.hs
+++ b/gen/Network/AWS/IAM/GetPolicyVersion.hs
@@ -29,7 +29,7 @@
 --
 -- For more information about the types of policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicyVersion.html AWS API Reference> for GetPolicyVersion.
 module Network.AWS.IAM.GetPolicyVersion
@@ -137,7 +137,7 @@
 --
 -- For more information about managed policy versions, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 gpvrsPolicyVersion :: Lens' GetPolicyVersionResponse (Maybe PolicyVersion)
 gpvrsPolicyVersion = lens _gpvrsPolicyVersion (\ s a -> s{_gpvrsPolicyVersion = a});
 
diff --git a/gen/Network/AWS/IAM/GetRolePolicy.hs b/gen/Network/AWS/IAM/GetRolePolicy.hs
--- a/gen/Network/AWS/IAM/GetRolePolicy.hs
+++ b/gen/Network/AWS/IAM/GetRolePolicy.hs
@@ -28,7 +28,7 @@
 --
 -- For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- For more information about roles, go to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html Using Roles to Delegate Permissions and Federate Identities>.
diff --git a/gen/Network/AWS/IAM/GetUserPolicy.hs b/gen/Network/AWS/IAM/GetUserPolicy.hs
--- a/gen/Network/AWS/IAM/GetUserPolicy.hs
+++ b/gen/Network/AWS/IAM/GetUserPolicy.hs
@@ -28,7 +28,7 @@
 --
 -- For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUserPolicy.html AWS API Reference> for GetUserPolicy.
 module Network.AWS.IAM.GetUserPolicy
diff --git a/gen/Network/AWS/IAM/ListAccessKeys.hs b/gen/Network/AWS/IAM/ListAccessKeys.hs
--- a/gen/Network/AWS/IAM/ListAccessKeys.hs
+++ b/gen/Network/AWS/IAM/ListAccessKeys.hs
@@ -92,9 +92,10 @@
 lakUserName :: Lens' ListAccessKeys (Maybe Text)
 lakUserName = lens _lakUserName (\ s a -> s{_lakUserName = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lakMarker :: Lens' ListAccessKeys (Maybe Text)
 lakMarker = lens _lakMarker (\ s a -> s{_lakMarker = a});
 
@@ -103,7 +104,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lakMaxItems :: Lens' ListAccessKeys (Maybe Natural)
 lakMaxItems = lens _lakMaxItems (\ s a -> s{_lakMaxItems = a}) . mapping _Nat;
 
@@ -181,7 +185,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lakrsIsTruncated :: Lens' ListAccessKeysResponse (Maybe Bool)
 lakrsIsTruncated = lens _lakrsIsTruncated (\ s a -> s{_lakrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListAccountAliases.hs b/gen/Network/AWS/IAM/ListAccountAliases.hs
--- a/gen/Network/AWS/IAM/ListAccountAliases.hs
+++ b/gen/Network/AWS/IAM/ListAccountAliases.hs
@@ -21,7 +21,7 @@
 -- Lists the account aliases associated with the account. For information
 -- about using an AWS account alias, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html Using an Alias for Your AWS Account ID>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- You can paginate the results using the 'MaxItems' and 'Marker'
 -- parameters.
@@ -76,9 +76,10 @@
     , _laaMaxItems = Nothing
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 laaMarker :: Lens' ListAccountAliases (Maybe Text)
 laaMarker = lens _laaMarker (\ s a -> s{_laaMarker = a});
 
@@ -87,7 +88,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 laaMaxItems :: Lens' ListAccountAliases (Maybe Natural)
 laaMaxItems = lens _laaMaxItems (\ s a -> s{_laaMaxItems = a}) . mapping _Nat;
 
@@ -165,7 +169,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 laarsIsTruncated :: Lens' ListAccountAliasesResponse (Maybe Bool)
 laarsIsTruncated = lens _laarsIsTruncated (\ s a -> s{_laarsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs b/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs
--- a/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs
+++ b/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs
@@ -24,7 +24,7 @@
 -- inline policies for a group, use the ListGroupPolicies API. For
 -- information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- You can paginate the results using the 'MaxItems' and 'Marker'
 -- parameters. You can use the 'PathPrefix' parameter to limit the list of
@@ -96,9 +96,10 @@
 lagpPathPrefix :: Lens' ListAttachedGroupPolicies (Maybe Text)
 lagpPathPrefix = lens _lagpPathPrefix (\ s a -> s{_lagpPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lagpMarker :: Lens' ListAttachedGroupPolicies (Maybe Text)
 lagpMarker = lens _lagpMarker (\ s a -> s{_lagpMarker = a});
 
@@ -107,7 +108,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lagpMaxItems :: Lens' ListAttachedGroupPolicies (Maybe Natural)
 lagpMaxItems = lens _lagpMaxItems (\ s a -> s{_lagpMaxItems = a}) . mapping _Nat;
 
@@ -190,7 +194,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lagprsIsTruncated :: Lens' ListAttachedGroupPoliciesResponse (Maybe Bool)
 lagprsIsTruncated = lens _lagprsIsTruncated (\ s a -> s{_lagprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs b/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs
--- a/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs
+++ b/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs
@@ -24,7 +24,7 @@
 -- inline policies for a role, use the ListRolePolicies API. For
 -- information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- You can paginate the results using the 'MaxItems' and 'Marker'
 -- parameters. You can use the 'PathPrefix' parameter to limit the list of
@@ -96,9 +96,10 @@
 larpPathPrefix :: Lens' ListAttachedRolePolicies (Maybe Text)
 larpPathPrefix = lens _larpPathPrefix (\ s a -> s{_larpPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 larpMarker :: Lens' ListAttachedRolePolicies (Maybe Text)
 larpMarker = lens _larpMarker (\ s a -> s{_larpMarker = a});
 
@@ -107,7 +108,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 larpMaxItems :: Lens' ListAttachedRolePolicies (Maybe Natural)
 larpMaxItems = lens _larpMaxItems (\ s a -> s{_larpMaxItems = a}) . mapping _Nat;
 
@@ -190,7 +194,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 larprsIsTruncated :: Lens' ListAttachedRolePoliciesResponse (Maybe Bool)
 larprsIsTruncated = lens _larprsIsTruncated (\ s a -> s{_larprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs b/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs
--- a/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs
+++ b/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs
@@ -24,7 +24,7 @@
 -- inline policies for a user, use the ListUserPolicies API. For
 -- information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- You can paginate the results using the 'MaxItems' and 'Marker'
 -- parameters. You can use the 'PathPrefix' parameter to limit the list of
@@ -96,9 +96,10 @@
 laupPathPrefix :: Lens' ListAttachedUserPolicies (Maybe Text)
 laupPathPrefix = lens _laupPathPrefix (\ s a -> s{_laupPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 laupMarker :: Lens' ListAttachedUserPolicies (Maybe Text)
 laupMarker = lens _laupMarker (\ s a -> s{_laupMarker = a});
 
@@ -107,7 +108,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 laupMaxItems :: Lens' ListAttachedUserPolicies (Maybe Natural)
 laupMaxItems = lens _laupMaxItems (\ s a -> s{_laupMaxItems = a}) . mapping _Nat;
 
@@ -190,7 +194,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lauprsIsTruncated :: Lens' ListAttachedUserPoliciesResponse (Maybe Bool)
 lauprsIsTruncated = lens _lauprsIsTruncated (\ s a -> s{_lauprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs b/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs
--- a/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs
+++ b/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs
@@ -109,9 +109,10 @@
 lefpEntityFilter :: Lens' ListEntitiesForPolicy (Maybe EntityType)
 lefpEntityFilter = lens _lefpEntityFilter (\ s a -> s{_lefpEntityFilter = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lefpMarker :: Lens' ListEntitiesForPolicy (Maybe Text)
 lefpMarker = lens _lefpMarker (\ s a -> s{_lefpMarker = a});
 
@@ -120,7 +121,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lefpMaxItems :: Lens' ListEntitiesForPolicy (Maybe Natural)
 lefpMaxItems = lens _lefpMaxItems (\ s a -> s{_lefpMaxItems = a}) . mapping _Nat;
 
@@ -224,7 +228,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lefprsIsTruncated :: Lens' ListEntitiesForPolicyResponse (Maybe Bool)
 lefprsIsTruncated = lens _lefprsIsTruncated (\ s a -> s{_lefprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListGroupPolicies.hs b/gen/Network/AWS/IAM/ListGroupPolicies.hs
--- a/gen/Network/AWS/IAM/ListGroupPolicies.hs
+++ b/gen/Network/AWS/IAM/ListGroupPolicies.hs
@@ -25,7 +25,7 @@
 -- managed policies that are attached to a group, use
 -- ListAttachedGroupPolicies. For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- You can paginate the results using the 'MaxItems' and 'Marker'
 -- parameters. If there are no inline policies embedded with the specified
@@ -87,9 +87,10 @@
     , _lgpGroupName = pGroupName_
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lgpMarker :: Lens' ListGroupPolicies (Maybe Text)
 lgpMarker = lens _lgpMarker (\ s a -> s{_lgpMarker = a});
 
@@ -98,7 +99,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lgpMaxItems :: Lens' ListGroupPolicies (Maybe Natural)
 lgpMaxItems = lens _lgpMaxItems (\ s a -> s{_lgpMaxItems = a}) . mapping _Nat;
 
@@ -180,7 +184,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lgprsIsTruncated :: Lens' ListGroupPoliciesResponse (Maybe Bool)
 lgprsIsTruncated = lens _lgprsIsTruncated (\ s a -> s{_lgprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListGroups.hs b/gen/Network/AWS/IAM/ListGroups.hs
--- a/gen/Network/AWS/IAM/ListGroups.hs
+++ b/gen/Network/AWS/IAM/ListGroups.hs
@@ -87,9 +87,10 @@
 lgPathPrefix :: Lens' ListGroups (Maybe Text)
 lgPathPrefix = lens _lgPathPrefix (\ s a -> s{_lgPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lgMarker :: Lens' ListGroups (Maybe Text)
 lgMarker = lens _lgMarker (\ s a -> s{_lgMarker = a});
 
@@ -98,7 +99,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lgMaxItems :: Lens' ListGroups (Maybe Natural)
 lgMaxItems = lens _lgMaxItems (\ s a -> s{_lgMaxItems = a}) . mapping _Nat;
 
@@ -176,7 +180,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lgrsIsTruncated :: Lens' ListGroupsResponse (Maybe Bool)
 lgrsIsTruncated = lens _lgrsIsTruncated (\ s a -> s{_lgrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListGroupsForUser.hs b/gen/Network/AWS/IAM/ListGroupsForUser.hs
--- a/gen/Network/AWS/IAM/ListGroupsForUser.hs
+++ b/gen/Network/AWS/IAM/ListGroupsForUser.hs
@@ -79,9 +79,10 @@
     , _lgfuUserName = pUserName_
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lgfuMarker :: Lens' ListGroupsForUser (Maybe Text)
 lgfuMarker = lens _lgfuMarker (\ s a -> s{_lgfuMarker = a});
 
@@ -90,7 +91,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lgfuMaxItems :: Lens' ListGroupsForUser (Maybe Natural)
 lgfuMaxItems = lens _lgfuMaxItems (\ s a -> s{_lgfuMaxItems = a}) . mapping _Nat;
 
@@ -172,7 +176,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lgfursIsTruncated :: Lens' ListGroupsForUserResponse (Maybe Bool)
 lgfursIsTruncated = lens _lgfursIsTruncated (\ s a -> s{_lgfursIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListInstanceProfiles.hs b/gen/Network/AWS/IAM/ListInstanceProfiles.hs
--- a/gen/Network/AWS/IAM/ListInstanceProfiles.hs
+++ b/gen/Network/AWS/IAM/ListInstanceProfiles.hs
@@ -90,9 +90,10 @@
 lipPathPrefix :: Lens' ListInstanceProfiles (Maybe Text)
 lipPathPrefix = lens _lipPathPrefix (\ s a -> s{_lipPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lipMarker :: Lens' ListInstanceProfiles (Maybe Text)
 lipMarker = lens _lipMarker (\ s a -> s{_lipMarker = a});
 
@@ -101,7 +102,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lipMaxItems :: Lens' ListInstanceProfiles (Maybe Natural)
 lipMaxItems = lens _lipMaxItems (\ s a -> s{_lipMaxItems = a}) . mapping _Nat;
 
@@ -180,7 +184,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 liprsIsTruncated :: Lens' ListInstanceProfilesResponse (Maybe Bool)
 liprsIsTruncated = lens _liprsIsTruncated (\ s a -> s{_liprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs b/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs
--- a/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs
+++ b/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs
@@ -82,9 +82,10 @@
     , _lipfrRoleName = pRoleName_
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lipfrMarker :: Lens' ListInstanceProfilesForRole (Maybe Text)
 lipfrMarker = lens _lipfrMarker (\ s a -> s{_lipfrMarker = a});
 
@@ -93,7 +94,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lipfrMaxItems :: Lens' ListInstanceProfilesForRole (Maybe Natural)
 lipfrMaxItems = lens _lipfrMaxItems (\ s a -> s{_lipfrMaxItems = a}) . mapping _Nat;
 
@@ -180,7 +184,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lipfrrsIsTruncated :: Lens' ListInstanceProfilesForRoleResponse (Maybe Bool)
 lipfrrsIsTruncated = lens _lipfrrsIsTruncated (\ s a -> s{_lipfrrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListMFADevices.hs b/gen/Network/AWS/IAM/ListMFADevices.hs
--- a/gen/Network/AWS/IAM/ListMFADevices.hs
+++ b/gen/Network/AWS/IAM/ListMFADevices.hs
@@ -85,9 +85,10 @@
 lmdUserName :: Lens' ListMFADevices (Maybe Text)
 lmdUserName = lens _lmdUserName (\ s a -> s{_lmdUserName = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lmdMarker :: Lens' ListMFADevices (Maybe Text)
 lmdMarker = lens _lmdMarker (\ s a -> s{_lmdMarker = a});
 
@@ -96,7 +97,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lmdMaxItems :: Lens' ListMFADevices (Maybe Natural)
 lmdMaxItems = lens _lmdMaxItems (\ s a -> s{_lmdMaxItems = a}) . mapping _Nat;
 
@@ -174,7 +178,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lmdrsIsTruncated :: Lens' ListMFADevicesResponse (Maybe Bool)
 lmdrsIsTruncated = lens _lmdrsIsTruncated (\ s a -> s{_lmdrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListPolicies.hs b/gen/Network/AWS/IAM/ListPolicies.hs
--- a/gen/Network/AWS/IAM/ListPolicies.hs
+++ b/gen/Network/AWS/IAM/ListPolicies.hs
@@ -32,7 +32,7 @@
 --
 -- For more information about managed policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html AWS API Reference> for ListPolicies.
 --
@@ -114,9 +114,10 @@
 lpOnlyAttached :: Lens' ListPolicies (Maybe Bool)
 lpOnlyAttached = lens _lpOnlyAttached (\ s a -> s{_lpOnlyAttached = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lpMarker :: Lens' ListPolicies (Maybe Text)
 lpMarker = lens _lpMarker (\ s a -> s{_lpMarker = a});
 
@@ -136,7 +137,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lpMaxItems :: Lens' ListPolicies (Maybe Natural)
 lpMaxItems = lens _lpMaxItems (\ s a -> s{_lpMaxItems = a}) . mapping _Nat;
 
@@ -215,7 +219,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lprsIsTruncated :: Lens' ListPoliciesResponse (Maybe Bool)
 lprsIsTruncated = lens _lprsIsTruncated (\ s a -> s{_lprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListPolicyVersions.hs b/gen/Network/AWS/IAM/ListPolicyVersions.hs
--- a/gen/Network/AWS/IAM/ListPolicyVersions.hs
+++ b/gen/Network/AWS/IAM/ListPolicyVersions.hs
@@ -23,7 +23,7 @@
 --
 -- For more information about managed policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicyVersions.html AWS API Reference> for ListPolicyVersions.
 module Network.AWS.IAM.ListPolicyVersions
@@ -78,9 +78,10 @@
     , _lpvPolicyARN = pPolicyARN_
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lpvMarker :: Lens' ListPolicyVersions (Maybe Text)
 lpvMarker = lens _lpvMarker (\ s a -> s{_lpvMarker = a});
 
@@ -89,7 +90,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lpvMaxItems :: Lens' ListPolicyVersions (Maybe Natural)
 lpvMaxItems = lens _lpvMaxItems (\ s a -> s{_lpvMaxItems = a}) . mapping _Nat;
 
@@ -161,7 +165,7 @@
 --
 -- For more information about managed policy versions, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 lpvrsVersions :: Lens' ListPolicyVersionsResponse [PolicyVersion]
 lpvrsVersions = lens _lpvrsVersions (\ s a -> s{_lpvrsVersions = a}) . _Default . _Coerce;
 
@@ -173,7 +177,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lpvrsIsTruncated :: Lens' ListPolicyVersionsResponse (Maybe Bool)
 lpvrsIsTruncated = lens _lpvrsIsTruncated (\ s a -> s{_lpvrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListRolePolicies.hs b/gen/Network/AWS/IAM/ListRolePolicies.hs
--- a/gen/Network/AWS/IAM/ListRolePolicies.hs
+++ b/gen/Network/AWS/IAM/ListRolePolicies.hs
@@ -25,7 +25,7 @@
 -- managed policies that are attached to a role, use
 -- ListAttachedRolePolicies. For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- You can paginate the results using the 'MaxItems' and 'Marker'
 -- parameters. If there are no inline policies embedded with the specified
@@ -87,9 +87,10 @@
     , _lrpRoleName = pRoleName_
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lrpMarker :: Lens' ListRolePolicies (Maybe Text)
 lrpMarker = lens _lrpMarker (\ s a -> s{_lrpMarker = a});
 
@@ -98,7 +99,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lrpMaxItems :: Lens' ListRolePolicies (Maybe Natural)
 lrpMaxItems = lens _lrpMaxItems (\ s a -> s{_lrpMaxItems = a}) . mapping _Nat;
 
@@ -180,7 +184,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lrprsIsTruncated :: Lens' ListRolePoliciesResponse (Maybe Bool)
 lrprsIsTruncated = lens _lrprsIsTruncated (\ s a -> s{_lrprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListRoles.hs b/gen/Network/AWS/IAM/ListRoles.hs
--- a/gen/Network/AWS/IAM/ListRoles.hs
+++ b/gen/Network/AWS/IAM/ListRoles.hs
@@ -90,9 +90,10 @@
 lrPathPrefix :: Lens' ListRoles (Maybe Text)
 lrPathPrefix = lens _lrPathPrefix (\ s a -> s{_lrPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lrMarker :: Lens' ListRoles (Maybe Text)
 lrMarker = lens _lrMarker (\ s a -> s{_lrMarker = a});
 
@@ -101,7 +102,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lrMaxItems :: Lens' ListRoles (Maybe Natural)
 lrMaxItems = lens _lrMaxItems (\ s a -> s{_lrMaxItems = a}) . mapping _Nat;
 
@@ -178,7 +182,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lrrsIsTruncated :: Lens' ListRolesResponse (Maybe Bool)
 lrrsIsTruncated = lens _lrrsIsTruncated (\ s a -> s{_lrrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListSSHPublicKeys.hs b/gen/Network/AWS/IAM/ListSSHPublicKeys.hs
--- a/gen/Network/AWS/IAM/ListSSHPublicKeys.hs
+++ b/gen/Network/AWS/IAM/ListSSHPublicKeys.hs
@@ -89,9 +89,10 @@
 lspkUserName :: Lens' ListSSHPublicKeys (Maybe Text)
 lspkUserName = lens _lspkUserName (\ s a -> s{_lspkUserName = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lspkMarker :: Lens' ListSSHPublicKeys (Maybe Text)
 lspkMarker = lens _lspkMarker (\ s a -> s{_lspkMarker = a});
 
@@ -100,7 +101,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lspkMaxItems :: Lens' ListSSHPublicKeys (Maybe Natural)
 lspkMaxItems = lens _lspkMaxItems (\ s a -> s{_lspkMaxItems = a}) . mapping _Nat;
 
@@ -175,7 +179,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lspkrsIsTruncated :: Lens' ListSSHPublicKeysResponse (Maybe Bool)
 lspkrsIsTruncated = lens _lspkrsIsTruncated (\ s a -> s{_lspkrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListServerCertificates.hs b/gen/Network/AWS/IAM/ListServerCertificates.hs
--- a/gen/Network/AWS/IAM/ListServerCertificates.hs
+++ b/gen/Network/AWS/IAM/ListServerCertificates.hs
@@ -88,9 +88,10 @@
 lscPathPrefix :: Lens' ListServerCertificates (Maybe Text)
 lscPathPrefix = lens _lscPathPrefix (\ s a -> s{_lscPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lscMarker :: Lens' ListServerCertificates (Maybe Text)
 lscMarker = lens _lscMarker (\ s a -> s{_lscMarker = a});
 
@@ -99,7 +100,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lscMaxItems :: Lens' ListServerCertificates (Maybe Natural)
 lscMaxItems = lens _lscMaxItems (\ s a -> s{_lscMaxItems = a}) . mapping _Nat;
 
@@ -179,7 +183,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lscrsIsTruncated :: Lens' ListServerCertificatesResponse (Maybe Bool)
 lscrsIsTruncated = lens _lscrsIsTruncated (\ s a -> s{_lscrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListSigningCertificates.hs b/gen/Network/AWS/IAM/ListSigningCertificates.hs
--- a/gen/Network/AWS/IAM/ListSigningCertificates.hs
+++ b/gen/Network/AWS/IAM/ListSigningCertificates.hs
@@ -90,9 +90,10 @@
 lUserName :: Lens' ListSigningCertificates (Maybe Text)
 lUserName = lens _lUserName (\ s a -> s{_lUserName = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lMarker :: Lens' ListSigningCertificates (Maybe Text)
 lMarker = lens _lMarker (\ s a -> s{_lMarker = a});
 
@@ -101,7 +102,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lMaxItems :: Lens' ListSigningCertificates (Maybe Natural)
 lMaxItems = lens _lMaxItems (\ s a -> s{_lMaxItems = a}) . mapping _Nat;
 
@@ -180,7 +184,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lrsIsTruncated :: Lens' ListSigningCertificatesResponse (Maybe Bool)
 lrsIsTruncated = lens _lrsIsTruncated (\ s a -> s{_lrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListUserPolicies.hs b/gen/Network/AWS/IAM/ListUserPolicies.hs
--- a/gen/Network/AWS/IAM/ListUserPolicies.hs
+++ b/gen/Network/AWS/IAM/ListUserPolicies.hs
@@ -24,7 +24,7 @@
 -- managed policies that are attached to a user, use
 -- ListAttachedUserPolicies. For more information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- You can paginate the results using the 'MaxItems' and 'Marker'
 -- parameters. If there are no inline policies embedded with the specified
@@ -86,9 +86,10 @@
     , _lupUserName = pUserName_
     }
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lupMarker :: Lens' ListUserPolicies (Maybe Text)
 lupMarker = lens _lupMarker (\ s a -> s{_lupMarker = a});
 
@@ -97,7 +98,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lupMaxItems :: Lens' ListUserPolicies (Maybe Natural)
 lupMaxItems = lens _lupMaxItems (\ s a -> s{_lupMaxItems = a}) . mapping _Nat;
 
@@ -179,7 +183,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 luprsIsTruncated :: Lens' ListUserPoliciesResponse (Maybe Bool)
 luprsIsTruncated = lens _luprsIsTruncated (\ s a -> s{_luprsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListUsers.hs b/gen/Network/AWS/IAM/ListUsers.hs
--- a/gen/Network/AWS/IAM/ListUsers.hs
+++ b/gen/Network/AWS/IAM/ListUsers.hs
@@ -89,9 +89,10 @@
 luPathPrefix :: Lens' ListUsers (Maybe Text)
 luPathPrefix = lens _luPathPrefix (\ s a -> s{_luPathPrefix = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 luMarker :: Lens' ListUsers (Maybe Text)
 luMarker = lens _luMarker (\ s a -> s{_luMarker = a});
 
@@ -100,7 +101,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 luMaxItems :: Lens' ListUsers (Maybe Natural)
 luMaxItems = lens _luMaxItems (\ s a -> s{_luMaxItems = a}) . mapping _Nat;
 
@@ -177,7 +181,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lursIsTruncated :: Lens' ListUsersResponse (Maybe Bool)
 lursIsTruncated = lens _lursIsTruncated (\ s a -> s{_lursIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/ListVirtualMFADevices.hs b/gen/Network/AWS/IAM/ListVirtualMFADevices.hs
--- a/gen/Network/AWS/IAM/ListVirtualMFADevices.hs
+++ b/gen/Network/AWS/IAM/ListVirtualMFADevices.hs
@@ -87,9 +87,10 @@
 lvmdAssignmentStatus :: Lens' ListVirtualMFADevices (Maybe AssignmentStatusType)
 lvmdAssignmentStatus = lens _lvmdAssignmentStatus (\ s a -> s{_lvmdAssignmentStatus = a});
 
--- | Use this parameter only when paginating results and only after you have
--- received a response where the results are truncated. Set it to the value
--- of the 'Marker' element in the response you just received.
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
 lvmdMarker :: Lens' ListVirtualMFADevices (Maybe Text)
 lvmdMarker = lens _lvmdMarker (\ s a -> s{_lvmdMarker = a});
 
@@ -98,7 +99,10 @@
 -- maximum you specify, the 'IsTruncated' response element is 'true'.
 --
 -- This parameter is optional. If you do not include it, it defaults to
--- 100.
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
 lvmdMaxItems :: Lens' ListVirtualMFADevices (Maybe Natural)
 lvmdMaxItems = lens _lvmdMaxItems (\ s a -> s{_lvmdMaxItems = a}) . mapping _Nat;
 
@@ -177,7 +181,11 @@
 
 -- | A flag that indicates whether there are more items to return. If your
 -- results were truncated, you can make a subsequent pagination request
--- using the 'Marker' request parameter to retrieve more items.
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
 lvmdrsIsTruncated :: Lens' ListVirtualMFADevicesResponse (Maybe Bool)
 lvmdrsIsTruncated = lens _lvmdrsIsTruncated (\ s a -> s{_lvmdrsIsTruncated = a});
 
diff --git a/gen/Network/AWS/IAM/PutGroupPolicy.hs b/gen/Network/AWS/IAM/PutGroupPolicy.hs
--- a/gen/Network/AWS/IAM/PutGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/PutGroupPolicy.hs
@@ -26,12 +26,12 @@
 -- managed policy, use CreatePolicy. For information about policies, refer
 -- to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- For information about limits on the number of inline policies that you
 -- can embed in a group, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- Because policy documents can be large, you should use POST rather than
 -- GET when calling 'PutGroupPolicy'. For general information about using
diff --git a/gen/Network/AWS/IAM/PutRolePolicy.hs b/gen/Network/AWS/IAM/PutRolePolicy.hs
--- a/gen/Network/AWS/IAM/PutRolePolicy.hs
+++ b/gen/Network/AWS/IAM/PutRolePolicy.hs
@@ -32,12 +32,12 @@
 -- managed policy to a role, use AttachRolePolicy. To create a new managed
 -- policy, use CreatePolicy. For information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- For information about limits on the number of inline policies that you
 -- can embed with a role, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- Because policy documents can be large, you should use POST rather than
 -- GET when calling 'PutRolePolicy'. For general information about using
diff --git a/gen/Network/AWS/IAM/PutUserPolicy.hs b/gen/Network/AWS/IAM/PutUserPolicy.hs
--- a/gen/Network/AWS/IAM/PutUserPolicy.hs
+++ b/gen/Network/AWS/IAM/PutUserPolicy.hs
@@ -25,12 +25,12 @@
 -- managed policy to a user, use AttachUserPolicy. To create a new managed
 -- policy, use CreatePolicy. For information about policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- For information about limits on the number of inline policies that you
 -- can embed in a user, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- Because policy documents can be large, you should use POST rather than
 -- GET when calling 'PutUserPolicy'. For general information about using
diff --git a/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs b/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs
--- a/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs
+++ b/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs
@@ -27,7 +27,7 @@
 --
 -- For information about managed policies, refer to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_SetDefaultPolicyVersion.html AWS API Reference> for SetDefaultPolicyVersion.
 module Network.AWS.IAM.SetDefaultPolicyVersion
@@ -81,7 +81,7 @@
 --
 -- For more information about managed policy versions, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 sdpvVersionId :: Lens' SetDefaultPolicyVersion Text
 sdpvVersionId = lens _sdpvVersionId (\ s a -> s{_sdpvVersionId = a});
 
diff --git a/gen/Network/AWS/IAM/SimulateCustomPolicy.hs b/gen/Network/AWS/IAM/SimulateCustomPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/IAM/SimulateCustomPolicy.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.IAM.SimulateCustomPolicy
+-- Copyright   : (c) 2013-2015 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Simulate a set of IAM policies against a list of API actions and AWS
+-- resources to determine the policies\' effective permissions. The
+-- policies are provided as a list of strings.
+--
+-- The simulation does not perform the API actions, it only checks the
+-- authorization to determine if the simulated policies allow or deny the
+-- actions.
+--
+-- If you want to simulate existing policies attached to an IAM user,
+-- group, or role, use SimulatePrincipalPolicy instead.
+--
+-- Context keys are variables maintained by AWS and its services that
+-- provide details about the context of an API query request, and can be
+-- evaluated by using the 'Condition' element of an IAM policy. To get the
+-- list of context keys required by the policies to simulate them
+-- correctly, use GetContextKeysForCustomPolicy.
+--
+-- If the output is long, you can paginate the results using the 'MaxItems'
+-- and 'Marker' parameters.
+--
+-- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html AWS API Reference> for SimulateCustomPolicy.
+module Network.AWS.IAM.SimulateCustomPolicy
+    (
+    -- * Creating a Request
+      simulateCustomPolicy
+    , SimulateCustomPolicy
+    -- * Request Lenses
+    , scpResourceARNs
+    , scpMarker
+    , scpMaxItems
+    , scpContextEntries
+    , scpPolicyInputList
+    , scpActionNames
+
+    -- * Destructuring the Response
+    , simulatePolicyResponse
+    , SimulatePolicyResponse
+    -- * Response Lenses
+    , spEvaluationResults
+    , spMarker
+    , spIsTruncated
+    ) where
+
+import           Network.AWS.IAM.Types
+import           Network.AWS.IAM.Types.Product
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | /See:/ 'simulateCustomPolicy' smart constructor.
+data SimulateCustomPolicy = SimulateCustomPolicy'
+    { _scpResourceARNs    :: !(Maybe [Text])
+    , _scpMarker          :: !(Maybe Text)
+    , _scpMaxItems        :: !(Maybe Nat)
+    , _scpContextEntries  :: !(Maybe [ContextEntry])
+    , _scpPolicyInputList :: ![Text]
+    , _scpActionNames     :: ![Text]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SimulateCustomPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'scpResourceARNs'
+--
+-- * 'scpMarker'
+--
+-- * 'scpMaxItems'
+--
+-- * 'scpContextEntries'
+--
+-- * 'scpPolicyInputList'
+--
+-- * 'scpActionNames'
+simulateCustomPolicy
+    :: SimulateCustomPolicy
+simulateCustomPolicy =
+    SimulateCustomPolicy'
+    { _scpResourceARNs = Nothing
+    , _scpMarker = Nothing
+    , _scpMaxItems = Nothing
+    , _scpContextEntries = Nothing
+    , _scpPolicyInputList = mempty
+    , _scpActionNames = mempty
+    }
+
+-- | A list of ARNs of AWS resources to include in the simulation. If this
+-- parameter is not provided then the value defaults to '*' (all
+-- resources). Each API in the 'ActionNames' parameter is evaluated for
+-- each resource in this list. The simulation determines the access result
+-- (allowed or denied) of each combination and reports it in the response.
+scpResourceARNs :: Lens' SimulateCustomPolicy [Text]
+scpResourceARNs = lens _scpResourceARNs (\ s a -> s{_scpResourceARNs = a}) . _Default . _Coerce;
+
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
+scpMarker :: Lens' SimulateCustomPolicy (Maybe Text)
+scpMarker = lens _scpMarker (\ s a -> s{_scpMarker = a});
+
+-- | Use this only when paginating results to indicate the maximum number of
+-- items you want in the response. If there are additional items beyond the
+-- maximum you specify, the 'IsTruncated' response element is 'true'.
+--
+-- This parameter is optional. If you do not include it, it defaults to
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
+scpMaxItems :: Lens' SimulateCustomPolicy (Maybe Natural)
+scpMaxItems = lens _scpMaxItems (\ s a -> s{_scpMaxItems = a}) . mapping _Nat;
+
+-- | A list of context keys and corresponding values that are used by the
+-- simulation. Whenever a context key is evaluated by a 'Condition' element
+-- in one of the simulated IAM permission policies, the corresponding value
+-- is supplied.
+scpContextEntries :: Lens' SimulateCustomPolicy [ContextEntry]
+scpContextEntries = lens _scpContextEntries (\ s a -> s{_scpContextEntries = a}) . _Default . _Coerce;
+
+-- | A list of policy documents to include in the simulation. Each document
+-- is specified as a string containing the complete, valid JSON text of an
+-- IAM policy.
+scpPolicyInputList :: Lens' SimulateCustomPolicy [Text]
+scpPolicyInputList = lens _scpPolicyInputList (\ s a -> s{_scpPolicyInputList = a}) . _Coerce;
+
+-- | A list of names of API actions to evaluate in the simulation. Each
+-- action is evaluated for each resource. Each action must include the
+-- service identifier, such as 'iam:CreateUser'.
+scpActionNames :: Lens' SimulateCustomPolicy [Text]
+scpActionNames = lens _scpActionNames (\ s a -> s{_scpActionNames = a}) . _Coerce;
+
+instance AWSRequest SimulateCustomPolicy where
+        type Rs SimulateCustomPolicy = SimulatePolicyResponse
+        request = postQuery iAM
+        response
+          = receiveXMLWrapper "SimulateCustomPolicyResult"
+              (\ s h x -> parseXML x)
+
+instance ToHeaders SimulateCustomPolicy where
+        toHeaders = const mempty
+
+instance ToPath SimulateCustomPolicy where
+        toPath = const "/"
+
+instance ToQuery SimulateCustomPolicy where
+        toQuery SimulateCustomPolicy'{..}
+          = mconcat
+              ["Action" =: ("SimulateCustomPolicy" :: ByteString),
+               "Version" =: ("2010-05-08" :: ByteString),
+               "ResourceArns" =:
+                 toQuery (toQueryList "member" <$> _scpResourceARNs),
+               "Marker" =: _scpMarker, "MaxItems" =: _scpMaxItems,
+               "ContextEntries" =:
+                 toQuery
+                   (toQueryList "member" <$> _scpContextEntries),
+               "PolicyInputList" =:
+                 toQueryList "member" _scpPolicyInputList,
+               "ActionNames" =:
+                 toQueryList "member" _scpActionNames]
diff --git a/gen/Network/AWS/IAM/SimulatePrincipalPolicy.hs b/gen/Network/AWS/IAM/SimulatePrincipalPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/IAM/SimulatePrincipalPolicy.hs
@@ -0,0 +1,207 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.IAM.SimulatePrincipalPolicy
+-- Copyright   : (c) 2013-2015 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Simulate the set of IAM policies attached to an IAM entity against a
+-- list of API actions and AWS resources to determine the policies\'
+-- effective permissions. The entity can be an IAM user, group, or role. If
+-- you specify a user, then the simulation also includes all of the
+-- policies attached to groups that the user is a member of.
+--
+-- You can optionally include a list of one or more additional policies
+-- specified as strings to include in the simulation. If you want to
+-- simulate only policies specified as strings, use SimulateCustomPolicy
+-- instead.
+--
+-- The simulation does not perform the API actions, it only checks the
+-- authorization to determine if the simulated policies allow or deny the
+-- actions.
+--
+-- __Note:__ This API discloses information about the permissions granted
+-- to other users. If you do not want users to see other user\'s
+-- permissions, then consider allowing them to use SimulateCustomPolicy
+-- instead.
+--
+-- Context keys are variables maintained by AWS and its services that
+-- provide details about the context of an API query request, and can be
+-- evaluated by using the 'Condition' element of an IAM policy. To get the
+-- list of context keys required by the policies to simulate them
+-- correctly, use GetContextKeysForPrincipalPolicy.
+--
+-- If the output is long, you can paginate the results using the 'MaxItems'
+-- and 'Marker' parameters.
+--
+-- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html AWS API Reference> for SimulatePrincipalPolicy.
+module Network.AWS.IAM.SimulatePrincipalPolicy
+    (
+    -- * Creating a Request
+      simulatePrincipalPolicy
+    , SimulatePrincipalPolicy
+    -- * Request Lenses
+    , sppPolicyInputList
+    , sppResourceARNs
+    , sppMarker
+    , sppMaxItems
+    , sppContextEntries
+    , sppPolicySourceARN
+    , sppActionNames
+
+    -- * Destructuring the Response
+    , simulatePolicyResponse
+    , SimulatePolicyResponse
+    -- * Response Lenses
+    , spEvaluationResults
+    , spMarker
+    , spIsTruncated
+    ) where
+
+import           Network.AWS.IAM.Types
+import           Network.AWS.IAM.Types.Product
+import           Network.AWS.Prelude
+import           Network.AWS.Request
+import           Network.AWS.Response
+
+-- | /See:/ 'simulatePrincipalPolicy' smart constructor.
+data SimulatePrincipalPolicy = SimulatePrincipalPolicy'
+    { _sppPolicyInputList :: !(Maybe [Text])
+    , _sppResourceARNs    :: !(Maybe [Text])
+    , _sppMarker          :: !(Maybe Text)
+    , _sppMaxItems        :: !(Maybe Nat)
+    , _sppContextEntries  :: !(Maybe [ContextEntry])
+    , _sppPolicySourceARN :: !Text
+    , _sppActionNames     :: ![Text]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SimulatePrincipalPolicy' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'sppPolicyInputList'
+--
+-- * 'sppResourceARNs'
+--
+-- * 'sppMarker'
+--
+-- * 'sppMaxItems'
+--
+-- * 'sppContextEntries'
+--
+-- * 'sppPolicySourceARN'
+--
+-- * 'sppActionNames'
+simulatePrincipalPolicy
+    :: Text -- ^ 'sppPolicySourceARN'
+    -> SimulatePrincipalPolicy
+simulatePrincipalPolicy pPolicySourceARN_ =
+    SimulatePrincipalPolicy'
+    { _sppPolicyInputList = Nothing
+    , _sppResourceARNs = Nothing
+    , _sppMarker = Nothing
+    , _sppMaxItems = Nothing
+    , _sppContextEntries = Nothing
+    , _sppPolicySourceARN = pPolicySourceARN_
+    , _sppActionNames = mempty
+    }
+
+-- | An optional list of additional policy documents to include in the
+-- simulation. Each document is specified as a string containing the
+-- complete, valid JSON text of an IAM policy.
+sppPolicyInputList :: Lens' SimulatePrincipalPolicy [Text]
+sppPolicyInputList = lens _sppPolicyInputList (\ s a -> s{_sppPolicyInputList = a}) . _Default . _Coerce;
+
+-- | A list of ARNs of AWS resources to include in the simulation. If this
+-- parameter is not provided then the value defaults to '*' (all
+-- resources). Each API in the 'ActionNames' parameter is evaluated for
+-- each resource in this list. The simulation determines the access result
+-- (allowed or denied) of each combination and reports it in the response.
+sppResourceARNs :: Lens' SimulatePrincipalPolicy [Text]
+sppResourceARNs = lens _sppResourceARNs (\ s a -> s{_sppResourceARNs = a}) . _Default . _Coerce;
+
+-- | Use this parameter only when paginating results and only after you
+-- receive a response indicating that the results are truncated. Set it to
+-- the value of the 'Marker' element in the response you received to inform
+-- the next call about where to start.
+sppMarker :: Lens' SimulatePrincipalPolicy (Maybe Text)
+sppMarker = lens _sppMarker (\ s a -> s{_sppMarker = a});
+
+-- | Use this only when paginating results to indicate the maximum number of
+-- items you want in the response. If there are additional items beyond the
+-- maximum you specify, the 'IsTruncated' response element is 'true'.
+--
+-- This parameter is optional. If you do not include it, it defaults to
+-- 100. Note that IAM might return fewer results, even when there are more
+-- results available. If this is the case, the 'IsTruncated' response
+-- element returns 'true' and 'Marker' contains a value to include in the
+-- subsequent call that tells the service where to continue from.
+sppMaxItems :: Lens' SimulatePrincipalPolicy (Maybe Natural)
+sppMaxItems = lens _sppMaxItems (\ s a -> s{_sppMaxItems = a}) . mapping _Nat;
+
+-- | A list of context keys and corresponding values that are used by the
+-- simulation. Whenever a context key is evaluated by a 'Condition' element
+-- in one of the simulated IAM permission policies, the corresponding value
+-- is supplied.
+sppContextEntries :: Lens' SimulatePrincipalPolicy [ContextEntry]
+sppContextEntries = lens _sppContextEntries (\ s a -> s{_sppContextEntries = a}) . _Default . _Coerce;
+
+-- | The Amazon Resource Name (ARN) of a user, group, or role whose policies
+-- you want to include in the simulation. If you specify a user, group, or
+-- role, the simulation includes all policies associated with that entity.
+-- If you specify a user, the simulation also includes all policies
+-- attached to any groups the user is a member of.
+sppPolicySourceARN :: Lens' SimulatePrincipalPolicy Text
+sppPolicySourceARN = lens _sppPolicySourceARN (\ s a -> s{_sppPolicySourceARN = a});
+
+-- | A list of names of API actions to evaluate in the simulation. Each
+-- action is evaluated for each resource. Each action must include the
+-- service identifier, such as 'iam:CreateUser'.
+sppActionNames :: Lens' SimulatePrincipalPolicy [Text]
+sppActionNames = lens _sppActionNames (\ s a -> s{_sppActionNames = a}) . _Coerce;
+
+instance AWSRequest SimulatePrincipalPolicy where
+        type Rs SimulatePrincipalPolicy =
+             SimulatePolicyResponse
+        request = postQuery iAM
+        response
+          = receiveXMLWrapper "SimulatePrincipalPolicyResult"
+              (\ s h x -> parseXML x)
+
+instance ToHeaders SimulatePrincipalPolicy where
+        toHeaders = const mempty
+
+instance ToPath SimulatePrincipalPolicy where
+        toPath = const "/"
+
+instance ToQuery SimulatePrincipalPolicy where
+        toQuery SimulatePrincipalPolicy'{..}
+          = mconcat
+              ["Action" =:
+                 ("SimulatePrincipalPolicy" :: ByteString),
+               "Version" =: ("2010-05-08" :: ByteString),
+               "PolicyInputList" =:
+                 toQuery
+                   (toQueryList "member" <$> _sppPolicyInputList),
+               "ResourceArns" =:
+                 toQuery (toQueryList "member" <$> _sppResourceARNs),
+               "Marker" =: _sppMarker, "MaxItems" =: _sppMaxItems,
+               "ContextEntries" =:
+                 toQuery
+                   (toQueryList "member" <$> _sppContextEntries),
+               "PolicySourceArn" =: _sppPolicySourceARN,
+               "ActionNames" =:
+                 toQueryList "member" _sppActionNames]
diff --git a/gen/Network/AWS/IAM/Types.hs b/gen/Network/AWS/IAM/Types.hs
--- a/gen/Network/AWS/IAM/Types.hs
+++ b/gen/Network/AWS/IAM/Types.hs
@@ -35,21 +35,31 @@
     , _EntityTemporarilyUnmodifiableException
     , _DuplicateSSHPublicKeyException
     , _KeyPairMismatchException
+    , _PolicyEvaluationException
     , _PasswordPolicyViolationException
     , _LimitExceededException
 
     -- * AssignmentStatusType
     , AssignmentStatusType (..)
 
+    -- * ContextKeyTypeEnum
+    , ContextKeyTypeEnum (..)
+
     -- * EncodingType
     , EncodingType (..)
 
     -- * EntityType
     , EntityType (..)
 
+    -- * PolicyEvaluationDecisionType
+    , PolicyEvaluationDecisionType (..)
+
     -- * PolicyScopeType
     , PolicyScopeType (..)
 
+    -- * PolicySourceType
+    , PolicySourceType (..)
+
     -- * ReportFormatType
     , ReportFormatType (..)
 
@@ -92,6 +102,27 @@
     , apPolicyName
     , apPolicyARN
 
+    -- * ContextEntry
+    , ContextEntry
+    , contextEntry
+    , ceContextKeyValues
+    , ceContextKeyName
+    , ceContextKeyType
+
+    -- * EvaluationResult
+    , EvaluationResult
+    , evaluationResult
+    , erMatchedStatements
+    , erMissingContextValues
+    , erEvalActionName
+    , erEvalResourceName
+    , erEvalDecision
+
+    -- * GetContextKeysForPolicyResponse
+    , GetContextKeysForPolicyResponse
+    , getContextKeysForPolicyResponse
+    , gckfpContextKeyNames
+
     -- * Group
     , Group
     , group'
@@ -213,6 +244,12 @@
     , pvDocument
     , pvIsDefaultVersion
 
+    -- * Position
+    , Position
+    , position
+    , pLine
+    , pColumn
+
     -- * Role
     , Role
     , role
@@ -287,6 +324,21 @@
     , scCertificateBody
     , scStatus
 
+    -- * SimulatePolicyResponse
+    , SimulatePolicyResponse
+    , simulatePolicyResponse
+    , spEvaluationResults
+    , spMarker
+    , spIsTruncated
+
+    -- * Statement
+    , Statement
+    , statement
+    , sSourcePolicyType
+    , sSourcePolicyId
+    , sEndPosition
+    , sStartPosition
+
     -- * User
     , User
     , user
@@ -390,7 +442,7 @@
 -- GenerateCredentialReport. For more information about credential report
 -- expiration, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Getting Credential Reports>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 _CredentialReportExpiredException :: AsError a => Getting (First ServiceError) a ServiceError
 _CredentialReportExpiredException =
     _ServiceError . hasStatus 410 . hasCode "ReportExpired"
@@ -473,6 +525,13 @@
 _KeyPairMismatchException :: AsError a => Getting (First ServiceError) a ServiceError
 _KeyPairMismatchException =
     _ServiceError . hasStatus 400 . hasCode "KeyPairMismatch"
+
+-- | The request failed because a provided policy could not be successfully
+-- evaluated. An additional detail message indicates the source of the
+-- failure.
+_PolicyEvaluationException :: AsError a => Getting (First ServiceError) a ServiceError
+_PolicyEvaluationException =
+    _ServiceError . hasStatus 500 . hasCode "PolicyEvaluation"
 
 -- | The request was rejected because the provided password did not meet the
 -- requirements imposed by the account password policy.
diff --git a/gen/Network/AWS/IAM/Types/Product.hs b/gen/Network/AWS/IAM/Types/Product.hs
--- a/gen/Network/AWS/IAM/Types/Product.hs
+++ b/gen/Network/AWS/IAM/Types/Product.hs
@@ -281,6 +281,179 @@
           = AttachedPolicy' <$>
               (x .@? "PolicyName") <*> (x .@? "PolicyArn")
 
+-- | Contains information about a condition context key. It includes the name
+-- of the key and specifies the value (or values, if the context key
+-- supports multiple values) to use in the simulation. This information is
+-- used when evaluating the 'Condition' elements of the input policies.
+--
+-- This data type is used as an input parameter to 'SimulatePolicy'.
+--
+-- /See:/ 'contextEntry' smart constructor.
+data ContextEntry = ContextEntry'
+    { _ceContextKeyValues :: !(Maybe [Text])
+    , _ceContextKeyName   :: !(Maybe Text)
+    , _ceContextKeyType   :: !(Maybe ContextKeyTypeEnum)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'ContextEntry' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'ceContextKeyValues'
+--
+-- * 'ceContextKeyName'
+--
+-- * 'ceContextKeyType'
+contextEntry
+    :: ContextEntry
+contextEntry =
+    ContextEntry'
+    { _ceContextKeyValues = Nothing
+    , _ceContextKeyName = Nothing
+    , _ceContextKeyType = Nothing
+    }
+
+-- | The value (or values, if the condition context key supports multiple
+-- values) to provide to the simulation for use when the key is referenced
+-- by a 'Condition' element in an input policy.
+ceContextKeyValues :: Lens' ContextEntry [Text]
+ceContextKeyValues = lens _ceContextKeyValues (\ s a -> s{_ceContextKeyValues = a}) . _Default . _Coerce;
+
+-- | The full name of a condition context key, including the service prefix.
+-- For example, 'aws:SourceIp' or 's3:VersionId'.
+ceContextKeyName :: Lens' ContextEntry (Maybe Text)
+ceContextKeyName = lens _ceContextKeyName (\ s a -> s{_ceContextKeyName = a});
+
+-- | The data type of the value (or values) specified in the
+-- 'ContextKeyValues' parameter.
+ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)
+ceContextKeyType = lens _ceContextKeyType (\ s a -> s{_ceContextKeyType = a});
+
+instance ToQuery ContextEntry where
+        toQuery ContextEntry'{..}
+          = mconcat
+              ["ContextKeyValues" =:
+                 toQuery
+                   (toQueryList "member" <$> _ceContextKeyValues),
+               "ContextKeyName" =: _ceContextKeyName,
+               "ContextKeyType" =: _ceContextKeyType]
+
+-- | Contains the results of a simulation.
+--
+-- This data type is used by the return parameter of 'SimulatePolicy'.
+--
+-- /See:/ 'evaluationResult' smart constructor.
+data EvaluationResult = EvaluationResult'
+    { _erMatchedStatements    :: !(Maybe [Statement])
+    , _erMissingContextValues :: !(Maybe [Text])
+    , _erEvalActionName       :: !Text
+    , _erEvalResourceName     :: !Text
+    , _erEvalDecision         :: !PolicyEvaluationDecisionType
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'EvaluationResult' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'erMatchedStatements'
+--
+-- * 'erMissingContextValues'
+--
+-- * 'erEvalActionName'
+--
+-- * 'erEvalResourceName'
+--
+-- * 'erEvalDecision'
+evaluationResult
+    :: Text -- ^ 'erEvalActionName'
+    -> Text -- ^ 'erEvalResourceName'
+    -> PolicyEvaluationDecisionType -- ^ 'erEvalDecision'
+    -> EvaluationResult
+evaluationResult pEvalActionName_ pEvalResourceName_ pEvalDecision_ =
+    EvaluationResult'
+    { _erMatchedStatements = Nothing
+    , _erMissingContextValues = Nothing
+    , _erEvalActionName = pEvalActionName_
+    , _erEvalResourceName = pEvalResourceName_
+    , _erEvalDecision = pEvalDecision_
+    }
+
+-- | A list of the statements in the input policies that determine the result
+-- for this scenario. Remember that even if multiple statements allow the
+-- action on the resource, if only one statement denies that action, then
+-- the explicit deny overrides any allow, and the deny statement is the
+-- only entry included in the result.
+erMatchedStatements :: Lens' EvaluationResult [Statement]
+erMatchedStatements = lens _erMatchedStatements (\ s a -> s{_erMatchedStatements = a}) . _Default . _Coerce;
+
+-- | A list of context keys that are required by the included input policies
+-- but that were not provided by one of the input parameters. To discover
+-- the context keys used by a set of policies, you can call
+-- GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.
+--
+-- If the response includes any keys in this list, then the reported
+-- results might be untrustworthy because the simulation could not
+-- completely evaluate all of the conditions specified in the policies that
+-- would occur in a real world request.
+erMissingContextValues :: Lens' EvaluationResult [Text]
+erMissingContextValues = lens _erMissingContextValues (\ s a -> s{_erMissingContextValues = a}) . _Default . _Coerce;
+
+-- | The name of the API action tested on the indicated resource.
+erEvalActionName :: Lens' EvaluationResult Text
+erEvalActionName = lens _erEvalActionName (\ s a -> s{_erEvalActionName = a});
+
+-- | The ARN of the resource that the indicated API action was tested on.
+erEvalResourceName :: Lens' EvaluationResult Text
+erEvalResourceName = lens _erEvalResourceName (\ s a -> s{_erEvalResourceName = a});
+
+-- | The result of the simulation.
+erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
+erEvalDecision = lens _erEvalDecision (\ s a -> s{_erEvalDecision = a});
+
+instance FromXML EvaluationResult where
+        parseXML x
+          = EvaluationResult' <$>
+              (x .@? "MatchedStatements" .!@ mempty >>=
+                 may (parseXMLList "member"))
+                <*>
+                (x .@? "MissingContextValues" .!@ mempty >>=
+                   may (parseXMLList "member"))
+                <*> (x .@ "EvalActionName")
+                <*> (x .@ "EvalResourceName")
+                <*> (x .@ "EvalDecision")
+
+-- | Contains the response to a successful GetContextKeysForPrincipalPolicy
+-- or GetContextKeysForCustomPolicy request.
+--
+-- /See:/ 'getContextKeysForPolicyResponse' smart constructor.
+newtype GetContextKeysForPolicyResponse = GetContextKeysForPolicyResponse'
+    { _gckfpContextKeyNames :: Maybe [Text]
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'GetContextKeysForPolicyResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'gckfpContextKeyNames'
+getContextKeysForPolicyResponse
+    :: GetContextKeysForPolicyResponse
+getContextKeysForPolicyResponse =
+    GetContextKeysForPolicyResponse'
+    { _gckfpContextKeyNames = Nothing
+    }
+
+-- | The list of context keys that are used in the 'Condition' elements of
+-- the input policies.
+gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
+gckfpContextKeyNames = lens _gckfpContextKeyNames (\ s a -> s{_gckfpContextKeyNames = a}) . _Default . _Coerce;
+
+instance FromXML GetContextKeysForPolicyResponse
+         where
+        parseXML x
+          = GetContextKeysForPolicyResponse' <$>
+              (x .@? "ContextKeyNames" .!@ mempty >>=
+                 may (parseXMLList "member"))
+
 -- | Contains information about an IAM group entity.
 --
 -- This data type is used as a response element in the following actions:
@@ -1307,6 +1480,45 @@
                 (x .@? "Document")
                 <*> (x .@? "IsDefaultVersion")
 
+-- | Contains the row and column of a location of a 'Statement' element in a
+-- policy document.
+--
+-- This data type is used as a member of the 'Statement' type.
+--
+-- /See:/ 'position' smart constructor.
+data Position = Position'
+    { _pLine   :: !(Maybe Int)
+    , _pColumn :: !(Maybe Int)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Position' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'pLine'
+--
+-- * 'pColumn'
+position
+    :: Position
+position =
+    Position'
+    { _pLine = Nothing
+    , _pColumn = Nothing
+    }
+
+-- | The line containing the specified position in the document.
+pLine :: Lens' Position (Maybe Int)
+pLine = lens _pLine (\ s a -> s{_pLine = a});
+
+-- | The column in the line containing the specified position in the
+-- document.
+pColumn :: Lens' Position (Maybe Int)
+pColumn = lens _pColumn (\ s a -> s{_pColumn = a});
+
+instance FromXML Position where
+        parseXML x
+          = Position' <$> (x .@? "Line") <*> (x .@? "Column")
+
 -- | Contains information about an IAM role.
 --
 -- This data type is used as a response element in the following actions:
@@ -1927,6 +2139,121 @@
                 (x .@ "CertificateId")
                 <*> (x .@ "CertificateBody")
                 <*> (x .@ "Status")
+
+-- | Contains the response to a successful SimulatePrincipalPolicy or
+-- SimulateCustomPolicy request.
+--
+-- /See:/ 'simulatePolicyResponse' smart constructor.
+data SimulatePolicyResponse = SimulatePolicyResponse'
+    { _spEvaluationResults :: !(Maybe [EvaluationResult])
+    , _spMarker            :: !(Maybe Text)
+    , _spIsTruncated       :: !(Maybe Bool)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'SimulatePolicyResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'spEvaluationResults'
+--
+-- * 'spMarker'
+--
+-- * 'spIsTruncated'
+simulatePolicyResponse
+    :: SimulatePolicyResponse
+simulatePolicyResponse =
+    SimulatePolicyResponse'
+    { _spEvaluationResults = Nothing
+    , _spMarker = Nothing
+    , _spIsTruncated = Nothing
+    }
+
+-- | The results of the simulation.
+spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]
+spEvaluationResults = lens _spEvaluationResults (\ s a -> s{_spEvaluationResults = a}) . _Default . _Coerce;
+
+-- | When 'IsTruncated' is 'true', this element is present and contains the
+-- value to use for the 'Marker' parameter in a subsequent pagination
+-- request.
+spMarker :: Lens' SimulatePolicyResponse (Maybe Text)
+spMarker = lens _spMarker (\ s a -> s{_spMarker = a});
+
+-- | A flag that indicates whether there are more items to return. If your
+-- results were truncated, you can make a subsequent pagination request
+-- using the 'Marker' request parameter to retrieve more items. Note that
+-- IAM might return fewer than the 'MaxItems' number of results even when
+-- there are more results available. We recommend that you check
+-- 'IsTruncated' after every call to ensure that you receive all of your
+-- results.
+spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
+spIsTruncated = lens _spIsTruncated (\ s a -> s{_spIsTruncated = a});
+
+instance FromXML SimulatePolicyResponse where
+        parseXML x
+          = SimulatePolicyResponse' <$>
+              (x .@? "EvaluationResults" .!@ mempty >>=
+                 may (parseXMLList "member"))
+                <*> (x .@? "Marker")
+                <*> (x .@? "IsTruncated")
+
+-- | Contains a reference to a 'Statement' element in a policy document that
+-- determines the result of the simulation.
+--
+-- This data type is used by the 'MatchedStatements' member of the
+-- 'EvaluationResult' type.
+--
+-- /See:/ 'statement' smart constructor.
+data Statement = Statement'
+    { _sSourcePolicyType :: !(Maybe PolicySourceType)
+    , _sSourcePolicyId   :: !(Maybe Text)
+    , _sEndPosition      :: !(Maybe Position)
+    , _sStartPosition    :: !(Maybe Position)
+    } deriving (Eq,Read,Show,Data,Typeable,Generic)
+
+-- | Creates a value of 'Statement' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'sSourcePolicyType'
+--
+-- * 'sSourcePolicyId'
+--
+-- * 'sEndPosition'
+--
+-- * 'sStartPosition'
+statement
+    :: Statement
+statement =
+    Statement'
+    { _sSourcePolicyType = Nothing
+    , _sSourcePolicyId = Nothing
+    , _sEndPosition = Nothing
+    , _sStartPosition = Nothing
+    }
+
+-- | The type of the policy.
+sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)
+sSourcePolicyType = lens _sSourcePolicyType (\ s a -> s{_sSourcePolicyType = a});
+
+-- | The identifier of the policy that was provided as an input.
+sSourcePolicyId :: Lens' Statement (Maybe Text)
+sSourcePolicyId = lens _sSourcePolicyId (\ s a -> s{_sSourcePolicyId = a});
+
+-- | The row and column of the end of a 'Statement' in an IAM policy.
+sEndPosition :: Lens' Statement (Maybe Position)
+sEndPosition = lens _sEndPosition (\ s a -> s{_sEndPosition = a});
+
+-- | The row and column of the beginning of the 'Statement' in an IAM policy.
+sStartPosition :: Lens' Statement (Maybe Position)
+sStartPosition = lens _sStartPosition (\ s a -> s{_sStartPosition = a});
+
+instance FromXML Statement where
+        parseXML x
+          = Statement' <$>
+              (x .@? "SourcePolicyType") <*>
+                (x .@? "SourcePolicyId")
+                <*> (x .@? "EndPosition")
+                <*> (x .@? "StartPosition")
 
 -- | Contains information about an IAM user entity.
 --
diff --git a/gen/Network/AWS/IAM/Types/Sum.hs b/gen/Network/AWS/IAM/Types/Sum.hs
--- a/gen/Network/AWS/IAM/Types/Sum.hs
+++ b/gen/Network/AWS/IAM/Types/Sum.hs
@@ -44,6 +44,58 @@
 instance ToQuery      AssignmentStatusType
 instance ToHeader     AssignmentStatusType
 
+data ContextKeyTypeEnum
+    = Binary
+    | BinaryList
+    | Boolean
+    | BooleanList
+    | Date
+    | DateList
+    | IP
+    | IPList
+    | Numeric
+    | NumericList
+    | String
+    | StringList
+    deriving (Eq,Ord,Read,Show,Enum,Data,Typeable,Generic)
+
+instance FromText ContextKeyTypeEnum where
+    parser = takeLowerText >>= \case
+        "binary" -> pure Binary
+        "binarylist" -> pure BinaryList
+        "boolean" -> pure Boolean
+        "booleanlist" -> pure BooleanList
+        "date" -> pure Date
+        "datelist" -> pure DateList
+        "ip" -> pure IP
+        "iplist" -> pure IPList
+        "numeric" -> pure Numeric
+        "numericlist" -> pure NumericList
+        "string" -> pure String
+        "stringlist" -> pure StringList
+        e -> fromTextError $ "Failure parsing ContextKeyTypeEnum from value: '" <> e
+           <> "'. Accepted values: binary, binaryList, boolean, booleanList, date, dateList, ip, ipList, numeric, numericList, string, stringList"
+
+instance ToText ContextKeyTypeEnum where
+    toText = \case
+        Binary -> "binary"
+        BinaryList -> "binaryList"
+        Boolean -> "boolean"
+        BooleanList -> "booleanList"
+        Date -> "date"
+        DateList -> "dateList"
+        IP -> "ip"
+        IPList -> "ipList"
+        Numeric -> "numeric"
+        NumericList -> "numericList"
+        String -> "string"
+        StringList -> "stringList"
+
+instance Hashable     ContextKeyTypeEnum
+instance ToByteString ContextKeyTypeEnum
+instance ToQuery      ContextKeyTypeEnum
+instance ToHeader     ContextKeyTypeEnum
+
 data EncodingType
     = Pem
     | SSH
@@ -67,36 +119,64 @@
 instance ToHeader     EncodingType
 
 data EntityType
-    = AWSManagedPolicy
-    | Group
-    | LocalManagedPolicy
-    | Role
-    | User
+    = ETAWSManagedPolicy
+    | ETGroup
+    | ETLocalManagedPolicy
+    | ETRole
+    | ETUser
     deriving (Eq,Ord,Read,Show,Enum,Data,Typeable,Generic)
 
 instance FromText EntityType where
     parser = takeLowerText >>= \case
-        "awsmanagedpolicy" -> pure AWSManagedPolicy
-        "group" -> pure Group
-        "localmanagedpolicy" -> pure LocalManagedPolicy
-        "role" -> pure Role
-        "user" -> pure User
+        "awsmanagedpolicy" -> pure ETAWSManagedPolicy
+        "group" -> pure ETGroup
+        "localmanagedpolicy" -> pure ETLocalManagedPolicy
+        "role" -> pure ETRole
+        "user" -> pure ETUser
         e -> fromTextError $ "Failure parsing EntityType from value: '" <> e
            <> "'. Accepted values: AWSManagedPolicy, Group, LocalManagedPolicy, Role, User"
 
 instance ToText EntityType where
     toText = \case
-        AWSManagedPolicy -> "AWSManagedPolicy"
-        Group -> "Group"
-        LocalManagedPolicy -> "LocalManagedPolicy"
-        Role -> "Role"
-        User -> "User"
+        ETAWSManagedPolicy -> "AWSManagedPolicy"
+        ETGroup -> "Group"
+        ETLocalManagedPolicy -> "LocalManagedPolicy"
+        ETRole -> "Role"
+        ETUser -> "User"
 
 instance Hashable     EntityType
 instance ToByteString EntityType
 instance ToQuery      EntityType
 instance ToHeader     EntityType
 
+data PolicyEvaluationDecisionType
+    = Allowed
+    | ExplicitDeny
+    | ImplicitDeny
+    deriving (Eq,Ord,Read,Show,Enum,Data,Typeable,Generic)
+
+instance FromText PolicyEvaluationDecisionType where
+    parser = takeLowerText >>= \case
+        "allowed" -> pure Allowed
+        "explicitdeny" -> pure ExplicitDeny
+        "implicitdeny" -> pure ImplicitDeny
+        e -> fromTextError $ "Failure parsing PolicyEvaluationDecisionType from value: '" <> e
+           <> "'. Accepted values: allowed, explicitDeny, implicitDeny"
+
+instance ToText PolicyEvaluationDecisionType where
+    toText = \case
+        Allowed -> "allowed"
+        ExplicitDeny -> "explicitDeny"
+        ImplicitDeny -> "implicitDeny"
+
+instance Hashable     PolicyEvaluationDecisionType
+instance ToByteString PolicyEvaluationDecisionType
+instance ToQuery      PolicyEvaluationDecisionType
+instance ToHeader     PolicyEvaluationDecisionType
+
+instance FromXML PolicyEvaluationDecisionType where
+    parseXML = parseXMLText "PolicyEvaluationDecisionType"
+
 data PolicyScopeType
     = AWS
     | All
@@ -121,6 +201,43 @@
 instance ToByteString PolicyScopeType
 instance ToQuery      PolicyScopeType
 instance ToHeader     PolicyScopeType
+
+data PolicySourceType
+    = AWSManaged
+    | Group
+    | None
+    | Role
+    | User
+    | UserManaged
+    deriving (Eq,Ord,Read,Show,Enum,Data,Typeable,Generic)
+
+instance FromText PolicySourceType where
+    parser = takeLowerText >>= \case
+        "aws-managed" -> pure AWSManaged
+        "group" -> pure Group
+        "none" -> pure None
+        "role" -> pure Role
+        "user" -> pure User
+        "user-managed" -> pure UserManaged
+        e -> fromTextError $ "Failure parsing PolicySourceType from value: '" <> e
+           <> "'. Accepted values: aws-managed, group, none, role, user, user-managed"
+
+instance ToText PolicySourceType where
+    toText = \case
+        AWSManaged -> "aws-managed"
+        Group -> "group"
+        None -> "none"
+        Role -> "role"
+        User -> "user"
+        UserManaged -> "user-managed"
+
+instance Hashable     PolicySourceType
+instance ToByteString PolicySourceType
+instance ToQuery      PolicySourceType
+instance ToHeader     PolicySourceType
+
+instance FromXML PolicySourceType where
+    parseXML = parseXMLText "PolicySourceType"
 
 data ReportFormatType =
     TextCSV
diff --git a/gen/Network/AWS/IAM/UpdateAccessKey.hs b/gen/Network/AWS/IAM/UpdateAccessKey.hs
--- a/gen/Network/AWS/IAM/UpdateAccessKey.hs
+++ b/gen/Network/AWS/IAM/UpdateAccessKey.hs
@@ -30,7 +30,7 @@
 --
 -- For information about rotating keys, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html Managing Keys and Certificates>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html AWS API Reference> for UpdateAccessKey.
 module Network.AWS.IAM.UpdateAccessKey
diff --git a/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs b/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs
--- a/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs
+++ b/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs
@@ -27,7 +27,7 @@
 --
 -- For more information about using a password policy, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html Managing an IAM Password Policy>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccountPasswordPolicy.html AWS API Reference> for UpdateAccountPasswordPolicy.
 module Network.AWS.IAM.UpdateAccountPasswordPolicy
@@ -167,7 +167,7 @@
 -- | Allows all IAM users in your account to use the AWS Management Console
 -- to change their own passwords. For more information, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html Letting IAM Users Change Their Own Passwords>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- Default value: false
 uappAllowUsersToChangePassword :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)
diff --git a/gen/Network/AWS/IAM/UpdateGroup.hs b/gen/Network/AWS/IAM/UpdateGroup.hs
--- a/gen/Network/AWS/IAM/UpdateGroup.hs
+++ b/gen/Network/AWS/IAM/UpdateGroup.hs
@@ -23,7 +23,7 @@
 -- You should understand the implications of changing a group\'s path or
 -- name. For more information, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html Renaming Users and Groups>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- To change a group name the requester must have appropriate permissions
 -- on both the source object and the target object. For example, to change
diff --git a/gen/Network/AWS/IAM/UpdateLoginProfile.hs b/gen/Network/AWS/IAM/UpdateLoginProfile.hs
--- a/gen/Network/AWS/IAM/UpdateLoginProfile.hs
+++ b/gen/Network/AWS/IAM/UpdateLoginProfile.hs
@@ -23,7 +23,7 @@
 -- Users can change their own passwords by calling ChangePassword. For more
 -- information about modifying passwords, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html Managing Passwords>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateLoginProfile.html AWS API Reference> for UpdateLoginProfile.
 module Network.AWS.IAM.UpdateLoginProfile
diff --git a/gen/Network/AWS/IAM/UpdateServerCertificate.hs b/gen/Network/AWS/IAM/UpdateServerCertificate.hs
--- a/gen/Network/AWS/IAM/UpdateServerCertificate.hs
+++ b/gen/Network/AWS/IAM/UpdateServerCertificate.hs
@@ -23,7 +23,7 @@
 -- You should understand the implications of changing a server
 -- certificate\'s path or name. For more information, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.html Managing Server Certificates>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- To change a server certificate name the requester must have appropriate
 -- permissions on both the source object and the target object. For
diff --git a/gen/Network/AWS/IAM/UpdateUser.hs b/gen/Network/AWS/IAM/UpdateUser.hs
--- a/gen/Network/AWS/IAM/UpdateUser.hs
+++ b/gen/Network/AWS/IAM/UpdateUser.hs
@@ -23,7 +23,7 @@
 -- You should understand the implications of changing a user\'s path or
 -- name. For more information, see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html Renaming Users and Groups>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- To change a user name the requester must have appropriate permissions on
 -- both the source object and the target object. For example, to change Bob
diff --git a/gen/Network/AWS/IAM/UploadServerCertificate.hs b/gen/Network/AWS/IAM/UploadServerCertificate.hs
--- a/gen/Network/AWS/IAM/UploadServerCertificate.hs
+++ b/gen/Network/AWS/IAM/UploadServerCertificate.hs
@@ -25,7 +25,7 @@
 -- For information about the number of server certificates you can upload,
 -- see
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- Because the body of the public key certificate, private key, and the
 -- certificate chain can be large, you should use POST rather than GET when
@@ -35,7 +35,7 @@
 -- in the /AWS General Reference/. For general information about using the
 -- Query API with IAM, go to
 -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html Making Query Requests>
--- in the /Using IAM/ guide.
+-- in the /IAM User Guide/.
 --
 -- /See:/ <http://docs.aws.amazon.com/IAM/latest/APIReference/API_UploadServerCertificate.html AWS API Reference> for UploadServerCertificate.
 module Network.AWS.IAM.UploadServerCertificate
diff --git a/test/Test/AWS/Gen/IAM.hs b/test/Test/AWS/Gen/IAM.hs
--- a/test/Test/AWS/Gen/IAM.hs
+++ b/test/Test/AWS/Gen/IAM.hs
@@ -28,7 +28,10 @@
 -- fixtures :: TestTree
 -- fixtures =
 --     [ testGroup "request"
---         [ testListPolicies $
+--         [ testGetContextKeysForPrincipalPolicy $
+--             getContextKeysForPrincipalPolicy
+--
+--         , testListPolicies $
 --             listPolicies
 --
 --         , testCreatePolicy $
@@ -94,6 +97,9 @@
 --         , testUploadSSHPublicKey $
 --             uploadSSHPublicKey
 --
+--         , testSimulateCustomPolicy $
+--             simulateCustomPolicy
+--
 --         , testDeleteRole $
 --             deleteRole
 --
@@ -208,6 +214,9 @@
 --         , testAddUserToGroup $
 --             addUserToGroup
 --
+--         , testSimulatePrincipalPolicy $
+--             simulatePrincipalPolicy
+--
 --         , testGetPolicyVersion $
 --             getPolicyVersion
 --
@@ -259,6 +268,9 @@
 --         , testPutRolePolicy $
 --             putRolePolicy
 --
+--         , testGetContextKeysForCustomPolicy $
+--             getContextKeysForCustomPolicy
+--
 --         , testUploadSigningCertificate $
 --             uploadSigningCertificate
 --
@@ -358,7 +370,10 @@
 --           ]
 
 --     , testGroup "response"
---         [ testListPoliciesResponse $
+--         [ testGetContextKeysForPrincipalPolicyResponse $
+--             getContextKeysForPolicyResponse
+--
+--         , testListPoliciesResponse $
 --             listPoliciesResponse
 --
 --         , testCreatePolicyResponse $
@@ -424,6 +439,9 @@
 --         , testUploadSSHPublicKeyResponse $
 --             uploadSSHPublicKeyResponse
 --
+--         , testSimulateCustomPolicyResponse $
+--             simulatePolicyResponse
+--
 --         , testDeleteRoleResponse $
 --             deleteRoleResponse
 --
@@ -538,6 +556,9 @@
 --         , testAddUserToGroupResponse $
 --             addUserToGroupResponse
 --
+--         , testSimulatePrincipalPolicyResponse $
+--             simulatePolicyResponse
+--
 --         , testGetPolicyVersionResponse $
 --             getPolicyVersionResponse
 --
@@ -589,6 +610,9 @@
 --         , testPutRolePolicyResponse $
 --             putRolePolicyResponse
 --
+--         , testGetContextKeysForCustomPolicyResponse $
+--             getContextKeysForPolicyResponse
+--
 --         , testUploadSigningCertificateResponse $
 --             uploadSigningCertificateResponse
 --
@@ -690,6 +714,11 @@
 
 -- Requests
 
+testGetContextKeysForPrincipalPolicy :: GetContextKeysForPrincipalPolicy -> TestTree
+testGetContextKeysForPrincipalPolicy = req
+    "GetContextKeysForPrincipalPolicy"
+    "fixture/GetContextKeysForPrincipalPolicy.yaml"
+
 testListPolicies :: ListPolicies -> TestTree
 testListPolicies = req
     "ListPolicies"
@@ -800,6 +829,11 @@
     "UploadSSHPublicKey"
     "fixture/UploadSSHPublicKey.yaml"
 
+testSimulateCustomPolicy :: SimulateCustomPolicy -> TestTree
+testSimulateCustomPolicy = req
+    "SimulateCustomPolicy"
+    "fixture/SimulateCustomPolicy.yaml"
+
 testDeleteRole :: DeleteRole -> TestTree
 testDeleteRole = req
     "DeleteRole"
@@ -990,6 +1024,11 @@
     "AddUserToGroup"
     "fixture/AddUserToGroup.yaml"
 
+testSimulatePrincipalPolicy :: SimulatePrincipalPolicy -> TestTree
+testSimulatePrincipalPolicy = req
+    "SimulatePrincipalPolicy"
+    "fixture/SimulatePrincipalPolicy.yaml"
+
 testGetPolicyVersion :: GetPolicyVersion -> TestTree
 testGetPolicyVersion = req
     "GetPolicyVersion"
@@ -1075,6 +1114,11 @@
     "PutRolePolicy"
     "fixture/PutRolePolicy.yaml"
 
+testGetContextKeysForCustomPolicy :: GetContextKeysForCustomPolicy -> TestTree
+testGetContextKeysForCustomPolicy = req
+    "GetContextKeysForCustomPolicy"
+    "fixture/GetContextKeysForCustomPolicy.yaml"
+
 testUploadSigningCertificate :: UploadSigningCertificate -> TestTree
 testUploadSigningCertificate = req
     "UploadSigningCertificate"
@@ -1237,6 +1281,13 @@
 
 -- Responses
 
+testGetContextKeysForPrincipalPolicyResponse :: GetContextKeysForPolicyResponse -> TestTree
+testGetContextKeysForPrincipalPolicyResponse = res
+    "GetContextKeysForPrincipalPolicyResponse"
+    "fixture/GetContextKeysForPrincipalPolicyResponse.proto"
+    iAM
+    (Proxy :: Proxy GetContextKeysForPrincipalPolicy)
+
 testListPoliciesResponse :: ListPoliciesResponse -> TestTree
 testListPoliciesResponse = res
     "ListPoliciesResponse"
@@ -1391,6 +1442,13 @@
     iAM
     (Proxy :: Proxy UploadSSHPublicKey)
 
+testSimulateCustomPolicyResponse :: SimulatePolicyResponse -> TestTree
+testSimulateCustomPolicyResponse = res
+    "SimulateCustomPolicyResponse"
+    "fixture/SimulateCustomPolicyResponse.proto"
+    iAM
+    (Proxy :: Proxy SimulateCustomPolicy)
+
 testDeleteRoleResponse :: DeleteRoleResponse -> TestTree
 testDeleteRoleResponse = res
     "DeleteRoleResponse"
@@ -1657,6 +1715,13 @@
     iAM
     (Proxy :: Proxy AddUserToGroup)
 
+testSimulatePrincipalPolicyResponse :: SimulatePolicyResponse -> TestTree
+testSimulatePrincipalPolicyResponse = res
+    "SimulatePrincipalPolicyResponse"
+    "fixture/SimulatePrincipalPolicyResponse.proto"
+    iAM
+    (Proxy :: Proxy SimulatePrincipalPolicy)
+
 testGetPolicyVersionResponse :: GetPolicyVersionResponse -> TestTree
 testGetPolicyVersionResponse = res
     "GetPolicyVersionResponse"
@@ -1775,6 +1840,13 @@
     "fixture/PutRolePolicyResponse.proto"
     iAM
     (Proxy :: Proxy PutRolePolicy)
+
+testGetContextKeysForCustomPolicyResponse :: GetContextKeysForPolicyResponse -> TestTree
+testGetContextKeysForCustomPolicyResponse = res
+    "GetContextKeysForCustomPolicyResponse"
+    "fixture/GetContextKeysForCustomPolicyResponse.proto"
+    iAM
+    (Proxy :: Proxy GetContextKeysForCustomPolicy)
 
 testUploadSigningCertificateResponse :: UploadSigningCertificateResponse -> TestTree
 testUploadSigningCertificateResponse = res
