diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 
 ## Version
 
-`1.5.0`
+`1.6.0`
 
 
 ## Description
diff --git a/amazonka-iam.cabal b/amazonka-iam.cabal
--- a/amazonka-iam.cabal
+++ b/amazonka-iam.cabal
@@ -1,5 +1,5 @@
 name:                  amazonka-iam
-version:               1.5.0
+version:               1.6.0
 synopsis:              Amazon Identity and Access Management SDK.
 homepage:              https://github.com/brendanhay/amazonka
 bug-reports:           https://github.com/brendanhay/amazonka/issues
@@ -7,7 +7,7 @@
 license-file:          LICENSE
 author:                Brendan Hay
 maintainer:            Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-copyright:             Copyright (c) 2013-2017 Brendan Hay
+copyright:             Copyright (c) 2013-2018 Brendan Hay
 category:              Network, AWS, Cloud, Distributed Computing
 build-type:            Simple
 cabal-version:         >= 1.10
@@ -158,6 +158,7 @@
         , Network.AWS.IAM.UpdateGroup
         , Network.AWS.IAM.UpdateLoginProfile
         , Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint
+        , Network.AWS.IAM.UpdateRole
         , Network.AWS.IAM.UpdateRoleDescription
         , Network.AWS.IAM.UpdateSAMLProvider
         , Network.AWS.IAM.UpdateSSHPublicKey
@@ -175,7 +176,7 @@
         , Network.AWS.IAM.Types.Sum
 
     build-depends:
-          amazonka-core == 1.5.0.*
+          amazonka-core == 1.6.0.*
         , base          >= 4.7     && < 5
 
 test-suite amazonka-iam-test
@@ -195,8 +196,8 @@
         , Test.AWS.IAM.Internal
 
     build-depends:
-          amazonka-core == 1.5.0.*
-        , amazonka-test == 1.5.0.*
+          amazonka-core == 1.6.0.*
+        , amazonka-test == 1.6.0.*
         , amazonka-iam
         , base
         , bytestring
diff --git a/fixture/UpdateRole.yaml b/fixture/UpdateRole.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateRole.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  iam.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateRoleResponse.proto b/fixture/UpdateRoleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateRoleResponse.proto
diff --git a/gen/Network/AWS/IAM.hs b/gen/Network/AWS/IAM.hs
--- a/gen/Network/AWS/IAM.hs
+++ b/gen/Network/AWS/IAM.hs
@@ -5,7 +5,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -208,6 +208,9 @@
     -- ** SimulateCustomPolicy (Paginated)
     , module Network.AWS.IAM.SimulateCustomPolicy
 
+    -- ** UpdateRole
+    , module Network.AWS.IAM.UpdateRole
+
     -- ** DeleteRole
     , module Network.AWS.IAM.DeleteRole
 
@@ -741,6 +744,7 @@
     -- ** Role
     , Role
     , role'
+    , rMaxSessionDuration
     , rAssumeRolePolicyDocument
     , rDescription
     , rPath
@@ -1000,6 +1004,7 @@
 import Network.AWS.IAM.UpdateGroup
 import Network.AWS.IAM.UpdateLoginProfile
 import Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint
+import Network.AWS.IAM.UpdateRole
 import Network.AWS.IAM.UpdateRoleDescription
 import Network.AWS.IAM.UpdateSAMLProvider
 import Network.AWS.IAM.UpdateServerCertificate
diff --git a/gen/Network/AWS/IAM/AddClientIdToOpenIdConnectProvider.hs b/gen/Network/AWS/IAM/AddClientIdToOpenIdConnectProvider.hs
--- a/gen/Network/AWS/IAM/AddClientIdToOpenIdConnectProvider.hs
+++ b/gen/Network/AWS/IAM/AddClientIdToOpenIdConnectProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.AddClientIdToOpenIdConnectProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect (OIDC) provider resource.
 --
 --
--- This action is idempotent; it does not fail or return an error if you add an existing client ID to the provider.
+-- This operation is idempotent; it does not fail or return an error if you add an existing client ID to the provider.
 --
 module Network.AWS.IAM.AddClientIdToOpenIdConnectProvider
     (
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'acitoicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' action.
+-- * 'acitoicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' operation.
 --
 -- * 'acitoicpClientId' - The client ID (also known as audience) to add to the IAM OpenID Connect provider resource.
 addClientIdToOpenIdConnectProvider
@@ -64,18 +64,18 @@
     -> AddClientIdToOpenIdConnectProvider
 addClientIdToOpenIdConnectProvider pOpenIdConnectProviderARN_ pClientId_ =
   AddClientIdToOpenIdConnectProvider'
-  { _acitoicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_
-  , _acitoicpClientId = pClientId_
-  }
+    { _acitoicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_
+    , _acitoicpClientId = pClientId_
+    }
 
 
--- | The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' action.
+-- | The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' operation.
 acitoicpOpenIdConnectProviderARN :: Lens' AddClientIdToOpenIdConnectProvider Text
-acitoicpOpenIdConnectProviderARN = lens _acitoicpOpenIdConnectProviderARN (\ s a -> s{_acitoicpOpenIdConnectProviderARN = a});
+acitoicpOpenIdConnectProviderARN = lens _acitoicpOpenIdConnectProviderARN (\ s a -> s{_acitoicpOpenIdConnectProviderARN = a})
 
 -- | The client ID (also known as audience) to add to the IAM OpenID Connect provider resource.
 acitoicpClientId :: Lens' AddClientIdToOpenIdConnectProvider Text
-acitoicpClientId = lens _acitoicpClientId (\ s a -> s{_acitoicpClientId = a});
+acitoicpClientId = lens _acitoicpClientId (\ s a -> s{_acitoicpClientId = a})
 
 instance AWSRequest
            AddClientIdToOpenIdConnectProvider
diff --git a/gen/Network/AWS/IAM/AddRoleToInstanceProfile.hs b/gen/Network/AWS/IAM/AddRoleToInstanceProfile.hs
--- a/gen/Network/AWS/IAM/AddRoleToInstanceProfile.hs
+++ b/gen/Network/AWS/IAM/AddRoleToInstanceProfile.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.AddRoleToInstanceProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this limit cannot be increased.
+-- Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this limit cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of AWS because of <https://en.wikipedia.org/wiki/Eventual_consistency eventual consistency> . To force the change, you must <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html disassociate the instance profile> and then <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html associate the instance profile> , or you can stop your instance and then restart it.
 --
 --
 -- For more information about roles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html Working with Roles> . For more information about instance profiles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html About Instance Profiles> .
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'artipInstanceProfileName' - The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'artipInstanceProfileName' - The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'artipRoleName' - The name of the role to add. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 addRoleToInstanceProfile
@@ -64,18 +64,18 @@
     -> AddRoleToInstanceProfile
 addRoleToInstanceProfile pInstanceProfileName_ pRoleName_ =
   AddRoleToInstanceProfile'
-  { _artipInstanceProfileName = pInstanceProfileName_
-  , _artipRoleName = pRoleName_
-  }
+    { _artipInstanceProfileName = pInstanceProfileName_
+    , _artipRoleName = pRoleName_
+    }
 
 
--- | The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 artipInstanceProfileName :: Lens' AddRoleToInstanceProfile Text
-artipInstanceProfileName = lens _artipInstanceProfileName (\ s a -> s{_artipInstanceProfileName = a});
+artipInstanceProfileName = lens _artipInstanceProfileName (\ s a -> s{_artipInstanceProfileName = a})
 
 -- | The name of the role to add. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 artipRoleName :: Lens' AddRoleToInstanceProfile Text
-artipRoleName = lens _artipRoleName (\ s a -> s{_artipRoleName = a});
+artipRoleName = lens _artipRoleName (\ s a -> s{_artipRoleName = a})
 
 instance AWSRequest AddRoleToInstanceProfile where
         type Rs AddRoleToInstanceProfile =
diff --git a/gen/Network/AWS/IAM/AddUserToGroup.hs b/gen/Network/AWS/IAM/AddUserToGroup.hs
--- a/gen/Network/AWS/IAM/AddUserToGroup.hs
+++ b/gen/Network/AWS/IAM/AddUserToGroup.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.AddUserToGroup
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -53,9 +53,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'autgGroupName' - The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'autgGroupName' - The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'autgUserName' - The name of the user to add. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'autgUserName' - The name of the user to add. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 addUserToGroup
     :: Text -- ^ 'autgGroupName'
     -> Text -- ^ 'autgUserName'
@@ -64,13 +64,13 @@
   AddUserToGroup' {_autgGroupName = pGroupName_, _autgUserName = pUserName_}
 
 
--- | The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 autgGroupName :: Lens' AddUserToGroup Text
-autgGroupName = lens _autgGroupName (\ s a -> s{_autgGroupName = a});
+autgGroupName = lens _autgGroupName (\ s a -> s{_autgGroupName = a})
 
--- | The name of the user to add. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user to add. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 autgUserName :: Lens' AddUserToGroup Text
-autgUserName = lens _autgUserName (\ s a -> s{_autgUserName = a});
+autgUserName = lens _autgUserName (\ s a -> s{_autgUserName = a})
 
 instance AWSRequest AddUserToGroup where
         type Rs AddUserToGroup = AddUserToGroupResponse
diff --git a/gen/Network/AWS/IAM/AttachGroupPolicy.hs b/gen/Network/AWS/IAM/AttachGroupPolicy.hs
--- a/gen/Network/AWS/IAM/AttachGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/AttachGroupPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.AttachGroupPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,7 +57,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'agpGroupName' - The name (friendly name, not ARN) of the group to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'agpGroupName' - The name (friendly name, not ARN) of the group to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'agpPolicyARN' - The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 attachGroupPolicy
@@ -68,13 +68,13 @@
   AttachGroupPolicy' {_agpGroupName = pGroupName_, _agpPolicyARN = pPolicyARN_}
 
 
--- | The name (friendly name, not ARN) of the group to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) of the group to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 agpGroupName :: Lens' AttachGroupPolicy Text
-agpGroupName = lens _agpGroupName (\ s a -> s{_agpGroupName = a});
+agpGroupName = lens _agpGroupName (\ s a -> s{_agpGroupName = a})
 
 -- | The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 agpPolicyARN :: Lens' AttachGroupPolicy Text
-agpPolicyARN = lens _agpPolicyARN (\ s a -> s{_agpPolicyARN = a});
+agpPolicyARN = lens _agpPolicyARN (\ s a -> s{_agpPolicyARN = a})
 
 instance AWSRequest AttachGroupPolicy where
         type Rs AttachGroupPolicy = AttachGroupPolicyResponse
diff --git a/gen/Network/AWS/IAM/AttachRolePolicy.hs b/gen/Network/AWS/IAM/AttachRolePolicy.hs
--- a/gen/Network/AWS/IAM/AttachRolePolicy.hs
+++ b/gen/Network/AWS/IAM/AttachRolePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.AttachRolePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -68,11 +68,11 @@
 
 -- | The name (friendly name, not ARN) of the role to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 arpRoleName :: Lens' AttachRolePolicy Text
-arpRoleName = lens _arpRoleName (\ s a -> s{_arpRoleName = a});
+arpRoleName = lens _arpRoleName (\ s a -> s{_arpRoleName = a})
 
 -- | The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 arpPolicyARN :: Lens' AttachRolePolicy Text
-arpPolicyARN = lens _arpPolicyARN (\ s a -> s{_arpPolicyARN = a});
+arpPolicyARN = lens _arpPolicyARN (\ s a -> s{_arpPolicyARN = a})
 
 instance AWSRequest AttachRolePolicy where
         type Rs AttachRolePolicy = AttachRolePolicyResponse
diff --git a/gen/Network/AWS/IAM/AttachUserPolicy.hs b/gen/Network/AWS/IAM/AttachUserPolicy.hs
--- a/gen/Network/AWS/IAM/AttachUserPolicy.hs
+++ b/gen/Network/AWS/IAM/AttachUserPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.AttachUserPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,7 +57,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'aupUserName' - The name (friendly name, not ARN) of the IAM user to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'aupUserName' - The name (friendly name, not ARN) of the IAM user to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'aupPolicyARN' - The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 attachUserPolicy
@@ -68,13 +68,13 @@
   AttachUserPolicy' {_aupUserName = pUserName_, _aupPolicyARN = pPolicyARN_}
 
 
--- | The name (friendly name, not ARN) of the IAM user to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) of the IAM user to attach the policy to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 aupUserName :: Lens' AttachUserPolicy Text
-aupUserName = lens _aupUserName (\ s a -> s{_aupUserName = a});
+aupUserName = lens _aupUserName (\ s a -> s{_aupUserName = a})
 
 -- | The Amazon Resource Name (ARN) of the IAM policy you want to attach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 aupPolicyARN :: Lens' AttachUserPolicy Text
-aupPolicyARN = lens _aupPolicyARN (\ s a -> s{_aupPolicyARN = a});
+aupPolicyARN = lens _aupPolicyARN (\ s a -> s{_aupPolicyARN = a})
 
 instance AWSRequest AttachUserPolicy where
         type Rs AttachUserPolicy = AttachUserPolicyResponse
diff --git a/gen/Network/AWS/IAM/ChangePassword.hs b/gen/Network/AWS/IAM/ChangePassword.hs
--- a/gen/Network/AWS/IAM/ChangePassword.hs
+++ b/gen/Network/AWS/IAM/ChangePassword.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ChangePassword
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Changes the password of the IAM user who is calling this action. The root account password is not affected by this action.
+-- Changes the password of the IAM user who is calling this operation. The AWS account root user password is not affected by this operation.
 --
 --
 -- To change the password for a different user, see 'UpdateLoginProfile' . For more information about modifying passwords, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html Managing Passwords> in the /IAM User Guide/ .
@@ -57,25 +57,25 @@
 --
 -- * 'cpOldPassword' - The IAM user's current password.
 --
--- * 'cpNewPassword' - The new password. The new password must conform to the AWS account's password policy, if one exists. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
+-- * 'cpNewPassword' - The new password. The new password must conform to the AWS account's password policy, if one exists. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
 changePassword
     :: Text -- ^ 'cpOldPassword'
     -> Text -- ^ 'cpNewPassword'
     -> ChangePassword
 changePassword pOldPassword_ pNewPassword_ =
   ChangePassword'
-  { _cpOldPassword = _Sensitive # pOldPassword_
-  , _cpNewPassword = _Sensitive # pNewPassword_
-  }
+    { _cpOldPassword = _Sensitive # pOldPassword_
+    , _cpNewPassword = _Sensitive # pNewPassword_
+    }
 
 
 -- | The IAM user's current password.
 cpOldPassword :: Lens' ChangePassword Text
-cpOldPassword = lens _cpOldPassword (\ s a -> s{_cpOldPassword = a}) . _Sensitive;
+cpOldPassword = lens _cpOldPassword (\ s a -> s{_cpOldPassword = a}) . _Sensitive
 
--- | The new password. The new password must conform to the AWS account's password policy, if one exists. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
+-- | The new password. The new password must conform to the AWS account's password policy, if one exists. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
 cpNewPassword :: Lens' ChangePassword Text
-cpNewPassword = lens _cpNewPassword (\ s a -> s{_cpNewPassword = a}) . _Sensitive;
+cpNewPassword = lens _cpNewPassword (\ s a -> s{_cpNewPassword = a}) . _Sensitive
 
 instance AWSRequest ChangePassword where
         type Rs ChangePassword = ChangePasswordResponse
diff --git a/gen/Network/AWS/IAM/CreateAccessKey.hs b/gen/Network/AWS/IAM/CreateAccessKey.hs
--- a/gen/Network/AWS/IAM/CreateAccessKey.hs
+++ b/gen/Network/AWS/IAM/CreateAccessKey.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateAccessKey
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is @Active@ .
 --
 --
--- If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
+-- If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials. This is true even if the AWS account has no associated users.
 --
 -- For information about limits on the number of keys you can create, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities> in the /IAM User Guide/ .
 --
@@ -60,15 +60,15 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'cakUserName' - The name of the IAM user that the new key will belong to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'cakUserName' - The name of the IAM user that the new key will belong to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 createAccessKey
     :: CreateAccessKey
 createAccessKey = CreateAccessKey' {_cakUserName = Nothing}
 
 
--- | The name of the IAM user that the new key will belong to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user that the new key will belong to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 cakUserName :: Lens' CreateAccessKey (Maybe Text)
-cakUserName = lens _cakUserName (\ s a -> s{_cakUserName = a});
+cakUserName = lens _cakUserName (\ s a -> s{_cakUserName = a})
 
 instance AWSRequest CreateAccessKey where
         type Rs CreateAccessKey = CreateAccessKeyResponse
@@ -120,15 +120,15 @@
     -> CreateAccessKeyResponse
 createAccessKeyResponse pResponseStatus_ pAccessKey_ =
   CreateAccessKeyResponse'
-  {_cakrsResponseStatus = pResponseStatus_, _cakrsAccessKey = pAccessKey_}
+    {_cakrsResponseStatus = pResponseStatus_, _cakrsAccessKey = pAccessKey_}
 
 
 -- | -- | The response status code.
 cakrsResponseStatus :: Lens' CreateAccessKeyResponse Int
-cakrsResponseStatus = lens _cakrsResponseStatus (\ s a -> s{_cakrsResponseStatus = a});
+cakrsResponseStatus = lens _cakrsResponseStatus (\ s a -> s{_cakrsResponseStatus = a})
 
 -- | A structure with details about the access key.
 cakrsAccessKey :: Lens' CreateAccessKeyResponse AccessKeyInfo
-cakrsAccessKey = lens _cakrsAccessKey (\ s a -> s{_cakrsAccessKey = a});
+cakrsAccessKey = lens _cakrsAccessKey (\ s a -> s{_cakrsAccessKey = a})
 
 instance NFData CreateAccessKeyResponse where
diff --git a/gen/Network/AWS/IAM/CreateAccountAlias.hs b/gen/Network/AWS/IAM/CreateAccountAlias.hs
--- a/gen/Network/AWS/IAM/CreateAccountAlias.hs
+++ b/gen/Network/AWS/IAM/CreateAccountAlias.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateAccountAlias
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -61,7 +61,7 @@
 
 -- | The account alias to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
 caaAccountAlias :: Lens' CreateAccountAlias Text
-caaAccountAlias = lens _caaAccountAlias (\ s a -> s{_caaAccountAlias = a});
+caaAccountAlias = lens _caaAccountAlias (\ s a -> s{_caaAccountAlias = a})
 
 instance AWSRequest CreateAccountAlias where
         type Rs CreateAccountAlias =
diff --git a/gen/Network/AWS/IAM/CreateGroup.hs b/gen/Network/AWS/IAM/CreateGroup.hs
--- a/gen/Network/AWS/IAM/CreateGroup.hs
+++ b/gen/Network/AWS/IAM/CreateGroup.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateGroup
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -58,9 +58,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'cgPath' - The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'cgPath' - The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'cgGroupName' - The name of the group to create. Do not include the path in this value. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
+-- * 'cgGroupName' - The name of the group to create. Do not include the path in this value. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
 createGroup
     :: Text -- ^ 'cgGroupName'
     -> CreateGroup
@@ -68,13 +68,13 @@
   CreateGroup' {_cgPath = Nothing, _cgGroupName = pGroupName_}
 
 
--- | The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 cgPath :: Lens' CreateGroup (Maybe Text)
-cgPath = lens _cgPath (\ s a -> s{_cgPath = a});
+cgPath = lens _cgPath (\ s a -> s{_cgPath = a})
 
--- | The name of the group to create. Do not include the path in this value. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
+-- | The name of the group to create. Do not include the path in this value. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins".
 cgGroupName :: Lens' CreateGroup Text
-cgGroupName = lens _cgGroupName (\ s a -> s{_cgGroupName = a});
+cgGroupName = lens _cgGroupName (\ s a -> s{_cgGroupName = a})
 
 instance AWSRequest CreateGroup where
         type Rs CreateGroup = CreateGroupResponse
@@ -126,15 +126,15 @@
     -> CreateGroupResponse
 createGroupResponse pResponseStatus_ pGroup_ =
   CreateGroupResponse'
-  {_cgrsResponseStatus = pResponseStatus_, _cgrsGroup = pGroup_}
+    {_cgrsResponseStatus = pResponseStatus_, _cgrsGroup = pGroup_}
 
 
 -- | -- | The response status code.
 cgrsResponseStatus :: Lens' CreateGroupResponse Int
-cgrsResponseStatus = lens _cgrsResponseStatus (\ s a -> s{_cgrsResponseStatus = a});
+cgrsResponseStatus = lens _cgrsResponseStatus (\ s a -> s{_cgrsResponseStatus = a})
 
 -- | A structure containing details about the new group.
 cgrsGroup :: Lens' CreateGroupResponse Group
-cgrsGroup = lens _cgrsGroup (\ s a -> s{_cgrsGroup = a});
+cgrsGroup = lens _cgrsGroup (\ s a -> s{_cgrsGroup = a})
 
 instance NFData CreateGroupResponse where
diff --git a/gen/Network/AWS/IAM/CreateInstanceProfile.hs b/gen/Network/AWS/IAM/CreateInstanceProfile.hs
--- a/gen/Network/AWS/IAM/CreateInstanceProfile.hs
+++ b/gen/Network/AWS/IAM/CreateInstanceProfile.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateInstanceProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -58,24 +58,24 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'cipPath' - The path to the instance profile. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'cipPath' - The path to the instance profile. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'cipInstanceProfileName' - The name of the instance profile to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'cipInstanceProfileName' - The name of the instance profile to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 createInstanceProfile
     :: Text -- ^ 'cipInstanceProfileName'
     -> CreateInstanceProfile
 createInstanceProfile pInstanceProfileName_ =
   CreateInstanceProfile'
-  {_cipPath = Nothing, _cipInstanceProfileName = pInstanceProfileName_}
+    {_cipPath = Nothing, _cipInstanceProfileName = pInstanceProfileName_}
 
 
--- | The path to the instance profile. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path to the instance profile. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 cipPath :: Lens' CreateInstanceProfile (Maybe Text)
-cipPath = lens _cipPath (\ s a -> s{_cipPath = a});
+cipPath = lens _cipPath (\ s a -> s{_cipPath = a})
 
--- | The name of the instance profile to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the instance profile to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 cipInstanceProfileName :: Lens' CreateInstanceProfile Text
-cipInstanceProfileName = lens _cipInstanceProfileName (\ s a -> s{_cipInstanceProfileName = a});
+cipInstanceProfileName = lens _cipInstanceProfileName (\ s a -> s{_cipInstanceProfileName = a})
 
 instance AWSRequest CreateInstanceProfile where
         type Rs CreateInstanceProfile =
@@ -129,17 +129,17 @@
     -> CreateInstanceProfileResponse
 createInstanceProfileResponse pResponseStatus_ pInstanceProfile_ =
   CreateInstanceProfileResponse'
-  { _ciprsResponseStatus = pResponseStatus_
-  , _ciprsInstanceProfile = pInstanceProfile_
-  }
+    { _ciprsResponseStatus = pResponseStatus_
+    , _ciprsInstanceProfile = pInstanceProfile_
+    }
 
 
 -- | -- | The response status code.
 ciprsResponseStatus :: Lens' CreateInstanceProfileResponse Int
-ciprsResponseStatus = lens _ciprsResponseStatus (\ s a -> s{_ciprsResponseStatus = a});
+ciprsResponseStatus = lens _ciprsResponseStatus (\ s a -> s{_ciprsResponseStatus = a})
 
 -- | A structure containing details about the new instance profile.
 ciprsInstanceProfile :: Lens' CreateInstanceProfileResponse InstanceProfile
-ciprsInstanceProfile = lens _ciprsInstanceProfile (\ s a -> s{_ciprsInstanceProfile = a});
+ciprsInstanceProfile = lens _ciprsInstanceProfile (\ s a -> s{_ciprsInstanceProfile = a})
 
 instance NFData CreateInstanceProfileResponse where
diff --git a/gen/Network/AWS/IAM/CreateLoginProfile.hs b/gen/Network/AWS/IAM/CreateLoginProfile.hs
--- a/gen/Network/AWS/IAM/CreateLoginProfile.hs
+++ b/gen/Network/AWS/IAM/CreateLoginProfile.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateLoginProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -60,32 +60,32 @@
 --
 -- * 'clpPasswordResetRequired' - Specifies whether the user is required to set a new password on next sign-in.
 --
--- * 'clpUserName' - The name of the IAM user to create a password for. The user must already exist. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'clpUserName' - The name of the IAM user to create a password for. The user must already exist. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'clpPassword' - The new password for the user. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
+-- * 'clpPassword' - The new password for the user. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
 createLoginProfile
     :: Text -- ^ 'clpUserName'
     -> Text -- ^ 'clpPassword'
     -> CreateLoginProfile
 createLoginProfile pUserName_ pPassword_ =
   CreateLoginProfile'
-  { _clpPasswordResetRequired = Nothing
-  , _clpUserName = pUserName_
-  , _clpPassword = _Sensitive # pPassword_
-  }
+    { _clpPasswordResetRequired = Nothing
+    , _clpUserName = pUserName_
+    , _clpPassword = _Sensitive # pPassword_
+    }
 
 
 -- | Specifies whether the user is required to set a new password on next sign-in.
 clpPasswordResetRequired :: Lens' CreateLoginProfile (Maybe Bool)
-clpPasswordResetRequired = lens _clpPasswordResetRequired (\ s a -> s{_clpPasswordResetRequired = a});
+clpPasswordResetRequired = lens _clpPasswordResetRequired (\ s a -> s{_clpPasswordResetRequired = a})
 
--- | The name of the IAM user to create a password for. The user must already exist. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user to create a password for. The user must already exist. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 clpUserName :: Lens' CreateLoginProfile Text
-clpUserName = lens _clpUserName (\ s a -> s{_clpUserName = a});
+clpUserName = lens _clpUserName (\ s a -> s{_clpUserName = a})
 
--- | The new password for the user. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Although any of these characters are valid in a password, note that many tools, such as the AWS Management Console, might restrict the ability to enter certain characters because they have special meaning within that tool.
+-- | The new password for the user. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\u0020) through the end of the ASCII character range (\u00FF). You can also include the tab (\u0009), line feed (\u000A), and carriage return (\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.
 clpPassword :: Lens' CreateLoginProfile Text
-clpPassword = lens _clpPassword (\ s a -> s{_clpPassword = a}) . _Sensitive;
+clpPassword = lens _clpPassword (\ s a -> s{_clpPassword = a}) . _Sensitive
 
 instance AWSRequest CreateLoginProfile where
         type Rs CreateLoginProfile =
@@ -140,15 +140,17 @@
     -> CreateLoginProfileResponse
 createLoginProfileResponse pResponseStatus_ pLoginProfile_ =
   CreateLoginProfileResponse'
-  {_clprsResponseStatus = pResponseStatus_, _clprsLoginProfile = pLoginProfile_}
+    { _clprsResponseStatus = pResponseStatus_
+    , _clprsLoginProfile = pLoginProfile_
+    }
 
 
 -- | -- | The response status code.
 clprsResponseStatus :: Lens' CreateLoginProfileResponse Int
-clprsResponseStatus = lens _clprsResponseStatus (\ s a -> s{_clprsResponseStatus = a});
+clprsResponseStatus = lens _clprsResponseStatus (\ s a -> s{_clprsResponseStatus = a})
 
 -- | A structure containing the user name and password create date.
 clprsLoginProfile :: Lens' CreateLoginProfileResponse LoginProfile
-clprsLoginProfile = lens _clprsLoginProfile (\ s a -> s{_clprsLoginProfile = a});
+clprsLoginProfile = lens _clprsLoginProfile (\ s a -> s{_clprsLoginProfile = a})
 
 instance NFData CreateLoginProfileResponse where
diff --git a/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs b/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs
--- a/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs
+++ b/gen/Network/AWS/IAM/CreateOpenIdConnectProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateOpenIdConnectProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,10 +21,20 @@
 -- Creates an IAM entity to describe an identity provider (IdP) that supports <http://openid.net/connect/ OpenID Connect (OIDC)> .
 --
 --
--- The OIDC provider that you create with this operation can be used as a principal in a role's trust policy to establish a trust relationship between AWS and the OIDC provider.
+-- The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.
 --
--- When you create the IAM OIDC provider, you specify the URL of the OIDC identity provider (IdP) to trust, a list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider, and a list of thumbprints of the server certificate(s) that the IdP uses. You get all of this information from the OIDC IdP that you want to use for access to AWS.
+-- When you create the IAM OIDC provider, you specify the following:
 --
+--     * The URL of the OIDC identity provider (IdP) to trust
+--
+--     * A list of client IDs (also known as audiences) that identify the application or applications that are allowed to authenticate using the OIDC provider
+--
+--     * A list of thumbprints of the server certificate(s) that the IdP uses.
+--
+--
+--
+-- You get all of this information from the OIDC IdP that you want to use to access AWS.
+--
 module Network.AWS.IAM.CreateOpenIdConnectProvider
     (
     -- * Creating a Request
@@ -62,33 +72,33 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'coicpClientIdList' - A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the @client_id@ parameter on OAuth requests.) You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider. There is no defined format for a client ID. The @CreateOpenIDConnectProviderRequest@ action accepts client IDs up to 255 characters long.
+-- * 'coicpClientIdList' - A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the @client_id@ parameter on OAuth requests.) You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider. There is no defined format for a client ID. The @CreateOpenIDConnectProviderRequest@ operation accepts client IDs up to 255 characters long.
 --
--- * 'coicpURL' - The URL of the identity provider. The URL must begin with "https://" and should correspond to the @iss@ claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a host name, like "https://server.example.org" or "https://example.com". You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
+-- * 'coicpURL' - The URL of the identity provider. The URL must begin with @https://@ and should correspond to the @iss@ claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like @https://server.example.org@ or @https://example.com@ . You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
 --
--- * 'coicpThumbprintList' - A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates. The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string. You must provide at least one thumbprint when creating an IAM OIDC provider. For example, if the OIDC provider is @server.example.com@ and the provider stores its keys at "https://keys.server.example.com/openid-connect", the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com. For more information about obtaining the OIDC provider's thumbprint, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the Thumbprint for an OpenID Connect Provider> in the /IAM User Guide/ .
+-- * 'coicpThumbprintList' - A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates. Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates. The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string. You must provide at least one thumbprint when creating an IAM OIDC provider. For example, assume that the OIDC provider is @server.example.com@ and the provider stores its keys at https://keys.server.example.com/openid-connect. In that case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com. For more information about obtaining the OIDC provider's thumbprint, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the Thumbprint for an OpenID Connect Provider> in the /IAM User Guide/ .
 createOpenIdConnectProvider
     :: Text -- ^ 'coicpURL'
     -> CreateOpenIdConnectProvider
 createOpenIdConnectProvider pURL_ =
   CreateOpenIdConnectProvider'
-  { _coicpClientIdList = Nothing
-  , _coicpURL = pURL_
-  , _coicpThumbprintList = mempty
-  }
+    { _coicpClientIdList = Nothing
+    , _coicpURL = pURL_
+    , _coicpThumbprintList = mempty
+    }
 
 
--- | A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the @client_id@ parameter on OAuth requests.) You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider. There is no defined format for a client ID. The @CreateOpenIDConnectProviderRequest@ action accepts client IDs up to 255 characters long.
+-- | A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the @client_id@ parameter on OAuth requests.) You can register multiple client IDs with the same provider. For example, you might have multiple applications that use the same OIDC provider. You cannot register more than 100 client IDs with a single IAM OIDC provider. There is no defined format for a client ID. The @CreateOpenIDConnectProviderRequest@ operation accepts client IDs up to 255 characters long.
 coicpClientIdList :: Lens' CreateOpenIdConnectProvider [Text]
-coicpClientIdList = lens _coicpClientIdList (\ s a -> s{_coicpClientIdList = a}) . _Default . _Coerce;
+coicpClientIdList = lens _coicpClientIdList (\ s a -> s{_coicpClientIdList = a}) . _Default . _Coerce
 
--- | The URL of the identity provider. The URL must begin with "https://" and should correspond to the @iss@ claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a host name, like "https://server.example.org" or "https://example.com". You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
+-- | The URL of the identity provider. The URL must begin with @https://@ and should correspond to the @iss@ claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like @https://server.example.org@ or @https://example.com@ . You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.
 coicpURL :: Lens' CreateOpenIdConnectProvider Text
-coicpURL = lens _coicpURL (\ s a -> s{_coicpURL = a});
+coicpURL = lens _coicpURL (\ s a -> s{_coicpURL = a})
 
--- | A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates. The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string. You must provide at least one thumbprint when creating an IAM OIDC provider. For example, if the OIDC provider is @server.example.com@ and the provider stores its keys at "https://keys.server.example.com/openid-connect", the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com. For more information about obtaining the OIDC provider's thumbprint, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the Thumbprint for an OpenID Connect Provider> in the /IAM User Guide/ .
+-- | A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificates. Typically this list includes only one entry. However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain multiple thumbprints if the identity provider is rotating certificates. The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 certificate used by the domain where the OpenID Connect provider makes its keys available. It is always a 40-character string. You must provide at least one thumbprint when creating an IAM OIDC provider. For example, assume that the OIDC provider is @server.example.com@ and the provider stores its keys at https://keys.server.example.com/openid-connect. In that case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com. For more information about obtaining the OIDC provider's thumbprint, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html Obtaining the Thumbprint for an OpenID Connect Provider> in the /IAM User Guide/ .
 coicpThumbprintList :: Lens' CreateOpenIdConnectProvider [Text]
-coicpThumbprintList = lens _coicpThumbprintList (\ s a -> s{_coicpThumbprintList = a}) . _Coerce;
+coicpThumbprintList = lens _coicpThumbprintList (\ s a -> s{_coicpThumbprintList = a}) . _Coerce
 
 instance AWSRequest CreateOpenIdConnectProvider where
         type Rs CreateOpenIdConnectProvider =
@@ -148,18 +158,18 @@
     -> CreateOpenIdConnectProviderResponse
 createOpenIdConnectProviderResponse pResponseStatus_ =
   CreateOpenIdConnectProviderResponse'
-  { _coicprsOpenIdConnectProviderARN = Nothing
-  , _coicprsResponseStatus = pResponseStatus_
-  }
+    { _coicprsOpenIdConnectProviderARN = Nothing
+    , _coicprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see 'OpenIDConnectProviderListEntry' .
 coicprsOpenIdConnectProviderARN :: Lens' CreateOpenIdConnectProviderResponse (Maybe Text)
-coicprsOpenIdConnectProviderARN = lens _coicprsOpenIdConnectProviderARN (\ s a -> s{_coicprsOpenIdConnectProviderARN = a});
+coicprsOpenIdConnectProviderARN = lens _coicprsOpenIdConnectProviderARN (\ s a -> s{_coicprsOpenIdConnectProviderARN = a})
 
 -- | -- | The response status code.
 coicprsResponseStatus :: Lens' CreateOpenIdConnectProviderResponse Int
-coicprsResponseStatus = lens _coicprsResponseStatus (\ s a -> s{_coicprsResponseStatus = a});
+coicprsResponseStatus = lens _coicprsResponseStatus (\ s a -> s{_coicprsResponseStatus = a})
 
 instance NFData CreateOpenIdConnectProviderResponse
          where
diff --git a/gen/Network/AWS/IAM/CreatePolicy.hs b/gen/Network/AWS/IAM/CreatePolicy.hs
--- a/gen/Network/AWS/IAM/CreatePolicy.hs
+++ b/gen/Network/AWS/IAM/CreatePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreatePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -64,41 +64,41 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'cpPath' - The path for the policy. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'cpPath' - The path for the policy. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'cpDescription' - A friendly description of the policy. Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
 --
--- * 'cpPolicyName' - The friendly name of the policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'cpPolicyName' - The friendly name of the policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'cpPolicyDocument' - The JSON policy document that you want to use as the content for the new policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'cpPolicyDocument' - The JSON policy document that you want to use as the content for the new policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 createPolicy
     :: Text -- ^ 'cpPolicyName'
     -> Text -- ^ 'cpPolicyDocument'
     -> CreatePolicy
 createPolicy pPolicyName_ pPolicyDocument_ =
   CreatePolicy'
-  { _cpPath = Nothing
-  , _cpDescription = Nothing
-  , _cpPolicyName = pPolicyName_
-  , _cpPolicyDocument = pPolicyDocument_
-  }
+    { _cpPath = Nothing
+    , _cpDescription = Nothing
+    , _cpPolicyName = pPolicyName_
+    , _cpPolicyDocument = pPolicyDocument_
+    }
 
 
--- | The path for the policy. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path for the policy. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 cpPath :: Lens' CreatePolicy (Maybe Text)
-cpPath = lens _cpPath (\ s a -> s{_cpPath = a});
+cpPath = lens _cpPath (\ s a -> s{_cpPath = a})
 
 -- | A friendly description of the policy. Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
 cpDescription :: Lens' CreatePolicy (Maybe Text)
-cpDescription = lens _cpDescription (\ s a -> s{_cpDescription = a});
+cpDescription = lens _cpDescription (\ s a -> s{_cpDescription = a})
 
--- | The friendly name of the policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The friendly name of the policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 cpPolicyName :: Lens' CreatePolicy Text
-cpPolicyName = lens _cpPolicyName (\ s a -> s{_cpPolicyName = a});
+cpPolicyName = lens _cpPolicyName (\ s a -> s{_cpPolicyName = a})
 
--- | The JSON policy document that you want to use as the content for the new policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The JSON policy document that you want to use as the content for the new policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 cpPolicyDocument :: Lens' CreatePolicy Text
-cpPolicyDocument = lens _cpPolicyDocument (\ s a -> s{_cpPolicyDocument = a});
+cpPolicyDocument = lens _cpPolicyDocument (\ s a -> s{_cpPolicyDocument = a})
 
 instance AWSRequest CreatePolicy where
         type Rs CreatePolicy = CreatePolicyResponse
@@ -151,15 +151,15 @@
     -> CreatePolicyResponse
 createPolicyResponse pResponseStatus_ =
   CreatePolicyResponse'
-  {_cprsPolicy = Nothing, _cprsResponseStatus = pResponseStatus_}
+    {_cprsPolicy = Nothing, _cprsResponseStatus = pResponseStatus_}
 
 
 -- | A structure containing details about the new policy.
 cprsPolicy :: Lens' CreatePolicyResponse (Maybe Policy)
-cprsPolicy = lens _cprsPolicy (\ s a -> s{_cprsPolicy = a});
+cprsPolicy = lens _cprsPolicy (\ s a -> s{_cprsPolicy = a})
 
 -- | -- | The response status code.
 cprsResponseStatus :: Lens' CreatePolicyResponse Int
-cprsResponseStatus = lens _cprsResponseStatus (\ s a -> s{_cprsResponseStatus = a});
+cprsResponseStatus = lens _cprsResponseStatus (\ s a -> s{_cprsResponseStatus = a})
 
 instance NFData CreatePolicyResponse where
diff --git a/gen/Network/AWS/IAM/CreatePolicyVersion.hs b/gen/Network/AWS/IAM/CreatePolicyVersion.hs
--- a/gen/Network/AWS/IAM/CreatePolicyVersion.hs
+++ b/gen/Network/AWS/IAM/CreatePolicyVersion.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreatePolicyVersion
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -62,34 +62,34 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'cpvSetAsDefault' - Specifies whether to set this version as the policy's default version. When this parameter is @true@ , the new policy version becomes the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to. For more information about managed policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /IAM User Guide/ .
+-- * 'cpvSetAsDefault' - Specifies whether to set this version as the policy's default version. When this parameter is @true@ , the new policy version becomes the operative version. That is, it becomes the version that is in effect for the IAM users, groups, and roles that the policy is attached to. For more information about managed policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /IAM User Guide/ .
 --
 -- * 'cpvPolicyARN' - The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 --
--- * 'cpvPolicyDocument' - The JSON policy document that you want to use as the content for this new version of the policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'cpvPolicyDocument' - The JSON policy document that you want to use as the content for this new version of the policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 createPolicyVersion
     :: Text -- ^ 'cpvPolicyARN'
     -> Text -- ^ 'cpvPolicyDocument'
     -> CreatePolicyVersion
 createPolicyVersion pPolicyARN_ pPolicyDocument_ =
   CreatePolicyVersion'
-  { _cpvSetAsDefault = Nothing
-  , _cpvPolicyARN = pPolicyARN_
-  , _cpvPolicyDocument = pPolicyDocument_
-  }
+    { _cpvSetAsDefault = Nothing
+    , _cpvPolicyARN = pPolicyARN_
+    , _cpvPolicyDocument = pPolicyDocument_
+    }
 
 
--- | Specifies whether to set this version as the policy's default version. When this parameter is @true@ , the new policy version becomes the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to. For more information about managed policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /IAM User Guide/ .
+-- | Specifies whether to set this version as the policy's default version. When this parameter is @true@ , the new policy version becomes the operative version. That is, it becomes the version that is in effect for the IAM users, groups, and roles that the policy is attached to. For more information about managed policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /IAM User Guide/ .
 cpvSetAsDefault :: Lens' CreatePolicyVersion (Maybe Bool)
-cpvSetAsDefault = lens _cpvSetAsDefault (\ s a -> s{_cpvSetAsDefault = a});
+cpvSetAsDefault = lens _cpvSetAsDefault (\ s a -> s{_cpvSetAsDefault = a})
 
 -- | The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 cpvPolicyARN :: Lens' CreatePolicyVersion Text
-cpvPolicyARN = lens _cpvPolicyARN (\ s a -> s{_cpvPolicyARN = a});
+cpvPolicyARN = lens _cpvPolicyARN (\ s a -> s{_cpvPolicyARN = a})
 
--- | The JSON policy document that you want to use as the content for this new version of the policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The JSON policy document that you want to use as the content for this new version of the policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 cpvPolicyDocument :: Lens' CreatePolicyVersion Text
-cpvPolicyDocument = lens _cpvPolicyDocument (\ s a -> s{_cpvPolicyDocument = a});
+cpvPolicyDocument = lens _cpvPolicyDocument (\ s a -> s{_cpvPolicyDocument = a})
 
 instance AWSRequest CreatePolicyVersion where
         type Rs CreatePolicyVersion =
@@ -143,15 +143,15 @@
     -> CreatePolicyVersionResponse
 createPolicyVersionResponse pResponseStatus_ =
   CreatePolicyVersionResponse'
-  {_cpvrsPolicyVersion = Nothing, _cpvrsResponseStatus = pResponseStatus_}
+    {_cpvrsPolicyVersion = Nothing, _cpvrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure containing details about the new policy version.
 cpvrsPolicyVersion :: Lens' CreatePolicyVersionResponse (Maybe PolicyVersion)
-cpvrsPolicyVersion = lens _cpvrsPolicyVersion (\ s a -> s{_cpvrsPolicyVersion = a});
+cpvrsPolicyVersion = lens _cpvrsPolicyVersion (\ s a -> s{_cpvrsPolicyVersion = a})
 
 -- | -- | The response status code.
 cpvrsResponseStatus :: Lens' CreatePolicyVersionResponse Int
-cpvrsResponseStatus = lens _cpvrsResponseStatus (\ s a -> s{_cpvrsResponseStatus = a});
+cpvrsResponseStatus = lens _cpvrsResponseStatus (\ s a -> s{_cpvrsResponseStatus = a})
 
 instance NFData CreatePolicyVersionResponse where
diff --git a/gen/Network/AWS/IAM/CreateRole.hs b/gen/Network/AWS/IAM/CreateRole.hs
--- a/gen/Network/AWS/IAM/CreateRole.hs
+++ b/gen/Network/AWS/IAM/CreateRole.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateRole
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Creates a new role for your AWS account. For more information about roles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html Working with Roles> . For information about limitations on role names and the number of roles you can create, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities> in the /IAM User Guide/ .
+-- Creates a new role for your AWS account. For more information about roles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html IAM Roles> . For information about limitations on role names and the number of roles you can create, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html Limitations on IAM Entities> in the /IAM User Guide/ .
 --
 --
 module Network.AWS.IAM.CreateRole
@@ -27,6 +27,7 @@
       createRole
     , CreateRole
     -- * Request Lenses
+    , crMaxSessionDuration
     , crPath
     , crDescription
     , crRoleName
@@ -49,7 +50,8 @@
 
 -- | /See:/ 'createRole' smart constructor.
 data CreateRole = CreateRole'
-  { _crPath                     :: !(Maybe Text)
+  { _crMaxSessionDuration       :: !(Maybe Nat)
+  , _crPath                     :: !(Maybe Text)
   , _crDescription              :: !(Maybe Text)
   , _crRoleName                 :: !Text
   , _crAssumeRolePolicyDocument :: !Text
@@ -60,41 +62,48 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'crPath' - The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'crMaxSessionDuration' - The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI or API can use the @DurationSeconds@ API parameter or the @duration-seconds@ CLI parameter to request a longer session. The @MaxSessionDuration@ setting determines the maximum duration that can be requested using the @DurationSeconds@ parameter. If users don't specify a value for the @DurationSeconds@ parameter, their security credentials are valid for one hour by default. This applies when you use the @AssumeRole*@ API operations or the @assume-role*@ CLI operations but does not apply when you use those operations to create a console URL. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html Using IAM Roles> in the /IAM User Guide/ .
 --
--- * 'crDescription' - A customer-provided description of the role.
+-- * 'crPath' - The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
+-- * 'crDescription' - A description of the role.
+--
 -- * 'crRoleName' - The name of the role to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- Role names are not distinguished by case. For example, you cannot create roles named both "PRODROLE" and "prodrole".
 --
--- * 'crAssumeRolePolicyDocument' - The trust relationship policy document that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'crAssumeRolePolicyDocument' - The trust relationship policy document that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 createRole
     :: Text -- ^ 'crRoleName'
     -> Text -- ^ 'crAssumeRolePolicyDocument'
     -> CreateRole
 createRole pRoleName_ pAssumeRolePolicyDocument_ =
   CreateRole'
-  { _crPath = Nothing
-  , _crDescription = Nothing
-  , _crRoleName = pRoleName_
-  , _crAssumeRolePolicyDocument = pAssumeRolePolicyDocument_
-  }
+    { _crMaxSessionDuration = Nothing
+    , _crPath = Nothing
+    , _crDescription = Nothing
+    , _crRoleName = pRoleName_
+    , _crAssumeRolePolicyDocument = pAssumeRolePolicyDocument_
+    }
 
 
--- | The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI or API can use the @DurationSeconds@ API parameter or the @duration-seconds@ CLI parameter to request a longer session. The @MaxSessionDuration@ setting determines the maximum duration that can be requested using the @DurationSeconds@ parameter. If users don't specify a value for the @DurationSeconds@ parameter, their security credentials are valid for one hour by default. This applies when you use the @AssumeRole*@ API operations or the @assume-role*@ CLI operations but does not apply when you use those operations to create a console URL. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html Using IAM Roles> in the /IAM User Guide/ .
+crMaxSessionDuration :: Lens' CreateRole (Maybe Natural)
+crMaxSessionDuration = lens _crMaxSessionDuration (\ s a -> s{_crMaxSessionDuration = a}) . mapping _Nat
+
+-- | The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 crPath :: Lens' CreateRole (Maybe Text)
-crPath = lens _crPath (\ s a -> s{_crPath = a});
+crPath = lens _crPath (\ s a -> s{_crPath = a})
 
--- | A customer-provided description of the role.
+-- | A description of the role.
 crDescription :: Lens' CreateRole (Maybe Text)
-crDescription = lens _crDescription (\ s a -> s{_crDescription = a});
+crDescription = lens _crDescription (\ s a -> s{_crDescription = a})
 
 -- | The name of the role to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- Role names are not distinguished by case. For example, you cannot create roles named both "PRODROLE" and "prodrole".
 crRoleName :: Lens' CreateRole Text
-crRoleName = lens _crRoleName (\ s a -> s{_crRoleName = a});
+crRoleName = lens _crRoleName (\ s a -> s{_crRoleName = a})
 
--- | The trust relationship policy document that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The trust relationship policy document that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 crAssumeRolePolicyDocument :: Lens' CreateRole Text
-crAssumeRolePolicyDocument = lens _crAssumeRolePolicyDocument (\ s a -> s{_crAssumeRolePolicyDocument = a});
+crAssumeRolePolicyDocument = lens _crAssumeRolePolicyDocument (\ s a -> s{_crAssumeRolePolicyDocument = a})
 
 instance AWSRequest CreateRole where
         type Rs CreateRole = CreateRoleResponse
@@ -120,6 +129,7 @@
           = mconcat
               ["Action" =: ("CreateRole" :: ByteString),
                "Version" =: ("2010-05-08" :: ByteString),
+               "MaxSessionDuration" =: _crMaxSessionDuration,
                "Path" =: _crPath, "Description" =: _crDescription,
                "RoleName" =: _crRoleName,
                "AssumeRolePolicyDocument" =:
@@ -149,15 +159,15 @@
     -> CreateRoleResponse
 createRoleResponse pResponseStatus_ pRole_ =
   CreateRoleResponse'
-  {_crrsResponseStatus = pResponseStatus_, _crrsRole = pRole_}
+    {_crrsResponseStatus = pResponseStatus_, _crrsRole = pRole_}
 
 
 -- | -- | The response status code.
 crrsResponseStatus :: Lens' CreateRoleResponse Int
-crrsResponseStatus = lens _crrsResponseStatus (\ s a -> s{_crrsResponseStatus = a});
+crrsResponseStatus = lens _crrsResponseStatus (\ s a -> s{_crrsResponseStatus = a})
 
 -- | A structure containing details about the new role.
 crrsRole :: Lens' CreateRoleResponse Role
-crrsRole = lens _crrsRole (\ s a -> s{_crrsRole = a});
+crrsRole = lens _crrsRole (\ s a -> s{_crrsRole = a})
 
 instance NFData CreateRoleResponse where
diff --git a/gen/Network/AWS/IAM/CreateSAMLProvider.hs b/gen/Network/AWS/IAM/CreateSAMLProvider.hs
--- a/gen/Network/AWS/IAM/CreateSAMLProvider.hs
+++ b/gen/Network/AWS/IAM/CreateSAMLProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateSAMLProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,9 +21,9 @@
 -- Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.
 --
 --
--- The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy to enable federated users who sign-in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.
+-- The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign-in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.
 --
--- When you create the SAML provider resource, you upload an a SAML metadata document that you get from your IdP and that includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.
+-- When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.
 --
 -- For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html Enabling SAML 2.0 Federated Users to Access the AWS Management Console> and <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html About SAML 2.0-based Federation> in the /IAM User Guide/ .
 --
@@ -64,23 +64,23 @@
 --
 -- * 'csamlpSAMLMetadataDocument' - An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html About SAML 2.0-based Federation> in the /IAM User Guide/
 --
--- * 'csamlpName' - The name of the provider to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'csamlpName' - The name of the provider to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 createSAMLProvider
     :: Text -- ^ 'csamlpSAMLMetadataDocument'
     -> Text -- ^ 'csamlpName'
     -> CreateSAMLProvider
 createSAMLProvider pSAMLMetadataDocument_ pName_ =
   CreateSAMLProvider'
-  {_csamlpSAMLMetadataDocument = pSAMLMetadataDocument_, _csamlpName = pName_}
+    {_csamlpSAMLMetadataDocument = pSAMLMetadataDocument_, _csamlpName = pName_}
 
 
 -- | An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html About SAML 2.0-based Federation> in the /IAM User Guide/
 csamlpSAMLMetadataDocument :: Lens' CreateSAMLProvider Text
-csamlpSAMLMetadataDocument = lens _csamlpSAMLMetadataDocument (\ s a -> s{_csamlpSAMLMetadataDocument = a});
+csamlpSAMLMetadataDocument = lens _csamlpSAMLMetadataDocument (\ s a -> s{_csamlpSAMLMetadataDocument = a})
 
--- | The name of the provider to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the provider to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 csamlpName :: Lens' CreateSAMLProvider Text
-csamlpName = lens _csamlpName (\ s a -> s{_csamlpName = a});
+csamlpName = lens _csamlpName (\ s a -> s{_csamlpName = a})
 
 instance AWSRequest CreateSAMLProvider where
         type Rs CreateSAMLProvider =
@@ -134,17 +134,17 @@
     -> CreateSAMLProviderResponse
 createSAMLProviderResponse pResponseStatus_ =
   CreateSAMLProviderResponse'
-  { _csamlprsSAMLProviderARN = Nothing
-  , _csamlprsResponseStatus = pResponseStatus_
-  }
+    { _csamlprsSAMLProviderARN = Nothing
+    , _csamlprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.
 csamlprsSAMLProviderARN :: Lens' CreateSAMLProviderResponse (Maybe Text)
-csamlprsSAMLProviderARN = lens _csamlprsSAMLProviderARN (\ s a -> s{_csamlprsSAMLProviderARN = a});
+csamlprsSAMLProviderARN = lens _csamlprsSAMLProviderARN (\ s a -> s{_csamlprsSAMLProviderARN = a})
 
 -- | -- | The response status code.
 csamlprsResponseStatus :: Lens' CreateSAMLProviderResponse Int
-csamlprsResponseStatus = lens _csamlprsResponseStatus (\ s a -> s{_csamlprsResponseStatus = a});
+csamlprsResponseStatus = lens _csamlprsResponseStatus (\ s a -> s{_csamlprsResponseStatus = a})
 
 instance NFData CreateSAMLProviderResponse where
diff --git a/gen/Network/AWS/IAM/CreateServiceLinkedRole.hs b/gen/Network/AWS/IAM/CreateServiceLinkedRole.hs
--- a/gen/Network/AWS/IAM/CreateServiceLinkedRole.hs
+++ b/gen/Network/AWS/IAM/CreateServiceLinkedRole.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateServiceLinkedRole
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed.
 --
 --
--- The name of the role is autogenerated by combining the string that you specify for the @AWSServiceName@ parameter with the string that you specify for the @CustomSuffix@ parameter. The resulting name must be unique in your account or the request fails.
+-- The name of the role is generated by combining the string that you specify for the @AWSServiceName@ parameter with the string that you specify for the @CustomSuffix@ parameter. The resulting name must be unique in your account or the request fails.
 --
 -- To attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.
 --
@@ -72,23 +72,23 @@
     -> CreateServiceLinkedRole
 createServiceLinkedRole pAWSServiceName_ =
   CreateServiceLinkedRole'
-  { _cslrCustomSuffix = Nothing
-  , _cslrDescription = Nothing
-  , _cslrAWSServiceName = pAWSServiceName_
-  }
+    { _cslrCustomSuffix = Nothing
+    , _cslrDescription = Nothing
+    , _cslrAWSServiceName = pAWSServiceName_
+    }
 
 
 -- | A string that you provide, which is combined with the service name to form the complete role name. If you make multiple requests for the same service, then you must supply a different @CustomSuffix@ for each request. Otherwise the request fails with a duplicate role name error. For example, you could add @-1@ or @-debug@ to the suffix.
 cslrCustomSuffix :: Lens' CreateServiceLinkedRole (Maybe Text)
-cslrCustomSuffix = lens _cslrCustomSuffix (\ s a -> s{_cslrCustomSuffix = a});
+cslrCustomSuffix = lens _cslrCustomSuffix (\ s a -> s{_cslrCustomSuffix = a})
 
 -- | The description of the role.
 cslrDescription :: Lens' CreateServiceLinkedRole (Maybe Text)
-cslrDescription = lens _cslrDescription (\ s a -> s{_cslrDescription = a});
+cslrDescription = lens _cslrDescription (\ s a -> s{_cslrDescription = a})
 
 -- | The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: @elasticbeanstalk.amazonaws.com@
 cslrAWSServiceName :: Lens' CreateServiceLinkedRole Text
-cslrAWSServiceName = lens _cslrAWSServiceName (\ s a -> s{_cslrAWSServiceName = a});
+cslrAWSServiceName = lens _cslrAWSServiceName (\ s a -> s{_cslrAWSServiceName = a})
 
 instance AWSRequest CreateServiceLinkedRole where
         type Rs CreateServiceLinkedRole =
@@ -139,15 +139,15 @@
     -> CreateServiceLinkedRoleResponse
 createServiceLinkedRoleResponse pResponseStatus_ =
   CreateServiceLinkedRoleResponse'
-  {_cslrrsRole = Nothing, _cslrrsResponseStatus = pResponseStatus_}
+    {_cslrrsRole = Nothing, _cslrrsResponseStatus = pResponseStatus_}
 
 
 -- | A 'Role' object that contains details about the newly created role.
 cslrrsRole :: Lens' CreateServiceLinkedRoleResponse (Maybe Role)
-cslrrsRole = lens _cslrrsRole (\ s a -> s{_cslrrsRole = a});
+cslrrsRole = lens _cslrrsRole (\ s a -> s{_cslrrsRole = a})
 
 -- | -- | The response status code.
 cslrrsResponseStatus :: Lens' CreateServiceLinkedRoleResponse Int
-cslrrsResponseStatus = lens _cslrrsResponseStatus (\ s a -> s{_cslrrsResponseStatus = a});
+cslrrsResponseStatus = lens _cslrrsResponseStatus (\ s a -> s{_cslrrsResponseStatus = a})
 
 instance NFData CreateServiceLinkedRoleResponse where
diff --git a/gen/Network/AWS/IAM/CreateServiceSpecificCredential.hs b/gen/Network/AWS/IAM/CreateServiceSpecificCredential.hs
--- a/gen/Network/AWS/IAM/CreateServiceSpecificCredential.hs
+++ b/gen/Network/AWS/IAM/CreateServiceSpecificCredential.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateServiceSpecificCredential
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -64,7 +64,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'csscUserName' - The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'csscUserName' - The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'csscServiceName' - The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
 createServiceSpecificCredential
@@ -73,16 +73,16 @@
     -> CreateServiceSpecificCredential
 createServiceSpecificCredential pUserName_ pServiceName_ =
   CreateServiceSpecificCredential'
-  {_csscUserName = pUserName_, _csscServiceName = pServiceName_}
+    {_csscUserName = pUserName_, _csscServiceName = pServiceName_}
 
 
--- | The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 csscUserName :: Lens' CreateServiceSpecificCredential Text
-csscUserName = lens _csscUserName (\ s a -> s{_csscUserName = a});
+csscUserName = lens _csscUserName (\ s a -> s{_csscUserName = a})
 
 -- | The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.
 csscServiceName :: Lens' CreateServiceSpecificCredential Text
-csscServiceName = lens _csscServiceName (\ s a -> s{_csscServiceName = a});
+csscServiceName = lens _csscServiceName (\ s a -> s{_csscServiceName = a})
 
 instance AWSRequest CreateServiceSpecificCredential
          where
@@ -138,18 +138,18 @@
     -> CreateServiceSpecificCredentialResponse
 createServiceSpecificCredentialResponse pResponseStatus_ =
   CreateServiceSpecificCredentialResponse'
-  { _csscrsServiceSpecificCredential = Nothing
-  , _csscrsResponseStatus = pResponseStatus_
-  }
+    { _csscrsServiceSpecificCredential = Nothing
+    , _csscrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A structure that contains information about the newly created service-specific credential. /Important:/ This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you will have to reset the password with 'ResetServiceSpecificCredential' .
 csscrsServiceSpecificCredential :: Lens' CreateServiceSpecificCredentialResponse (Maybe ServiceSpecificCredential)
-csscrsServiceSpecificCredential = lens _csscrsServiceSpecificCredential (\ s a -> s{_csscrsServiceSpecificCredential = a});
+csscrsServiceSpecificCredential = lens _csscrsServiceSpecificCredential (\ s a -> s{_csscrsServiceSpecificCredential = a})
 
 -- | -- | The response status code.
 csscrsResponseStatus :: Lens' CreateServiceSpecificCredentialResponse Int
-csscrsResponseStatus = lens _csscrsResponseStatus (\ s a -> s{_csscrsResponseStatus = a});
+csscrsResponseStatus = lens _csscrsResponseStatus (\ s a -> s{_csscrsResponseStatus = a})
 
 instance NFData
            CreateServiceSpecificCredentialResponse
diff --git a/gen/Network/AWS/IAM/CreateUser.hs b/gen/Network/AWS/IAM/CreateUser.hs
--- a/gen/Network/AWS/IAM/CreateUser.hs
+++ b/gen/Network/AWS/IAM/CreateUser.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateUser
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -58,9 +58,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'cuPath' - The path for the user name. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'cuPath' - The path for the user name. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'cuUserName' - The name of the user to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".
+-- * 'cuUserName' - The name of the user to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".
 createUser
     :: Text -- ^ 'cuUserName'
     -> CreateUser
@@ -68,13 +68,13 @@
   CreateUser' {_cuPath = Nothing, _cuUserName = pUserName_}
 
 
--- | The path for the user name. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path for the user name. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 cuPath :: Lens' CreateUser (Maybe Text)
-cuPath = lens _cuPath (\ s a -> s{_cuPath = a});
+cuPath = lens _cuPath (\ s a -> s{_cuPath = a})
 
--- | The name of the user to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".
+-- | The name of the user to create. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".
 cuUserName :: Lens' CreateUser Text
-cuUserName = lens _cuUserName (\ s a -> s{_cuUserName = a});
+cuUserName = lens _cuUserName (\ s a -> s{_cuUserName = a})
 
 instance AWSRequest CreateUser where
         type Rs CreateUser = CreateUserResponse
@@ -125,15 +125,15 @@
     -> CreateUserResponse
 createUserResponse pResponseStatus_ =
   CreateUserResponse'
-  {_cursUser = Nothing, _cursResponseStatus = pResponseStatus_}
+    {_cursUser = Nothing, _cursResponseStatus = pResponseStatus_}
 
 
 -- | A structure with details about the new IAM user.
 cursUser :: Lens' CreateUserResponse (Maybe User)
-cursUser = lens _cursUser (\ s a -> s{_cursUser = a});
+cursUser = lens _cursUser (\ s a -> s{_cursUser = a})
 
 -- | -- | The response status code.
 cursResponseStatus :: Lens' CreateUserResponse Int
-cursResponseStatus = lens _cursResponseStatus (\ s a -> s{_cursResponseStatus = a});
+cursResponseStatus = lens _cursResponseStatus (\ s a -> s{_cursResponseStatus = a})
 
 instance NFData CreateUserResponse where
diff --git a/gen/Network/AWS/IAM/CreateVirtualMFADevice.hs b/gen/Network/AWS/IAM/CreateVirtualMFADevice.hs
--- a/gen/Network/AWS/IAM/CreateVirtualMFADevice.hs
+++ b/gen/Network/AWS/IAM/CreateVirtualMFADevice.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.CreateVirtualMFADevice
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -60,24 +60,24 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'cvmdPath' - The path for the virtual MFA device. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'cvmdPath' - The path for the virtual MFA device. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'cvmdVirtualMFADeviceName' - The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'cvmdVirtualMFADeviceName' - The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 createVirtualMFADevice
     :: Text -- ^ 'cvmdVirtualMFADeviceName'
     -> CreateVirtualMFADevice
 createVirtualMFADevice pVirtualMFADeviceName_ =
   CreateVirtualMFADevice'
-  {_cvmdPath = Nothing, _cvmdVirtualMFADeviceName = pVirtualMFADeviceName_}
+    {_cvmdPath = Nothing, _cvmdVirtualMFADeviceName = pVirtualMFADeviceName_}
 
 
--- | The path for the virtual MFA device. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path for the virtual MFA device. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 cvmdPath :: Lens' CreateVirtualMFADevice (Maybe Text)
-cvmdPath = lens _cvmdPath (\ s a -> s{_cvmdPath = a});
+cvmdPath = lens _cvmdPath (\ s a -> s{_cvmdPath = a})
 
--- | The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the virtual MFA device. Use with path to uniquely identify a virtual MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 cvmdVirtualMFADeviceName :: Lens' CreateVirtualMFADevice Text
-cvmdVirtualMFADeviceName = lens _cvmdVirtualMFADeviceName (\ s a -> s{_cvmdVirtualMFADeviceName = a});
+cvmdVirtualMFADeviceName = lens _cvmdVirtualMFADeviceName (\ s a -> s{_cvmdVirtualMFADeviceName = a})
 
 instance AWSRequest CreateVirtualMFADevice where
         type Rs CreateVirtualMFADevice =
@@ -132,17 +132,17 @@
     -> CreateVirtualMFADeviceResponse
 createVirtualMFADeviceResponse pResponseStatus_ pVirtualMFADevice_ =
   CreateVirtualMFADeviceResponse'
-  { _cvmdrsResponseStatus = pResponseStatus_
-  , _cvmdrsVirtualMFADevice = pVirtualMFADevice_
-  }
+    { _cvmdrsResponseStatus = pResponseStatus_
+    , _cvmdrsVirtualMFADevice = pVirtualMFADevice_
+    }
 
 
 -- | -- | The response status code.
 cvmdrsResponseStatus :: Lens' CreateVirtualMFADeviceResponse Int
-cvmdrsResponseStatus = lens _cvmdrsResponseStatus (\ s a -> s{_cvmdrsResponseStatus = a});
+cvmdrsResponseStatus = lens _cvmdrsResponseStatus (\ s a -> s{_cvmdrsResponseStatus = a})
 
 -- | A structure containing details about the new virtual MFA device.
 cvmdrsVirtualMFADevice :: Lens' CreateVirtualMFADeviceResponse VirtualMFADevice
-cvmdrsVirtualMFADevice = lens _cvmdrsVirtualMFADevice (\ s a -> s{_cvmdrsVirtualMFADevice = a});
+cvmdrsVirtualMFADevice = lens _cvmdrsVirtualMFADevice (\ s a -> s{_cvmdrsVirtualMFADevice = a})
 
 instance NFData CreateVirtualMFADeviceResponse where
diff --git a/gen/Network/AWS/IAM/DeactivateMFADevice.hs b/gen/Network/AWS/IAM/DeactivateMFADevice.hs
--- a/gen/Network/AWS/IAM/DeactivateMFADevice.hs
+++ b/gen/Network/AWS/IAM/DeactivateMFADevice.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeactivateMFADevice
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dmdUserName' - The name of the user whose MFA device you want to deactivate. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dmdUserName' - The name of the user whose MFA device you want to deactivate. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'dmdSerialNumber' - The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
 deactivateMFADevice
@@ -64,16 +64,16 @@
     -> DeactivateMFADevice
 deactivateMFADevice pUserName_ pSerialNumber_ =
   DeactivateMFADevice'
-  {_dmdUserName = pUserName_, _dmdSerialNumber = pSerialNumber_}
+    {_dmdUserName = pUserName_, _dmdSerialNumber = pSerialNumber_}
 
 
--- | The name of the user whose MFA device you want to deactivate. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose MFA device you want to deactivate. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dmdUserName :: Lens' DeactivateMFADevice Text
-dmdUserName = lens _dmdUserName (\ s a -> s{_dmdUserName = a});
+dmdUserName = lens _dmdUserName (\ s a -> s{_dmdUserName = a})
 
 -- | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
 dmdSerialNumber :: Lens' DeactivateMFADevice Text
-dmdSerialNumber = lens _dmdSerialNumber (\ s a -> s{_dmdSerialNumber = a});
+dmdSerialNumber = lens _dmdSerialNumber (\ s a -> s{_dmdSerialNumber = a})
 
 instance AWSRequest DeactivateMFADevice where
         type Rs DeactivateMFADevice =
diff --git a/gen/Network/AWS/IAM/DeleteAccessKey.hs b/gen/Network/AWS/IAM/DeleteAccessKey.hs
--- a/gen/Network/AWS/IAM/DeleteAccessKey.hs
+++ b/gen/Network/AWS/IAM/DeleteAccessKey.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteAccessKey
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Deletes the access key pair associated with the specified IAM user.
 --
 --
--- If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
+-- If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
 --
 module Network.AWS.IAM.DeleteAccessKey
     (
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dakUserName' - The name of the user whose access key pair you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dakUserName' - The name of the user whose access key pair you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'dakAccessKeyId' - The access key ID for the access key ID and secret access key you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 deleteAccessKey
@@ -65,13 +65,13 @@
   DeleteAccessKey' {_dakUserName = Nothing, _dakAccessKeyId = pAccessKeyId_}
 
 
--- | The name of the user whose access key pair you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose access key pair you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dakUserName :: Lens' DeleteAccessKey (Maybe Text)
-dakUserName = lens _dakUserName (\ s a -> s{_dakUserName = a});
+dakUserName = lens _dakUserName (\ s a -> s{_dakUserName = a})
 
 -- | The access key ID for the access key ID and secret access key you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 dakAccessKeyId :: Lens' DeleteAccessKey AccessKey
-dakAccessKeyId = lens _dakAccessKeyId (\ s a -> s{_dakAccessKeyId = a});
+dakAccessKeyId = lens _dakAccessKeyId (\ s a -> s{_dakAccessKeyId = a})
 
 instance AWSRequest DeleteAccessKey where
         type Rs DeleteAccessKey = DeleteAccessKeyResponse
diff --git a/gen/Network/AWS/IAM/DeleteAccountAlias.hs b/gen/Network/AWS/IAM/DeleteAccountAlias.hs
--- a/gen/Network/AWS/IAM/DeleteAccountAlias.hs
+++ b/gen/Network/AWS/IAM/DeleteAccountAlias.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteAccountAlias
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -61,7 +61,7 @@
 
 -- | The name of the account alias to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of lowercase letters, digits, and dashes. You cannot start or finish with a dash, nor can you have two dashes in a row.
 daaAccountAlias :: Lens' DeleteAccountAlias Text
-daaAccountAlias = lens _daaAccountAlias (\ s a -> s{_daaAccountAlias = a});
+daaAccountAlias = lens _daaAccountAlias (\ s a -> s{_daaAccountAlias = a})
 
 instance AWSRequest DeleteAccountAlias where
         type Rs DeleteAccountAlias =
diff --git a/gen/Network/AWS/IAM/DeleteAccountPasswordPolicy.hs b/gen/Network/AWS/IAM/DeleteAccountPasswordPolicy.hs
--- a/gen/Network/AWS/IAM/DeleteAccountPasswordPolicy.hs
+++ b/gen/Network/AWS/IAM/DeleteAccountPasswordPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteAccountPasswordPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/gen/Network/AWS/IAM/DeleteGroup.hs b/gen/Network/AWS/IAM/DeleteGroup.hs
--- a/gen/Network/AWS/IAM/DeleteGroup.hs
+++ b/gen/Network/AWS/IAM/DeleteGroup.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteGroup
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -51,16 +51,16 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dgGroupName' - The name of the IAM group to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dgGroupName' - The name of the IAM group to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteGroup
     :: Text -- ^ 'dgGroupName'
     -> DeleteGroup
 deleteGroup pGroupName_ = DeleteGroup' {_dgGroupName = pGroupName_}
 
 
--- | The name of the IAM group to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM group to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dgGroupName :: Lens' DeleteGroup Text
-dgGroupName = lens _dgGroupName (\ s a -> s{_dgGroupName = a});
+dgGroupName = lens _dgGroupName (\ s a -> s{_dgGroupName = a})
 
 instance AWSRequest DeleteGroup where
         type Rs DeleteGroup = DeleteGroupResponse
diff --git a/gen/Network/AWS/IAM/DeleteGroupPolicy.hs b/gen/Network/AWS/IAM/DeleteGroupPolicy.hs
--- a/gen/Network/AWS/IAM/DeleteGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/DeleteGroupPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteGroupPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -55,9 +55,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dGroupName' - The name (friendly name, not ARN) identifying the group that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dGroupName' - The name (friendly name, not ARN) identifying the group that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'dPolicyName' - The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'dPolicyName' - The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteGroupPolicy
     :: Text -- ^ 'dGroupName'
     -> Text -- ^ 'dPolicyName'
@@ -66,13 +66,13 @@
   DeleteGroupPolicy' {_dGroupName = pGroupName_, _dPolicyName = pPolicyName_}
 
 
--- | The name (friendly name, not ARN) identifying the group that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) identifying the group that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dGroupName :: Lens' DeleteGroupPolicy Text
-dGroupName = lens _dGroupName (\ s a -> s{_dGroupName = a});
+dGroupName = lens _dGroupName (\ s a -> s{_dGroupName = a})
 
--- | The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dPolicyName :: Lens' DeleteGroupPolicy Text
-dPolicyName = lens _dPolicyName (\ s a -> s{_dPolicyName = a});
+dPolicyName = lens _dPolicyName (\ s a -> s{_dPolicyName = a})
 
 instance AWSRequest DeleteGroupPolicy where
         type Rs DeleteGroupPolicy = DeleteGroupPolicyResponse
diff --git a/gen/Network/AWS/IAM/DeleteInstanceProfile.hs b/gen/Network/AWS/IAM/DeleteInstanceProfile.hs
--- a/gen/Network/AWS/IAM/DeleteInstanceProfile.hs
+++ b/gen/Network/AWS/IAM/DeleteInstanceProfile.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteInstanceProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Deletes the specified instance profile. The instance profile must not have an associated role.
 --
 --
--- /Important:/ Make sure you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
+-- /Important:/ Make sure that you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
 --
 -- For more information about instance profiles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html About Instance Profiles> .
 --
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dipInstanceProfileName' - The name of the instance profile to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dipInstanceProfileName' - The name of the instance profile to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteInstanceProfile
     :: Text -- ^ 'dipInstanceProfileName'
     -> DeleteInstanceProfile
@@ -63,9 +63,9 @@
   DeleteInstanceProfile' {_dipInstanceProfileName = pInstanceProfileName_}
 
 
--- | The name of the instance profile to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the instance profile to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dipInstanceProfileName :: Lens' DeleteInstanceProfile Text
-dipInstanceProfileName = lens _dipInstanceProfileName (\ s a -> s{_dipInstanceProfileName = a});
+dipInstanceProfileName = lens _dipInstanceProfileName (\ s a -> s{_dipInstanceProfileName = a})
 
 instance AWSRequest DeleteInstanceProfile where
         type Rs DeleteInstanceProfile =
diff --git a/gen/Network/AWS/IAM/DeleteLoginProfile.hs b/gen/Network/AWS/IAM/DeleteLoginProfile.hs
--- a/gen/Network/AWS/IAM/DeleteLoginProfile.hs
+++ b/gen/Network/AWS/IAM/DeleteLoginProfile.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteLoginProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -53,16 +53,16 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dlpUserName' - The name of the user whose password you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dlpUserName' - The name of the user whose password you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteLoginProfile
     :: Text -- ^ 'dlpUserName'
     -> DeleteLoginProfile
 deleteLoginProfile pUserName_ = DeleteLoginProfile' {_dlpUserName = pUserName_}
 
 
--- | The name of the user whose password you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose password you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dlpUserName :: Lens' DeleteLoginProfile Text
-dlpUserName = lens _dlpUserName (\ s a -> s{_dlpUserName = a});
+dlpUserName = lens _dlpUserName (\ s a -> s{_dlpUserName = a})
 
 instance AWSRequest DeleteLoginProfile where
         type Rs DeleteLoginProfile =
diff --git a/gen/Network/AWS/IAM/DeleteOpenIdConnectProvider.hs b/gen/Network/AWS/IAM/DeleteOpenIdConnectProvider.hs
--- a/gen/Network/AWS/IAM/DeleteOpenIdConnectProvider.hs
+++ b/gen/Network/AWS/IAM/DeleteOpenIdConnectProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteOpenIdConnectProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in their trust policies. Any attempt to assume a role that references a deleted provider fails.
 --
--- This action is idempotent; it does not fail or return an error if you call the action for a provider that does not exist.
+-- This operation is idempotent; it does not fail or return an error if you call the operation for a provider that does not exist.
 --
 module Network.AWS.IAM.DeleteOpenIdConnectProvider
     (
@@ -55,18 +55,18 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'doicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the 'ListOpenIDConnectProviders' action.
+-- * 'doicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the 'ListOpenIDConnectProviders' operation.
 deleteOpenIdConnectProvider
     :: Text -- ^ 'doicpOpenIdConnectProviderARN'
     -> DeleteOpenIdConnectProvider
 deleteOpenIdConnectProvider pOpenIdConnectProviderARN_ =
   DeleteOpenIdConnectProvider'
-  {_doicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_}
+    {_doicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_}
 
 
--- | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the 'ListOpenIDConnectProviders' action.
+-- | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the 'ListOpenIDConnectProviders' operation.
 doicpOpenIdConnectProviderARN :: Lens' DeleteOpenIdConnectProvider Text
-doicpOpenIdConnectProviderARN = lens _doicpOpenIdConnectProviderARN (\ s a -> s{_doicpOpenIdConnectProviderARN = a});
+doicpOpenIdConnectProviderARN = lens _doicpOpenIdConnectProviderARN (\ s a -> s{_doicpOpenIdConnectProviderARN = a})
 
 instance AWSRequest DeleteOpenIdConnectProvider where
         type Rs DeleteOpenIdConnectProvider =
diff --git a/gen/Network/AWS/IAM/DeletePolicy.hs b/gen/Network/AWS/IAM/DeletePolicy.hs
--- a/gen/Network/AWS/IAM/DeletePolicy.hs
+++ b/gen/Network/AWS/IAM/DeletePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeletePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,9 +21,9 @@
 -- Deletes the specified managed policy.
 --
 --
--- Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to, and you must delete all of the policy's versions. The following steps describe the process for deleting a managed policy:
+-- Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition you must delete all the policy's versions. The following steps describe the process for deleting a managed policy:
 --
---     * Detach the policy from all users, groups, and roles that the policy is attached to, using the 'DetachUserPolicy' , 'DetachGroupPolicy' , or 'DetachRolePolicy' APIs. To list all the users, groups, and roles that a policy is attached to, use 'ListEntitiesForPolicy' .
+--     * Detach the policy from all users, groups, and roles that the policy is attached to, using the 'DetachUserPolicy' , 'DetachGroupPolicy' , or 'DetachRolePolicy' API operations. To list all the users, groups, and roles that a policy is attached to, use 'ListEntitiesForPolicy' .
 --
 --     * Delete all versions of the policy using 'DeletePolicyVersion' . To list the policy's versions, use 'ListPolicyVersions' . You cannot use 'DeletePolicyVersion' to delete the version that is marked as the default version. You delete the policy's default version in the next step of the process.
 --
@@ -72,7 +72,7 @@
 
 -- | The Amazon Resource Name (ARN) of the IAM policy you want to delete. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 dpPolicyARN :: Lens' DeletePolicy Text
-dpPolicyARN = lens _dpPolicyARN (\ s a -> s{_dpPolicyARN = a});
+dpPolicyARN = lens _dpPolicyARN (\ s a -> s{_dpPolicyARN = a})
 
 instance AWSRequest DeletePolicy where
         type Rs DeletePolicy = DeletePolicyResponse
diff --git a/gen/Network/AWS/IAM/DeletePolicyVersion.hs b/gen/Network/AWS/IAM/DeletePolicyVersion.hs
--- a/gen/Network/AWS/IAM/DeletePolicyVersion.hs
+++ b/gen/Network/AWS/IAM/DeletePolicyVersion.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeletePolicyVersion
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -66,16 +66,16 @@
     -> DeletePolicyVersion
 deletePolicyVersion pPolicyARN_ pVersionId_ =
   DeletePolicyVersion'
-  {_dpvPolicyARN = pPolicyARN_, _dpvVersionId = pVersionId_}
+    {_dpvPolicyARN = pPolicyARN_, _dpvVersionId = pVersionId_}
 
 
 -- | The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 dpvPolicyARN :: Lens' DeletePolicyVersion Text
-dpvPolicyARN = lens _dpvPolicyARN (\ s a -> s{_dpvPolicyARN = a});
+dpvPolicyARN = lens _dpvPolicyARN (\ s a -> s{_dpvPolicyARN = a})
 
 -- | The policy version to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits. For more information about managed policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /IAM User Guide/ .
 dpvVersionId :: Lens' DeletePolicyVersion Text
-dpvVersionId = lens _dpvVersionId (\ s a -> s{_dpvVersionId = a});
+dpvVersionId = lens _dpvVersionId (\ s a -> s{_dpvVersionId = a})
 
 instance AWSRequest DeletePolicyVersion where
         type Rs DeletePolicyVersion =
diff --git a/gen/Network/AWS/IAM/DeleteRole.hs b/gen/Network/AWS/IAM/DeleteRole.hs
--- a/gen/Network/AWS/IAM/DeleteRole.hs
+++ b/gen/Network/AWS/IAM/DeleteRole.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteRole
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Deletes the specified role. The role must not have any policies attached. For more information about roles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html Working with Roles> .
 --
 --
--- /Important:/ Make sure you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
+-- /Important:/ Make sure that you do not have any Amazon EC2 instances running with the role you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.
 --
 module Network.AWS.IAM.DeleteRole
     (
@@ -62,7 +62,7 @@
 
 -- | The name of the role to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 drRoleName :: Lens' DeleteRole Text
-drRoleName = lens _drRoleName (\ s a -> s{_drRoleName = a});
+drRoleName = lens _drRoleName (\ s a -> s{_drRoleName = a})
 
 instance AWSRequest DeleteRole where
         type Rs DeleteRole = DeleteRoleResponse
diff --git a/gen/Network/AWS/IAM/DeleteRolePolicy.hs b/gen/Network/AWS/IAM/DeleteRolePolicy.hs
--- a/gen/Network/AWS/IAM/DeleteRolePolicy.hs
+++ b/gen/Network/AWS/IAM/DeleteRolePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteRolePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,7 +57,7 @@
 --
 -- * 'delRoleName' - The name (friendly name, not ARN) identifying the role that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'delPolicyName' - The name of the inline policy to delete from the specified IAM role. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'delPolicyName' - The name of the inline policy to delete from the specified IAM role. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteRolePolicy
     :: Text -- ^ 'delRoleName'
     -> Text -- ^ 'delPolicyName'
@@ -68,11 +68,11 @@
 
 -- | The name (friendly name, not ARN) identifying the role that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 delRoleName :: Lens' DeleteRolePolicy Text
-delRoleName = lens _delRoleName (\ s a -> s{_delRoleName = a});
+delRoleName = lens _delRoleName (\ s a -> s{_delRoleName = a})
 
--- | The name of the inline policy to delete from the specified IAM role. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name of the inline policy to delete from the specified IAM role. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 delPolicyName :: Lens' DeleteRolePolicy Text
-delPolicyName = lens _delPolicyName (\ s a -> s{_delPolicyName = a});
+delPolicyName = lens _delPolicyName (\ s a -> s{_delPolicyName = a})
 
 instance AWSRequest DeleteRolePolicy where
         type Rs DeleteRolePolicy = DeleteRolePolicyResponse
diff --git a/gen/Network/AWS/IAM/DeleteSAMLProvider.hs b/gen/Network/AWS/IAM/DeleteSAMLProvider.hs
--- a/gen/Network/AWS/IAM/DeleteSAMLProvider.hs
+++ b/gen/Network/AWS/IAM/DeleteSAMLProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteSAMLProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -63,7 +63,7 @@
 
 -- | The Amazon Resource Name (ARN) of the SAML provider to delete.
 dsamlpSAMLProviderARN :: Lens' DeleteSAMLProvider Text
-dsamlpSAMLProviderARN = lens _dsamlpSAMLProviderARN (\ s a -> s{_dsamlpSAMLProviderARN = a});
+dsamlpSAMLProviderARN = lens _dsamlpSAMLProviderARN (\ s a -> s{_dsamlpSAMLProviderARN = a})
 
 instance AWSRequest DeleteSAMLProvider where
         type Rs DeleteSAMLProvider =
diff --git a/gen/Network/AWS/IAM/DeleteSSHPublicKey.hs b/gen/Network/AWS/IAM/DeleteSSHPublicKey.hs
--- a/gen/Network/AWS/IAM/DeleteSSHPublicKey.hs
+++ b/gen/Network/AWS/IAM/DeleteSSHPublicKey.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteSSHPublicKey
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Deletes the specified SSH public key.
 --
 --
--- The SSH public key deleted by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
+-- The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
 --
 module Network.AWS.IAM.DeleteSSHPublicKey
     (
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dspkUserName' - The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dspkUserName' - The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'dspkSSHPublicKeyId' - The unique identifier for the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 deleteSSHPublicKey
@@ -64,16 +64,16 @@
     -> DeleteSSHPublicKey
 deleteSSHPublicKey pUserName_ pSSHPublicKeyId_ =
   DeleteSSHPublicKey'
-  {_dspkUserName = pUserName_, _dspkSSHPublicKeyId = pSSHPublicKeyId_}
+    {_dspkUserName = pUserName_, _dspkSSHPublicKeyId = pSSHPublicKeyId_}
 
 
--- | The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dspkUserName :: Lens' DeleteSSHPublicKey Text
-dspkUserName = lens _dspkUserName (\ s a -> s{_dspkUserName = a});
+dspkUserName = lens _dspkUserName (\ s a -> s{_dspkUserName = a})
 
 -- | The unique identifier for the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 dspkSSHPublicKeyId :: Lens' DeleteSSHPublicKey Text
-dspkSSHPublicKeyId = lens _dspkSSHPublicKeyId (\ s a -> s{_dspkSSHPublicKeyId = a});
+dspkSSHPublicKeyId = lens _dspkSSHPublicKeyId (\ s a -> s{_dspkSSHPublicKeyId = a})
 
 instance AWSRequest DeleteSSHPublicKey where
         type Rs DeleteSSHPublicKey =
diff --git a/gen/Network/AWS/IAM/DeleteServerCertificate.hs b/gen/Network/AWS/IAM/DeleteServerCertificate.hs
--- a/gen/Network/AWS/IAM/DeleteServerCertificate.hs
+++ b/gen/Network/AWS/IAM/DeleteServerCertificate.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteServerCertificate
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Deletes the specified server certificate.
 --
 --
--- For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ .
+-- For more information about working with server certificates, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ . This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.
 --
 -- /Important:/ If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, go to <http://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_DeleteLoadBalancerListeners.html DeleteLoadBalancerListeners> in the /Elastic Load Balancing API Reference/ .
 --
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dscServerCertificateName' - The name of the server certificate you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dscServerCertificateName' - The name of the server certificate you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteServerCertificate
     :: Text -- ^ 'dscServerCertificateName'
     -> DeleteServerCertificate
@@ -63,9 +63,9 @@
   DeleteServerCertificate' {_dscServerCertificateName = pServerCertificateName_}
 
 
--- | The name of the server certificate you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the server certificate you want to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dscServerCertificateName :: Lens' DeleteServerCertificate Text
-dscServerCertificateName = lens _dscServerCertificateName (\ s a -> s{_dscServerCertificateName = a});
+dscServerCertificateName = lens _dscServerCertificateName (\ s a -> s{_dscServerCertificateName = a})
 
 instance AWSRequest DeleteServerCertificate where
         type Rs DeleteServerCertificate =
diff --git a/gen/Network/AWS/IAM/DeleteServiceLinkedRole.hs b/gen/Network/AWS/IAM/DeleteServiceLinkedRole.hs
--- a/gen/Network/AWS/IAM/DeleteServiceLinkedRole.hs
+++ b/gen/Network/AWS/IAM/DeleteServiceLinkedRole.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteServiceLinkedRole
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Submits a service-linked role deletion request and returns a @DeletionTaskId@ , which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the @DeletionTaskId@ of the earlier request is returned.
 --
 --
--- If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the 'GetServiceLinkedRoleDeletionStatus' API operation returns the reason for the failure, including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the <http://docs.aws.amazon.com/ AWS documentation> for your service.
+-- If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the 'GetServiceLinkedRoleDeletionStatus' API operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the <http://docs.aws.amazon.com/ AWS documentation> for your service.
 --
 -- For more information about service-linked roles, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role Roles Terms and Concepts: AWS Service-Linked Role> in the /IAM User Guide/ .
 --
@@ -68,7 +68,7 @@
 
 -- | The name of the service-linked role to be deleted.
 dslrRoleName :: Lens' DeleteServiceLinkedRole Text
-dslrRoleName = lens _dslrRoleName (\ s a -> s{_dslrRoleName = a});
+dslrRoleName = lens _dslrRoleName (\ s a -> s{_dslrRoleName = a})
 
 instance AWSRequest DeleteServiceLinkedRole where
         type Rs DeleteServiceLinkedRole =
@@ -118,17 +118,17 @@
     -> DeleteServiceLinkedRoleResponse
 deleteServiceLinkedRoleResponse pResponseStatus_ pDeletionTaskId_ =
   DeleteServiceLinkedRoleResponse'
-  { _dslrrsResponseStatus = pResponseStatus_
-  , _dslrrsDeletionTaskId = pDeletionTaskId_
-  }
+    { _dslrrsResponseStatus = pResponseStatus_
+    , _dslrrsDeletionTaskId = pDeletionTaskId_
+    }
 
 
 -- | -- | The response status code.
 dslrrsResponseStatus :: Lens' DeleteServiceLinkedRoleResponse Int
-dslrrsResponseStatus = lens _dslrrsResponseStatus (\ s a -> s{_dslrrsResponseStatus = a});
+dslrrsResponseStatus = lens _dslrrsResponseStatus (\ s a -> s{_dslrrsResponseStatus = a})
 
 -- | The deletion task identifier that you can use to check the status of the deletion. This identifier is returned in the format @task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>@ .
 dslrrsDeletionTaskId :: Lens' DeleteServiceLinkedRoleResponse Text
-dslrrsDeletionTaskId = lens _dslrrsDeletionTaskId (\ s a -> s{_dslrrsDeletionTaskId = a});
+dslrrsDeletionTaskId = lens _dslrrsDeletionTaskId (\ s a -> s{_dslrrsDeletionTaskId = a})
 
 instance NFData DeleteServiceLinkedRoleResponse where
diff --git a/gen/Network/AWS/IAM/DeleteServiceSpecificCredential.hs b/gen/Network/AWS/IAM/DeleteServiceSpecificCredential.hs
--- a/gen/Network/AWS/IAM/DeleteServiceSpecificCredential.hs
+++ b/gen/Network/AWS/IAM/DeleteServiceSpecificCredential.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteServiceSpecificCredential
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -53,7 +53,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dsscUserName' - The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dsscUserName' - The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'dsscServiceSpecificCredentialId' - The unique identifier of the service-specific credential. You can get this value by calling 'ListServiceSpecificCredentials' . This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 deleteServiceSpecificCredential
@@ -61,18 +61,18 @@
     -> DeleteServiceSpecificCredential
 deleteServiceSpecificCredential pServiceSpecificCredentialId_ =
   DeleteServiceSpecificCredential'
-  { _dsscUserName = Nothing
-  , _dsscServiceSpecificCredentialId = pServiceSpecificCredentialId_
-  }
+    { _dsscUserName = Nothing
+    , _dsscServiceSpecificCredentialId = pServiceSpecificCredentialId_
+    }
 
 
--- | The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dsscUserName :: Lens' DeleteServiceSpecificCredential (Maybe Text)
-dsscUserName = lens _dsscUserName (\ s a -> s{_dsscUserName = a});
+dsscUserName = lens _dsscUserName (\ s a -> s{_dsscUserName = a})
 
 -- | The unique identifier of the service-specific credential. You can get this value by calling 'ListServiceSpecificCredentials' . This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 dsscServiceSpecificCredentialId :: Lens' DeleteServiceSpecificCredential Text
-dsscServiceSpecificCredentialId = lens _dsscServiceSpecificCredentialId (\ s a -> s{_dsscServiceSpecificCredentialId = a});
+dsscServiceSpecificCredentialId = lens _dsscServiceSpecificCredentialId (\ s a -> s{_dsscServiceSpecificCredentialId = a})
 
 instance AWSRequest DeleteServiceSpecificCredential
          where
diff --git a/gen/Network/AWS/IAM/DeleteSigningCertificate.hs b/gen/Network/AWS/IAM/DeleteSigningCertificate.hs
--- a/gen/Network/AWS/IAM/DeleteSigningCertificate.hs
+++ b/gen/Network/AWS/IAM/DeleteSigningCertificate.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteSigningCertificate
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Deletes a signing certificate associated with the specified IAM user.
 --
 --
--- If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated IAM users.
+-- If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated IAM users.
 --
 module Network.AWS.IAM.DeleteSigningCertificate
     (
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dscUserName' - The name of the user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dscUserName' - The name of the user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'dscCertificateId' - The ID of the signing certificate to delete. The format of this parameter, as described by its <http://wikipedia.org/wiki/regex regex> pattern, is a string of characters that can be upper- or lower-cased letters or digits.
 deleteSigningCertificate
@@ -63,16 +63,16 @@
     -> DeleteSigningCertificate
 deleteSigningCertificate pCertificateId_ =
   DeleteSigningCertificate'
-  {_dscUserName = Nothing, _dscCertificateId = pCertificateId_}
+    {_dscUserName = Nothing, _dscCertificateId = pCertificateId_}
 
 
--- | The name of the user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dscUserName :: Lens' DeleteSigningCertificate (Maybe Text)
-dscUserName = lens _dscUserName (\ s a -> s{_dscUserName = a});
+dscUserName = lens _dscUserName (\ s a -> s{_dscUserName = a})
 
 -- | The ID of the signing certificate to delete. The format of this parameter, as described by its <http://wikipedia.org/wiki/regex regex> pattern, is a string of characters that can be upper- or lower-cased letters or digits.
 dscCertificateId :: Lens' DeleteSigningCertificate Text
-dscCertificateId = lens _dscCertificateId (\ s a -> s{_dscCertificateId = a});
+dscCertificateId = lens _dscCertificateId (\ s a -> s{_dscCertificateId = a})
 
 instance AWSRequest DeleteSigningCertificate where
         type Rs DeleteSigningCertificate =
diff --git a/gen/Network/AWS/IAM/DeleteUser.hs b/gen/Network/AWS/IAM/DeleteUser.hs
--- a/gen/Network/AWS/IAM/DeleteUser.hs
+++ b/gen/Network/AWS/IAM/DeleteUser.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteUser
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -51,16 +51,16 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'duUserName' - The name of the user to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'duUserName' - The name of the user to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteUser
     :: Text -- ^ 'duUserName'
     -> DeleteUser
 deleteUser pUserName_ = DeleteUser' {_duUserName = pUserName_}
 
 
--- | The name of the user to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 duUserName :: Lens' DeleteUser Text
-duUserName = lens _duUserName (\ s a -> s{_duUserName = a});
+duUserName = lens _duUserName (\ s a -> s{_duUserName = a})
 
 instance AWSRequest DeleteUser where
         type Rs DeleteUser = DeleteUserResponse
diff --git a/gen/Network/AWS/IAM/DeleteUserPolicy.hs b/gen/Network/AWS/IAM/DeleteUserPolicy.hs
--- a/gen/Network/AWS/IAM/DeleteUserPolicy.hs
+++ b/gen/Network/AWS/IAM/DeleteUserPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteUserPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -55,9 +55,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dupUserName' - The name (friendly name, not ARN) identifying the user that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dupUserName' - The name (friendly name, not ARN) identifying the user that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'dupPolicyName' - The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'dupPolicyName' - The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 deleteUserPolicy
     :: Text -- ^ 'dupUserName'
     -> Text -- ^ 'dupPolicyName'
@@ -66,13 +66,13 @@
   DeleteUserPolicy' {_dupUserName = pUserName_, _dupPolicyName = pPolicyName_}
 
 
--- | The name (friendly name, not ARN) identifying the user that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) identifying the user that the policy is embedded in. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dupUserName :: Lens' DeleteUserPolicy Text
-dupUserName = lens _dupUserName (\ s a -> s{_dupUserName = a});
+dupUserName = lens _dupUserName (\ s a -> s{_dupUserName = a})
 
--- | The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name identifying the policy document to delete. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dupPolicyName :: Lens' DeleteUserPolicy Text
-dupPolicyName = lens _dupPolicyName (\ s a -> s{_dupPolicyName = a});
+dupPolicyName = lens _dupPolicyName (\ s a -> s{_dupPolicyName = a})
 
 instance AWSRequest DeleteUserPolicy where
         type Rs DeleteUserPolicy = DeleteUserPolicyResponse
diff --git a/gen/Network/AWS/IAM/DeleteVirtualMFADevice.hs b/gen/Network/AWS/IAM/DeleteVirtualMFADevice.hs
--- a/gen/Network/AWS/IAM/DeleteVirtualMFADevice.hs
+++ b/gen/Network/AWS/IAM/DeleteVirtualMFADevice.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DeleteVirtualMFADevice
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -61,7 +61,7 @@
 
 -- | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
 dvmdSerialNumber :: Lens' DeleteVirtualMFADevice Text
-dvmdSerialNumber = lens _dvmdSerialNumber (\ s a -> s{_dvmdSerialNumber = a});
+dvmdSerialNumber = lens _dvmdSerialNumber (\ s a -> s{_dvmdSerialNumber = a})
 
 instance AWSRequest DeleteVirtualMFADevice where
         type Rs DeleteVirtualMFADevice =
diff --git a/gen/Network/AWS/IAM/DetachGroupPolicy.hs b/gen/Network/AWS/IAM/DetachGroupPolicy.hs
--- a/gen/Network/AWS/IAM/DetachGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/DetachGroupPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DetachGroupPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dgpGroupName' - The name (friendly name, not ARN) of the IAM group to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dgpGroupName' - The name (friendly name, not ARN) of the IAM group to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'dgpPolicyARN' - The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 detachGroupPolicy
@@ -66,13 +66,13 @@
   DetachGroupPolicy' {_dgpGroupName = pGroupName_, _dgpPolicyARN = pPolicyARN_}
 
 
--- | The name (friendly name, not ARN) of the IAM group to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) of the IAM group to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dgpGroupName :: Lens' DetachGroupPolicy Text
-dgpGroupName = lens _dgpGroupName (\ s a -> s{_dgpGroupName = a});
+dgpGroupName = lens _dgpGroupName (\ s a -> s{_dgpGroupName = a})
 
 -- | The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 dgpPolicyARN :: Lens' DetachGroupPolicy Text
-dgpPolicyARN = lens _dgpPolicyARN (\ s a -> s{_dgpPolicyARN = a});
+dgpPolicyARN = lens _dgpPolicyARN (\ s a -> s{_dgpPolicyARN = a})
 
 instance AWSRequest DetachGroupPolicy where
         type Rs DetachGroupPolicy = DetachGroupPolicyResponse
diff --git a/gen/Network/AWS/IAM/DetachRolePolicy.hs b/gen/Network/AWS/IAM/DetachRolePolicy.hs
--- a/gen/Network/AWS/IAM/DetachRolePolicy.hs
+++ b/gen/Network/AWS/IAM/DetachRolePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DetachRolePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -68,11 +68,11 @@
 
 -- | The name (friendly name, not ARN) of the IAM role to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 drpRoleName :: Lens' DetachRolePolicy Text
-drpRoleName = lens _drpRoleName (\ s a -> s{_drpRoleName = a});
+drpRoleName = lens _drpRoleName (\ s a -> s{_drpRoleName = a})
 
 -- | The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 drpPolicyARN :: Lens' DetachRolePolicy Text
-drpPolicyARN = lens _drpPolicyARN (\ s a -> s{_drpPolicyARN = a});
+drpPolicyARN = lens _drpPolicyARN (\ s a -> s{_drpPolicyARN = a})
 
 instance AWSRequest DetachRolePolicy where
         type Rs DetachRolePolicy = DetachRolePolicyResponse
diff --git a/gen/Network/AWS/IAM/DetachUserPolicy.hs b/gen/Network/AWS/IAM/DetachUserPolicy.hs
--- a/gen/Network/AWS/IAM/DetachUserPolicy.hs
+++ b/gen/Network/AWS/IAM/DetachUserPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.DetachUserPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dUserName' - The name (friendly name, not ARN) of the IAM user to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'dUserName' - The name (friendly name, not ARN) of the IAM user to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'dPolicyARN' - The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 detachUserPolicy
@@ -66,13 +66,13 @@
   DetachUserPolicy' {_dUserName = pUserName_, _dPolicyARN = pPolicyARN_}
 
 
--- | The name (friendly name, not ARN) of the IAM user to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) of the IAM user to detach the policy from. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 dUserName :: Lens' DetachUserPolicy Text
-dUserName = lens _dUserName (\ s a -> s{_dUserName = a});
+dUserName = lens _dUserName (\ s a -> s{_dUserName = a})
 
 -- | The Amazon Resource Name (ARN) of the IAM policy you want to detach. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 dPolicyARN :: Lens' DetachUserPolicy Text
-dPolicyARN = lens _dPolicyARN (\ s a -> s{_dPolicyARN = a});
+dPolicyARN = lens _dPolicyARN (\ s a -> s{_dPolicyARN = a})
 
 instance AWSRequest DetachUserPolicy where
         type Rs DetachUserPolicy = DetachUserPolicyResponse
diff --git a/gen/Network/AWS/IAM/EnableMFADevice.hs b/gen/Network/AWS/IAM/EnableMFADevice.hs
--- a/gen/Network/AWS/IAM/EnableMFADevice.hs
+++ b/gen/Network/AWS/IAM/EnableMFADevice.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.EnableMFADevice
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,13 +57,13 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'emdUserName' - The name of the IAM user for whom you want to enable the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'emdUserName' - The name of the IAM user for whom you want to enable the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'emdSerialNumber' - The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
 --
--- * 'emdAuthenticationCode1' - An authentication code emitted by the device.  The format for this parameter is a string of 6 digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
+-- * 'emdAuthenticationCode1' - An authentication code emitted by the device.  The format for this parameter is a string of six digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
 --
--- * 'emdAuthenticationCode2' - A subsequent authentication code emitted by the device. The format for this parameter is a string of 6 digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
+-- * 'emdAuthenticationCode2' - A subsequent authentication code emitted by the device. The format for this parameter is a string of six digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
 enableMFADevice
     :: Text -- ^ 'emdUserName'
     -> Text -- ^ 'emdSerialNumber'
@@ -72,28 +72,28 @@
     -> EnableMFADevice
 enableMFADevice pUserName_ pSerialNumber_ pAuthenticationCode1_ pAuthenticationCode2_ =
   EnableMFADevice'
-  { _emdUserName = pUserName_
-  , _emdSerialNumber = pSerialNumber_
-  , _emdAuthenticationCode1 = pAuthenticationCode1_
-  , _emdAuthenticationCode2 = pAuthenticationCode2_
-  }
+    { _emdUserName = pUserName_
+    , _emdSerialNumber = pSerialNumber_
+    , _emdAuthenticationCode1 = pAuthenticationCode1_
+    , _emdAuthenticationCode2 = pAuthenticationCode2_
+    }
 
 
--- | The name of the IAM user for whom you want to enable the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user for whom you want to enable the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 emdUserName :: Lens' EnableMFADevice Text
-emdUserName = lens _emdUserName (\ s a -> s{_emdUserName = a});
+emdUserName = lens _emdUserName (\ s a -> s{_emdUserName = a})
 
 -- | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-
 emdSerialNumber :: Lens' EnableMFADevice Text
-emdSerialNumber = lens _emdSerialNumber (\ s a -> s{_emdSerialNumber = a});
+emdSerialNumber = lens _emdSerialNumber (\ s a -> s{_emdSerialNumber = a})
 
--- | An authentication code emitted by the device.  The format for this parameter is a string of 6 digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
+-- | An authentication code emitted by the device.  The format for this parameter is a string of six digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
 emdAuthenticationCode1 :: Lens' EnableMFADevice Text
-emdAuthenticationCode1 = lens _emdAuthenticationCode1 (\ s a -> s{_emdAuthenticationCode1 = a});
+emdAuthenticationCode1 = lens _emdAuthenticationCode1 (\ s a -> s{_emdAuthenticationCode1 = a})
 
--- | A subsequent authentication code emitted by the device. The format for this parameter is a string of 6 digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
+-- | A subsequent authentication code emitted by the device. The format for this parameter is a string of six digits. /Important:/ Submit your request immediately after generating the authentication codes. If you generate the codes and then wait too long to submit the request, the MFA device successfully associates with the user but the MFA device becomes out of sync. This happens because time-based one-time passwords (TOTP) expire after a short period of time. If this happens, you can <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_sync.html resync the device> .
 emdAuthenticationCode2 :: Lens' EnableMFADevice Text
-emdAuthenticationCode2 = lens _emdAuthenticationCode2 (\ s a -> s{_emdAuthenticationCode2 = a});
+emdAuthenticationCode2 = lens _emdAuthenticationCode2 (\ s a -> s{_emdAuthenticationCode2 = a})
 
 instance AWSRequest EnableMFADevice where
         type Rs EnableMFADevice = EnableMFADeviceResponse
diff --git a/gen/Network/AWS/IAM/GenerateCredentialReport.hs b/gen/Network/AWS/IAM/GenerateCredentialReport.hs
--- a/gen/Network/AWS/IAM/GenerateCredentialReport.hs
+++ b/gen/Network/AWS/IAM/GenerateCredentialReport.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GenerateCredentialReport
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -111,23 +111,23 @@
     -> GenerateCredentialReportResponse
 generateCredentialReportResponse pResponseStatus_ =
   GenerateCredentialReportResponse'
-  { _gcrrsState = Nothing
-  , _gcrrsDescription = Nothing
-  , _gcrrsResponseStatus = pResponseStatus_
-  }
+    { _gcrrsState = Nothing
+    , _gcrrsDescription = Nothing
+    , _gcrrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | Information about the state of the credential report.
 gcrrsState :: Lens' GenerateCredentialReportResponse (Maybe ReportStateType)
-gcrrsState = lens _gcrrsState (\ s a -> s{_gcrrsState = a});
+gcrrsState = lens _gcrrsState (\ s a -> s{_gcrrsState = a})
 
 -- | Information about the credential report.
 gcrrsDescription :: Lens' GenerateCredentialReportResponse (Maybe Text)
-gcrrsDescription = lens _gcrrsDescription (\ s a -> s{_gcrrsDescription = a});
+gcrrsDescription = lens _gcrrsDescription (\ s a -> s{_gcrrsDescription = a})
 
 -- | -- | The response status code.
 gcrrsResponseStatus :: Lens' GenerateCredentialReportResponse Int
-gcrrsResponseStatus = lens _gcrrsResponseStatus (\ s a -> s{_gcrrsResponseStatus = a});
+gcrrsResponseStatus = lens _gcrrsResponseStatus (\ s a -> s{_gcrrsResponseStatus = a})
 
 instance NFData GenerateCredentialReportResponse
          where
diff --git a/gen/Network/AWS/IAM/GetAccessKeyLastUsed.hs b/gen/Network/AWS/IAM/GetAccessKeyLastUsed.hs
--- a/gen/Network/AWS/IAM/GetAccessKeyLastUsed.hs
+++ b/gen/Network/AWS/IAM/GetAccessKeyLastUsed.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetAccessKeyLastUsed
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -65,7 +65,7 @@
 
 -- | The identifier of an access key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 gakluAccessKeyId :: Lens' GetAccessKeyLastUsed AccessKey
-gakluAccessKeyId = lens _gakluAccessKeyId (\ s a -> s{_gakluAccessKeyId = a});
+gakluAccessKeyId = lens _gakluAccessKeyId (\ s a -> s{_gakluAccessKeyId = a})
 
 instance AWSRequest GetAccessKeyLastUsed where
         type Rs GetAccessKeyLastUsed =
@@ -121,22 +121,22 @@
     -> GetAccessKeyLastUsedResponse
 getAccessKeyLastUsedResponse pResponseStatus_ =
   GetAccessKeyLastUsedResponse'
-  { _gaklursUserName = Nothing
-  , _gaklursAccessKeyLastUsed = Nothing
-  , _gaklursResponseStatus = pResponseStatus_
-  }
+    { _gaklursUserName = Nothing
+    , _gaklursAccessKeyLastUsed = Nothing
+    , _gaklursResponseStatus = pResponseStatus_
+    }
 
 
 -- | The name of the AWS IAM user that owns this access key.
 gaklursUserName :: Lens' GetAccessKeyLastUsedResponse (Maybe Text)
-gaklursUserName = lens _gaklursUserName (\ s a -> s{_gaklursUserName = a});
+gaklursUserName = lens _gaklursUserName (\ s a -> s{_gaklursUserName = a})
 
 -- | Contains information about the last time the access key was used.
 gaklursAccessKeyLastUsed :: Lens' GetAccessKeyLastUsedResponse (Maybe AccessKeyLastUsed)
-gaklursAccessKeyLastUsed = lens _gaklursAccessKeyLastUsed (\ s a -> s{_gaklursAccessKeyLastUsed = a});
+gaklursAccessKeyLastUsed = lens _gaklursAccessKeyLastUsed (\ s a -> s{_gaklursAccessKeyLastUsed = a})
 
 -- | -- | The response status code.
 gaklursResponseStatus :: Lens' GetAccessKeyLastUsedResponse Int
-gaklursResponseStatus = lens _gaklursResponseStatus (\ s a -> s{_gaklursResponseStatus = a});
+gaklursResponseStatus = lens _gaklursResponseStatus (\ s a -> s{_gaklursResponseStatus = a})
 
 instance NFData GetAccessKeyLastUsedResponse where
diff --git a/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs b/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs
--- a/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs
+++ b/gen/Network/AWS/IAM/GetAccountAuthorizationDetails.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetAccountAuthorizationDetails
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -77,20 +77,20 @@
     :: GetAccountAuthorizationDetails
 getAccountAuthorizationDetails =
   GetAccountAuthorizationDetails'
-  {_gaadMarker = Nothing, _gaadMaxItems = Nothing, _gaadFilter = Nothing}
+    {_gaadMarker = Nothing, _gaadMaxItems = Nothing, _gaadFilter = Nothing}
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 gaadMarker :: Lens' GetAccountAuthorizationDetails (Maybe Text)
-gaadMarker = lens _gaadMarker (\ s a -> s{_gaadMarker = a});
+gaadMarker = lens _gaadMarker (\ s a -> s{_gaadMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 gaadMaxItems :: Lens' GetAccountAuthorizationDetails (Maybe Natural)
-gaadMaxItems = lens _gaadMaxItems (\ s a -> s{_gaadMaxItems = a}) . mapping _Nat;
+gaadMaxItems = lens _gaadMaxItems (\ s a -> s{_gaadMaxItems = a}) . mapping _Nat
 
 -- | A list of entity types used to filter the results. Only the entities that match the types you specify are included in the output. Use the value @LocalManagedPolicy@ to include customer managed policies. The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below.
 gaadFilter :: Lens' GetAccountAuthorizationDetails [EntityType]
-gaadFilter = lens _gaadFilter (\ s a -> s{_gaadFilter = a}) . _Default . _Coerce;
+gaadFilter = lens _gaadFilter (\ s a -> s{_gaadFilter = a}) . _Default . _Coerce
 
 instance AWSPager GetAccountAuthorizationDetails
          where
@@ -185,43 +185,43 @@
     -> GetAccountAuthorizationDetailsResponse
 getAccountAuthorizationDetailsResponse pResponseStatus_ =
   GetAccountAuthorizationDetailsResponse'
-  { _gaadrsRoleDetailList = Nothing
-  , _gaadrsGroupDetailList = Nothing
-  , _gaadrsUserDetailList = Nothing
-  , _gaadrsMarker = Nothing
-  , _gaadrsIsTruncated = Nothing
-  , _gaadrsPolicies = Nothing
-  , _gaadrsResponseStatus = pResponseStatus_
-  }
+    { _gaadrsRoleDetailList = Nothing
+    , _gaadrsGroupDetailList = Nothing
+    , _gaadrsUserDetailList = Nothing
+    , _gaadrsMarker = Nothing
+    , _gaadrsIsTruncated = Nothing
+    , _gaadrsPolicies = Nothing
+    , _gaadrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list containing information about IAM roles.
 gaadrsRoleDetailList :: Lens' GetAccountAuthorizationDetailsResponse [RoleDetail]
-gaadrsRoleDetailList = lens _gaadrsRoleDetailList (\ s a -> s{_gaadrsRoleDetailList = a}) . _Default . _Coerce;
+gaadrsRoleDetailList = lens _gaadrsRoleDetailList (\ s a -> s{_gaadrsRoleDetailList = a}) . _Default . _Coerce
 
 -- | A list containing information about IAM groups.
 gaadrsGroupDetailList :: Lens' GetAccountAuthorizationDetailsResponse [GroupDetail]
-gaadrsGroupDetailList = lens _gaadrsGroupDetailList (\ s a -> s{_gaadrsGroupDetailList = a}) . _Default . _Coerce;
+gaadrsGroupDetailList = lens _gaadrsGroupDetailList (\ s a -> s{_gaadrsGroupDetailList = a}) . _Default . _Coerce
 
 -- | A list containing information about IAM users.
 gaadrsUserDetailList :: Lens' GetAccountAuthorizationDetailsResponse [UserDetail]
-gaadrsUserDetailList = lens _gaadrsUserDetailList (\ s a -> s{_gaadrsUserDetailList = a}) . _Default . _Coerce;
+gaadrsUserDetailList = lens _gaadrsUserDetailList (\ s a -> s{_gaadrsUserDetailList = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 gaadrsMarker :: Lens' GetAccountAuthorizationDetailsResponse (Maybe Text)
-gaadrsMarker = lens _gaadrsMarker (\ s a -> s{_gaadrsMarker = a});
+gaadrsMarker = lens _gaadrsMarker (\ s a -> s{_gaadrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 gaadrsIsTruncated :: Lens' GetAccountAuthorizationDetailsResponse (Maybe Bool)
-gaadrsIsTruncated = lens _gaadrsIsTruncated (\ s a -> s{_gaadrsIsTruncated = a});
+gaadrsIsTruncated = lens _gaadrsIsTruncated (\ s a -> s{_gaadrsIsTruncated = a})
 
 -- | A list containing information about managed policies.
 gaadrsPolicies :: Lens' GetAccountAuthorizationDetailsResponse [ManagedPolicyDetail]
-gaadrsPolicies = lens _gaadrsPolicies (\ s a -> s{_gaadrsPolicies = a}) . _Default . _Coerce;
+gaadrsPolicies = lens _gaadrsPolicies (\ s a -> s{_gaadrsPolicies = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 gaadrsResponseStatus :: Lens' GetAccountAuthorizationDetailsResponse Int
-gaadrsResponseStatus = lens _gaadrsResponseStatus (\ s a -> s{_gaadrsResponseStatus = a});
+gaadrsResponseStatus = lens _gaadrsResponseStatus (\ s a -> s{_gaadrsResponseStatus = a})
 
 instance NFData
            GetAccountAuthorizationDetailsResponse
diff --git a/gen/Network/AWS/IAM/GetAccountPasswordPolicy.hs b/gen/Network/AWS/IAM/GetAccountPasswordPolicy.hs
--- a/gen/Network/AWS/IAM/GetAccountPasswordPolicy.hs
+++ b/gen/Network/AWS/IAM/GetAccountPasswordPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetAccountPasswordPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -107,18 +107,18 @@
     -> GetAccountPasswordPolicyResponse
 getAccountPasswordPolicyResponse pResponseStatus_ pPasswordPolicy_ =
   GetAccountPasswordPolicyResponse'
-  { _gapprsResponseStatus = pResponseStatus_
-  , _gapprsPasswordPolicy = pPasswordPolicy_
-  }
+    { _gapprsResponseStatus = pResponseStatus_
+    , _gapprsPasswordPolicy = pPasswordPolicy_
+    }
 
 
 -- | -- | The response status code.
 gapprsResponseStatus :: Lens' GetAccountPasswordPolicyResponse Int
-gapprsResponseStatus = lens _gapprsResponseStatus (\ s a -> s{_gapprsResponseStatus = a});
+gapprsResponseStatus = lens _gapprsResponseStatus (\ s a -> s{_gapprsResponseStatus = a})
 
 -- | A structure that contains details about the account's password policy.
 gapprsPasswordPolicy :: Lens' GetAccountPasswordPolicyResponse PasswordPolicy
-gapprsPasswordPolicy = lens _gapprsPasswordPolicy (\ s a -> s{_gapprsPasswordPolicy = a});
+gapprsPasswordPolicy = lens _gapprsPasswordPolicy (\ s a -> s{_gapprsPasswordPolicy = a})
 
 instance NFData GetAccountPasswordPolicyResponse
          where
diff --git a/gen/Network/AWS/IAM/GetAccountSummary.hs b/gen/Network/AWS/IAM/GetAccountSummary.hs
--- a/gen/Network/AWS/IAM/GetAccountSummary.hs
+++ b/gen/Network/AWS/IAM/GetAccountSummary.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetAccountSummary
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -108,15 +108,15 @@
     -> GetAccountSummaryResponse
 getAccountSummaryResponse pResponseStatus_ =
   GetAccountSummaryResponse'
-  {_gasrsSummaryMap = Nothing, _gasrsResponseStatus = pResponseStatus_}
+    {_gasrsSummaryMap = Nothing, _gasrsResponseStatus = pResponseStatus_}
 
 
 -- | A set of key value pairs containing information about IAM entity usage and IAM quotas.
 gasrsSummaryMap :: Lens' GetAccountSummaryResponse (HashMap SummaryKeyType Int)
-gasrsSummaryMap = lens _gasrsSummaryMap (\ s a -> s{_gasrsSummaryMap = a}) . _Default . _Map;
+gasrsSummaryMap = lens _gasrsSummaryMap (\ s a -> s{_gasrsSummaryMap = a}) . _Default . _Map
 
 -- | -- | The response status code.
 gasrsResponseStatus :: Lens' GetAccountSummaryResponse Int
-gasrsResponseStatus = lens _gasrsResponseStatus (\ s a -> s{_gasrsResponseStatus = a});
+gasrsResponseStatus = lens _gasrsResponseStatus (\ s a -> s{_gasrsResponseStatus = a})
 
 instance NFData GetAccountSummaryResponse where
diff --git a/gen/Network/AWS/IAM/GetContextKeysForCustomPolicy.hs b/gen/Network/AWS/IAM/GetContextKeysForCustomPolicy.hs
--- a/gen/Network/AWS/IAM/GetContextKeysForCustomPolicy.hs
+++ b/gen/Network/AWS/IAM/GetContextKeysForCustomPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetContextKeysForCustomPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use 'GetContextKeysForPrincipalPolicy' .
 --
 --
--- Context keys are variables maintained by AWS and its services that provide details about the context of an API query request, and can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call 'SimulateCustomPolicy' . Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.
+-- Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM policy. Use @GetContextKeysForCustomPolicy@ to understand what key names and values you must supply when you call 'SimulateCustomPolicy' . Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.
 --
 module Network.AWS.IAM.GetContextKeysForCustomPolicy
     (
@@ -55,16 +55,16 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'gckfcpPolicyInputList' - A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'gckfcpPolicyInputList' - A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 getContextKeysForCustomPolicy
     :: GetContextKeysForCustomPolicy
 getContextKeysForCustomPolicy =
   GetContextKeysForCustomPolicy' {_gckfcpPolicyInputList = mempty}
 
 
--- | A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 gckfcpPolicyInputList :: Lens' GetContextKeysForCustomPolicy [Text]
-gckfcpPolicyInputList = lens _gckfcpPolicyInputList (\ s a -> s{_gckfcpPolicyInputList = a}) . _Coerce;
+gckfcpPolicyInputList = lens _gckfcpPolicyInputList (\ s a -> s{_gckfcpPolicyInputList = a}) . _Coerce
 
 instance AWSRequest GetContextKeysForCustomPolicy
          where
diff --git a/gen/Network/AWS/IAM/GetContextKeysForPrincipalPolicy.hs b/gen/Network/AWS/IAM/GetContextKeysForPrincipalPolicy.hs
--- a/gen/Network/AWS/IAM/GetContextKeysForPrincipalPolicy.hs
+++ b/gen/Network/AWS/IAM/GetContextKeysForPrincipalPolicy.hs
@@ -12,20 +12,20 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetContextKeysForPrincipalPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Gets a list of all of the context keys referenced in all of the IAM policies attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.
+-- Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.
 --
 --
 -- You can optionally include a list of one or more additional policies, specified as strings. If you want to include /only/ a list of policies by string, use 'GetContextKeysForCustomPolicy' instead.
 --
 -- __Note:__ This API discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use 'GetContextKeysForCustomPolicy' instead.
 --
--- Context keys are variables maintained by AWS and its services that provide details about the context of an API query request, and can be evaluated by testing against a value in an IAM policy. Use 'GetContextKeysForPrincipalPolicy' to understand what key names and values you must supply when you call 'SimulatePrincipalPolicy' .
+-- Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use 'GetContextKeysForPrincipalPolicy' to understand what key names and values you must supply when you call 'SimulatePrincipalPolicy' .
 --
 module Network.AWS.IAM.GetContextKeysForPrincipalPolicy
     (
@@ -61,24 +61,26 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'gckfppPolicyInputList' - An optional list of additional policies for which you want the list of context keys that are referenced. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'gckfppPolicyInputList' - An optional list of additional policies for which you want the list of context keys that are referenced. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 --
--- * 'gckfppPolicySourceARN' - The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies attached to the user as well as to all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- * 'gckfppPolicySourceARN' - The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 getContextKeysForPrincipalPolicy
     :: Text -- ^ 'gckfppPolicySourceARN'
     -> GetContextKeysForPrincipalPolicy
 getContextKeysForPrincipalPolicy pPolicySourceARN_ =
   GetContextKeysForPrincipalPolicy'
-  {_gckfppPolicyInputList = Nothing, _gckfppPolicySourceARN = pPolicySourceARN_}
+    { _gckfppPolicyInputList = Nothing
+    , _gckfppPolicySourceARN = pPolicySourceARN_
+    }
 
 
--- | An optional list of additional policies for which you want the list of context keys that are referenced. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | An optional list of additional policies for which you want the list of context keys that are referenced. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 gckfppPolicyInputList :: Lens' GetContextKeysForPrincipalPolicy [Text]
-gckfppPolicyInputList = lens _gckfppPolicyInputList (\ s a -> s{_gckfppPolicyInputList = a}) . _Default . _Coerce;
+gckfppPolicyInputList = lens _gckfppPolicyInputList (\ s a -> s{_gckfppPolicyInputList = a}) . _Default . _Coerce
 
--- | The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies attached to the user as well as to all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- | The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 gckfppPolicySourceARN :: Lens' GetContextKeysForPrincipalPolicy Text
-gckfppPolicySourceARN = lens _gckfppPolicySourceARN (\ s a -> s{_gckfppPolicySourceARN = a});
+gckfppPolicySourceARN = lens _gckfppPolicySourceARN (\ s a -> s{_gckfppPolicySourceARN = a})
 
 instance AWSRequest GetContextKeysForPrincipalPolicy
          where
diff --git a/gen/Network/AWS/IAM/GetCredentialReport.hs b/gen/Network/AWS/IAM/GetCredentialReport.hs
--- a/gen/Network/AWS/IAM/GetCredentialReport.hs
+++ b/gen/Network/AWS/IAM/GetCredentialReport.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetCredentialReport
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -115,27 +115,27 @@
     -> GetCredentialReportResponse
 getCredentialReportResponse pResponseStatus_ =
   GetCredentialReportResponse'
-  { _grsContent = Nothing
-  , _grsGeneratedTime = Nothing
-  , _grsReportFormat = Nothing
-  , _grsResponseStatus = pResponseStatus_
-  }
+    { _grsContent = Nothing
+    , _grsGeneratedTime = Nothing
+    , _grsReportFormat = Nothing
+    , _grsResponseStatus = pResponseStatus_
+    }
 
 
 -- | Contains the credential report. The report is Base64-encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.
 grsContent :: Lens' GetCredentialReportResponse (Maybe ByteString)
-grsContent = lens _grsContent (\ s a -> s{_grsContent = a}) . mapping _Base64;
+grsContent = lens _grsContent (\ s a -> s{_grsContent = a}) . mapping _Base64
 
 -- | The date and time when the credential report was created, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> .
 grsGeneratedTime :: Lens' GetCredentialReportResponse (Maybe UTCTime)
-grsGeneratedTime = lens _grsGeneratedTime (\ s a -> s{_grsGeneratedTime = a}) . mapping _Time;
+grsGeneratedTime = lens _grsGeneratedTime (\ s a -> s{_grsGeneratedTime = a}) . mapping _Time
 
 -- | The format (MIME type) of the credential report.
 grsReportFormat :: Lens' GetCredentialReportResponse (Maybe ReportFormatType)
-grsReportFormat = lens _grsReportFormat (\ s a -> s{_grsReportFormat = a});
+grsReportFormat = lens _grsReportFormat (\ s a -> s{_grsReportFormat = a})
 
 -- | -- | The response status code.
 grsResponseStatus :: Lens' GetCredentialReportResponse Int
-grsResponseStatus = lens _grsResponseStatus (\ s a -> s{_grsResponseStatus = a});
+grsResponseStatus = lens _grsResponseStatus (\ s a -> s{_grsResponseStatus = a})
 
 instance NFData GetCredentialReportResponse where
diff --git a/gen/Network/AWS/IAM/GetGroup.hs b/gen/Network/AWS/IAM/GetGroup.hs
--- a/gen/Network/AWS/IAM/GetGroup.hs
+++ b/gen/Network/AWS/IAM/GetGroup.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetGroup
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -68,26 +68,26 @@
 --
 -- * 'ggMaxItems' - (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 --
--- * 'ggGroupName' - The name of the group. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'ggGroupName' - The name of the group. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getGroup
     :: Text -- ^ 'ggGroupName'
     -> GetGroup
 getGroup pGroupName_ =
   GetGroup'
-  {_ggMarker = Nothing, _ggMaxItems = Nothing, _ggGroupName = pGroupName_}
+    {_ggMarker = Nothing, _ggMaxItems = Nothing, _ggGroupName = pGroupName_}
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 ggMarker :: Lens' GetGroup (Maybe Text)
-ggMarker = lens _ggMarker (\ s a -> s{_ggMarker = a});
+ggMarker = lens _ggMarker (\ s a -> s{_ggMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 ggMaxItems :: Lens' GetGroup (Maybe Natural)
-ggMaxItems = lens _ggMaxItems (\ s a -> s{_ggMaxItems = a}) . mapping _Nat;
+ggMaxItems = lens _ggMaxItems (\ s a -> s{_ggMaxItems = a}) . mapping _Nat
 
--- | The name of the group. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the group. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 ggGroupName :: Lens' GetGroup Text
-ggGroupName = lens _ggGroupName (\ s a -> s{_ggGroupName = a});
+ggGroupName = lens _ggGroupName (\ s a -> s{_ggGroupName = a})
 
 instance AWSPager GetGroup where
         page rq rs
@@ -160,32 +160,32 @@
     -> GetGroupResponse
 getGroupResponse pResponseStatus_ pGroup_ =
   GetGroupResponse'
-  { _ggrsMarker = Nothing
-  , _ggrsIsTruncated = Nothing
-  , _ggrsResponseStatus = pResponseStatus_
-  , _ggrsGroup = pGroup_
-  , _ggrsUsers = mempty
-  }
+    { _ggrsMarker = Nothing
+    , _ggrsIsTruncated = Nothing
+    , _ggrsResponseStatus = pResponseStatus_
+    , _ggrsGroup = pGroup_
+    , _ggrsUsers = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 ggrsMarker :: Lens' GetGroupResponse (Maybe Text)
-ggrsMarker = lens _ggrsMarker (\ s a -> s{_ggrsMarker = a});
+ggrsMarker = lens _ggrsMarker (\ s a -> s{_ggrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 ggrsIsTruncated :: Lens' GetGroupResponse (Maybe Bool)
-ggrsIsTruncated = lens _ggrsIsTruncated (\ s a -> s{_ggrsIsTruncated = a});
+ggrsIsTruncated = lens _ggrsIsTruncated (\ s a -> s{_ggrsIsTruncated = a})
 
 -- | -- | The response status code.
 ggrsResponseStatus :: Lens' GetGroupResponse Int
-ggrsResponseStatus = lens _ggrsResponseStatus (\ s a -> s{_ggrsResponseStatus = a});
+ggrsResponseStatus = lens _ggrsResponseStatus (\ s a -> s{_ggrsResponseStatus = a})
 
 -- | A structure that contains details about the group.
 ggrsGroup :: Lens' GetGroupResponse Group
-ggrsGroup = lens _ggrsGroup (\ s a -> s{_ggrsGroup = a});
+ggrsGroup = lens _ggrsGroup (\ s a -> s{_ggrsGroup = a})
 
 -- | A list of users in the group.
 ggrsUsers :: Lens' GetGroupResponse [User]
-ggrsUsers = lens _ggrsUsers (\ s a -> s{_ggrsUsers = a}) . _Coerce;
+ggrsUsers = lens _ggrsUsers (\ s a -> s{_ggrsUsers = a}) . _Coerce
 
 instance NFData GetGroupResponse where
diff --git a/gen/Network/AWS/IAM/GetGroupPolicy.hs b/gen/Network/AWS/IAM/GetGroupPolicy.hs
--- a/gen/Network/AWS/IAM/GetGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/GetGroupPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetGroupPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -62,9 +62,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'ggpGroupName' - The name of the group the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'ggpGroupName' - The name of the group the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'ggpPolicyName' - The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'ggpPolicyName' - The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getGroupPolicy
     :: Text -- ^ 'ggpGroupName'
     -> Text -- ^ 'ggpPolicyName'
@@ -73,13 +73,13 @@
   GetGroupPolicy' {_ggpGroupName = pGroupName_, _ggpPolicyName = pPolicyName_}
 
 
--- | The name of the group the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the group the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 ggpGroupName :: Lens' GetGroupPolicy Text
-ggpGroupName = lens _ggpGroupName (\ s a -> s{_ggpGroupName = a});
+ggpGroupName = lens _ggpGroupName (\ s a -> s{_ggpGroupName = a})
 
--- | The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 ggpPolicyName :: Lens' GetGroupPolicy Text
-ggpPolicyName = lens _ggpPolicyName (\ s a -> s{_ggpPolicyName = a});
+ggpPolicyName = lens _ggpPolicyName (\ s a -> s{_ggpPolicyName = a})
 
 instance AWSRequest GetGroupPolicy where
         type Rs GetGroupPolicy = GetGroupPolicyResponse
@@ -142,27 +142,27 @@
     -> GetGroupPolicyResponse
 getGroupPolicyResponse pResponseStatus_ pGroupName_ pPolicyName_ pPolicyDocument_ =
   GetGroupPolicyResponse'
-  { _ggprsResponseStatus = pResponseStatus_
-  , _ggprsGroupName = pGroupName_
-  , _ggprsPolicyName = pPolicyName_
-  , _ggprsPolicyDocument = pPolicyDocument_
-  }
+    { _ggprsResponseStatus = pResponseStatus_
+    , _ggprsGroupName = pGroupName_
+    , _ggprsPolicyName = pPolicyName_
+    , _ggprsPolicyDocument = pPolicyDocument_
+    }
 
 
 -- | -- | The response status code.
 ggprsResponseStatus :: Lens' GetGroupPolicyResponse Int
-ggprsResponseStatus = lens _ggprsResponseStatus (\ s a -> s{_ggprsResponseStatus = a});
+ggprsResponseStatus = lens _ggprsResponseStatus (\ s a -> s{_ggprsResponseStatus = a})
 
 -- | The group the policy is associated with.
 ggprsGroupName :: Lens' GetGroupPolicyResponse Text
-ggprsGroupName = lens _ggprsGroupName (\ s a -> s{_ggprsGroupName = a});
+ggprsGroupName = lens _ggprsGroupName (\ s a -> s{_ggprsGroupName = a})
 
 -- | The name of the policy.
 ggprsPolicyName :: Lens' GetGroupPolicyResponse Text
-ggprsPolicyName = lens _ggprsPolicyName (\ s a -> s{_ggprsPolicyName = a});
+ggprsPolicyName = lens _ggprsPolicyName (\ s a -> s{_ggprsPolicyName = a})
 
 -- | The policy document.
 ggprsPolicyDocument :: Lens' GetGroupPolicyResponse Text
-ggprsPolicyDocument = lens _ggprsPolicyDocument (\ s a -> s{_ggprsPolicyDocument = a});
+ggprsPolicyDocument = lens _ggprsPolicyDocument (\ s a -> s{_ggprsPolicyDocument = a})
 
 instance NFData GetGroupPolicyResponse where
diff --git a/gen/Network/AWS/IAM/GetInstanceProfile.hs b/gen/Network/AWS/IAM/GetInstanceProfile.hs
--- a/gen/Network/AWS/IAM/GetInstanceProfile.hs
+++ b/gen/Network/AWS/IAM/GetInstanceProfile.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetInstanceProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -54,7 +54,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'gipInstanceProfileName' - The name of the instance profile to get information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'gipInstanceProfileName' - The name of the instance profile to get information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getInstanceProfile
     :: Text -- ^ 'gipInstanceProfileName'
     -> GetInstanceProfile
@@ -62,9 +62,9 @@
   GetInstanceProfile' {_gipInstanceProfileName = pInstanceProfileName_}
 
 
--- | The name of the instance profile to get information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the instance profile to get information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 gipInstanceProfileName :: Lens' GetInstanceProfile Text
-gipInstanceProfileName = lens _gipInstanceProfileName (\ s a -> s{_gipInstanceProfileName = a});
+gipInstanceProfileName = lens _gipInstanceProfileName (\ s a -> s{_gipInstanceProfileName = a})
 
 instance AWSRequest GetInstanceProfile where
         type Rs GetInstanceProfile =
@@ -117,17 +117,17 @@
     -> GetInstanceProfileResponse
 getInstanceProfileResponse pResponseStatus_ pInstanceProfile_ =
   GetInstanceProfileResponse'
-  { _giprsResponseStatus = pResponseStatus_
-  , _giprsInstanceProfile = pInstanceProfile_
-  }
+    { _giprsResponseStatus = pResponseStatus_
+    , _giprsInstanceProfile = pInstanceProfile_
+    }
 
 
 -- | -- | The response status code.
 giprsResponseStatus :: Lens' GetInstanceProfileResponse Int
-giprsResponseStatus = lens _giprsResponseStatus (\ s a -> s{_giprsResponseStatus = a});
+giprsResponseStatus = lens _giprsResponseStatus (\ s a -> s{_giprsResponseStatus = a})
 
 -- | A structure containing details about the instance profile.
 giprsInstanceProfile :: Lens' GetInstanceProfileResponse InstanceProfile
-giprsInstanceProfile = lens _giprsInstanceProfile (\ s a -> s{_giprsInstanceProfile = a});
+giprsInstanceProfile = lens _giprsInstanceProfile (\ s a -> s{_giprsInstanceProfile = a})
 
 instance NFData GetInstanceProfileResponse where
diff --git a/gen/Network/AWS/IAM/GetLoginProfile.hs b/gen/Network/AWS/IAM/GetLoginProfile.hs
--- a/gen/Network/AWS/IAM/GetLoginProfile.hs
+++ b/gen/Network/AWS/IAM/GetLoginProfile.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetLoginProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Retrieves the user name and password-creation date for the specified IAM user. If the user has not been assigned a password, the action returns a 404 (@NoSuchEntity@ ) error.
+-- Retrieves the user name and password-creation date for the specified IAM user. If the user has not been assigned a password, the operation returns a 404 (@NoSuchEntity@ ) error.
 --
 --
 module Network.AWS.IAM.GetLoginProfile
@@ -54,16 +54,16 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'glpUserName' - The name of the user whose login profile you want to retrieve. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'glpUserName' - The name of the user whose login profile you want to retrieve. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getLoginProfile
     :: Text -- ^ 'glpUserName'
     -> GetLoginProfile
 getLoginProfile pUserName_ = GetLoginProfile' {_glpUserName = pUserName_}
 
 
--- | The name of the user whose login profile you want to retrieve. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose login profile you want to retrieve. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 glpUserName :: Lens' GetLoginProfile Text
-glpUserName = lens _glpUserName (\ s a -> s{_glpUserName = a});
+glpUserName = lens _glpUserName (\ s a -> s{_glpUserName = a})
 
 instance AWSRequest GetLoginProfile where
         type Rs GetLoginProfile = GetLoginProfileResponse
@@ -115,15 +115,17 @@
     -> GetLoginProfileResponse
 getLoginProfileResponse pResponseStatus_ pLoginProfile_ =
   GetLoginProfileResponse'
-  {_glprsResponseStatus = pResponseStatus_, _glprsLoginProfile = pLoginProfile_}
+    { _glprsResponseStatus = pResponseStatus_
+    , _glprsLoginProfile = pLoginProfile_
+    }
 
 
 -- | -- | The response status code.
 glprsResponseStatus :: Lens' GetLoginProfileResponse Int
-glprsResponseStatus = lens _glprsResponseStatus (\ s a -> s{_glprsResponseStatus = a});
+glprsResponseStatus = lens _glprsResponseStatus (\ s a -> s{_glprsResponseStatus = a})
 
 -- | A structure containing the user name and password create date for the user.
 glprsLoginProfile :: Lens' GetLoginProfileResponse LoginProfile
-glprsLoginProfile = lens _glprsLoginProfile (\ s a -> s{_glprsLoginProfile = a});
+glprsLoginProfile = lens _glprsLoginProfile (\ s a -> s{_glprsLoginProfile = a})
 
 instance NFData GetLoginProfileResponse where
diff --git a/gen/Network/AWS/IAM/GetOpenIdConnectProvider.hs b/gen/Network/AWS/IAM/GetOpenIdConnectProvider.hs
--- a/gen/Network/AWS/IAM/GetOpenIdConnectProvider.hs
+++ b/gen/Network/AWS/IAM/GetOpenIdConnectProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetOpenIdConnectProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,18 +57,18 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'goicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the 'ListOpenIDConnectProviders' action. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- * 'goicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the 'ListOpenIDConnectProviders' operation. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 getOpenIdConnectProvider
     :: Text -- ^ 'goicpOpenIdConnectProviderARN'
     -> GetOpenIdConnectProvider
 getOpenIdConnectProvider pOpenIdConnectProviderARN_ =
   GetOpenIdConnectProvider'
-  {_goicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_}
+    {_goicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_}
 
 
--- | The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the 'ListOpenIDConnectProviders' action. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- | The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the 'ListOpenIDConnectProviders' operation. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 goicpOpenIdConnectProviderARN :: Lens' GetOpenIdConnectProvider Text
-goicpOpenIdConnectProviderARN = lens _goicpOpenIdConnectProviderARN (\ s a -> s{_goicpOpenIdConnectProviderARN = a});
+goicpOpenIdConnectProviderARN = lens _goicpOpenIdConnectProviderARN (\ s a -> s{_goicpOpenIdConnectProviderARN = a})
 
 instance AWSRequest GetOpenIdConnectProvider where
         type Rs GetOpenIdConnectProvider =
@@ -137,33 +137,33 @@
     -> GetOpenIdConnectProviderResponse
 getOpenIdConnectProviderResponse pResponseStatus_ =
   GetOpenIdConnectProviderResponse'
-  { _goicprsCreateDate = Nothing
-  , _goicprsURL = Nothing
-  , _goicprsThumbprintList = Nothing
-  , _goicprsClientIdList = Nothing
-  , _goicprsResponseStatus = pResponseStatus_
-  }
+    { _goicprsCreateDate = Nothing
+    , _goicprsURL = Nothing
+    , _goicprsThumbprintList = Nothing
+    , _goicprsClientIdList = Nothing
+    , _goicprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The date and time when the IAM OIDC provider resource object was created in the AWS account.
 goicprsCreateDate :: Lens' GetOpenIdConnectProviderResponse (Maybe UTCTime)
-goicprsCreateDate = lens _goicprsCreateDate (\ s a -> s{_goicprsCreateDate = a}) . mapping _Time;
+goicprsCreateDate = lens _goicprsCreateDate (\ s a -> s{_goicprsCreateDate = a}) . mapping _Time
 
 -- | The URL that the IAM OIDC provider resource object is associated with. For more information, see 'CreateOpenIDConnectProvider' .
 goicprsURL :: Lens' GetOpenIdConnectProviderResponse (Maybe Text)
-goicprsURL = lens _goicprsURL (\ s a -> s{_goicprsURL = a});
+goicprsURL = lens _goicprsURL (\ s a -> s{_goicprsURL = a})
 
 -- | A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see 'CreateOpenIDConnectProvider' .
 goicprsThumbprintList :: Lens' GetOpenIdConnectProviderResponse [Text]
-goicprsThumbprintList = lens _goicprsThumbprintList (\ s a -> s{_goicprsThumbprintList = a}) . _Default . _Coerce;
+goicprsThumbprintList = lens _goicprsThumbprintList (\ s a -> s{_goicprsThumbprintList = a}) . _Default . _Coerce
 
 -- | A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see 'CreateOpenIDConnectProvider' .
 goicprsClientIdList :: Lens' GetOpenIdConnectProviderResponse [Text]
-goicprsClientIdList = lens _goicprsClientIdList (\ s a -> s{_goicprsClientIdList = a}) . _Default . _Coerce;
+goicprsClientIdList = lens _goicprsClientIdList (\ s a -> s{_goicprsClientIdList = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 goicprsResponseStatus :: Lens' GetOpenIdConnectProviderResponse Int
-goicprsResponseStatus = lens _goicprsResponseStatus (\ s a -> s{_goicprsResponseStatus = a});
+goicprsResponseStatus = lens _goicprsResponseStatus (\ s a -> s{_goicprsResponseStatus = a})
 
 instance NFData GetOpenIdConnectProviderResponse
          where
diff --git a/gen/Network/AWS/IAM/GetPolicy.hs b/gen/Network/AWS/IAM/GetPolicy.hs
--- a/gen/Network/AWS/IAM/GetPolicy.hs
+++ b/gen/Network/AWS/IAM/GetPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -67,7 +67,7 @@
 
 -- | The Amazon Resource Name (ARN) of the managed policy that you want information about. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 gpPolicyARN :: Lens' GetPolicy Text
-gpPolicyARN = lens _gpPolicyARN (\ s a -> s{_gpPolicyARN = a});
+gpPolicyARN = lens _gpPolicyARN (\ s a -> s{_gpPolicyARN = a})
 
 instance AWSRequest GetPolicy where
         type Rs GetPolicy = GetPolicyResponse
@@ -118,15 +118,15 @@
     -> GetPolicyResponse
 getPolicyResponse pResponseStatus_ =
   GetPolicyResponse'
-  {_gprsPolicy = Nothing, _gprsResponseStatus = pResponseStatus_}
+    {_gprsPolicy = Nothing, _gprsResponseStatus = pResponseStatus_}
 
 
 -- | A structure containing details about the policy.
 gprsPolicy :: Lens' GetPolicyResponse (Maybe Policy)
-gprsPolicy = lens _gprsPolicy (\ s a -> s{_gprsPolicy = a});
+gprsPolicy = lens _gprsPolicy (\ s a -> s{_gprsPolicy = a})
 
 -- | -- | The response status code.
 gprsResponseStatus :: Lens' GetPolicyResponse Int
-gprsResponseStatus = lens _gprsResponseStatus (\ s a -> s{_gprsResponseStatus = a});
+gprsResponseStatus = lens _gprsResponseStatus (\ s a -> s{_gprsResponseStatus = a})
 
 instance NFData GetPolicyResponse where
diff --git a/gen/Network/AWS/IAM/GetPolicyVersion.hs b/gen/Network/AWS/IAM/GetPolicyVersion.hs
--- a/gen/Network/AWS/IAM/GetPolicyVersion.hs
+++ b/gen/Network/AWS/IAM/GetPolicyVersion.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetPolicyVersion
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -77,11 +77,11 @@
 
 -- | The Amazon Resource Name (ARN) of the managed policy that you want information about. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 gpvPolicyARN :: Lens' GetPolicyVersion Text
-gpvPolicyARN = lens _gpvPolicyARN (\ s a -> s{_gpvPolicyARN = a});
+gpvPolicyARN = lens _gpvPolicyARN (\ s a -> s{_gpvPolicyARN = a})
 
 -- | Identifies the policy version to retrieve. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that consists of the lowercase letter 'v' followed by one or two digits, and optionally followed by a period '.' and a string of letters and digits.
 gpvVersionId :: Lens' GetPolicyVersion Text
-gpvVersionId = lens _gpvVersionId (\ s a -> s{_gpvVersionId = a});
+gpvVersionId = lens _gpvVersionId (\ s a -> s{_gpvVersionId = a})
 
 instance AWSRequest GetPolicyVersion where
         type Rs GetPolicyVersion = GetPolicyVersionResponse
@@ -133,15 +133,15 @@
     -> GetPolicyVersionResponse
 getPolicyVersionResponse pResponseStatus_ =
   GetPolicyVersionResponse'
-  {_gpvrsPolicyVersion = Nothing, _gpvrsResponseStatus = pResponseStatus_}
+    {_gpvrsPolicyVersion = Nothing, _gpvrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure containing details about the policy version.
 gpvrsPolicyVersion :: Lens' GetPolicyVersionResponse (Maybe PolicyVersion)
-gpvrsPolicyVersion = lens _gpvrsPolicyVersion (\ s a -> s{_gpvrsPolicyVersion = a});
+gpvrsPolicyVersion = lens _gpvrsPolicyVersion (\ s a -> s{_gpvrsPolicyVersion = a})
 
 -- | -- | The response status code.
 gpvrsResponseStatus :: Lens' GetPolicyVersionResponse Int
-gpvrsResponseStatus = lens _gpvrsResponseStatus (\ s a -> s{_gpvrsResponseStatus = a});
+gpvrsResponseStatus = lens _gpvrsResponseStatus (\ s a -> s{_gpvrsResponseStatus = a})
 
 instance NFData GetPolicyVersionResponse where
diff --git a/gen/Network/AWS/IAM/GetRole.hs b/gen/Network/AWS/IAM/GetRole.hs
--- a/gen/Network/AWS/IAM/GetRole.hs
+++ b/gen/Network/AWS/IAM/GetRole.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetRole
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -63,7 +63,7 @@
 
 -- | The name of the IAM role to get information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 grRoleName :: Lens' GetRole Text
-grRoleName = lens _grRoleName (\ s a -> s{_grRoleName = a});
+grRoleName = lens _grRoleName (\ s a -> s{_grRoleName = a})
 
 instance AWSRequest GetRole where
         type Rs GetRole = GetRoleResponse
@@ -119,10 +119,10 @@
 
 -- | -- | The response status code.
 grrsResponseStatus :: Lens' GetRoleResponse Int
-grrsResponseStatus = lens _grrsResponseStatus (\ s a -> s{_grrsResponseStatus = a});
+grrsResponseStatus = lens _grrsResponseStatus (\ s a -> s{_grrsResponseStatus = a})
 
 -- | A structure containing details about the IAM role.
 grrsRole :: Lens' GetRoleResponse Role
-grrsRole = lens _grrsRole (\ s a -> s{_grrsRole = a});
+grrsRole = lens _grrsRole (\ s a -> s{_grrsRole = a})
 
 instance NFData GetRoleResponse where
diff --git a/gen/Network/AWS/IAM/GetRolePolicy.hs b/gen/Network/AWS/IAM/GetRolePolicy.hs
--- a/gen/Network/AWS/IAM/GetRolePolicy.hs
+++ b/gen/Network/AWS/IAM/GetRolePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetRolePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -66,7 +66,7 @@
 --
 -- * 'grpRoleName' - The name of the role associated with the policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'grpPolicyName' - The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'grpPolicyName' - The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getRolePolicy
     :: Text -- ^ 'grpRoleName'
     -> Text -- ^ 'grpPolicyName'
@@ -77,11 +77,11 @@
 
 -- | The name of the role associated with the policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 grpRoleName :: Lens' GetRolePolicy Text
-grpRoleName = lens _grpRoleName (\ s a -> s{_grpRoleName = a});
+grpRoleName = lens _grpRoleName (\ s a -> s{_grpRoleName = a})
 
--- | The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 grpPolicyName :: Lens' GetRolePolicy Text
-grpPolicyName = lens _grpPolicyName (\ s a -> s{_grpPolicyName = a});
+grpPolicyName = lens _grpPolicyName (\ s a -> s{_grpPolicyName = a})
 
 instance AWSRequest GetRolePolicy where
         type Rs GetRolePolicy = GetRolePolicyResponse
@@ -144,27 +144,27 @@
     -> GetRolePolicyResponse
 getRolePolicyResponse pResponseStatus_ pRoleName_ pPolicyName_ pPolicyDocument_ =
   GetRolePolicyResponse'
-  { _grprsResponseStatus = pResponseStatus_
-  , _grprsRoleName = pRoleName_
-  , _grprsPolicyName = pPolicyName_
-  , _grprsPolicyDocument = pPolicyDocument_
-  }
+    { _grprsResponseStatus = pResponseStatus_
+    , _grprsRoleName = pRoleName_
+    , _grprsPolicyName = pPolicyName_
+    , _grprsPolicyDocument = pPolicyDocument_
+    }
 
 
 -- | -- | The response status code.
 grprsResponseStatus :: Lens' GetRolePolicyResponse Int
-grprsResponseStatus = lens _grprsResponseStatus (\ s a -> s{_grprsResponseStatus = a});
+grprsResponseStatus = lens _grprsResponseStatus (\ s a -> s{_grprsResponseStatus = a})
 
 -- | The role the policy is associated with.
 grprsRoleName :: Lens' GetRolePolicyResponse Text
-grprsRoleName = lens _grprsRoleName (\ s a -> s{_grprsRoleName = a});
+grprsRoleName = lens _grprsRoleName (\ s a -> s{_grprsRoleName = a})
 
 -- | The name of the policy.
 grprsPolicyName :: Lens' GetRolePolicyResponse Text
-grprsPolicyName = lens _grprsPolicyName (\ s a -> s{_grprsPolicyName = a});
+grprsPolicyName = lens _grprsPolicyName (\ s a -> s{_grprsPolicyName = a})
 
 -- | The policy document.
 grprsPolicyDocument :: Lens' GetRolePolicyResponse Text
-grprsPolicyDocument = lens _grprsPolicyDocument (\ s a -> s{_grprsPolicyDocument = a});
+grprsPolicyDocument = lens _grprsPolicyDocument (\ s a -> s{_grprsPolicyDocument = a})
 
 instance NFData GetRolePolicyResponse where
diff --git a/gen/Network/AWS/IAM/GetSAMLProvider.hs b/gen/Network/AWS/IAM/GetSAMLProvider.hs
--- a/gen/Network/AWS/IAM/GetSAMLProvider.hs
+++ b/gen/Network/AWS/IAM/GetSAMLProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetSAMLProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -66,7 +66,7 @@
 
 -- | The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 gsamlpSAMLProviderARN :: Lens' GetSAMLProvider Text
-gsamlpSAMLProviderARN = lens _gsamlpSAMLProviderARN (\ s a -> s{_gsamlpSAMLProviderARN = a});
+gsamlpSAMLProviderARN = lens _gsamlpSAMLProviderARN (\ s a -> s{_gsamlpSAMLProviderARN = a})
 
 instance AWSRequest GetSAMLProvider where
         type Rs GetSAMLProvider = GetSAMLProviderResponse
@@ -125,27 +125,27 @@
     -> GetSAMLProviderResponse
 getSAMLProviderResponse pResponseStatus_ =
   GetSAMLProviderResponse'
-  { _gsamlprsCreateDate = Nothing
-  , _gsamlprsValidUntil = Nothing
-  , _gsamlprsSAMLMetadataDocument = Nothing
-  , _gsamlprsResponseStatus = pResponseStatus_
-  }
+    { _gsamlprsCreateDate = Nothing
+    , _gsamlprsValidUntil = Nothing
+    , _gsamlprsSAMLMetadataDocument = Nothing
+    , _gsamlprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The date and time when the SAML provider was created.
 gsamlprsCreateDate :: Lens' GetSAMLProviderResponse (Maybe UTCTime)
-gsamlprsCreateDate = lens _gsamlprsCreateDate (\ s a -> s{_gsamlprsCreateDate = a}) . mapping _Time;
+gsamlprsCreateDate = lens _gsamlprsCreateDate (\ s a -> s{_gsamlprsCreateDate = a}) . mapping _Time
 
 -- | The expiration date and time for the SAML provider.
 gsamlprsValidUntil :: Lens' GetSAMLProviderResponse (Maybe UTCTime)
-gsamlprsValidUntil = lens _gsamlprsValidUntil (\ s a -> s{_gsamlprsValidUntil = a}) . mapping _Time;
+gsamlprsValidUntil = lens _gsamlprsValidUntil (\ s a -> s{_gsamlprsValidUntil = a}) . mapping _Time
 
 -- | The XML metadata document that includes information about an identity provider.
 gsamlprsSAMLMetadataDocument :: Lens' GetSAMLProviderResponse (Maybe Text)
-gsamlprsSAMLMetadataDocument = lens _gsamlprsSAMLMetadataDocument (\ s a -> s{_gsamlprsSAMLMetadataDocument = a});
+gsamlprsSAMLMetadataDocument = lens _gsamlprsSAMLMetadataDocument (\ s a -> s{_gsamlprsSAMLMetadataDocument = a})
 
 -- | -- | The response status code.
 gsamlprsResponseStatus :: Lens' GetSAMLProviderResponse Int
-gsamlprsResponseStatus = lens _gsamlprsResponseStatus (\ s a -> s{_gsamlprsResponseStatus = a});
+gsamlprsResponseStatus = lens _gsamlprsResponseStatus (\ s a -> s{_gsamlprsResponseStatus = a})
 
 instance NFData GetSAMLProviderResponse where
diff --git a/gen/Network/AWS/IAM/GetSSHPublicKey.hs b/gen/Network/AWS/IAM/GetSSHPublicKey.hs
--- a/gen/Network/AWS/IAM/GetSSHPublicKey.hs
+++ b/gen/Network/AWS/IAM/GetSSHPublicKey.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetSSHPublicKey
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Retrieves the specified SSH public key, including metadata about the key.
 --
 --
--- The SSH public key retrieved by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
+-- The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
 --
 module Network.AWS.IAM.GetSSHPublicKey
     (
@@ -60,7 +60,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'gspkUserName' - The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'gspkUserName' - The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'gspkSSHPublicKeyId' - The unique identifier for the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 --
@@ -72,23 +72,23 @@
     -> GetSSHPublicKey
 getSSHPublicKey pUserName_ pSSHPublicKeyId_ pEncoding_ =
   GetSSHPublicKey'
-  { _gspkUserName = pUserName_
-  , _gspkSSHPublicKeyId = pSSHPublicKeyId_
-  , _gspkEncoding = pEncoding_
-  }
+    { _gspkUserName = pUserName_
+    , _gspkSSHPublicKeyId = pSSHPublicKeyId_
+    , _gspkEncoding = pEncoding_
+    }
 
 
--- | The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 gspkUserName :: Lens' GetSSHPublicKey Text
-gspkUserName = lens _gspkUserName (\ s a -> s{_gspkUserName = a});
+gspkUserName = lens _gspkUserName (\ s a -> s{_gspkUserName = a})
 
 -- | The unique identifier for the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 gspkSSHPublicKeyId :: Lens' GetSSHPublicKey Text
-gspkSSHPublicKeyId = lens _gspkSSHPublicKeyId (\ s a -> s{_gspkSSHPublicKeyId = a});
+gspkSSHPublicKeyId = lens _gspkSSHPublicKeyId (\ s a -> s{_gspkSSHPublicKeyId = a})
 
 -- | Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use @SSH@ . To retrieve the public key in PEM format, use @PEM@ .
 gspkEncoding :: Lens' GetSSHPublicKey EncodingType
-gspkEncoding = lens _gspkEncoding (\ s a -> s{_gspkEncoding = a});
+gspkEncoding = lens _gspkEncoding (\ s a -> s{_gspkEncoding = a})
 
 instance AWSRequest GetSSHPublicKey where
         type Rs GetSSHPublicKey = GetSSHPublicKeyResponse
@@ -141,15 +141,15 @@
     -> GetSSHPublicKeyResponse
 getSSHPublicKeyResponse pResponseStatus_ =
   GetSSHPublicKeyResponse'
-  {_gspkrsSSHPublicKey = Nothing, _gspkrsResponseStatus = pResponseStatus_}
+    {_gspkrsSSHPublicKey = Nothing, _gspkrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure containing details about the SSH public key.
 gspkrsSSHPublicKey :: Lens' GetSSHPublicKeyResponse (Maybe SSHPublicKey)
-gspkrsSSHPublicKey = lens _gspkrsSSHPublicKey (\ s a -> s{_gspkrsSSHPublicKey = a});
+gspkrsSSHPublicKey = lens _gspkrsSSHPublicKey (\ s a -> s{_gspkrsSSHPublicKey = a})
 
 -- | -- | The response status code.
 gspkrsResponseStatus :: Lens' GetSSHPublicKeyResponse Int
-gspkrsResponseStatus = lens _gspkrsResponseStatus (\ s a -> s{_gspkrsResponseStatus = a});
+gspkrsResponseStatus = lens _gspkrsResponseStatus (\ s a -> s{_gspkrsResponseStatus = a})
 
 instance NFData GetSSHPublicKeyResponse where
diff --git a/gen/Network/AWS/IAM/GetServerCertificate.hs b/gen/Network/AWS/IAM/GetServerCertificate.hs
--- a/gen/Network/AWS/IAM/GetServerCertificate.hs
+++ b/gen/Network/AWS/IAM/GetServerCertificate.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetServerCertificate
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Retrieves information about the specified server certificate stored in IAM.
 --
 --
--- For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ .
+-- For more information about working with server certificates, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ . This topic includes a list of AWS services that can use the server certificates that you manage with IAM.
 --
 module Network.AWS.IAM.GetServerCertificate
     (
@@ -56,7 +56,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'gscServerCertificateName' - The name of the server certificate you want to retrieve information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'gscServerCertificateName' - The name of the server certificate you want to retrieve information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getServerCertificate
     :: Text -- ^ 'gscServerCertificateName'
     -> GetServerCertificate
@@ -64,9 +64,9 @@
   GetServerCertificate' {_gscServerCertificateName = pServerCertificateName_}
 
 
--- | The name of the server certificate you want to retrieve information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the server certificate you want to retrieve information about. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 gscServerCertificateName :: Lens' GetServerCertificate Text
-gscServerCertificateName = lens _gscServerCertificateName (\ s a -> s{_gscServerCertificateName = a});
+gscServerCertificateName = lens _gscServerCertificateName (\ s a -> s{_gscServerCertificateName = a})
 
 instance AWSRequest GetServerCertificate where
         type Rs GetServerCertificate =
@@ -119,17 +119,17 @@
     -> GetServerCertificateResponse
 getServerCertificateResponse pResponseStatus_ pServerCertificate_ =
   GetServerCertificateResponse'
-  { _gscrsResponseStatus = pResponseStatus_
-  , _gscrsServerCertificate = pServerCertificate_
-  }
+    { _gscrsResponseStatus = pResponseStatus_
+    , _gscrsServerCertificate = pServerCertificate_
+    }
 
 
 -- | -- | The response status code.
 gscrsResponseStatus :: Lens' GetServerCertificateResponse Int
-gscrsResponseStatus = lens _gscrsResponseStatus (\ s a -> s{_gscrsResponseStatus = a});
+gscrsResponseStatus = lens _gscrsResponseStatus (\ s a -> s{_gscrsResponseStatus = a})
 
 -- | A structure containing details about the server certificate.
 gscrsServerCertificate :: Lens' GetServerCertificateResponse ServerCertificate
-gscrsServerCertificate = lens _gscrsServerCertificate (\ s a -> s{_gscrsServerCertificate = a});
+gscrsServerCertificate = lens _gscrsServerCertificate (\ s a -> s{_gscrsServerCertificate = a})
 
 instance NFData GetServerCertificateResponse where
diff --git a/gen/Network/AWS/IAM/GetServiceLinkedRoleDeletionStatus.hs b/gen/Network/AWS/IAM/GetServiceLinkedRoleDeletionStatus.hs
--- a/gen/Network/AWS/IAM/GetServiceLinkedRoleDeletionStatus.hs
+++ b/gen/Network/AWS/IAM/GetServiceLinkedRoleDeletionStatus.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Retrieves the status of your service-linked role deletion. After you use the 'DeleteServiceLinkedRole' API operation to submit a service-linked role for deletion, you can use the @DeletionTaskId@ parameter in @GetServiceLinkedRoleDeletionStatus@ to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed.
+-- Retrieves the status of your service-linked role deletion. After you use the 'DeleteServiceLinkedRole' API operation to submit a service-linked role for deletion, you can use the @DeletionTaskId@ parameter in @GetServiceLinkedRoleDeletionStatus@ to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed, if that information is returned by the service.
 --
 --
 module Network.AWS.IAM.GetServiceLinkedRoleDeletionStatus
@@ -65,7 +65,7 @@
 
 -- | The deletion task identifier. This identifier is returned by the 'DeleteServiceLinkedRole' operation in the format @task/aws-service-role/<service-principal-name>/<role-name>/<task-uuid>@ .
 gslrdsDeletionTaskId :: Lens' GetServiceLinkedRoleDeletionStatus Text
-gslrdsDeletionTaskId = lens _gslrdsDeletionTaskId (\ s a -> s{_gslrdsDeletionTaskId = a});
+gslrdsDeletionTaskId = lens _gslrdsDeletionTaskId (\ s a -> s{_gslrdsDeletionTaskId = a})
 
 instance AWSRequest
            GetServiceLinkedRoleDeletionStatus
@@ -127,23 +127,23 @@
     -> GetServiceLinkedRoleDeletionStatusResponse
 getServiceLinkedRoleDeletionStatusResponse pResponseStatus_ pStatus_ =
   GetServiceLinkedRoleDeletionStatusResponse'
-  { _gslrdsrsReason = Nothing
-  , _gslrdsrsResponseStatus = pResponseStatus_
-  , _gslrdsrsStatus = pStatus_
-  }
+    { _gslrdsrsReason = Nothing
+    , _gslrdsrsResponseStatus = pResponseStatus_
+    , _gslrdsrsStatus = pStatus_
+    }
 
 
 -- | An object that contains details about the reason the deletion failed.
 gslrdsrsReason :: Lens' GetServiceLinkedRoleDeletionStatusResponse (Maybe DeletionTaskFailureReasonType)
-gslrdsrsReason = lens _gslrdsrsReason (\ s a -> s{_gslrdsrsReason = a});
+gslrdsrsReason = lens _gslrdsrsReason (\ s a -> s{_gslrdsrsReason = a})
 
 -- | -- | The response status code.
 gslrdsrsResponseStatus :: Lens' GetServiceLinkedRoleDeletionStatusResponse Int
-gslrdsrsResponseStatus = lens _gslrdsrsResponseStatus (\ s a -> s{_gslrdsrsResponseStatus = a});
+gslrdsrsResponseStatus = lens _gslrdsrsResponseStatus (\ s a -> s{_gslrdsrsResponseStatus = a})
 
 -- | The status of the deletion.
 gslrdsrsStatus :: Lens' GetServiceLinkedRoleDeletionStatusResponse DeletionTaskStatusType
-gslrdsrsStatus = lens _gslrdsrsStatus (\ s a -> s{_gslrdsrsStatus = a});
+gslrdsrsStatus = lens _gslrdsrsStatus (\ s a -> s{_gslrdsrsStatus = a})
 
 instance NFData
            GetServiceLinkedRoleDeletionStatusResponse
diff --git a/gen/Network/AWS/IAM/GetUser.hs b/gen/Network/AWS/IAM/GetUser.hs
--- a/gen/Network/AWS/IAM/GetUser.hs
+++ b/gen/Network/AWS/IAM/GetUser.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetUser
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -56,15 +56,15 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'guUserName' - The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'guUserName' - The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getUser
     :: GetUser
 getUser = GetUser' {_guUserName = Nothing}
 
 
--- | The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 guUserName :: Lens' GetUser (Maybe Text)
-guUserName = lens _guUserName (\ s a -> s{_guUserName = a});
+guUserName = lens _guUserName (\ s a -> s{_guUserName = a})
 
 instance AWSRequest GetUser where
         type Rs GetUser = GetUserResponse
@@ -120,10 +120,10 @@
 
 -- | -- | The response status code.
 gursResponseStatus :: Lens' GetUserResponse Int
-gursResponseStatus = lens _gursResponseStatus (\ s a -> s{_gursResponseStatus = a});
+gursResponseStatus = lens _gursResponseStatus (\ s a -> s{_gursResponseStatus = a})
 
 -- | A structure containing details about the IAM user.
 gursUser :: Lens' GetUserResponse User
-gursUser = lens _gursUser (\ s a -> s{_gursUser = a});
+gursUser = lens _gursUser (\ s a -> s{_gursUser = a})
 
 instance NFData GetUserResponse where
diff --git a/gen/Network/AWS/IAM/GetUserPolicy.hs b/gen/Network/AWS/IAM/GetUserPolicy.hs
--- a/gen/Network/AWS/IAM/GetUserPolicy.hs
+++ b/gen/Network/AWS/IAM/GetUserPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.GetUserPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -62,9 +62,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'gupUserName' - The name of the user who the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'gupUserName' - The name of the user who the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'gupPolicyName' - The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'gupPolicyName' - The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 getUserPolicy
     :: Text -- ^ 'gupUserName'
     -> Text -- ^ 'gupPolicyName'
@@ -73,13 +73,13 @@
   GetUserPolicy' {_gupUserName = pUserName_, _gupPolicyName = pPolicyName_}
 
 
--- | The name of the user who the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user who the policy is associated with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 gupUserName :: Lens' GetUserPolicy Text
-gupUserName = lens _gupUserName (\ s a -> s{_gupUserName = a});
+gupUserName = lens _gupUserName (\ s a -> s{_gupUserName = a})
 
--- | The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name of the policy document to get. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 gupPolicyName :: Lens' GetUserPolicy Text
-gupPolicyName = lens _gupPolicyName (\ s a -> s{_gupPolicyName = a});
+gupPolicyName = lens _gupPolicyName (\ s a -> s{_gupPolicyName = a})
 
 instance AWSRequest GetUserPolicy where
         type Rs GetUserPolicy = GetUserPolicyResponse
@@ -142,27 +142,27 @@
     -> GetUserPolicyResponse
 getUserPolicyResponse pResponseStatus_ pUserName_ pPolicyName_ pPolicyDocument_ =
   GetUserPolicyResponse'
-  { _guprsResponseStatus = pResponseStatus_
-  , _guprsUserName = pUserName_
-  , _guprsPolicyName = pPolicyName_
-  , _guprsPolicyDocument = pPolicyDocument_
-  }
+    { _guprsResponseStatus = pResponseStatus_
+    , _guprsUserName = pUserName_
+    , _guprsPolicyName = pPolicyName_
+    , _guprsPolicyDocument = pPolicyDocument_
+    }
 
 
 -- | -- | The response status code.
 guprsResponseStatus :: Lens' GetUserPolicyResponse Int
-guprsResponseStatus = lens _guprsResponseStatus (\ s a -> s{_guprsResponseStatus = a});
+guprsResponseStatus = lens _guprsResponseStatus (\ s a -> s{_guprsResponseStatus = a})
 
 -- | The user the policy is associated with.
 guprsUserName :: Lens' GetUserPolicyResponse Text
-guprsUserName = lens _guprsUserName (\ s a -> s{_guprsUserName = a});
+guprsUserName = lens _guprsUserName (\ s a -> s{_guprsUserName = a})
 
 -- | The name of the policy.
 guprsPolicyName :: Lens' GetUserPolicyResponse Text
-guprsPolicyName = lens _guprsPolicyName (\ s a -> s{_guprsPolicyName = a});
+guprsPolicyName = lens _guprsPolicyName (\ s a -> s{_guprsPolicyName = a})
 
 -- | The policy document.
 guprsPolicyDocument :: Lens' GetUserPolicyResponse Text
-guprsPolicyDocument = lens _guprsPolicyDocument (\ s a -> s{_guprsPolicyDocument = a});
+guprsPolicyDocument = lens _guprsPolicyDocument (\ s a -> s{_guprsPolicyDocument = a})
 
 instance NFData GetUserPolicyResponse where
diff --git a/gen/Network/AWS/IAM/ListAccessKeys.hs b/gen/Network/AWS/IAM/ListAccessKeys.hs
--- a/gen/Network/AWS/IAM/ListAccessKeys.hs
+++ b/gen/Network/AWS/IAM/ListAccessKeys.hs
@@ -12,18 +12,18 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListAccessKeys
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list.
+-- Returns information about the access key IDs associated with the specified IAM user. If there are none, the operation returns an empty list.
 --
 --
 -- Although each user is limited to a small number of keys, you can still paginate the results using the @MaxItems@ and @Marker@ parameters.
 --
--- If the @UserName@ field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
+-- If the @UserName@ field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
 --
 --
 -- This operation returns paginated results.
@@ -67,7 +67,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lakUserName' - The name of the user. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lakUserName' - The name of the user. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'lakMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -76,20 +76,20 @@
     :: ListAccessKeys
 listAccessKeys =
   ListAccessKeys'
-  {_lakUserName = Nothing, _lakMarker = Nothing, _lakMaxItems = Nothing}
+    {_lakUserName = Nothing, _lakMarker = Nothing, _lakMaxItems = Nothing}
 
 
--- | The name of the user. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lakUserName :: Lens' ListAccessKeys (Maybe Text)
-lakUserName = lens _lakUserName (\ s a -> s{_lakUserName = a});
+lakUserName = lens _lakUserName (\ s a -> s{_lakUserName = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lakMarker :: Lens' ListAccessKeys (Maybe Text)
-lakMarker = lens _lakMarker (\ s a -> s{_lakMarker = a});
+lakMarker = lens _lakMarker (\ s a -> s{_lakMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lakMaxItems :: Lens' ListAccessKeys (Maybe Natural)
-lakMaxItems = lens _lakMaxItems (\ s a -> s{_lakMaxItems = a}) . mapping _Nat;
+lakMaxItems = lens _lakMaxItems (\ s a -> s{_lakMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListAccessKeys where
         page rq rs
@@ -158,27 +158,27 @@
     -> ListAccessKeysResponse
 listAccessKeysResponse pResponseStatus_ =
   ListAccessKeysResponse'
-  { _lakrsMarker = Nothing
-  , _lakrsIsTruncated = Nothing
-  , _lakrsResponseStatus = pResponseStatus_
-  , _lakrsAccessKeyMetadata = mempty
-  }
+    { _lakrsMarker = Nothing
+    , _lakrsIsTruncated = Nothing
+    , _lakrsResponseStatus = pResponseStatus_
+    , _lakrsAccessKeyMetadata = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lakrsMarker :: Lens' ListAccessKeysResponse (Maybe Text)
-lakrsMarker = lens _lakrsMarker (\ s a -> s{_lakrsMarker = a});
+lakrsMarker = lens _lakrsMarker (\ s a -> s{_lakrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lakrsIsTruncated :: Lens' ListAccessKeysResponse (Maybe Bool)
-lakrsIsTruncated = lens _lakrsIsTruncated (\ s a -> s{_lakrsIsTruncated = a});
+lakrsIsTruncated = lens _lakrsIsTruncated (\ s a -> s{_lakrsIsTruncated = a})
 
 -- | -- | The response status code.
 lakrsResponseStatus :: Lens' ListAccessKeysResponse Int
-lakrsResponseStatus = lens _lakrsResponseStatus (\ s a -> s{_lakrsResponseStatus = a});
+lakrsResponseStatus = lens _lakrsResponseStatus (\ s a -> s{_lakrsResponseStatus = a})
 
 -- | A list of objects containing metadata about the access keys.
 lakrsAccessKeyMetadata :: Lens' ListAccessKeysResponse [AccessKeyMetadata]
-lakrsAccessKeyMetadata = lens _lakrsAccessKeyMetadata (\ s a -> s{_lakrsAccessKeyMetadata = a}) . _Coerce;
+lakrsAccessKeyMetadata = lens _lakrsAccessKeyMetadata (\ s a -> s{_lakrsAccessKeyMetadata = a}) . _Coerce
 
 instance NFData ListAccessKeysResponse where
diff --git a/gen/Network/AWS/IAM/ListAccountAliases.hs b/gen/Network/AWS/IAM/ListAccountAliases.hs
--- a/gen/Network/AWS/IAM/ListAccountAliases.hs
+++ b/gen/Network/AWS/IAM/ListAccountAliases.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListAccountAliases
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -72,11 +72,11 @@
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 laaMarker :: Lens' ListAccountAliases (Maybe Text)
-laaMarker = lens _laaMarker (\ s a -> s{_laaMarker = a});
+laaMarker = lens _laaMarker (\ s a -> s{_laaMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 laaMaxItems :: Lens' ListAccountAliases (Maybe Natural)
-laaMaxItems = lens _laaMaxItems (\ s a -> s{_laaMaxItems = a}) . mapping _Nat;
+laaMaxItems = lens _laaMaxItems (\ s a -> s{_laaMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListAccountAliases where
         page rq rs
@@ -145,27 +145,27 @@
     -> ListAccountAliasesResponse
 listAccountAliasesResponse pResponseStatus_ =
   ListAccountAliasesResponse'
-  { _laarsMarker = Nothing
-  , _laarsIsTruncated = Nothing
-  , _laarsResponseStatus = pResponseStatus_
-  , _laarsAccountAliases = mempty
-  }
+    { _laarsMarker = Nothing
+    , _laarsIsTruncated = Nothing
+    , _laarsResponseStatus = pResponseStatus_
+    , _laarsAccountAliases = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 laarsMarker :: Lens' ListAccountAliasesResponse (Maybe Text)
-laarsMarker = lens _laarsMarker (\ s a -> s{_laarsMarker = a});
+laarsMarker = lens _laarsMarker (\ s a -> s{_laarsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 laarsIsTruncated :: Lens' ListAccountAliasesResponse (Maybe Bool)
-laarsIsTruncated = lens _laarsIsTruncated (\ s a -> s{_laarsIsTruncated = a});
+laarsIsTruncated = lens _laarsIsTruncated (\ s a -> s{_laarsIsTruncated = a})
 
 -- | -- | The response status code.
 laarsResponseStatus :: Lens' ListAccountAliasesResponse Int
-laarsResponseStatus = lens _laarsResponseStatus (\ s a -> s{_laarsResponseStatus = a});
+laarsResponseStatus = lens _laarsResponseStatus (\ s a -> s{_laarsResponseStatus = a})
 
 -- | A list of aliases associated with the account. AWS supports only one alias per account.
 laarsAccountAliases :: Lens' ListAccountAliasesResponse [Text]
-laarsAccountAliases = lens _laarsAccountAliases (\ s a -> s{_laarsAccountAliases = a}) . _Coerce;
+laarsAccountAliases = lens _laarsAccountAliases (\ s a -> s{_laarsAccountAliases = a}) . _Coerce
 
 instance NFData ListAccountAliasesResponse where
diff --git a/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs b/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs
--- a/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs
+++ b/gen/Network/AWS/IAM/ListAttachedGroupPolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListAttachedGroupPolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use the 'ListGroupPolicies' API. For information about policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /IAM User Guide/ .
 --
--- You can paginate the results using the @MaxItems@ and @Marker@ parameters. You can use the @PathPrefix@ parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
+-- You can paginate the results using the @MaxItems@ and @Marker@ parameters. You can use the @PathPrefix@ parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.
 --
 --
 -- This operation returns paginated results.
@@ -69,40 +69,40 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lagpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'lagpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'lagpMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
 -- * 'lagpMaxItems' - (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 --
--- * 'lagpGroupName' - The name (friendly name, not ARN) of the group to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lagpGroupName' - The name (friendly name, not ARN) of the group to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 listAttachedGroupPolicies
     :: Text -- ^ 'lagpGroupName'
     -> ListAttachedGroupPolicies
 listAttachedGroupPolicies pGroupName_ =
   ListAttachedGroupPolicies'
-  { _lagpPathPrefix = Nothing
-  , _lagpMarker = Nothing
-  , _lagpMaxItems = Nothing
-  , _lagpGroupName = pGroupName_
-  }
+    { _lagpPathPrefix = Nothing
+    , _lagpMarker = Nothing
+    , _lagpMaxItems = Nothing
+    , _lagpGroupName = pGroupName_
+    }
 
 
--- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 lagpPathPrefix :: Lens' ListAttachedGroupPolicies (Maybe Text)
-lagpPathPrefix = lens _lagpPathPrefix (\ s a -> s{_lagpPathPrefix = a});
+lagpPathPrefix = lens _lagpPathPrefix (\ s a -> s{_lagpPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lagpMarker :: Lens' ListAttachedGroupPolicies (Maybe Text)
-lagpMarker = lens _lagpMarker (\ s a -> s{_lagpMarker = a});
+lagpMarker = lens _lagpMarker (\ s a -> s{_lagpMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lagpMaxItems :: Lens' ListAttachedGroupPolicies (Maybe Natural)
-lagpMaxItems = lens _lagpMaxItems (\ s a -> s{_lagpMaxItems = a}) . mapping _Nat;
+lagpMaxItems = lens _lagpMaxItems (\ s a -> s{_lagpMaxItems = a}) . mapping _Nat
 
--- | The name (friendly name, not ARN) of the group to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) of the group to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lagpGroupName :: Lens' ListAttachedGroupPolicies Text
-lagpGroupName = lens _lagpGroupName (\ s a -> s{_lagpGroupName = a});
+lagpGroupName = lens _lagpGroupName (\ s a -> s{_lagpGroupName = a})
 
 instance AWSPager ListAttachedGroupPolicies where
         page rq rs
@@ -174,28 +174,28 @@
     -> ListAttachedGroupPoliciesResponse
 listAttachedGroupPoliciesResponse pResponseStatus_ =
   ListAttachedGroupPoliciesResponse'
-  { _lagprsAttachedPolicies = Nothing
-  , _lagprsMarker = Nothing
-  , _lagprsIsTruncated = Nothing
-  , _lagprsResponseStatus = pResponseStatus_
-  }
+    { _lagprsAttachedPolicies = Nothing
+    , _lagprsMarker = Nothing
+    , _lagprsIsTruncated = Nothing
+    , _lagprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of the attached policies.
 lagprsAttachedPolicies :: Lens' ListAttachedGroupPoliciesResponse [AttachedPolicy]
-lagprsAttachedPolicies = lens _lagprsAttachedPolicies (\ s a -> s{_lagprsAttachedPolicies = a}) . _Default . _Coerce;
+lagprsAttachedPolicies = lens _lagprsAttachedPolicies (\ s a -> s{_lagprsAttachedPolicies = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lagprsMarker :: Lens' ListAttachedGroupPoliciesResponse (Maybe Text)
-lagprsMarker = lens _lagprsMarker (\ s a -> s{_lagprsMarker = a});
+lagprsMarker = lens _lagprsMarker (\ s a -> s{_lagprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lagprsIsTruncated :: Lens' ListAttachedGroupPoliciesResponse (Maybe Bool)
-lagprsIsTruncated = lens _lagprsIsTruncated (\ s a -> s{_lagprsIsTruncated = a});
+lagprsIsTruncated = lens _lagprsIsTruncated (\ s a -> s{_lagprsIsTruncated = a})
 
 -- | -- | The response status code.
 lagprsResponseStatus :: Lens' ListAttachedGroupPoliciesResponse Int
-lagprsResponseStatus = lens _lagprsResponseStatus (\ s a -> s{_lagprsResponseStatus = a});
+lagprsResponseStatus = lens _lagprsResponseStatus (\ s a -> s{_lagprsResponseStatus = a})
 
 instance NFData ListAttachedGroupPoliciesResponse
          where
diff --git a/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs b/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs
--- a/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs
+++ b/gen/Network/AWS/IAM/ListAttachedRolePolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListAttachedRolePolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use the 'ListRolePolicies' API. For information about policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /IAM User Guide/ .
 --
--- You can paginate the results using the @MaxItems@ and @Marker@ parameters. You can use the @PathPrefix@ parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the action returns an empty list.
+-- You can paginate the results using the @MaxItems@ and @Marker@ parameters. You can use the @PathPrefix@ parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the operation returns an empty list.
 --
 --
 -- This operation returns paginated results.
@@ -69,7 +69,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'larpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'larpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'larpMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -81,28 +81,28 @@
     -> ListAttachedRolePolicies
 listAttachedRolePolicies pRoleName_ =
   ListAttachedRolePolicies'
-  { _larpPathPrefix = Nothing
-  , _larpMarker = Nothing
-  , _larpMaxItems = Nothing
-  , _larpRoleName = pRoleName_
-  }
+    { _larpPathPrefix = Nothing
+    , _larpMarker = Nothing
+    , _larpMaxItems = Nothing
+    , _larpRoleName = pRoleName_
+    }
 
 
--- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 larpPathPrefix :: Lens' ListAttachedRolePolicies (Maybe Text)
-larpPathPrefix = lens _larpPathPrefix (\ s a -> s{_larpPathPrefix = a});
+larpPathPrefix = lens _larpPathPrefix (\ s a -> s{_larpPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 larpMarker :: Lens' ListAttachedRolePolicies (Maybe Text)
-larpMarker = lens _larpMarker (\ s a -> s{_larpMarker = a});
+larpMarker = lens _larpMarker (\ s a -> s{_larpMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 larpMaxItems :: Lens' ListAttachedRolePolicies (Maybe Natural)
-larpMaxItems = lens _larpMaxItems (\ s a -> s{_larpMaxItems = a}) . mapping _Nat;
+larpMaxItems = lens _larpMaxItems (\ s a -> s{_larpMaxItems = a}) . mapping _Nat
 
 -- | The name (friendly name, not ARN) of the role to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 larpRoleName :: Lens' ListAttachedRolePolicies Text
-larpRoleName = lens _larpRoleName (\ s a -> s{_larpRoleName = a});
+larpRoleName = lens _larpRoleName (\ s a -> s{_larpRoleName = a})
 
 instance AWSPager ListAttachedRolePolicies where
         page rq rs
@@ -174,28 +174,28 @@
     -> ListAttachedRolePoliciesResponse
 listAttachedRolePoliciesResponse pResponseStatus_ =
   ListAttachedRolePoliciesResponse'
-  { _larprsAttachedPolicies = Nothing
-  , _larprsMarker = Nothing
-  , _larprsIsTruncated = Nothing
-  , _larprsResponseStatus = pResponseStatus_
-  }
+    { _larprsAttachedPolicies = Nothing
+    , _larprsMarker = Nothing
+    , _larprsIsTruncated = Nothing
+    , _larprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of the attached policies.
 larprsAttachedPolicies :: Lens' ListAttachedRolePoliciesResponse [AttachedPolicy]
-larprsAttachedPolicies = lens _larprsAttachedPolicies (\ s a -> s{_larprsAttachedPolicies = a}) . _Default . _Coerce;
+larprsAttachedPolicies = lens _larprsAttachedPolicies (\ s a -> s{_larprsAttachedPolicies = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 larprsMarker :: Lens' ListAttachedRolePoliciesResponse (Maybe Text)
-larprsMarker = lens _larprsMarker (\ s a -> s{_larprsMarker = a});
+larprsMarker = lens _larprsMarker (\ s a -> s{_larprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 larprsIsTruncated :: Lens' ListAttachedRolePoliciesResponse (Maybe Bool)
-larprsIsTruncated = lens _larprsIsTruncated (\ s a -> s{_larprsIsTruncated = a});
+larprsIsTruncated = lens _larprsIsTruncated (\ s a -> s{_larprsIsTruncated = a})
 
 -- | -- | The response status code.
 larprsResponseStatus :: Lens' ListAttachedRolePoliciesResponse Int
-larprsResponseStatus = lens _larprsResponseStatus (\ s a -> s{_larprsResponseStatus = a});
+larprsResponseStatus = lens _larprsResponseStatus (\ s a -> s{_larprsResponseStatus = a})
 
 instance NFData ListAttachedRolePoliciesResponse
          where
diff --git a/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs b/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs
--- a/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs
+++ b/gen/Network/AWS/IAM/ListAttachedUserPolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListAttachedUserPolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use the 'ListUserPolicies' API. For information about policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /IAM User Guide/ .
 --
--- You can paginate the results using the @MaxItems@ and @Marker@ parameters. You can use the @PathPrefix@ parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the action returns an empty list.
+-- You can paginate the results using the @MaxItems@ and @Marker@ parameters. You can use the @PathPrefix@ parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.
 --
 --
 -- This operation returns paginated results.
@@ -69,40 +69,40 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'laupPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'laupPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'laupMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
 -- * 'laupMaxItems' - (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 --
--- * 'laupUserName' - The name (friendly name, not ARN) of the user to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'laupUserName' - The name (friendly name, not ARN) of the user to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 listAttachedUserPolicies
     :: Text -- ^ 'laupUserName'
     -> ListAttachedUserPolicies
 listAttachedUserPolicies pUserName_ =
   ListAttachedUserPolicies'
-  { _laupPathPrefix = Nothing
-  , _laupMarker = Nothing
-  , _laupMaxItems = Nothing
-  , _laupUserName = pUserName_
-  }
+    { _laupPathPrefix = Nothing
+    , _laupMarker = Nothing
+    , _laupMaxItems = Nothing
+    , _laupUserName = pUserName_
+    }
 
 
--- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 laupPathPrefix :: Lens' ListAttachedUserPolicies (Maybe Text)
-laupPathPrefix = lens _laupPathPrefix (\ s a -> s{_laupPathPrefix = a});
+laupPathPrefix = lens _laupPathPrefix (\ s a -> s{_laupPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 laupMarker :: Lens' ListAttachedUserPolicies (Maybe Text)
-laupMarker = lens _laupMarker (\ s a -> s{_laupMarker = a});
+laupMarker = lens _laupMarker (\ s a -> s{_laupMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 laupMaxItems :: Lens' ListAttachedUserPolicies (Maybe Natural)
-laupMaxItems = lens _laupMaxItems (\ s a -> s{_laupMaxItems = a}) . mapping _Nat;
+laupMaxItems = lens _laupMaxItems (\ s a -> s{_laupMaxItems = a}) . mapping _Nat
 
--- | The name (friendly name, not ARN) of the user to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name (friendly name, not ARN) of the user to list attached policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 laupUserName :: Lens' ListAttachedUserPolicies Text
-laupUserName = lens _laupUserName (\ s a -> s{_laupUserName = a});
+laupUserName = lens _laupUserName (\ s a -> s{_laupUserName = a})
 
 instance AWSPager ListAttachedUserPolicies where
         page rq rs
@@ -174,28 +174,28 @@
     -> ListAttachedUserPoliciesResponse
 listAttachedUserPoliciesResponse pResponseStatus_ =
   ListAttachedUserPoliciesResponse'
-  { _lauprsAttachedPolicies = Nothing
-  , _lauprsMarker = Nothing
-  , _lauprsIsTruncated = Nothing
-  , _lauprsResponseStatus = pResponseStatus_
-  }
+    { _lauprsAttachedPolicies = Nothing
+    , _lauprsMarker = Nothing
+    , _lauprsIsTruncated = Nothing
+    , _lauprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of the attached policies.
 lauprsAttachedPolicies :: Lens' ListAttachedUserPoliciesResponse [AttachedPolicy]
-lauprsAttachedPolicies = lens _lauprsAttachedPolicies (\ s a -> s{_lauprsAttachedPolicies = a}) . _Default . _Coerce;
+lauprsAttachedPolicies = lens _lauprsAttachedPolicies (\ s a -> s{_lauprsAttachedPolicies = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lauprsMarker :: Lens' ListAttachedUserPoliciesResponse (Maybe Text)
-lauprsMarker = lens _lauprsMarker (\ s a -> s{_lauprsMarker = a});
+lauprsMarker = lens _lauprsMarker (\ s a -> s{_lauprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lauprsIsTruncated :: Lens' ListAttachedUserPoliciesResponse (Maybe Bool)
-lauprsIsTruncated = lens _lauprsIsTruncated (\ s a -> s{_lauprsIsTruncated = a});
+lauprsIsTruncated = lens _lauprsIsTruncated (\ s a -> s{_lauprsIsTruncated = a})
 
 -- | -- | The response status code.
 lauprsResponseStatus :: Lens' ListAttachedUserPoliciesResponse Int
-lauprsResponseStatus = lens _lauprsResponseStatus (\ s a -> s{_lauprsResponseStatus = a});
+lauprsResponseStatus = lens _lauprsResponseStatus (\ s a -> s{_lauprsResponseStatus = a})
 
 instance NFData ListAttachedUserPoliciesResponse
          where
diff --git a/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs b/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs
--- a/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs
+++ b/gen/Network/AWS/IAM/ListEntitiesForPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListEntitiesForPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -73,7 +73,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lefpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'lefpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'lefpEntityFilter' - The entity type to use for filtering the results. For example, when @EntityFilter@ is @Role@ , only the roles that are attached to the specified policy are returned. This parameter is optional. If it is not included, all attached entities (users, groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.
 --
@@ -87,33 +87,33 @@
     -> ListEntitiesForPolicy
 listEntitiesForPolicy pPolicyARN_ =
   ListEntitiesForPolicy'
-  { _lefpPathPrefix = Nothing
-  , _lefpEntityFilter = Nothing
-  , _lefpMarker = Nothing
-  , _lefpMaxItems = Nothing
-  , _lefpPolicyARN = pPolicyARN_
-  }
+    { _lefpPathPrefix = Nothing
+    , _lefpEntityFilter = Nothing
+    , _lefpMarker = Nothing
+    , _lefpMaxItems = Nothing
+    , _lefpPolicyARN = pPolicyARN_
+    }
 
 
--- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 lefpPathPrefix :: Lens' ListEntitiesForPolicy (Maybe Text)
-lefpPathPrefix = lens _lefpPathPrefix (\ s a -> s{_lefpPathPrefix = a});
+lefpPathPrefix = lens _lefpPathPrefix (\ s a -> s{_lefpPathPrefix = a})
 
 -- | The entity type to use for filtering the results. For example, when @EntityFilter@ is @Role@ , only the roles that are attached to the specified policy are returned. This parameter is optional. If it is not included, all attached entities (users, groups, and roles) are returned. The argument for this parameter must be one of the valid values listed below.
 lefpEntityFilter :: Lens' ListEntitiesForPolicy (Maybe EntityType)
-lefpEntityFilter = lens _lefpEntityFilter (\ s a -> s{_lefpEntityFilter = a});
+lefpEntityFilter = lens _lefpEntityFilter (\ s a -> s{_lefpEntityFilter = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lefpMarker :: Lens' ListEntitiesForPolicy (Maybe Text)
-lefpMarker = lens _lefpMarker (\ s a -> s{_lefpMarker = a});
+lefpMarker = lens _lefpMarker (\ s a -> s{_lefpMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lefpMaxItems :: Lens' ListEntitiesForPolicy (Maybe Natural)
-lefpMaxItems = lens _lefpMaxItems (\ s a -> s{_lefpMaxItems = a}) . mapping _Nat;
+lefpMaxItems = lens _lefpMaxItems (\ s a -> s{_lefpMaxItems = a}) . mapping _Nat
 
 -- | The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 lefpPolicyARN :: Lens' ListEntitiesForPolicy Text
-lefpPolicyARN = lens _lefpPolicyARN (\ s a -> s{_lefpPolicyARN = a});
+lefpPolicyARN = lens _lefpPolicyARN (\ s a -> s{_lefpPolicyARN = a})
 
 instance AWSPager ListEntitiesForPolicy where
         page rq rs
@@ -197,37 +197,37 @@
     -> ListEntitiesForPolicyResponse
 listEntitiesForPolicyResponse pResponseStatus_ =
   ListEntitiesForPolicyResponse'
-  { _lefprsPolicyGroups = Nothing
-  , _lefprsPolicyRoles = Nothing
-  , _lefprsMarker = Nothing
-  , _lefprsPolicyUsers = Nothing
-  , _lefprsIsTruncated = Nothing
-  , _lefprsResponseStatus = pResponseStatus_
-  }
+    { _lefprsPolicyGroups = Nothing
+    , _lefprsPolicyRoles = Nothing
+    , _lefprsMarker = Nothing
+    , _lefprsPolicyUsers = Nothing
+    , _lefprsIsTruncated = Nothing
+    , _lefprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of IAM groups that the policy is attached to.
 lefprsPolicyGroups :: Lens' ListEntitiesForPolicyResponse [PolicyGroup]
-lefprsPolicyGroups = lens _lefprsPolicyGroups (\ s a -> s{_lefprsPolicyGroups = a}) . _Default . _Coerce;
+lefprsPolicyGroups = lens _lefprsPolicyGroups (\ s a -> s{_lefprsPolicyGroups = a}) . _Default . _Coerce
 
 -- | A list of IAM roles that the policy is attached to.
 lefprsPolicyRoles :: Lens' ListEntitiesForPolicyResponse [PolicyRole]
-lefprsPolicyRoles = lens _lefprsPolicyRoles (\ s a -> s{_lefprsPolicyRoles = a}) . _Default . _Coerce;
+lefprsPolicyRoles = lens _lefprsPolicyRoles (\ s a -> s{_lefprsPolicyRoles = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lefprsMarker :: Lens' ListEntitiesForPolicyResponse (Maybe Text)
-lefprsMarker = lens _lefprsMarker (\ s a -> s{_lefprsMarker = a});
+lefprsMarker = lens _lefprsMarker (\ s a -> s{_lefprsMarker = a})
 
 -- | A list of IAM users that the policy is attached to.
 lefprsPolicyUsers :: Lens' ListEntitiesForPolicyResponse [PolicyUser]
-lefprsPolicyUsers = lens _lefprsPolicyUsers (\ s a -> s{_lefprsPolicyUsers = a}) . _Default . _Coerce;
+lefprsPolicyUsers = lens _lefprsPolicyUsers (\ s a -> s{_lefprsPolicyUsers = a}) . _Default . _Coerce
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lefprsIsTruncated :: Lens' ListEntitiesForPolicyResponse (Maybe Bool)
-lefprsIsTruncated = lens _lefprsIsTruncated (\ s a -> s{_lefprsIsTruncated = a});
+lefprsIsTruncated = lens _lefprsIsTruncated (\ s a -> s{_lefprsIsTruncated = a})
 
 -- | -- | The response status code.
 lefprsResponseStatus :: Lens' ListEntitiesForPolicyResponse Int
-lefprsResponseStatus = lens _lefprsResponseStatus (\ s a -> s{_lefprsResponseStatus = a});
+lefprsResponseStatus = lens _lefprsResponseStatus (\ s a -> s{_lefprsResponseStatus = a})
 
 instance NFData ListEntitiesForPolicyResponse where
diff --git a/gen/Network/AWS/IAM/ListGroupPolicies.hs b/gen/Network/AWS/IAM/ListGroupPolicies.hs
--- a/gen/Network/AWS/IAM/ListGroupPolicies.hs
+++ b/gen/Network/AWS/IAM/ListGroupPolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListGroupPolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- An IAM group can also have managed policies attached to it. To list the managed policies that are attached to a group, use 'ListAttachedGroupPolicies' . For more information about policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /IAM User Guide/ .
 --
--- You can paginate the results using the @MaxItems@ and @Marker@ parameters. If there are no inline policies embedded with the specified group, the action returns an empty list.
+-- You can paginate the results using the @MaxItems@ and @Marker@ parameters. If there are no inline policies embedded with the specified group, the operation returns an empty list.
 --
 --
 -- This operation returns paginated results.
@@ -71,26 +71,26 @@
 --
 -- * 'lgpMaxItems' - (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 --
--- * 'lgpGroupName' - The name of the group to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lgpGroupName' - The name of the group to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 listGroupPolicies
     :: Text -- ^ 'lgpGroupName'
     -> ListGroupPolicies
 listGroupPolicies pGroupName_ =
   ListGroupPolicies'
-  {_lgpMarker = Nothing, _lgpMaxItems = Nothing, _lgpGroupName = pGroupName_}
+    {_lgpMarker = Nothing, _lgpMaxItems = Nothing, _lgpGroupName = pGroupName_}
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lgpMarker :: Lens' ListGroupPolicies (Maybe Text)
-lgpMarker = lens _lgpMarker (\ s a -> s{_lgpMarker = a});
+lgpMarker = lens _lgpMarker (\ s a -> s{_lgpMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lgpMaxItems :: Lens' ListGroupPolicies (Maybe Natural)
-lgpMaxItems = lens _lgpMaxItems (\ s a -> s{_lgpMaxItems = a}) . mapping _Nat;
+lgpMaxItems = lens _lgpMaxItems (\ s a -> s{_lgpMaxItems = a}) . mapping _Nat
 
--- | The name of the group to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the group to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lgpGroupName :: Lens' ListGroupPolicies Text
-lgpGroupName = lens _lgpGroupName (\ s a -> s{_lgpGroupName = a});
+lgpGroupName = lens _lgpGroupName (\ s a -> s{_lgpGroupName = a})
 
 instance AWSPager ListGroupPolicies where
         page rq rs
@@ -153,33 +153,33 @@
 --
 -- * 'lgprsResponseStatus' - -- | The response status code.
 --
--- * 'lgprsPolicyNames' - A list of policy names. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'lgprsPolicyNames' - A list of policy names. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 listGroupPoliciesResponse
     :: Int -- ^ 'lgprsResponseStatus'
     -> ListGroupPoliciesResponse
 listGroupPoliciesResponse pResponseStatus_ =
   ListGroupPoliciesResponse'
-  { _lgprsMarker = Nothing
-  , _lgprsIsTruncated = Nothing
-  , _lgprsResponseStatus = pResponseStatus_
-  , _lgprsPolicyNames = mempty
-  }
+    { _lgprsMarker = Nothing
+    , _lgprsIsTruncated = Nothing
+    , _lgprsResponseStatus = pResponseStatus_
+    , _lgprsPolicyNames = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lgprsMarker :: Lens' ListGroupPoliciesResponse (Maybe Text)
-lgprsMarker = lens _lgprsMarker (\ s a -> s{_lgprsMarker = a});
+lgprsMarker = lens _lgprsMarker (\ s a -> s{_lgprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lgprsIsTruncated :: Lens' ListGroupPoliciesResponse (Maybe Bool)
-lgprsIsTruncated = lens _lgprsIsTruncated (\ s a -> s{_lgprsIsTruncated = a});
+lgprsIsTruncated = lens _lgprsIsTruncated (\ s a -> s{_lgprsIsTruncated = a})
 
 -- | -- | The response status code.
 lgprsResponseStatus :: Lens' ListGroupPoliciesResponse Int
-lgprsResponseStatus = lens _lgprsResponseStatus (\ s a -> s{_lgprsResponseStatus = a});
+lgprsResponseStatus = lens _lgprsResponseStatus (\ s a -> s{_lgprsResponseStatus = a})
 
--- | A list of policy names. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | A list of policy names. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lgprsPolicyNames :: Lens' ListGroupPoliciesResponse [Text]
-lgprsPolicyNames = lens _lgprsPolicyNames (\ s a -> s{_lgprsPolicyNames = a}) . _Coerce;
+lgprsPolicyNames = lens _lgprsPolicyNames (\ s a -> s{_lgprsPolicyNames = a}) . _Coerce
 
 instance NFData ListGroupPoliciesResponse where
diff --git a/gen/Network/AWS/IAM/ListGroups.hs b/gen/Network/AWS/IAM/ListGroups.hs
--- a/gen/Network/AWS/IAM/ListGroups.hs
+++ b/gen/Network/AWS/IAM/ListGroups.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListGroups
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -65,7 +65,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lgPathPrefix' - The path prefix for filtering the results. For example, the prefix @/division_abc/subdivision_xyz/@ gets all groups whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'lgPathPrefix' - The path prefix for filtering the results. For example, the prefix @/division_abc/subdivision_xyz/@ gets all groups whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'lgMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -74,20 +74,20 @@
     :: ListGroups
 listGroups =
   ListGroups'
-  {_lgPathPrefix = Nothing, _lgMarker = Nothing, _lgMaxItems = Nothing}
+    {_lgPathPrefix = Nothing, _lgMarker = Nothing, _lgMaxItems = Nothing}
 
 
--- | The path prefix for filtering the results. For example, the prefix @/division_abc/subdivision_xyz/@ gets all groups whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. For example, the prefix @/division_abc/subdivision_xyz/@ gets all groups whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 lgPathPrefix :: Lens' ListGroups (Maybe Text)
-lgPathPrefix = lens _lgPathPrefix (\ s a -> s{_lgPathPrefix = a});
+lgPathPrefix = lens _lgPathPrefix (\ s a -> s{_lgPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lgMarker :: Lens' ListGroups (Maybe Text)
-lgMarker = lens _lgMarker (\ s a -> s{_lgMarker = a});
+lgMarker = lens _lgMarker (\ s a -> s{_lgMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lgMaxItems :: Lens' ListGroups (Maybe Natural)
-lgMaxItems = lens _lgMaxItems (\ s a -> s{_lgMaxItems = a}) . mapping _Nat;
+lgMaxItems = lens _lgMaxItems (\ s a -> s{_lgMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListGroups where
         page rq rs
@@ -156,27 +156,27 @@
     -> ListGroupsResponse
 listGroupsResponse pResponseStatus_ =
   ListGroupsResponse'
-  { _lgrsMarker = Nothing
-  , _lgrsIsTruncated = Nothing
-  , _lgrsResponseStatus = pResponseStatus_
-  , _lgrsGroups = mempty
-  }
+    { _lgrsMarker = Nothing
+    , _lgrsIsTruncated = Nothing
+    , _lgrsResponseStatus = pResponseStatus_
+    , _lgrsGroups = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lgrsMarker :: Lens' ListGroupsResponse (Maybe Text)
-lgrsMarker = lens _lgrsMarker (\ s a -> s{_lgrsMarker = a});
+lgrsMarker = lens _lgrsMarker (\ s a -> s{_lgrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lgrsIsTruncated :: Lens' ListGroupsResponse (Maybe Bool)
-lgrsIsTruncated = lens _lgrsIsTruncated (\ s a -> s{_lgrsIsTruncated = a});
+lgrsIsTruncated = lens _lgrsIsTruncated (\ s a -> s{_lgrsIsTruncated = a})
 
 -- | -- | The response status code.
 lgrsResponseStatus :: Lens' ListGroupsResponse Int
-lgrsResponseStatus = lens _lgrsResponseStatus (\ s a -> s{_lgrsResponseStatus = a});
+lgrsResponseStatus = lens _lgrsResponseStatus (\ s a -> s{_lgrsResponseStatus = a})
 
 -- | A list of groups.
 lgrsGroups :: Lens' ListGroupsResponse [Group]
-lgrsGroups = lens _lgrsGroups (\ s a -> s{_lgrsGroups = a}) . _Coerce;
+lgrsGroups = lens _lgrsGroups (\ s a -> s{_lgrsGroups = a}) . _Coerce
 
 instance NFData ListGroupsResponse where
diff --git a/gen/Network/AWS/IAM/ListGroupsForUser.hs b/gen/Network/AWS/IAM/ListGroupsForUser.hs
--- a/gen/Network/AWS/IAM/ListGroupsForUser.hs
+++ b/gen/Network/AWS/IAM/ListGroupsForUser.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListGroupsForUser
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -69,26 +69,26 @@
 --
 -- * 'lgfuMaxItems' - (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 --
--- * 'lgfuUserName' - The name of the user to list groups for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lgfuUserName' - The name of the user to list groups for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 listGroupsForUser
     :: Text -- ^ 'lgfuUserName'
     -> ListGroupsForUser
 listGroupsForUser pUserName_ =
   ListGroupsForUser'
-  {_lgfuMarker = Nothing, _lgfuMaxItems = Nothing, _lgfuUserName = pUserName_}
+    {_lgfuMarker = Nothing, _lgfuMaxItems = Nothing, _lgfuUserName = pUserName_}
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lgfuMarker :: Lens' ListGroupsForUser (Maybe Text)
-lgfuMarker = lens _lgfuMarker (\ s a -> s{_lgfuMarker = a});
+lgfuMarker = lens _lgfuMarker (\ s a -> s{_lgfuMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lgfuMaxItems :: Lens' ListGroupsForUser (Maybe Natural)
-lgfuMaxItems = lens _lgfuMaxItems (\ s a -> s{_lgfuMaxItems = a}) . mapping _Nat;
+lgfuMaxItems = lens _lgfuMaxItems (\ s a -> s{_lgfuMaxItems = a}) . mapping _Nat
 
--- | The name of the user to list groups for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user to list groups for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lgfuUserName :: Lens' ListGroupsForUser Text
-lgfuUserName = lens _lgfuUserName (\ s a -> s{_lgfuUserName = a});
+lgfuUserName = lens _lgfuUserName (\ s a -> s{_lgfuUserName = a})
 
 instance AWSPager ListGroupsForUser where
         page rq rs
@@ -157,27 +157,27 @@
     -> ListGroupsForUserResponse
 listGroupsForUserResponse pResponseStatus_ =
   ListGroupsForUserResponse'
-  { _lgfursMarker = Nothing
-  , _lgfursIsTruncated = Nothing
-  , _lgfursResponseStatus = pResponseStatus_
-  , _lgfursGroups = mempty
-  }
+    { _lgfursMarker = Nothing
+    , _lgfursIsTruncated = Nothing
+    , _lgfursResponseStatus = pResponseStatus_
+    , _lgfursGroups = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lgfursMarker :: Lens' ListGroupsForUserResponse (Maybe Text)
-lgfursMarker = lens _lgfursMarker (\ s a -> s{_lgfursMarker = a});
+lgfursMarker = lens _lgfursMarker (\ s a -> s{_lgfursMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lgfursIsTruncated :: Lens' ListGroupsForUserResponse (Maybe Bool)
-lgfursIsTruncated = lens _lgfursIsTruncated (\ s a -> s{_lgfursIsTruncated = a});
+lgfursIsTruncated = lens _lgfursIsTruncated (\ s a -> s{_lgfursIsTruncated = a})
 
 -- | -- | The response status code.
 lgfursResponseStatus :: Lens' ListGroupsForUserResponse Int
-lgfursResponseStatus = lens _lgfursResponseStatus (\ s a -> s{_lgfursResponseStatus = a});
+lgfursResponseStatus = lens _lgfursResponseStatus (\ s a -> s{_lgfursResponseStatus = a})
 
 -- | A list of groups.
 lgfursGroups :: Lens' ListGroupsForUserResponse [Group]
-lgfursGroups = lens _lgfursGroups (\ s a -> s{_lgfursGroups = a}) . _Coerce;
+lgfursGroups = lens _lgfursGroups (\ s a -> s{_lgfursGroups = a}) . _Coerce
 
 instance NFData ListGroupsForUserResponse where
diff --git a/gen/Network/AWS/IAM/ListInstanceProfiles.hs b/gen/Network/AWS/IAM/ListInstanceProfiles.hs
--- a/gen/Network/AWS/IAM/ListInstanceProfiles.hs
+++ b/gen/Network/AWS/IAM/ListInstanceProfiles.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListInstanceProfiles
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty list. For more information about instance profiles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html About Instance Profiles> .
+-- Lists the instance profiles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about instance profiles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html About Instance Profiles> .
 --
 --
 -- You can paginate the results using the @MaxItems@ and @Marker@ parameters.
@@ -65,7 +65,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lipPathPrefix' - The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all instance profiles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'lipPathPrefix' - The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all instance profiles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'lipMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -74,20 +74,20 @@
     :: ListInstanceProfiles
 listInstanceProfiles =
   ListInstanceProfiles'
-  {_lipPathPrefix = Nothing, _lipMarker = Nothing, _lipMaxItems = Nothing}
+    {_lipPathPrefix = Nothing, _lipMarker = Nothing, _lipMaxItems = Nothing}
 
 
--- | The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all instance profiles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all instance profiles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance profiles. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 lipPathPrefix :: Lens' ListInstanceProfiles (Maybe Text)
-lipPathPrefix = lens _lipPathPrefix (\ s a -> s{_lipPathPrefix = a});
+lipPathPrefix = lens _lipPathPrefix (\ s a -> s{_lipPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lipMarker :: Lens' ListInstanceProfiles (Maybe Text)
-lipMarker = lens _lipMarker (\ s a -> s{_lipMarker = a});
+lipMarker = lens _lipMarker (\ s a -> s{_lipMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lipMaxItems :: Lens' ListInstanceProfiles (Maybe Natural)
-lipMaxItems = lens _lipMaxItems (\ s a -> s{_lipMaxItems = a}) . mapping _Nat;
+lipMaxItems = lens _lipMaxItems (\ s a -> s{_lipMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListInstanceProfiles where
         page rq rs
@@ -157,27 +157,27 @@
     -> ListInstanceProfilesResponse
 listInstanceProfilesResponse pResponseStatus_ =
   ListInstanceProfilesResponse'
-  { _liprsMarker = Nothing
-  , _liprsIsTruncated = Nothing
-  , _liprsResponseStatus = pResponseStatus_
-  , _liprsInstanceProfiles = mempty
-  }
+    { _liprsMarker = Nothing
+    , _liprsIsTruncated = Nothing
+    , _liprsResponseStatus = pResponseStatus_
+    , _liprsInstanceProfiles = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 liprsMarker :: Lens' ListInstanceProfilesResponse (Maybe Text)
-liprsMarker = lens _liprsMarker (\ s a -> s{_liprsMarker = a});
+liprsMarker = lens _liprsMarker (\ s a -> s{_liprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 liprsIsTruncated :: Lens' ListInstanceProfilesResponse (Maybe Bool)
-liprsIsTruncated = lens _liprsIsTruncated (\ s a -> s{_liprsIsTruncated = a});
+liprsIsTruncated = lens _liprsIsTruncated (\ s a -> s{_liprsIsTruncated = a})
 
 -- | -- | The response status code.
 liprsResponseStatus :: Lens' ListInstanceProfilesResponse Int
-liprsResponseStatus = lens _liprsResponseStatus (\ s a -> s{_liprsResponseStatus = a});
+liprsResponseStatus = lens _liprsResponseStatus (\ s a -> s{_liprsResponseStatus = a})
 
 -- | A list of instance profiles.
 liprsInstanceProfiles :: Lens' ListInstanceProfilesResponse [InstanceProfile]
-liprsInstanceProfiles = lens _liprsInstanceProfiles (\ s a -> s{_liprsInstanceProfiles = a}) . _Coerce;
+liprsInstanceProfiles = lens _liprsInstanceProfiles (\ s a -> s{_liprsInstanceProfiles = a}) . _Coerce
 
 instance NFData ListInstanceProfilesResponse where
diff --git a/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs b/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs
--- a/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs
+++ b/gen/Network/AWS/IAM/ListInstanceProfilesForRole.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListInstanceProfilesForRole
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the instance profiles that have the specified associated IAM role. If there are none, the action returns an empty list. For more information about instance profiles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html About Instance Profiles> .
+-- Lists the instance profiles that have the specified associated IAM role. If there are none, the operation returns an empty list. For more information about instance profiles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html About Instance Profiles> .
 --
 --
 -- You can paginate the results using the @MaxItems@ and @Marker@ parameters.
@@ -75,23 +75,23 @@
     -> ListInstanceProfilesForRole
 listInstanceProfilesForRole pRoleName_ =
   ListInstanceProfilesForRole'
-  { _lipfrMarker = Nothing
-  , _lipfrMaxItems = Nothing
-  , _lipfrRoleName = pRoleName_
-  }
+    { _lipfrMarker = Nothing
+    , _lipfrMaxItems = Nothing
+    , _lipfrRoleName = pRoleName_
+    }
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lipfrMarker :: Lens' ListInstanceProfilesForRole (Maybe Text)
-lipfrMarker = lens _lipfrMarker (\ s a -> s{_lipfrMarker = a});
+lipfrMarker = lens _lipfrMarker (\ s a -> s{_lipfrMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lipfrMaxItems :: Lens' ListInstanceProfilesForRole (Maybe Natural)
-lipfrMaxItems = lens _lipfrMaxItems (\ s a -> s{_lipfrMaxItems = a}) . mapping _Nat;
+lipfrMaxItems = lens _lipfrMaxItems (\ s a -> s{_lipfrMaxItems = a}) . mapping _Nat
 
 -- | The name of the role to list instance profiles for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lipfrRoleName :: Lens' ListInstanceProfilesForRole Text
-lipfrRoleName = lens _lipfrRoleName (\ s a -> s{_lipfrRoleName = a});
+lipfrRoleName = lens _lipfrRoleName (\ s a -> s{_lipfrRoleName = a})
 
 instance AWSPager ListInstanceProfilesForRole where
         page rq rs
@@ -164,28 +164,28 @@
     -> ListInstanceProfilesForRoleResponse
 listInstanceProfilesForRoleResponse pResponseStatus_ =
   ListInstanceProfilesForRoleResponse'
-  { _lipfrrsMarker = Nothing
-  , _lipfrrsIsTruncated = Nothing
-  , _lipfrrsResponseStatus = pResponseStatus_
-  , _lipfrrsInstanceProfiles = mempty
-  }
+    { _lipfrrsMarker = Nothing
+    , _lipfrrsIsTruncated = Nothing
+    , _lipfrrsResponseStatus = pResponseStatus_
+    , _lipfrrsInstanceProfiles = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lipfrrsMarker :: Lens' ListInstanceProfilesForRoleResponse (Maybe Text)
-lipfrrsMarker = lens _lipfrrsMarker (\ s a -> s{_lipfrrsMarker = a});
+lipfrrsMarker = lens _lipfrrsMarker (\ s a -> s{_lipfrrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lipfrrsIsTruncated :: Lens' ListInstanceProfilesForRoleResponse (Maybe Bool)
-lipfrrsIsTruncated = lens _lipfrrsIsTruncated (\ s a -> s{_lipfrrsIsTruncated = a});
+lipfrrsIsTruncated = lens _lipfrrsIsTruncated (\ s a -> s{_lipfrrsIsTruncated = a})
 
 -- | -- | The response status code.
 lipfrrsResponseStatus :: Lens' ListInstanceProfilesForRoleResponse Int
-lipfrrsResponseStatus = lens _lipfrrsResponseStatus (\ s a -> s{_lipfrrsResponseStatus = a});
+lipfrrsResponseStatus = lens _lipfrrsResponseStatus (\ s a -> s{_lipfrrsResponseStatus = a})
 
 -- | A list of instance profiles.
 lipfrrsInstanceProfiles :: Lens' ListInstanceProfilesForRoleResponse [InstanceProfile]
-lipfrrsInstanceProfiles = lens _lipfrrsInstanceProfiles (\ s a -> s{_lipfrrsInstanceProfiles = a}) . _Coerce;
+lipfrrsInstanceProfiles = lens _lipfrrsInstanceProfiles (\ s a -> s{_lipfrrsInstanceProfiles = a}) . _Coerce
 
 instance NFData ListInstanceProfilesForRoleResponse
          where
diff --git a/gen/Network/AWS/IAM/ListMFADevices.hs b/gen/Network/AWS/IAM/ListMFADevices.hs
--- a/gen/Network/AWS/IAM/ListMFADevices.hs
+++ b/gen/Network/AWS/IAM/ListMFADevices.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListMFADevices
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this action lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request for this API.
+-- Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request for this API.
 --
 --
 -- You can paginate the results using the @MaxItems@ and @Marker@ parameters.
@@ -65,7 +65,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lmdUserName' - The name of the user whose MFA devices you want to list. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lmdUserName' - The name of the user whose MFA devices you want to list. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'lmdMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -74,20 +74,20 @@
     :: ListMFADevices
 listMFADevices =
   ListMFADevices'
-  {_lmdUserName = Nothing, _lmdMarker = Nothing, _lmdMaxItems = Nothing}
+    {_lmdUserName = Nothing, _lmdMarker = Nothing, _lmdMaxItems = Nothing}
 
 
--- | The name of the user whose MFA devices you want to list. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose MFA devices you want to list. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lmdUserName :: Lens' ListMFADevices (Maybe Text)
-lmdUserName = lens _lmdUserName (\ s a -> s{_lmdUserName = a});
+lmdUserName = lens _lmdUserName (\ s a -> s{_lmdUserName = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lmdMarker :: Lens' ListMFADevices (Maybe Text)
-lmdMarker = lens _lmdMarker (\ s a -> s{_lmdMarker = a});
+lmdMarker = lens _lmdMarker (\ s a -> s{_lmdMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lmdMaxItems :: Lens' ListMFADevices (Maybe Natural)
-lmdMaxItems = lens _lmdMaxItems (\ s a -> s{_lmdMaxItems = a}) . mapping _Nat;
+lmdMaxItems = lens _lmdMaxItems (\ s a -> s{_lmdMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListMFADevices where
         page rq rs
@@ -156,27 +156,27 @@
     -> ListMFADevicesResponse
 listMFADevicesResponse pResponseStatus_ =
   ListMFADevicesResponse'
-  { _lmdrsMarker = Nothing
-  , _lmdrsIsTruncated = Nothing
-  , _lmdrsResponseStatus = pResponseStatus_
-  , _lmdrsMFADevices = mempty
-  }
+    { _lmdrsMarker = Nothing
+    , _lmdrsIsTruncated = Nothing
+    , _lmdrsResponseStatus = pResponseStatus_
+    , _lmdrsMFADevices = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lmdrsMarker :: Lens' ListMFADevicesResponse (Maybe Text)
-lmdrsMarker = lens _lmdrsMarker (\ s a -> s{_lmdrsMarker = a});
+lmdrsMarker = lens _lmdrsMarker (\ s a -> s{_lmdrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lmdrsIsTruncated :: Lens' ListMFADevicesResponse (Maybe Bool)
-lmdrsIsTruncated = lens _lmdrsIsTruncated (\ s a -> s{_lmdrsIsTruncated = a});
+lmdrsIsTruncated = lens _lmdrsIsTruncated (\ s a -> s{_lmdrsIsTruncated = a})
 
 -- | -- | The response status code.
 lmdrsResponseStatus :: Lens' ListMFADevicesResponse Int
-lmdrsResponseStatus = lens _lmdrsResponseStatus (\ s a -> s{_lmdrsResponseStatus = a});
+lmdrsResponseStatus = lens _lmdrsResponseStatus (\ s a -> s{_lmdrsResponseStatus = a})
 
 -- | A list of MFA devices.
 lmdrsMFADevices :: Lens' ListMFADevicesResponse [MFADevice]
-lmdrsMFADevices = lens _lmdrsMFADevices (\ s a -> s{_lmdrsMFADevices = a}) . _Coerce;
+lmdrsMFADevices = lens _lmdrsMFADevices (\ s a -> s{_lmdrsMFADevices = a}) . _Coerce
 
 instance NFData ListMFADevicesResponse where
diff --git a/gen/Network/AWS/IAM/ListOpenIdConnectProviders.hs b/gen/Network/AWS/IAM/ListOpenIdConnectProviders.hs
--- a/gen/Network/AWS/IAM/ListOpenIdConnectProviders.hs
+++ b/gen/Network/AWS/IAM/ListOpenIdConnectProviders.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListOpenIdConnectProviders
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -109,18 +109,18 @@
     -> ListOpenIdConnectProvidersResponse
 listOpenIdConnectProvidersResponse pResponseStatus_ =
   ListOpenIdConnectProvidersResponse'
-  { _loicprsOpenIdConnectProviderList = Nothing
-  , _loicprsResponseStatus = pResponseStatus_
-  }
+    { _loicprsOpenIdConnectProviderList = Nothing
+    , _loicprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The list of IAM OIDC provider resource objects defined in the AWS account.
 loicprsOpenIdConnectProviderList :: Lens' ListOpenIdConnectProvidersResponse [OpenIdConnectProviderListEntry]
-loicprsOpenIdConnectProviderList = lens _loicprsOpenIdConnectProviderList (\ s a -> s{_loicprsOpenIdConnectProviderList = a}) . _Default . _Coerce;
+loicprsOpenIdConnectProviderList = lens _loicprsOpenIdConnectProviderList (\ s a -> s{_loicprsOpenIdConnectProviderList = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 loicprsResponseStatus :: Lens' ListOpenIdConnectProvidersResponse Int
-loicprsResponseStatus = lens _loicprsResponseStatus (\ s a -> s{_loicprsResponseStatus = a});
+loicprsResponseStatus = lens _loicprsResponseStatus (\ s a -> s{_loicprsResponseStatus = a})
 
 instance NFData ListOpenIdConnectProvidersResponse
          where
diff --git a/gen/Network/AWS/IAM/ListPolicies.hs b/gen/Network/AWS/IAM/ListPolicies.hs
--- a/gen/Network/AWS/IAM/ListPolicies.hs
+++ b/gen/Network/AWS/IAM/ListPolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListPolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -73,7 +73,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'lpPathPrefix' - The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'lpOnlyAttached' - A flag to filter the results to only the attached policies. When @OnlyAttached@ is @true@ , the returned list contains only the policies that are attached to an IAM user, group, or role. When @OnlyAttached@ is @false@ , or when the parameter is not included, all policies are returned.
 --
@@ -86,33 +86,33 @@
     :: ListPolicies
 listPolicies =
   ListPolicies'
-  { _lpPathPrefix = Nothing
-  , _lpOnlyAttached = Nothing
-  , _lpMarker = Nothing
-  , _lpScope = Nothing
-  , _lpMaxItems = Nothing
-  }
+    { _lpPathPrefix = Nothing
+    , _lpOnlyAttached = Nothing
+    , _lpMarker = Nothing
+    , _lpScope = Nothing
+    , _lpMaxItems = Nothing
+    }
 
 
--- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all policies. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 lpPathPrefix :: Lens' ListPolicies (Maybe Text)
-lpPathPrefix = lens _lpPathPrefix (\ s a -> s{_lpPathPrefix = a});
+lpPathPrefix = lens _lpPathPrefix (\ s a -> s{_lpPathPrefix = a})
 
 -- | A flag to filter the results to only the attached policies. When @OnlyAttached@ is @true@ , the returned list contains only the policies that are attached to an IAM user, group, or role. When @OnlyAttached@ is @false@ , or when the parameter is not included, all policies are returned.
 lpOnlyAttached :: Lens' ListPolicies (Maybe Bool)
-lpOnlyAttached = lens _lpOnlyAttached (\ s a -> s{_lpOnlyAttached = a});
+lpOnlyAttached = lens _lpOnlyAttached (\ s a -> s{_lpOnlyAttached = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lpMarker :: Lens' ListPolicies (Maybe Text)
-lpMarker = lens _lpMarker (\ s a -> s{_lpMarker = a});
+lpMarker = lens _lpMarker (\ s a -> s{_lpMarker = a})
 
 -- | The scope to use for filtering the results. To list only AWS managed policies, set @Scope@ to @AWS@ . To list only the customer managed policies in your AWS account, set @Scope@ to @Local@ . This parameter is optional. If it is not included, or if it is set to @All@ , all policies are returned.
 lpScope :: Lens' ListPolicies (Maybe PolicyScopeType)
-lpScope = lens _lpScope (\ s a -> s{_lpScope = a});
+lpScope = lens _lpScope (\ s a -> s{_lpScope = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lpMaxItems :: Lens' ListPolicies (Maybe Natural)
-lpMaxItems = lens _lpMaxItems (\ s a -> s{_lpMaxItems = a}) . mapping _Nat;
+lpMaxItems = lens _lpMaxItems (\ s a -> s{_lpMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListPolicies where
         page rq rs
@@ -182,27 +182,27 @@
     -> ListPoliciesResponse
 listPoliciesResponse pResponseStatus_ =
   ListPoliciesResponse'
-  { _lprsMarker = Nothing
-  , _lprsIsTruncated = Nothing
-  , _lprsPolicies = Nothing
-  , _lprsResponseStatus = pResponseStatus_
-  }
+    { _lprsMarker = Nothing
+    , _lprsIsTruncated = Nothing
+    , _lprsPolicies = Nothing
+    , _lprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lprsMarker :: Lens' ListPoliciesResponse (Maybe Text)
-lprsMarker = lens _lprsMarker (\ s a -> s{_lprsMarker = a});
+lprsMarker = lens _lprsMarker (\ s a -> s{_lprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lprsIsTruncated :: Lens' ListPoliciesResponse (Maybe Bool)
-lprsIsTruncated = lens _lprsIsTruncated (\ s a -> s{_lprsIsTruncated = a});
+lprsIsTruncated = lens _lprsIsTruncated (\ s a -> s{_lprsIsTruncated = a})
 
 -- | A list of policies.
 lprsPolicies :: Lens' ListPoliciesResponse [Policy]
-lprsPolicies = lens _lprsPolicies (\ s a -> s{_lprsPolicies = a}) . _Default . _Coerce;
+lprsPolicies = lens _lprsPolicies (\ s a -> s{_lprsPolicies = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 lprsResponseStatus :: Lens' ListPoliciesResponse Int
-lprsResponseStatus = lens _lprsResponseStatus (\ s a -> s{_lprsResponseStatus = a});
+lprsResponseStatus = lens _lprsResponseStatus (\ s a -> s{_lprsResponseStatus = a})
 
 instance NFData ListPoliciesResponse where
diff --git a/gen/Network/AWS/IAM/ListPolicyVersions.hs b/gen/Network/AWS/IAM/ListPolicyVersions.hs
--- a/gen/Network/AWS/IAM/ListPolicyVersions.hs
+++ b/gen/Network/AWS/IAM/ListPolicyVersions.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListPolicyVersions
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -75,20 +75,20 @@
     -> ListPolicyVersions
 listPolicyVersions pPolicyARN_ =
   ListPolicyVersions'
-  {_lpvMarker = Nothing, _lpvMaxItems = Nothing, _lpvPolicyARN = pPolicyARN_}
+    {_lpvMarker = Nothing, _lpvMaxItems = Nothing, _lpvPolicyARN = pPolicyARN_}
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lpvMarker :: Lens' ListPolicyVersions (Maybe Text)
-lpvMarker = lens _lpvMarker (\ s a -> s{_lpvMarker = a});
+lpvMarker = lens _lpvMarker (\ s a -> s{_lpvMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lpvMaxItems :: Lens' ListPolicyVersions (Maybe Natural)
-lpvMaxItems = lens _lpvMaxItems (\ s a -> s{_lpvMaxItems = a}) . mapping _Nat;
+lpvMaxItems = lens _lpvMaxItems (\ s a -> s{_lpvMaxItems = a}) . mapping _Nat
 
 -- | The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 lpvPolicyARN :: Lens' ListPolicyVersions Text
-lpvPolicyARN = lens _lpvPolicyARN (\ s a -> s{_lpvPolicyARN = a});
+lpvPolicyARN = lens _lpvPolicyARN (\ s a -> s{_lpvPolicyARN = a})
 
 instance AWSPager ListPolicyVersions where
         page rq rs
@@ -158,27 +158,27 @@
     -> ListPolicyVersionsResponse
 listPolicyVersionsResponse pResponseStatus_ =
   ListPolicyVersionsResponse'
-  { _lpvrsVersions = Nothing
-  , _lpvrsMarker = Nothing
-  , _lpvrsIsTruncated = Nothing
-  , _lpvrsResponseStatus = pResponseStatus_
-  }
+    { _lpvrsVersions = Nothing
+    , _lpvrsMarker = Nothing
+    , _lpvrsIsTruncated = Nothing
+    , _lpvrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of policy versions. For more information about managed policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /IAM User Guide/ .
 lpvrsVersions :: Lens' ListPolicyVersionsResponse [PolicyVersion]
-lpvrsVersions = lens _lpvrsVersions (\ s a -> s{_lpvrsVersions = a}) . _Default . _Coerce;
+lpvrsVersions = lens _lpvrsVersions (\ s a -> s{_lpvrsVersions = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lpvrsMarker :: Lens' ListPolicyVersionsResponse (Maybe Text)
-lpvrsMarker = lens _lpvrsMarker (\ s a -> s{_lpvrsMarker = a});
+lpvrsMarker = lens _lpvrsMarker (\ s a -> s{_lpvrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lpvrsIsTruncated :: Lens' ListPolicyVersionsResponse (Maybe Bool)
-lpvrsIsTruncated = lens _lpvrsIsTruncated (\ s a -> s{_lpvrsIsTruncated = a});
+lpvrsIsTruncated = lens _lpvrsIsTruncated (\ s a -> s{_lpvrsIsTruncated = a})
 
 -- | -- | The response status code.
 lpvrsResponseStatus :: Lens' ListPolicyVersionsResponse Int
-lpvrsResponseStatus = lens _lpvrsResponseStatus (\ s a -> s{_lpvrsResponseStatus = a});
+lpvrsResponseStatus = lens _lpvrsResponseStatus (\ s a -> s{_lpvrsResponseStatus = a})
 
 instance NFData ListPolicyVersionsResponse where
diff --git a/gen/Network/AWS/IAM/ListRolePolicies.hs b/gen/Network/AWS/IAM/ListRolePolicies.hs
--- a/gen/Network/AWS/IAM/ListRolePolicies.hs
+++ b/gen/Network/AWS/IAM/ListRolePolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListRolePolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a role, use 'ListAttachedRolePolicies' . For more information about policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /IAM User Guide/ .
 --
--- You can paginate the results using the @MaxItems@ and @Marker@ parameters. If there are no inline policies embedded with the specified role, the action returns an empty list.
+-- You can paginate the results using the @MaxItems@ and @Marker@ parameters. If there are no inline policies embedded with the specified role, the operation returns an empty list.
 --
 --
 -- This operation returns paginated results.
@@ -77,20 +77,20 @@
     -> ListRolePolicies
 listRolePolicies pRoleName_ =
   ListRolePolicies'
-  {_lrpMarker = Nothing, _lrpMaxItems = Nothing, _lrpRoleName = pRoleName_}
+    {_lrpMarker = Nothing, _lrpMaxItems = Nothing, _lrpRoleName = pRoleName_}
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lrpMarker :: Lens' ListRolePolicies (Maybe Text)
-lrpMarker = lens _lrpMarker (\ s a -> s{_lrpMarker = a});
+lrpMarker = lens _lrpMarker (\ s a -> s{_lrpMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lrpMaxItems :: Lens' ListRolePolicies (Maybe Natural)
-lrpMaxItems = lens _lrpMaxItems (\ s a -> s{_lrpMaxItems = a}) . mapping _Nat;
+lrpMaxItems = lens _lrpMaxItems (\ s a -> s{_lrpMaxItems = a}) . mapping _Nat
 
 -- | The name of the role to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lrpRoleName :: Lens' ListRolePolicies Text
-lrpRoleName = lens _lrpRoleName (\ s a -> s{_lrpRoleName = a});
+lrpRoleName = lens _lrpRoleName (\ s a -> s{_lrpRoleName = a})
 
 instance AWSPager ListRolePolicies where
         page rq rs
@@ -159,27 +159,27 @@
     -> ListRolePoliciesResponse
 listRolePoliciesResponse pResponseStatus_ =
   ListRolePoliciesResponse'
-  { _lrprsMarker = Nothing
-  , _lrprsIsTruncated = Nothing
-  , _lrprsResponseStatus = pResponseStatus_
-  , _lrprsPolicyNames = mempty
-  }
+    { _lrprsMarker = Nothing
+    , _lrprsIsTruncated = Nothing
+    , _lrprsResponseStatus = pResponseStatus_
+    , _lrprsPolicyNames = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lrprsMarker :: Lens' ListRolePoliciesResponse (Maybe Text)
-lrprsMarker = lens _lrprsMarker (\ s a -> s{_lrprsMarker = a});
+lrprsMarker = lens _lrprsMarker (\ s a -> s{_lrprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lrprsIsTruncated :: Lens' ListRolePoliciesResponse (Maybe Bool)
-lrprsIsTruncated = lens _lrprsIsTruncated (\ s a -> s{_lrprsIsTruncated = a});
+lrprsIsTruncated = lens _lrprsIsTruncated (\ s a -> s{_lrprsIsTruncated = a})
 
 -- | -- | The response status code.
 lrprsResponseStatus :: Lens' ListRolePoliciesResponse Int
-lrprsResponseStatus = lens _lrprsResponseStatus (\ s a -> s{_lrprsResponseStatus = a});
+lrprsResponseStatus = lens _lrprsResponseStatus (\ s a -> s{_lrprsResponseStatus = a})
 
 -- | A list of policy names.
 lrprsPolicyNames :: Lens' ListRolePoliciesResponse [Text]
-lrprsPolicyNames = lens _lrprsPolicyNames (\ s a -> s{_lrprsPolicyNames = a}) . _Coerce;
+lrprsPolicyNames = lens _lrprsPolicyNames (\ s a -> s{_lrprsPolicyNames = a}) . _Coerce
 
 instance NFData ListRolePoliciesResponse where
diff --git a/gen/Network/AWS/IAM/ListRoles.hs b/gen/Network/AWS/IAM/ListRoles.hs
--- a/gen/Network/AWS/IAM/ListRoles.hs
+++ b/gen/Network/AWS/IAM/ListRoles.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListRoles
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the IAM roles that have the specified path prefix. If there are none, the action returns an empty list. For more information about roles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html Working with Roles> .
+-- Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about roles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html Working with Roles> .
 --
 --
 -- You can paginate the results using the @MaxItems@ and @Marker@ parameters.
@@ -65,7 +65,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lrPathPrefix' - The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all roles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'lrPathPrefix' - The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all roles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'lrMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -74,20 +74,20 @@
     :: ListRoles
 listRoles =
   ListRoles'
-  {_lrPathPrefix = Nothing, _lrMarker = Nothing, _lrMaxItems = Nothing}
+    {_lrPathPrefix = Nothing, _lrMarker = Nothing, _lrMaxItems = Nothing}
 
 
--- | The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all roles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. For example, the prefix @/application_abc/component_xyz/@ gets all roles whose path starts with @/application_abc/component_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 lrPathPrefix :: Lens' ListRoles (Maybe Text)
-lrPathPrefix = lens _lrPathPrefix (\ s a -> s{_lrPathPrefix = a});
+lrPathPrefix = lens _lrPathPrefix (\ s a -> s{_lrPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lrMarker :: Lens' ListRoles (Maybe Text)
-lrMarker = lens _lrMarker (\ s a -> s{_lrMarker = a});
+lrMarker = lens _lrMarker (\ s a -> s{_lrMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lrMaxItems :: Lens' ListRoles (Maybe Natural)
-lrMaxItems = lens _lrMaxItems (\ s a -> s{_lrMaxItems = a}) . mapping _Nat;
+lrMaxItems = lens _lrMaxItems (\ s a -> s{_lrMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListRoles where
         page rq rs
@@ -155,27 +155,27 @@
     -> ListRolesResponse
 listRolesResponse pResponseStatus_ =
   ListRolesResponse'
-  { _lrrsMarker = Nothing
-  , _lrrsIsTruncated = Nothing
-  , _lrrsResponseStatus = pResponseStatus_
-  , _lrrsRoles = mempty
-  }
+    { _lrrsMarker = Nothing
+    , _lrrsIsTruncated = Nothing
+    , _lrrsResponseStatus = pResponseStatus_
+    , _lrrsRoles = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lrrsMarker :: Lens' ListRolesResponse (Maybe Text)
-lrrsMarker = lens _lrrsMarker (\ s a -> s{_lrrsMarker = a});
+lrrsMarker = lens _lrrsMarker (\ s a -> s{_lrrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lrrsIsTruncated :: Lens' ListRolesResponse (Maybe Bool)
-lrrsIsTruncated = lens _lrrsIsTruncated (\ s a -> s{_lrrsIsTruncated = a});
+lrrsIsTruncated = lens _lrrsIsTruncated (\ s a -> s{_lrrsIsTruncated = a})
 
 -- | -- | The response status code.
 lrrsResponseStatus :: Lens' ListRolesResponse Int
-lrrsResponseStatus = lens _lrrsResponseStatus (\ s a -> s{_lrrsResponseStatus = a});
+lrrsResponseStatus = lens _lrrsResponseStatus (\ s a -> s{_lrrsResponseStatus = a})
 
 -- | A list of roles.
 lrrsRoles :: Lens' ListRolesResponse [Role]
-lrrsRoles = lens _lrrsRoles (\ s a -> s{_lrrsRoles = a}) . _Coerce;
+lrrsRoles = lens _lrrsRoles (\ s a -> s{_lrrsRoles = a}) . _Coerce
 
 instance NFData ListRolesResponse where
diff --git a/gen/Network/AWS/IAM/ListSAMLProviders.hs b/gen/Network/AWS/IAM/ListSAMLProviders.hs
--- a/gen/Network/AWS/IAM/ListSAMLProviders.hs
+++ b/gen/Network/AWS/IAM/ListSAMLProviders.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListSAMLProviders
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -106,17 +106,17 @@
     -> ListSAMLProvidersResponse
 listSAMLProvidersResponse pResponseStatus_ =
   ListSAMLProvidersResponse'
-  { _lsamlprsSAMLProviderList = Nothing
-  , _lsamlprsResponseStatus = pResponseStatus_
-  }
+    { _lsamlprsSAMLProviderList = Nothing
+    , _lsamlprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The list of SAML provider resource objects defined in IAM for this AWS account.
 lsamlprsSAMLProviderList :: Lens' ListSAMLProvidersResponse [SAMLProviderListEntry]
-lsamlprsSAMLProviderList = lens _lsamlprsSAMLProviderList (\ s a -> s{_lsamlprsSAMLProviderList = a}) . _Default . _Coerce;
+lsamlprsSAMLProviderList = lens _lsamlprsSAMLProviderList (\ s a -> s{_lsamlprsSAMLProviderList = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 lsamlprsResponseStatus :: Lens' ListSAMLProvidersResponse Int
-lsamlprsResponseStatus = lens _lsamlprsResponseStatus (\ s a -> s{_lsamlprsResponseStatus = a});
+lsamlprsResponseStatus = lens _lsamlprsResponseStatus (\ s a -> s{_lsamlprsResponseStatus = a})
 
 instance NFData ListSAMLProvidersResponse where
diff --git a/gen/Network/AWS/IAM/ListSSHPublicKeys.hs b/gen/Network/AWS/IAM/ListSSHPublicKeys.hs
--- a/gen/Network/AWS/IAM/ListSSHPublicKeys.hs
+++ b/gen/Network/AWS/IAM/ListSSHPublicKeys.hs
@@ -12,16 +12,16 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListSSHPublicKeys
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Returns information about the SSH public keys associated with the specified IAM user. If there are none, the action returns an empty list.
+-- Returns information about the SSH public keys associated with the specified IAM user. If there are none, the operation returns an empty list.
 --
 --
--- The SSH public keys returned by this action are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
+-- The SSH public keys returned by this operation are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
 --
 -- Although each user is limited to a small number of keys, you can still paginate the results using the @MaxItems@ and @Marker@ parameters.
 --
@@ -67,7 +67,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lspkUserName' - The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the AWS access key used to sign the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lspkUserName' - The name of the IAM user to list SSH public keys for. If none is specified, the @UserName@ field is determined implicitly based on the AWS access key used to sign the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'lspkMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -76,20 +76,20 @@
     :: ListSSHPublicKeys
 listSSHPublicKeys =
   ListSSHPublicKeys'
-  {_lspkUserName = Nothing, _lspkMarker = Nothing, _lspkMaxItems = Nothing}
+    {_lspkUserName = Nothing, _lspkMarker = Nothing, _lspkMaxItems = Nothing}
 
 
--- | The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the AWS access key used to sign the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user to list SSH public keys for. If none is specified, the @UserName@ field is determined implicitly based on the AWS access key used to sign the request. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lspkUserName :: Lens' ListSSHPublicKeys (Maybe Text)
-lspkUserName = lens _lspkUserName (\ s a -> s{_lspkUserName = a});
+lspkUserName = lens _lspkUserName (\ s a -> s{_lspkUserName = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lspkMarker :: Lens' ListSSHPublicKeys (Maybe Text)
-lspkMarker = lens _lspkMarker (\ s a -> s{_lspkMarker = a});
+lspkMarker = lens _lspkMarker (\ s a -> s{_lspkMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lspkMaxItems :: Lens' ListSSHPublicKeys (Maybe Natural)
-lspkMaxItems = lens _lspkMaxItems (\ s a -> s{_lspkMaxItems = a}) . mapping _Nat;
+lspkMaxItems = lens _lspkMaxItems (\ s a -> s{_lspkMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListSSHPublicKeys where
         page rq rs
@@ -158,27 +158,27 @@
     -> ListSSHPublicKeysResponse
 listSSHPublicKeysResponse pResponseStatus_ =
   ListSSHPublicKeysResponse'
-  { _lspkrsSSHPublicKeys = Nothing
-  , _lspkrsMarker = Nothing
-  , _lspkrsIsTruncated = Nothing
-  , _lspkrsResponseStatus = pResponseStatus_
-  }
+    { _lspkrsSSHPublicKeys = Nothing
+    , _lspkrsMarker = Nothing
+    , _lspkrsIsTruncated = Nothing
+    , _lspkrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of the SSH public keys assigned to IAM user.
 lspkrsSSHPublicKeys :: Lens' ListSSHPublicKeysResponse [SSHPublicKeyMetadata]
-lspkrsSSHPublicKeys = lens _lspkrsSSHPublicKeys (\ s a -> s{_lspkrsSSHPublicKeys = a}) . _Default . _Coerce;
+lspkrsSSHPublicKeys = lens _lspkrsSSHPublicKeys (\ s a -> s{_lspkrsSSHPublicKeys = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lspkrsMarker :: Lens' ListSSHPublicKeysResponse (Maybe Text)
-lspkrsMarker = lens _lspkrsMarker (\ s a -> s{_lspkrsMarker = a});
+lspkrsMarker = lens _lspkrsMarker (\ s a -> s{_lspkrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lspkrsIsTruncated :: Lens' ListSSHPublicKeysResponse (Maybe Bool)
-lspkrsIsTruncated = lens _lspkrsIsTruncated (\ s a -> s{_lspkrsIsTruncated = a});
+lspkrsIsTruncated = lens _lspkrsIsTruncated (\ s a -> s{_lspkrsIsTruncated = a})
 
 -- | -- | The response status code.
 lspkrsResponseStatus :: Lens' ListSSHPublicKeysResponse Int
-lspkrsResponseStatus = lens _lspkrsResponseStatus (\ s a -> s{_lspkrsResponseStatus = a});
+lspkrsResponseStatus = lens _lspkrsResponseStatus (\ s a -> s{_lspkrsResponseStatus = a})
 
 instance NFData ListSSHPublicKeysResponse where
diff --git a/gen/Network/AWS/IAM/ListServerCertificates.hs b/gen/Network/AWS/IAM/ListServerCertificates.hs
--- a/gen/Network/AWS/IAM/ListServerCertificates.hs
+++ b/gen/Network/AWS/IAM/ListServerCertificates.hs
@@ -12,18 +12,18 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListServerCertificates
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the action returns an empty list.
+-- Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation returns an empty list.
 --
 --
 -- You can paginate the results using the @MaxItems@ and @Marker@ parameters.
 --
--- For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ .
+-- For more information about working with server certificates, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ . This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.
 --
 --
 -- This operation returns paginated results.
@@ -67,7 +67,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lscPathPrefix' - The path prefix for filtering the results. For example: @/company/servercerts@ would get all server certificates for which the path starts with @/company/servercerts@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'lscPathPrefix' - The path prefix for filtering the results. For example: @/company/servercerts@ would get all server certificates for which the path starts with @/company/servercerts@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'lscMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -76,20 +76,20 @@
     :: ListServerCertificates
 listServerCertificates =
   ListServerCertificates'
-  {_lscPathPrefix = Nothing, _lscMarker = Nothing, _lscMaxItems = Nothing}
+    {_lscPathPrefix = Nothing, _lscMarker = Nothing, _lscMaxItems = Nothing}
 
 
--- | The path prefix for filtering the results. For example: @/company/servercerts@ would get all server certificates for which the path starts with @/company/servercerts@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. For example: @/company/servercerts@ would get all server certificates for which the path starts with @/company/servercerts@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all server certificates. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 lscPathPrefix :: Lens' ListServerCertificates (Maybe Text)
-lscPathPrefix = lens _lscPathPrefix (\ s a -> s{_lscPathPrefix = a});
+lscPathPrefix = lens _lscPathPrefix (\ s a -> s{_lscPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lscMarker :: Lens' ListServerCertificates (Maybe Text)
-lscMarker = lens _lscMarker (\ s a -> s{_lscMarker = a});
+lscMarker = lens _lscMarker (\ s a -> s{_lscMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lscMaxItems :: Lens' ListServerCertificates (Maybe Natural)
-lscMaxItems = lens _lscMaxItems (\ s a -> s{_lscMaxItems = a}) . mapping _Nat;
+lscMaxItems = lens _lscMaxItems (\ s a -> s{_lscMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListServerCertificates where
         page rq rs
@@ -160,27 +160,27 @@
     -> ListServerCertificatesResponse
 listServerCertificatesResponse pResponseStatus_ =
   ListServerCertificatesResponse'
-  { _lscrsMarker = Nothing
-  , _lscrsIsTruncated = Nothing
-  , _lscrsResponseStatus = pResponseStatus_
-  , _lscrsServerCertificateMetadataList = mempty
-  }
+    { _lscrsMarker = Nothing
+    , _lscrsIsTruncated = Nothing
+    , _lscrsResponseStatus = pResponseStatus_
+    , _lscrsServerCertificateMetadataList = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lscrsMarker :: Lens' ListServerCertificatesResponse (Maybe Text)
-lscrsMarker = lens _lscrsMarker (\ s a -> s{_lscrsMarker = a});
+lscrsMarker = lens _lscrsMarker (\ s a -> s{_lscrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lscrsIsTruncated :: Lens' ListServerCertificatesResponse (Maybe Bool)
-lscrsIsTruncated = lens _lscrsIsTruncated (\ s a -> s{_lscrsIsTruncated = a});
+lscrsIsTruncated = lens _lscrsIsTruncated (\ s a -> s{_lscrsIsTruncated = a})
 
 -- | -- | The response status code.
 lscrsResponseStatus :: Lens' ListServerCertificatesResponse Int
-lscrsResponseStatus = lens _lscrsResponseStatus (\ s a -> s{_lscrsResponseStatus = a});
+lscrsResponseStatus = lens _lscrsResponseStatus (\ s a -> s{_lscrsResponseStatus = a})
 
 -- | A list of server certificates.
 lscrsServerCertificateMetadataList :: Lens' ListServerCertificatesResponse [ServerCertificateMetadata]
-lscrsServerCertificateMetadataList = lens _lscrsServerCertificateMetadataList (\ s a -> s{_lscrsServerCertificateMetadataList = a}) . _Coerce;
+lscrsServerCertificateMetadataList = lens _lscrsServerCertificateMetadataList (\ s a -> s{_lscrsServerCertificateMetadataList = a}) . _Coerce
 
 instance NFData ListServerCertificatesResponse where
diff --git a/gen/Network/AWS/IAM/ListServiceSpecificCredentials.hs b/gen/Network/AWS/IAM/ListServiceSpecificCredentials.hs
--- a/gen/Network/AWS/IAM/ListServiceSpecificCredentials.hs
+++ b/gen/Network/AWS/IAM/ListServiceSpecificCredentials.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListServiceSpecificCredentials
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Returns information about the service-specific credentials associated with the specified IAM user. If there are none, the action returns an empty list. The service-specific credentials returned by this action are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an AWS service, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html Set Up service-specific credentials> in the AWS CodeCommit User Guide.
+-- Returns information about the service-specific credentials associated with the specified IAM user. If there are none, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an AWS service, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html Set Up service-specific credentials> in the AWS CodeCommit User Guide.
 --
 --
 module Network.AWS.IAM.ListServiceSpecificCredentials
@@ -56,23 +56,23 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lsscUserName' - The name of the user whose service-specific credentials you want information about. If this value is not specified then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lsscUserName' - The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'lsscServiceName' - Filters the returned results to only those for the specified AWS service. If not specified, then AWS returns service-specific credentials for all services.
 listServiceSpecificCredentials
     :: ListServiceSpecificCredentials
 listServiceSpecificCredentials =
   ListServiceSpecificCredentials'
-  {_lsscUserName = Nothing, _lsscServiceName = Nothing}
+    {_lsscUserName = Nothing, _lsscServiceName = Nothing}
 
 
--- | The name of the user whose service-specific credentials you want information about. If this value is not specified then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lsscUserName :: Lens' ListServiceSpecificCredentials (Maybe Text)
-lsscUserName = lens _lsscUserName (\ s a -> s{_lsscUserName = a});
+lsscUserName = lens _lsscUserName (\ s a -> s{_lsscUserName = a})
 
 -- | Filters the returned results to only those for the specified AWS service. If not specified, then AWS returns service-specific credentials for all services.
 lsscServiceName :: Lens' ListServiceSpecificCredentials (Maybe Text)
-lsscServiceName = lens _lsscServiceName (\ s a -> s{_lsscServiceName = a});
+lsscServiceName = lens _lsscServiceName (\ s a -> s{_lsscServiceName = a})
 
 instance AWSRequest ListServiceSpecificCredentials
          where
@@ -128,18 +128,18 @@
     -> ListServiceSpecificCredentialsResponse
 listServiceSpecificCredentialsResponse pResponseStatus_ =
   ListServiceSpecificCredentialsResponse'
-  { _lsscrsServiceSpecificCredentials = Nothing
-  , _lsscrsResponseStatus = pResponseStatus_
-  }
+    { _lsscrsServiceSpecificCredentials = Nothing
+    , _lsscrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of structures that each contain details about a service-specific credential.
 lsscrsServiceSpecificCredentials :: Lens' ListServiceSpecificCredentialsResponse [ServiceSpecificCredentialMetadata]
-lsscrsServiceSpecificCredentials = lens _lsscrsServiceSpecificCredentials (\ s a -> s{_lsscrsServiceSpecificCredentials = a}) . _Default . _Coerce;
+lsscrsServiceSpecificCredentials = lens _lsscrsServiceSpecificCredentials (\ s a -> s{_lsscrsServiceSpecificCredentials = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 lsscrsResponseStatus :: Lens' ListServiceSpecificCredentialsResponse Int
-lsscrsResponseStatus = lens _lsscrsResponseStatus (\ s a -> s{_lsscrsResponseStatus = a});
+lsscrsResponseStatus = lens _lsscrsResponseStatus (\ s a -> s{_lsscrsResponseStatus = a})
 
 instance NFData
            ListServiceSpecificCredentialsResponse
diff --git a/gen/Network/AWS/IAM/ListSigningCertificates.hs b/gen/Network/AWS/IAM/ListSigningCertificates.hs
--- a/gen/Network/AWS/IAM/ListSigningCertificates.hs
+++ b/gen/Network/AWS/IAM/ListSigningCertificates.hs
@@ -12,18 +12,18 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListSigningCertificates
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Returns information about the signing certificates associated with the specified IAM user. If there are none, the action returns an empty list.
+-- Returns information about the signing certificates associated with the specified IAM user. If there are none, the operation returns an empty list.
 --
 --
 -- Although each user is limited to a small number of signing certificates, you can still paginate the results using the @MaxItems@ and @Marker@ parameters.
 --
--- If the @UserName@ field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request for this API. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
+-- If the @UserName@ field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request for this API. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
 --
 --
 -- This operation returns paginated results.
@@ -67,7 +67,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lUserName' - The name of the IAM user whose signing certificates you want to examine. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lUserName' - The name of the IAM user whose signing certificates you want to examine. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'lMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -76,20 +76,20 @@
     :: ListSigningCertificates
 listSigningCertificates =
   ListSigningCertificates'
-  {_lUserName = Nothing, _lMarker = Nothing, _lMaxItems = Nothing}
+    {_lUserName = Nothing, _lMarker = Nothing, _lMaxItems = Nothing}
 
 
--- | The name of the IAM user whose signing certificates you want to examine. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user whose signing certificates you want to examine. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lUserName :: Lens' ListSigningCertificates (Maybe Text)
-lUserName = lens _lUserName (\ s a -> s{_lUserName = a});
+lUserName = lens _lUserName (\ s a -> s{_lUserName = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lMarker :: Lens' ListSigningCertificates (Maybe Text)
-lMarker = lens _lMarker (\ s a -> s{_lMarker = a});
+lMarker = lens _lMarker (\ s a -> s{_lMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lMaxItems :: Lens' ListSigningCertificates (Maybe Natural)
-lMaxItems = lens _lMaxItems (\ s a -> s{_lMaxItems = a}) . mapping _Nat;
+lMaxItems = lens _lMaxItems (\ s a -> s{_lMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListSigningCertificates where
         page rq rs
@@ -159,27 +159,27 @@
     -> ListSigningCertificatesResponse
 listSigningCertificatesResponse pResponseStatus_ =
   ListSigningCertificatesResponse'
-  { _lrsMarker = Nothing
-  , _lrsIsTruncated = Nothing
-  , _lrsResponseStatus = pResponseStatus_
-  , _lrsCertificates = mempty
-  }
+    { _lrsMarker = Nothing
+    , _lrsIsTruncated = Nothing
+    , _lrsResponseStatus = pResponseStatus_
+    , _lrsCertificates = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lrsMarker :: Lens' ListSigningCertificatesResponse (Maybe Text)
-lrsMarker = lens _lrsMarker (\ s a -> s{_lrsMarker = a});
+lrsMarker = lens _lrsMarker (\ s a -> s{_lrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lrsIsTruncated :: Lens' ListSigningCertificatesResponse (Maybe Bool)
-lrsIsTruncated = lens _lrsIsTruncated (\ s a -> s{_lrsIsTruncated = a});
+lrsIsTruncated = lens _lrsIsTruncated (\ s a -> s{_lrsIsTruncated = a})
 
 -- | -- | The response status code.
 lrsResponseStatus :: Lens' ListSigningCertificatesResponse Int
-lrsResponseStatus = lens _lrsResponseStatus (\ s a -> s{_lrsResponseStatus = a});
+lrsResponseStatus = lens _lrsResponseStatus (\ s a -> s{_lrsResponseStatus = a})
 
 -- | A list of the user's signing certificate information.
 lrsCertificates :: Lens' ListSigningCertificatesResponse [SigningCertificate]
-lrsCertificates = lens _lrsCertificates (\ s a -> s{_lrsCertificates = a}) . _Coerce;
+lrsCertificates = lens _lrsCertificates (\ s a -> s{_lrsCertificates = a}) . _Coerce
 
 instance NFData ListSigningCertificatesResponse where
diff --git a/gen/Network/AWS/IAM/ListUserPolicies.hs b/gen/Network/AWS/IAM/ListUserPolicies.hs
--- a/gen/Network/AWS/IAM/ListUserPolicies.hs
+++ b/gen/Network/AWS/IAM/ListUserPolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListUserPolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use 'ListAttachedUserPolicies' . For more information about policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /IAM User Guide/ .
 --
--- You can paginate the results using the @MaxItems@ and @Marker@ parameters. If there are no inline policies embedded with the specified user, the action returns an empty list.
+-- You can paginate the results using the @MaxItems@ and @Marker@ parameters. If there are no inline policies embedded with the specified user, the operation returns an empty list.
 --
 --
 -- This operation returns paginated results.
@@ -71,26 +71,26 @@
 --
 -- * 'lupMaxItems' - (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 --
--- * 'lupUserName' - The name of the user to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'lupUserName' - The name of the user to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 listUserPolicies
     :: Text -- ^ 'lupUserName'
     -> ListUserPolicies
 listUserPolicies pUserName_ =
   ListUserPolicies'
-  {_lupMarker = Nothing, _lupMaxItems = Nothing, _lupUserName = pUserName_}
+    {_lupMarker = Nothing, _lupMaxItems = Nothing, _lupUserName = pUserName_}
 
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lupMarker :: Lens' ListUserPolicies (Maybe Text)
-lupMarker = lens _lupMarker (\ s a -> s{_lupMarker = a});
+lupMarker = lens _lupMarker (\ s a -> s{_lupMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lupMaxItems :: Lens' ListUserPolicies (Maybe Natural)
-lupMaxItems = lens _lupMaxItems (\ s a -> s{_lupMaxItems = a}) . mapping _Nat;
+lupMaxItems = lens _lupMaxItems (\ s a -> s{_lupMaxItems = a}) . mapping _Nat
 
--- | The name of the user to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user to list policies for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 lupUserName :: Lens' ListUserPolicies Text
-lupUserName = lens _lupUserName (\ s a -> s{_lupUserName = a});
+lupUserName = lens _lupUserName (\ s a -> s{_lupUserName = a})
 
 instance AWSPager ListUserPolicies where
         page rq rs
@@ -159,27 +159,27 @@
     -> ListUserPoliciesResponse
 listUserPoliciesResponse pResponseStatus_ =
   ListUserPoliciesResponse'
-  { _luprsMarker = Nothing
-  , _luprsIsTruncated = Nothing
-  , _luprsResponseStatus = pResponseStatus_
-  , _luprsPolicyNames = mempty
-  }
+    { _luprsMarker = Nothing
+    , _luprsIsTruncated = Nothing
+    , _luprsResponseStatus = pResponseStatus_
+    , _luprsPolicyNames = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 luprsMarker :: Lens' ListUserPoliciesResponse (Maybe Text)
-luprsMarker = lens _luprsMarker (\ s a -> s{_luprsMarker = a});
+luprsMarker = lens _luprsMarker (\ s a -> s{_luprsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 luprsIsTruncated :: Lens' ListUserPoliciesResponse (Maybe Bool)
-luprsIsTruncated = lens _luprsIsTruncated (\ s a -> s{_luprsIsTruncated = a});
+luprsIsTruncated = lens _luprsIsTruncated (\ s a -> s{_luprsIsTruncated = a})
 
 -- | -- | The response status code.
 luprsResponseStatus :: Lens' ListUserPoliciesResponse Int
-luprsResponseStatus = lens _luprsResponseStatus (\ s a -> s{_luprsResponseStatus = a});
+luprsResponseStatus = lens _luprsResponseStatus (\ s a -> s{_luprsResponseStatus = a})
 
 -- | A list of policy names.
 luprsPolicyNames :: Lens' ListUserPoliciesResponse [Text]
-luprsPolicyNames = lens _luprsPolicyNames (\ s a -> s{_luprsPolicyNames = a}) . _Coerce;
+luprsPolicyNames = lens _luprsPolicyNames (\ s a -> s{_luprsPolicyNames = a}) . _Coerce
 
 instance NFData ListUserPoliciesResponse where
diff --git a/gen/Network/AWS/IAM/ListUsers.hs b/gen/Network/AWS/IAM/ListUsers.hs
--- a/gen/Network/AWS/IAM/ListUsers.hs
+++ b/gen/Network/AWS/IAM/ListUsers.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListUsers
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all users in the AWS account. If there are none, the action returns an empty list.
+-- Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the AWS account. If there are none, the operation returns an empty list.
 --
 --
 -- You can paginate the results using the @MaxItems@ and @Marker@ parameters.
@@ -65,7 +65,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'luPathPrefix' - The path prefix for filtering the results. For example: @/division_abc/subdivision_xyz/@ , which would get all user names whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'luPathPrefix' - The path prefix for filtering the results. For example: @/division_abc/subdivision_xyz/@ , which would get all user names whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
 -- * 'luMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -74,20 +74,20 @@
     :: ListUsers
 listUsers =
   ListUsers'
-  {_luPathPrefix = Nothing, _luMarker = Nothing, _luMaxItems = Nothing}
+    {_luPathPrefix = Nothing, _luMarker = Nothing, _luMaxItems = Nothing}
 
 
--- | The path prefix for filtering the results. For example: @/division_abc/subdivision_xyz/@ , which would get all user names whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path prefix for filtering the results. For example: @/division_abc/subdivision_xyz/@ , which would get all user names whose path starts with @/division_abc/subdivision_xyz/@ . This parameter is optional. If it is not included, it defaults to a slash (/), listing all user names. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 luPathPrefix :: Lens' ListUsers (Maybe Text)
-luPathPrefix = lens _luPathPrefix (\ s a -> s{_luPathPrefix = a});
+luPathPrefix = lens _luPathPrefix (\ s a -> s{_luPathPrefix = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 luMarker :: Lens' ListUsers (Maybe Text)
-luMarker = lens _luMarker (\ s a -> s{_luMarker = a});
+luMarker = lens _luMarker (\ s a -> s{_luMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 luMaxItems :: Lens' ListUsers (Maybe Natural)
-luMaxItems = lens _luMaxItems (\ s a -> s{_luMaxItems = a}) . mapping _Nat;
+luMaxItems = lens _luMaxItems (\ s a -> s{_luMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListUsers where
         page rq rs
@@ -155,27 +155,27 @@
     -> ListUsersResponse
 listUsersResponse pResponseStatus_ =
   ListUsersResponse'
-  { _lursMarker = Nothing
-  , _lursIsTruncated = Nothing
-  , _lursResponseStatus = pResponseStatus_
-  , _lursUsers = mempty
-  }
+    { _lursMarker = Nothing
+    , _lursIsTruncated = Nothing
+    , _lursResponseStatus = pResponseStatus_
+    , _lursUsers = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lursMarker :: Lens' ListUsersResponse (Maybe Text)
-lursMarker = lens _lursMarker (\ s a -> s{_lursMarker = a});
+lursMarker = lens _lursMarker (\ s a -> s{_lursMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lursIsTruncated :: Lens' ListUsersResponse (Maybe Bool)
-lursIsTruncated = lens _lursIsTruncated (\ s a -> s{_lursIsTruncated = a});
+lursIsTruncated = lens _lursIsTruncated (\ s a -> s{_lursIsTruncated = a})
 
 -- | -- | The response status code.
 lursResponseStatus :: Lens' ListUsersResponse Int
-lursResponseStatus = lens _lursResponseStatus (\ s a -> s{_lursResponseStatus = a});
+lursResponseStatus = lens _lursResponseStatus (\ s a -> s{_lursResponseStatus = a})
 
 -- | A list of users.
 lursUsers :: Lens' ListUsersResponse [User]
-lursUsers = lens _lursUsers (\ s a -> s{_lursUsers = a}) . _Coerce;
+lursUsers = lens _lursUsers (\ s a -> s{_lursUsers = a}) . _Coerce
 
 instance NFData ListUsersResponse where
diff --git a/gen/Network/AWS/IAM/ListVirtualMFADevices.hs b/gen/Network/AWS/IAM/ListVirtualMFADevices.hs
--- a/gen/Network/AWS/IAM/ListVirtualMFADevices.hs
+++ b/gen/Network/AWS/IAM/ListVirtualMFADevices.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ListVirtualMFADevices
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists the virtual MFA devices defined in the AWS account by assignment status. If you do not specify an assignment status, the action returns a list of all virtual MFA devices. Assignment status can be @Assigned@ , @Unassigned@ , or @Any@ .
+-- Lists the virtual MFA devices defined in the AWS account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be @Assigned@ , @Unassigned@ , or @Any@ .
 --
 --
 -- You can paginate the results using the @MaxItems@ and @Marker@ parameters.
@@ -65,7 +65,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'lvmdAssignmentStatus' - The status (@Unassigned@ or @Assigned@ ) of the devices to list. If you do not specify an @AssignmentStatus@ , the action defaults to @Any@ which lists both assigned and unassigned virtual MFA devices.
+-- * 'lvmdAssignmentStatus' - The status (@Unassigned@ or @Assigned@ ) of the devices to list. If you do not specify an @AssignmentStatus@ , the operation defaults to @Any@ which lists both assigned and unassigned virtual MFA devices.
 --
 -- * 'lvmdMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -74,23 +74,23 @@
     :: ListVirtualMFADevices
 listVirtualMFADevices =
   ListVirtualMFADevices'
-  { _lvmdAssignmentStatus = Nothing
-  , _lvmdMarker = Nothing
-  , _lvmdMaxItems = Nothing
-  }
+    { _lvmdAssignmentStatus = Nothing
+    , _lvmdMarker = Nothing
+    , _lvmdMaxItems = Nothing
+    }
 
 
--- | The status (@Unassigned@ or @Assigned@ ) of the devices to list. If you do not specify an @AssignmentStatus@ , the action defaults to @Any@ which lists both assigned and unassigned virtual MFA devices.
+-- | The status (@Unassigned@ or @Assigned@ ) of the devices to list. If you do not specify an @AssignmentStatus@ , the operation defaults to @Any@ which lists both assigned and unassigned virtual MFA devices.
 lvmdAssignmentStatus :: Lens' ListVirtualMFADevices (Maybe AssignmentStatusType)
-lvmdAssignmentStatus = lens _lvmdAssignmentStatus (\ s a -> s{_lvmdAssignmentStatus = a});
+lvmdAssignmentStatus = lens _lvmdAssignmentStatus (\ s a -> s{_lvmdAssignmentStatus = a})
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 lvmdMarker :: Lens' ListVirtualMFADevices (Maybe Text)
-lvmdMarker = lens _lvmdMarker (\ s a -> s{_lvmdMarker = a});
+lvmdMarker = lens _lvmdMarker (\ s a -> s{_lvmdMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 lvmdMaxItems :: Lens' ListVirtualMFADevices (Maybe Natural)
-lvmdMaxItems = lens _lvmdMaxItems (\ s a -> s{_lvmdMaxItems = a}) . mapping _Nat;
+lvmdMaxItems = lens _lvmdMaxItems (\ s a -> s{_lvmdMaxItems = a}) . mapping _Nat
 
 instance AWSPager ListVirtualMFADevices where
         page rq rs
@@ -160,27 +160,27 @@
     -> ListVirtualMFADevicesResponse
 listVirtualMFADevicesResponse pResponseStatus_ =
   ListVirtualMFADevicesResponse'
-  { _lvmdrsMarker = Nothing
-  , _lvmdrsIsTruncated = Nothing
-  , _lvmdrsResponseStatus = pResponseStatus_
-  , _lvmdrsVirtualMFADevices = mempty
-  }
+    { _lvmdrsMarker = Nothing
+    , _lvmdrsIsTruncated = Nothing
+    , _lvmdrsResponseStatus = pResponseStatus_
+    , _lvmdrsVirtualMFADevices = mempty
+    }
 
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 lvmdrsMarker :: Lens' ListVirtualMFADevicesResponse (Maybe Text)
-lvmdrsMarker = lens _lvmdrsMarker (\ s a -> s{_lvmdrsMarker = a});
+lvmdrsMarker = lens _lvmdrsMarker (\ s a -> s{_lvmdrsMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 lvmdrsIsTruncated :: Lens' ListVirtualMFADevicesResponse (Maybe Bool)
-lvmdrsIsTruncated = lens _lvmdrsIsTruncated (\ s a -> s{_lvmdrsIsTruncated = a});
+lvmdrsIsTruncated = lens _lvmdrsIsTruncated (\ s a -> s{_lvmdrsIsTruncated = a})
 
 -- | -- | The response status code.
 lvmdrsResponseStatus :: Lens' ListVirtualMFADevicesResponse Int
-lvmdrsResponseStatus = lens _lvmdrsResponseStatus (\ s a -> s{_lvmdrsResponseStatus = a});
+lvmdrsResponseStatus = lens _lvmdrsResponseStatus (\ s a -> s{_lvmdrsResponseStatus = a})
 
 -- | The list of virtual MFA devices in the current account that match the @AssignmentStatus@ value that was passed in the request.
 lvmdrsVirtualMFADevices :: Lens' ListVirtualMFADevicesResponse [VirtualMFADevice]
-lvmdrsVirtualMFADevices = lens _lvmdrsVirtualMFADevices (\ s a -> s{_lvmdrsVirtualMFADevices = a}) . _Coerce;
+lvmdrsVirtualMFADevices = lens _lvmdrsVirtualMFADevices (\ s a -> s{_lvmdrsVirtualMFADevices = a}) . _Coerce
 
 instance NFData ListVirtualMFADevicesResponse where
diff --git a/gen/Network/AWS/IAM/PutGroupPolicy.hs b/gen/Network/AWS/IAM/PutGroupPolicy.hs
--- a/gen/Network/AWS/IAM/PutGroupPolicy.hs
+++ b/gen/Network/AWS/IAM/PutGroupPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.PutGroupPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -59,11 +59,11 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'pgpGroupName' - The name of the group to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'pgpGroupName' - The name of the group to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'pgpPolicyName' - The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'pgpPolicyName' - The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'pgpPolicyDocument' - The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'pgpPolicyDocument' - The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 putGroupPolicy
     :: Text -- ^ 'pgpGroupName'
     -> Text -- ^ 'pgpPolicyName'
@@ -71,23 +71,23 @@
     -> PutGroupPolicy
 putGroupPolicy pGroupName_ pPolicyName_ pPolicyDocument_ =
   PutGroupPolicy'
-  { _pgpGroupName = pGroupName_
-  , _pgpPolicyName = pPolicyName_
-  , _pgpPolicyDocument = pPolicyDocument_
-  }
+    { _pgpGroupName = pGroupName_
+    , _pgpPolicyName = pPolicyName_
+    , _pgpPolicyDocument = pPolicyDocument_
+    }
 
 
--- | The name of the group to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the group to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 pgpGroupName :: Lens' PutGroupPolicy Text
-pgpGroupName = lens _pgpGroupName (\ s a -> s{_pgpGroupName = a});
+pgpGroupName = lens _pgpGroupName (\ s a -> s{_pgpGroupName = a})
 
--- | The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 pgpPolicyName :: Lens' PutGroupPolicy Text
-pgpPolicyName = lens _pgpPolicyName (\ s a -> s{_pgpPolicyName = a});
+pgpPolicyName = lens _pgpPolicyName (\ s a -> s{_pgpPolicyName = a})
 
--- | The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 pgpPolicyDocument :: Lens' PutGroupPolicy Text
-pgpPolicyDocument = lens _pgpPolicyDocument (\ s a -> s{_pgpPolicyDocument = a});
+pgpPolicyDocument = lens _pgpPolicyDocument (\ s a -> s{_pgpPolicyDocument = a})
 
 instance AWSRequest PutGroupPolicy where
         type Rs PutGroupPolicy = PutGroupPolicyResponse
diff --git a/gen/Network/AWS/IAM/PutRolePolicy.hs b/gen/Network/AWS/IAM/PutRolePolicy.hs
--- a/gen/Network/AWS/IAM/PutRolePolicy.hs
+++ b/gen/Network/AWS/IAM/PutRolePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.PutRolePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -63,9 +63,9 @@
 --
 -- * 'prpRoleName' - The name of the role to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'prpPolicyName' - The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'prpPolicyName' - The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'prpPolicyDocument' - The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'prpPolicyDocument' - The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 putRolePolicy
     :: Text -- ^ 'prpRoleName'
     -> Text -- ^ 'prpPolicyName'
@@ -73,23 +73,23 @@
     -> PutRolePolicy
 putRolePolicy pRoleName_ pPolicyName_ pPolicyDocument_ =
   PutRolePolicy'
-  { _prpRoleName = pRoleName_
-  , _prpPolicyName = pPolicyName_
-  , _prpPolicyDocument = pPolicyDocument_
-  }
+    { _prpRoleName = pRoleName_
+    , _prpPolicyName = pPolicyName_
+    , _prpPolicyDocument = pPolicyDocument_
+    }
 
 
 -- | The name of the role to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 prpRoleName :: Lens' PutRolePolicy Text
-prpRoleName = lens _prpRoleName (\ s a -> s{_prpRoleName = a});
+prpRoleName = lens _prpRoleName (\ s a -> s{_prpRoleName = a})
 
--- | The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 prpPolicyName :: Lens' PutRolePolicy Text
-prpPolicyName = lens _prpPolicyName (\ s a -> s{_prpPolicyName = a});
+prpPolicyName = lens _prpPolicyName (\ s a -> s{_prpPolicyName = a})
 
--- | The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 prpPolicyDocument :: Lens' PutRolePolicy Text
-prpPolicyDocument = lens _prpPolicyDocument (\ s a -> s{_prpPolicyDocument = a});
+prpPolicyDocument = lens _prpPolicyDocument (\ s a -> s{_prpPolicyDocument = a})
 
 instance AWSRequest PutRolePolicy where
         type Rs PutRolePolicy = PutRolePolicyResponse
diff --git a/gen/Network/AWS/IAM/PutUserPolicy.hs b/gen/Network/AWS/IAM/PutUserPolicy.hs
--- a/gen/Network/AWS/IAM/PutUserPolicy.hs
+++ b/gen/Network/AWS/IAM/PutUserPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.PutUserPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -59,11 +59,11 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'pupUserName' - The name of the user to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'pupUserName' - The name of the user to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'pupPolicyName' - The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- * 'pupPolicyName' - The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'pupPolicyDocument' - The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'pupPolicyDocument' - The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 putUserPolicy
     :: Text -- ^ 'pupUserName'
     -> Text -- ^ 'pupPolicyName'
@@ -71,23 +71,23 @@
     -> PutUserPolicy
 putUserPolicy pUserName_ pPolicyName_ pPolicyDocument_ =
   PutUserPolicy'
-  { _pupUserName = pUserName_
-  , _pupPolicyName = pPolicyName_
-  , _pupPolicyDocument = pPolicyDocument_
-  }
+    { _pupUserName = pUserName_
+    , _pupPolicyName = pPolicyName_
+    , _pupPolicyDocument = pPolicyDocument_
+    }
 
 
--- | The name of the user to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user to associate the policy with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 pupUserName :: Lens' PutUserPolicy Text
-pupUserName = lens _pupUserName (\ s a -> s{_pupUserName = a});
+pupUserName = lens _pupUserName (\ s a -> s{_pupUserName = a})
 
--- | The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+
+-- | The name of the policy document. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 pupPolicyName :: Lens' PutUserPolicy Text
-pupPolicyName = lens _pupPolicyName (\ s a -> s{_pupPolicyName = a});
+pupPolicyName = lens _pupPolicyName (\ s a -> s{_pupPolicyName = a})
 
--- | The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The policy document. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 pupPolicyDocument :: Lens' PutUserPolicy Text
-pupPolicyDocument = lens _pupPolicyDocument (\ s a -> s{_pupPolicyDocument = a});
+pupPolicyDocument = lens _pupPolicyDocument (\ s a -> s{_pupPolicyDocument = a})
 
 instance AWSRequest PutUserPolicy where
         type Rs PutUserPolicy = PutUserPolicyResponse
diff --git a/gen/Network/AWS/IAM/RemoveClientIdFromOpenIdConnectProvider.hs b/gen/Network/AWS/IAM/RemoveClientIdFromOpenIdConnectProvider.hs
--- a/gen/Network/AWS/IAM/RemoveClientIdFromOpenIdConnectProvider.hs
+++ b/gen/Network/AWS/IAM/RemoveClientIdFromOpenIdConnectProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect (OIDC) provider resource object.
 --
 --
--- This action is idempotent; it does not fail or return an error if you try to remove a client ID that does not exist.
+-- This operation is idempotent; it does not fail or return an error if you try to remove a client ID that does not exist.
 --
 module Network.AWS.IAM.RemoveClientIdFromOpenIdConnectProvider
     (
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'rcifoicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' action. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- * 'rcifoicpOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' operation. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 --
 -- * 'rcifoicpClientId' - The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see 'CreateOpenIDConnectProvider' .
 removeClientIdFromOpenIdConnectProvider
@@ -64,18 +64,18 @@
     -> RemoveClientIdFromOpenIdConnectProvider
 removeClientIdFromOpenIdConnectProvider pOpenIdConnectProviderARN_ pClientId_ =
   RemoveClientIdFromOpenIdConnectProvider'
-  { _rcifoicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_
-  , _rcifoicpClientId = pClientId_
-  }
+    { _rcifoicpOpenIdConnectProviderARN = pOpenIdConnectProviderARN_
+    , _rcifoicpClientId = pClientId_
+    }
 
 
--- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' action. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' operation. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 rcifoicpOpenIdConnectProviderARN :: Lens' RemoveClientIdFromOpenIdConnectProvider Text
-rcifoicpOpenIdConnectProviderARN = lens _rcifoicpOpenIdConnectProviderARN (\ s a -> s{_rcifoicpOpenIdConnectProviderARN = a});
+rcifoicpOpenIdConnectProviderARN = lens _rcifoicpOpenIdConnectProviderARN (\ s a -> s{_rcifoicpOpenIdConnectProviderARN = a})
 
 -- | The client ID (also known as audience) to remove from the IAM OIDC provider resource. For more information about client IDs, see 'CreateOpenIDConnectProvider' .
 rcifoicpClientId :: Lens' RemoveClientIdFromOpenIdConnectProvider Text
-rcifoicpClientId = lens _rcifoicpClientId (\ s a -> s{_rcifoicpClientId = a});
+rcifoicpClientId = lens _rcifoicpClientId (\ s a -> s{_rcifoicpClientId = a})
 
 instance AWSRequest
            RemoveClientIdFromOpenIdConnectProvider
diff --git a/gen/Network/AWS/IAM/RemoveRoleFromInstanceProfile.hs b/gen/Network/AWS/IAM/RemoveRoleFromInstanceProfile.hs
--- a/gen/Network/AWS/IAM/RemoveRoleFromInstanceProfile.hs
+++ b/gen/Network/AWS/IAM/RemoveRoleFromInstanceProfile.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.RemoveRoleFromInstanceProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Removes the specified IAM role from the specified EC2 instance profile.
 --
 --
--- /Important:/ Make sure you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance might break any applications running on the instance.
+-- /Important:/ Make sure that you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance might break any applications running on the instance.
 --
 -- For more information about IAM roles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html Working with Roles> . For more information about instance profiles, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/AboutInstanceProfiles.html About Instance Profiles> .
 --
@@ -57,7 +57,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'rrfipInstanceProfileName' - The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'rrfipInstanceProfileName' - The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'rrfipRoleName' - The name of the role to remove. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 removeRoleFromInstanceProfile
@@ -66,18 +66,18 @@
     -> RemoveRoleFromInstanceProfile
 removeRoleFromInstanceProfile pInstanceProfileName_ pRoleName_ =
   RemoveRoleFromInstanceProfile'
-  { _rrfipInstanceProfileName = pInstanceProfileName_
-  , _rrfipRoleName = pRoleName_
-  }
+    { _rrfipInstanceProfileName = pInstanceProfileName_
+    , _rrfipRoleName = pRoleName_
+    }
 
 
--- | The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the instance profile to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 rrfipInstanceProfileName :: Lens' RemoveRoleFromInstanceProfile Text
-rrfipInstanceProfileName = lens _rrfipInstanceProfileName (\ s a -> s{_rrfipInstanceProfileName = a});
+rrfipInstanceProfileName = lens _rrfipInstanceProfileName (\ s a -> s{_rrfipInstanceProfileName = a})
 
 -- | The name of the role to remove. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 rrfipRoleName :: Lens' RemoveRoleFromInstanceProfile Text
-rrfipRoleName = lens _rrfipRoleName (\ s a -> s{_rrfipRoleName = a});
+rrfipRoleName = lens _rrfipRoleName (\ s a -> s{_rrfipRoleName = a})
 
 instance AWSRequest RemoveRoleFromInstanceProfile
          where
diff --git a/gen/Network/AWS/IAM/RemoveUserFromGroup.hs b/gen/Network/AWS/IAM/RemoveUserFromGroup.hs
--- a/gen/Network/AWS/IAM/RemoveUserFromGroup.hs
+++ b/gen/Network/AWS/IAM/RemoveUserFromGroup.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.RemoveUserFromGroup
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -53,25 +53,25 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'rufgGroupName' - The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'rufgGroupName' - The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'rufgUserName' - The name of the user to remove. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'rufgUserName' - The name of the user to remove. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 removeUserFromGroup
     :: Text -- ^ 'rufgGroupName'
     -> Text -- ^ 'rufgUserName'
     -> RemoveUserFromGroup
 removeUserFromGroup pGroupName_ pUserName_ =
   RemoveUserFromGroup'
-  {_rufgGroupName = pGroupName_, _rufgUserName = pUserName_}
+    {_rufgGroupName = pGroupName_, _rufgUserName = pUserName_}
 
 
--- | The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the group to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 rufgGroupName :: Lens' RemoveUserFromGroup Text
-rufgGroupName = lens _rufgGroupName (\ s a -> s{_rufgGroupName = a});
+rufgGroupName = lens _rufgGroupName (\ s a -> s{_rufgGroupName = a})
 
--- | The name of the user to remove. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user to remove. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 rufgUserName :: Lens' RemoveUserFromGroup Text
-rufgUserName = lens _rufgUserName (\ s a -> s{_rufgUserName = a});
+rufgUserName = lens _rufgUserName (\ s a -> s{_rufgUserName = a})
 
 instance AWSRequest RemoveUserFromGroup where
         type Rs RemoveUserFromGroup =
diff --git a/gen/Network/AWS/IAM/ResetServiceSpecificCredential.hs b/gen/Network/AWS/IAM/ResetServiceSpecificCredential.hs
--- a/gen/Network/AWS/IAM/ResetServiceSpecificCredential.hs
+++ b/gen/Network/AWS/IAM/ResetServiceSpecificCredential.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ResetServiceSpecificCredential
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -56,7 +56,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'rsscUserName' - The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'rsscUserName' - The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'rsscServiceSpecificCredentialId' - The unique identifier of the service-specific credential. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 resetServiceSpecificCredential
@@ -64,18 +64,18 @@
     -> ResetServiceSpecificCredential
 resetServiceSpecificCredential pServiceSpecificCredentialId_ =
   ResetServiceSpecificCredential'
-  { _rsscUserName = Nothing
-  , _rsscServiceSpecificCredentialId = pServiceSpecificCredentialId_
-  }
+    { _rsscUserName = Nothing
+    , _rsscServiceSpecificCredentialId = pServiceSpecificCredentialId_
+    }
 
 
--- | The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user associated with the service-specific credential. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 rsscUserName :: Lens' ResetServiceSpecificCredential (Maybe Text)
-rsscUserName = lens _rsscUserName (\ s a -> s{_rsscUserName = a});
+rsscUserName = lens _rsscUserName (\ s a -> s{_rsscUserName = a})
 
 -- | The unique identifier of the service-specific credential. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 rsscServiceSpecificCredentialId :: Lens' ResetServiceSpecificCredential Text
-rsscServiceSpecificCredentialId = lens _rsscServiceSpecificCredentialId (\ s a -> s{_rsscServiceSpecificCredentialId = a});
+rsscServiceSpecificCredentialId = lens _rsscServiceSpecificCredentialId (\ s a -> s{_rsscServiceSpecificCredentialId = a})
 
 instance AWSRequest ResetServiceSpecificCredential
          where
@@ -131,18 +131,18 @@
     -> ResetServiceSpecificCredentialResponse
 resetServiceSpecificCredentialResponse pResponseStatus_ =
   ResetServiceSpecificCredentialResponse'
-  { _rsscrsServiceSpecificCredential = Nothing
-  , _rsscrsResponseStatus = pResponseStatus_
-  }
+    { _rsscrsServiceSpecificCredential = Nothing
+    , _rsscrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A structure with details about the updated service-specific credential, including the new password. /Important:/ This is the __only__ time that you can access the password. You cannot recover the password later, but you can reset it again.
 rsscrsServiceSpecificCredential :: Lens' ResetServiceSpecificCredentialResponse (Maybe ServiceSpecificCredential)
-rsscrsServiceSpecificCredential = lens _rsscrsServiceSpecificCredential (\ s a -> s{_rsscrsServiceSpecificCredential = a});
+rsscrsServiceSpecificCredential = lens _rsscrsServiceSpecificCredential (\ s a -> s{_rsscrsServiceSpecificCredential = a})
 
 -- | -- | The response status code.
 rsscrsResponseStatus :: Lens' ResetServiceSpecificCredentialResponse Int
-rsscrsResponseStatus = lens _rsscrsResponseStatus (\ s a -> s{_rsscrsResponseStatus = a});
+rsscrsResponseStatus = lens _rsscrsResponseStatus (\ s a -> s{_rsscrsResponseStatus = a})
 
 instance NFData
            ResetServiceSpecificCredentialResponse
diff --git a/gen/Network/AWS/IAM/ResyncMFADevice.hs b/gen/Network/AWS/IAM/ResyncMFADevice.hs
--- a/gen/Network/AWS/IAM/ResyncMFADevice.hs
+++ b/gen/Network/AWS/IAM/ResyncMFADevice.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.ResyncMFADevice
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -59,9 +59,9 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'rmdUserName' - The name of the user whose MFA device you want to resynchronize. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'rmdUserName' - The name of the user whose MFA device you want to resynchronize. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'rmdSerialNumber' - Serial number that uniquely identifies the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'rmdSerialNumber' - Serial number that uniquely identifies the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'rmdAuthenticationCode1' - An authentication code emitted by the device. The format for this parameter is a sequence of six digits.
 --
@@ -74,28 +74,28 @@
     -> ResyncMFADevice
 resyncMFADevice pUserName_ pSerialNumber_ pAuthenticationCode1_ pAuthenticationCode2_ =
   ResyncMFADevice'
-  { _rmdUserName = pUserName_
-  , _rmdSerialNumber = pSerialNumber_
-  , _rmdAuthenticationCode1 = pAuthenticationCode1_
-  , _rmdAuthenticationCode2 = pAuthenticationCode2_
-  }
+    { _rmdUserName = pUserName_
+    , _rmdSerialNumber = pSerialNumber_
+    , _rmdAuthenticationCode1 = pAuthenticationCode1_
+    , _rmdAuthenticationCode2 = pAuthenticationCode2_
+    }
 
 
--- | The name of the user whose MFA device you want to resynchronize. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose MFA device you want to resynchronize. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 rmdUserName :: Lens' ResyncMFADevice Text
-rmdUserName = lens _rmdUserName (\ s a -> s{_rmdUserName = a});
+rmdUserName = lens _rmdUserName (\ s a -> s{_rmdUserName = a})
 
--- | Serial number that uniquely identifies the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | Serial number that uniquely identifies the MFA device. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 rmdSerialNumber :: Lens' ResyncMFADevice Text
-rmdSerialNumber = lens _rmdSerialNumber (\ s a -> s{_rmdSerialNumber = a});
+rmdSerialNumber = lens _rmdSerialNumber (\ s a -> s{_rmdSerialNumber = a})
 
 -- | An authentication code emitted by the device. The format for this parameter is a sequence of six digits.
 rmdAuthenticationCode1 :: Lens' ResyncMFADevice Text
-rmdAuthenticationCode1 = lens _rmdAuthenticationCode1 (\ s a -> s{_rmdAuthenticationCode1 = a});
+rmdAuthenticationCode1 = lens _rmdAuthenticationCode1 (\ s a -> s{_rmdAuthenticationCode1 = a})
 
 -- | A subsequent authentication code emitted by the device. The format for this parameter is a sequence of six digits.
 rmdAuthenticationCode2 :: Lens' ResyncMFADevice Text
-rmdAuthenticationCode2 = lens _rmdAuthenticationCode2 (\ s a -> s{_rmdAuthenticationCode2 = a});
+rmdAuthenticationCode2 = lens _rmdAuthenticationCode2 (\ s a -> s{_rmdAuthenticationCode2 = a})
 
 instance AWSRequest ResyncMFADevice where
         type Rs ResyncMFADevice = ResyncMFADeviceResponse
diff --git a/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs b/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs
--- a/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs
+++ b/gen/Network/AWS/IAM/SetDefaultPolicyVersion.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.SetDefaultPolicyVersion
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Sets the specified version of the specified policy as the policy's default (operative) version.
 --
 --
--- This action affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the 'ListEntitiesForPolicy' API.
+-- This operation affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use the 'ListEntitiesForPolicy' API.
 --
 -- For information about managed policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /IAM User Guide/ .
 --
@@ -66,16 +66,16 @@
     -> SetDefaultPolicyVersion
 setDefaultPolicyVersion pPolicyARN_ pVersionId_ =
   SetDefaultPolicyVersion'
-  {_sdpvPolicyARN = pPolicyARN_, _sdpvVersionId = pVersionId_}
+    {_sdpvPolicyARN = pPolicyARN_, _sdpvVersionId = pVersionId_}
 
 
 -- | The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 sdpvPolicyARN :: Lens' SetDefaultPolicyVersion Text
-sdpvPolicyARN = lens _sdpvPolicyARN (\ s a -> s{_sdpvPolicyARN = a});
+sdpvPolicyARN = lens _sdpvPolicyARN (\ s a -> s{_sdpvPolicyARN = a})
 
 -- | The version of the policy to set as the default (operative) version. For more information about managed policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /IAM User Guide/ .
 sdpvVersionId :: Lens' SetDefaultPolicyVersion Text
-sdpvVersionId = lens _sdpvVersionId (\ s a -> s{_sdpvVersionId = a});
+sdpvVersionId = lens _sdpvVersionId (\ s a -> s{_sdpvVersionId = a})
 
 instance AWSRequest SetDefaultPolicyVersion where
         type Rs SetDefaultPolicyVersion =
diff --git a/gen/Network/AWS/IAM/SimulateCustomPolicy.hs b/gen/Network/AWS/IAM/SimulateCustomPolicy.hs
--- a/gen/Network/AWS/IAM/SimulateCustomPolicy.hs
+++ b/gen/Network/AWS/IAM/SimulateCustomPolicy.hs
@@ -12,16 +12,16 @@
 
 -- |
 -- Module      : Network.AWS.IAM.SimulateCustomPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API actions and AWS resources to determine the policies' effective permissions. The policies are provided as strings.
+-- Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and AWS resources to determine the policies' effective permissions. The policies are provided as strings.
 --
 --
--- The simulation does not perform the API actions; it only checks the authorization to determine if the simulated policies allow or deny the actions.
+-- The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.
 --
 -- If you want to simulate existing policies attached to an IAM user, group, or role, use 'SimulatePrincipalPolicy' instead.
 --
@@ -84,11 +84,11 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'scpResourcePolicy' - A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'scpResourcePolicy' - A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 --
--- * 'scpCallerARN' - The ARN of the IAM user that you want to use as the simulated caller of the APIs. @CallerArn@ is required if you include a @ResourcePolicy@ so that the policy's @Principal@ element has a value to use in evaluating the policy. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
+-- * 'scpCallerARN' - The ARN of the IAM user that you want to use as the simulated caller of the API operations. @CallerArn@ is required if you include a @ResourcePolicy@ so that the policy's @Principal@ element has a value to use in evaluating the policy. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
 --
--- * 'scpResourceHandlingOption' - Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /AWS EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
+-- * 'scpResourceHandlingOption' - Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /Amazon EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
 --
 -- * 'scpResourceARNs' - A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value defaults to @*@ (all resources). Each API in the @ActionNames@ parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the @ResourcePolicy@ parameter. If you include a @ResourcePolicy@ , then it must be applicable to all of the resources included in the simulation or you receive an invalid input error. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 --
@@ -100,65 +100,65 @@
 --
 -- * 'scpResourceOwner' - An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN, such as an S3 bucket or object. If @ResourceOwner@ is specified, it is also used as the account owner of any @ResourcePolicy@ included in the simulation. If the @ResourceOwner@ parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in @CallerArn@ . This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user @CallerArn@ .
 --
--- * 'scpPolicyInputList' - A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the @ResourcePolicy@ parameter. The policies cannot be "scope-down" policies, such as you could include in a call to <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html GetFederationToken> or one of the <http://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html AssumeRole> APIs to restrict what a user can do while using the temporary credentials. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'scpPolicyInputList' - A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the @ResourcePolicy@ parameter. The policies cannot be "scope-down" policies, such as you could include in a call to <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html GetFederationToken> or one of the <http://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html AssumeRole> API operations. In other words, do not use policies designed to restrict what a user can do while using the temporary credentials. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 --
--- * 'scpActionNames' - A list of names of API actions to evaluate in the simulation. Each action is evaluated against each resource. Each action must include the service identifier, such as @iam:CreateUser@ .
+-- * 'scpActionNames' - A list of names of API operations to evaluate in the simulation. Each operation is evaluated against each resource. Each operation must include the service identifier, such as @iam:CreateUser@ .
 simulateCustomPolicy
     :: SimulateCustomPolicy
 simulateCustomPolicy =
   SimulateCustomPolicy'
-  { _scpResourcePolicy = Nothing
-  , _scpCallerARN = Nothing
-  , _scpResourceHandlingOption = Nothing
-  , _scpResourceARNs = Nothing
-  , _scpMarker = Nothing
-  , _scpMaxItems = Nothing
-  , _scpContextEntries = Nothing
-  , _scpResourceOwner = Nothing
-  , _scpPolicyInputList = mempty
-  , _scpActionNames = mempty
-  }
+    { _scpResourcePolicy = Nothing
+    , _scpCallerARN = Nothing
+    , _scpResourceHandlingOption = Nothing
+    , _scpResourceARNs = Nothing
+    , _scpMarker = Nothing
+    , _scpMaxItems = Nothing
+    , _scpContextEntries = Nothing
+    , _scpResourceOwner = Nothing
+    , _scpPolicyInputList = mempty
+    , _scpActionNames = mempty
+    }
 
 
--- | A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 scpResourcePolicy :: Lens' SimulateCustomPolicy (Maybe Text)
-scpResourcePolicy = lens _scpResourcePolicy (\ s a -> s{_scpResourcePolicy = a});
+scpResourcePolicy = lens _scpResourcePolicy (\ s a -> s{_scpResourcePolicy = a})
 
--- | The ARN of the IAM user that you want to use as the simulated caller of the APIs. @CallerArn@ is required if you include a @ResourcePolicy@ so that the policy's @Principal@ element has a value to use in evaluating the policy. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
+-- | The ARN of the IAM user that you want to use as the simulated caller of the API operations. @CallerArn@ is required if you include a @ResourcePolicy@ so that the policy's @Principal@ element has a value to use in evaluating the policy. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.
 scpCallerARN :: Lens' SimulateCustomPolicy (Maybe Text)
-scpCallerARN = lens _scpCallerARN (\ s a -> s{_scpCallerARN = a});
+scpCallerARN = lens _scpCallerARN (\ s a -> s{_scpCallerARN = a})
 
--- | Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /AWS EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
+-- | Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /Amazon EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
 scpResourceHandlingOption :: Lens' SimulateCustomPolicy (Maybe Text)
-scpResourceHandlingOption = lens _scpResourceHandlingOption (\ s a -> s{_scpResourceHandlingOption = a});
+scpResourceHandlingOption = lens _scpResourceHandlingOption (\ s a -> s{_scpResourceHandlingOption = a})
 
 -- | A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value defaults to @*@ (all resources). Each API in the @ActionNames@ parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the @ResourcePolicy@ parameter. If you include a @ResourcePolicy@ , then it must be applicable to all of the resources included in the simulation or you receive an invalid input error. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 scpResourceARNs :: Lens' SimulateCustomPolicy [Text]
-scpResourceARNs = lens _scpResourceARNs (\ s a -> s{_scpResourceARNs = a}) . _Default . _Coerce;
+scpResourceARNs = lens _scpResourceARNs (\ s a -> s{_scpResourceARNs = a}) . _Default . _Coerce
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 scpMarker :: Lens' SimulateCustomPolicy (Maybe Text)
-scpMarker = lens _scpMarker (\ s a -> s{_scpMarker = a});
+scpMarker = lens _scpMarker (\ s a -> s{_scpMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 scpMaxItems :: Lens' SimulateCustomPolicy (Maybe Natural)
-scpMaxItems = lens _scpMaxItems (\ s a -> s{_scpMaxItems = a}) . mapping _Nat;
+scpMaxItems = lens _scpMaxItems (\ s a -> s{_scpMaxItems = a}) . mapping _Nat
 
 -- | A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
 scpContextEntries :: Lens' SimulateCustomPolicy [ContextEntry]
-scpContextEntries = lens _scpContextEntries (\ s a -> s{_scpContextEntries = a}) . _Default . _Coerce;
+scpContextEntries = lens _scpContextEntries (\ s a -> s{_scpContextEntries = a}) . _Default . _Coerce
 
 -- | An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN, such as an S3 bucket or object. If @ResourceOwner@ is specified, it is also used as the account owner of any @ResourcePolicy@ included in the simulation. If the @ResourceOwner@ parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in @CallerArn@ . This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user @CallerArn@ .
 scpResourceOwner :: Lens' SimulateCustomPolicy (Maybe Text)
-scpResourceOwner = lens _scpResourceOwner (\ s a -> s{_scpResourceOwner = a});
+scpResourceOwner = lens _scpResourceOwner (\ s a -> s{_scpResourceOwner = a})
 
--- | A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the @ResourcePolicy@ parameter. The policies cannot be "scope-down" policies, such as you could include in a call to <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html GetFederationToken> or one of the <http://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html AssumeRole> APIs to restrict what a user can do while using the temporary credentials. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the @ResourcePolicy@ parameter. The policies cannot be "scope-down" policies, such as you could include in a call to <http://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html GetFederationToken> or one of the <http://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html AssumeRole> API operations. In other words, do not use policies designed to restrict what a user can do while using the temporary credentials. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 scpPolicyInputList :: Lens' SimulateCustomPolicy [Text]
-scpPolicyInputList = lens _scpPolicyInputList (\ s a -> s{_scpPolicyInputList = a}) . _Coerce;
+scpPolicyInputList = lens _scpPolicyInputList (\ s a -> s{_scpPolicyInputList = a}) . _Coerce
 
--- | A list of names of API actions to evaluate in the simulation. Each action is evaluated against each resource. Each action must include the service identifier, such as @iam:CreateUser@ .
+-- | A list of names of API operations to evaluate in the simulation. Each operation is evaluated against each resource. Each operation must include the service identifier, such as @iam:CreateUser@ .
 scpActionNames :: Lens' SimulateCustomPolicy [Text]
-scpActionNames = lens _scpActionNames (\ s a -> s{_scpActionNames = a}) . _Coerce;
+scpActionNames = lens _scpActionNames (\ s a -> s{_scpActionNames = a}) . _Coerce
 
 instance AWSPager SimulateCustomPolicy where
         page rq rs
diff --git a/gen/Network/AWS/IAM/SimulatePrincipalPolicy.hs b/gen/Network/AWS/IAM/SimulatePrincipalPolicy.hs
--- a/gen/Network/AWS/IAM/SimulatePrincipalPolicy.hs
+++ b/gen/Network/AWS/IAM/SimulatePrincipalPolicy.hs
@@ -12,20 +12,20 @@
 
 -- |
 -- Module      : Network.AWS.IAM.SimulatePrincipalPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Simulate how a set of IAM policies attached to an IAM entity works with a list of API actions and AWS resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to .
+-- Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and AWS resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to.
 --
 --
 -- You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use 'SimulateCustomPolicy' instead.
 --
 -- You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation.
 --
--- The simulation does not perform the API actions, it only checks the authorization to determine if the simulated policies allow or deny the actions.
+-- The simulation does not perform the API operations, it only checks the authorization to determine if the simulated policies allow or deny the operations.
 --
 -- __Note:__ This API discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use 'SimulateCustomPolicy' instead.
 --
@@ -90,15 +90,15 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'sppPolicyInputList' - An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'sppPolicyInputList' - An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 --
--- * 'sppResourcePolicy' - A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'sppResourcePolicy' - A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 --
--- * 'sppCallerARN' - The ARN of the IAM user that you want to specify as the simulated caller of the APIs. If you do not specify a @CallerArn@ , it defaults to the ARN of the user that you specify in @PolicySourceArn@ , if you specified a user. If you include both a @PolicySourceArn@ (for example, @arn:aws:iam::123456789012:user/David@ ) and a @CallerArn@ (for example, @arn:aws:iam::123456789012:user/Bob@ ), the result is that you simulate calling the APIs as Bob, as if Bob had David's policies. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal. @CallerArn@ is required if you include a @ResourcePolicy@ and the @PolicySourceArn@ is not the ARN for an IAM user. This is required so that the resource-based policy's @Principal@ element has a value to use in evaluating the policy. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- * 'sppCallerARN' - The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not specify a @CallerArn@ , it defaults to the ARN of the user that you specify in @PolicySourceArn@ , if you specified a user. If you include both a @PolicySourceArn@ (for example, @arn:aws:iam::123456789012:user/David@ ) and a @CallerArn@ (for example, @arn:aws:iam::123456789012:user/Bob@ ), the result is that you simulate calling the API operations as Bob, as if Bob had David's policies. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal. @CallerArn@ is required if you include a @ResourcePolicy@ and the @PolicySourceArn@ is not the ARN for an IAM user. This is required so that the resource-based policy's @Principal@ element has a value to use in evaluating the policy. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 --
--- * 'sppResourceHandlingOption' - Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /AWS EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
+-- * 'sppResourceHandlingOption' - Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /Amazon EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
 --
--- * 'sppResourceARNs' - A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value defaults to @*@ (all resources). Each API in the @ActionNames@ parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the @ResourcePolicy@ parameter. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- * 'sppResourceARNs' - A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value defaults to @*@ (all resources). Each API in the @ActionNames@ parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the @ResourcePolicy@ parameter. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 --
 -- * 'sppMarker' - Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 --
@@ -110,69 +110,69 @@
 --
 -- * 'sppPolicySourceARN' - The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 --
--- * 'sppActionNames' - A list of names of API actions to evaluate in the simulation. Each action is evaluated for each resource. Each action must include the service identifier, such as @iam:CreateUser@ .
+-- * 'sppActionNames' - A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each resource. Each operation must include the service identifier, such as @iam:CreateUser@ .
 simulatePrincipalPolicy
     :: Text -- ^ 'sppPolicySourceARN'
     -> SimulatePrincipalPolicy
 simulatePrincipalPolicy pPolicySourceARN_ =
   SimulatePrincipalPolicy'
-  { _sppPolicyInputList = Nothing
-  , _sppResourcePolicy = Nothing
-  , _sppCallerARN = Nothing
-  , _sppResourceHandlingOption = Nothing
-  , _sppResourceARNs = Nothing
-  , _sppMarker = Nothing
-  , _sppMaxItems = Nothing
-  , _sppContextEntries = Nothing
-  , _sppResourceOwner = Nothing
-  , _sppPolicySourceARN = pPolicySourceARN_
-  , _sppActionNames = mempty
-  }
+    { _sppPolicyInputList = Nothing
+    , _sppResourcePolicy = Nothing
+    , _sppCallerARN = Nothing
+    , _sppResourceHandlingOption = Nothing
+    , _sppResourceARNs = Nothing
+    , _sppMarker = Nothing
+    , _sppMaxItems = Nothing
+    , _sppContextEntries = Nothing
+    , _sppResourceOwner = Nothing
+    , _sppPolicySourceARN = pPolicySourceARN_
+    , _sppActionNames = mempty
+    }
 
 
--- | An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 sppPolicyInputList :: Lens' SimulatePrincipalPolicy [Text]
-sppPolicyInputList = lens _sppPolicyInputList (\ s a -> s{_sppPolicyInputList = a}) . _Default . _Coerce;
+sppPolicyInputList = lens _sppPolicyInputList (\ s a -> s{_sppPolicyInputList = a}) . _Default . _Coerce
 
--- | A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 sppResourcePolicy :: Lens' SimulatePrincipalPolicy (Maybe Text)
-sppResourcePolicy = lens _sppResourcePolicy (\ s a -> s{_sppResourcePolicy = a});
+sppResourcePolicy = lens _sppResourcePolicy (\ s a -> s{_sppResourcePolicy = a})
 
--- | The ARN of the IAM user that you want to specify as the simulated caller of the APIs. If you do not specify a @CallerArn@ , it defaults to the ARN of the user that you specify in @PolicySourceArn@ , if you specified a user. If you include both a @PolicySourceArn@ (for example, @arn:aws:iam::123456789012:user/David@ ) and a @CallerArn@ (for example, @arn:aws:iam::123456789012:user/Bob@ ), the result is that you simulate calling the APIs as Bob, as if Bob had David's policies. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal. @CallerArn@ is required if you include a @ResourcePolicy@ and the @PolicySourceArn@ is not the ARN for an IAM user. This is required so that the resource-based policy's @Principal@ element has a value to use in evaluating the policy. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- | The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not specify a @CallerArn@ , it defaults to the ARN of the user that you specify in @PolicySourceArn@ , if you specified a user. If you include both a @PolicySourceArn@ (for example, @arn:aws:iam::123456789012:user/David@ ) and a @CallerArn@ (for example, @arn:aws:iam::123456789012:user/Bob@ ), the result is that you simulate calling the API operations as Bob, as if Bob had David's policies. You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal. @CallerArn@ is required if you include a @ResourcePolicy@ and the @PolicySourceArn@ is not the ARN for an IAM user. This is required so that the resource-based policy's @Principal@ element has a value to use in evaluating the policy. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 sppCallerARN :: Lens' SimulatePrincipalPolicy (Maybe Text)
-sppCallerARN = lens _sppCallerARN (\ s a -> s{_sppCallerARN = a});
+sppCallerARN = lens _sppCallerARN (\ s a -> s{_sppCallerARN = a})
 
--- | Specifies the type of simulation to run. Different APIs that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /AWS EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
+-- | Specifies the type of simulation to run. Different API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of the required resources to ensure reliable simulation results. If your simulation does not match one of the following scenarios, then you can omit this parameter. The following list shows each of the supported scenario values and the resources that you must define to run the simulation. Each of the EC2 scenarios requires that you specify instance, image, and security-group resources. If your scenario includes an EBS volume, then you must specify that volume as a resource. If the EC2 scenario includes VPC, then you must supply the network-interface resource. If it includes an IP subnet, then you must specify the subnet resource. For more information on the EC2 scenario options, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported Platforms> in the /Amazon EC2 User Guide/ .     * __EC2-Classic-InstanceStore__  instance, image, security-group     * __EC2-Classic-EBS__  instance, image, security-group, volume     * __EC2-VPC-InstanceStore__  instance, image, security-group, network-interface     * __EC2-VPC-InstanceStore-Subnet__  instance, image, security-group, network-interface, subnet     * __EC2-VPC-EBS__  instance, image, security-group, network-interface, volume     * __EC2-VPC-EBS-Subnet__  instance, image, security-group, network-interface, subnet, volume
 sppResourceHandlingOption :: Lens' SimulatePrincipalPolicy (Maybe Text)
-sppResourceHandlingOption = lens _sppResourceHandlingOption (\ s a -> s{_sppResourceHandlingOption = a});
+sppResourceHandlingOption = lens _sppResourceHandlingOption (\ s a -> s{_sppResourceHandlingOption = a})
 
--- | A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided then the value defaults to @*@ (all resources). Each API in the @ActionNames@ parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the @ResourcePolicy@ parameter. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- | A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value defaults to @*@ (all resources). Each API in the @ActionNames@ parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the @ResourcePolicy@ parameter. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 sppResourceARNs :: Lens' SimulatePrincipalPolicy [Text]
-sppResourceARNs = lens _sppResourceARNs (\ s a -> s{_sppResourceARNs = a}) . _Default . _Coerce;
+sppResourceARNs = lens _sppResourceARNs (\ s a -> s{_sppResourceARNs = a}) . _Default . _Coerce
 
 -- | Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the @Marker@ element in the response that you received to indicate where the next call should start.
 sppMarker :: Lens' SimulatePrincipalPolicy (Maybe Text)
-sppMarker = lens _sppMarker (\ s a -> s{_sppMarker = a});
+sppMarker = lens _sppMarker (\ s a -> s{_sppMarker = a})
 
 -- | (Optional) Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the @IsTruncated@ response element is @true@ . If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the @IsTruncated@ response element returns @true@ and @Marker@ contains a value to include in the subsequent call that tells the service where to continue from.
 sppMaxItems :: Lens' SimulatePrincipalPolicy (Maybe Natural)
-sppMaxItems = lens _sppMaxItems (\ s a -> s{_sppMaxItems = a}) . mapping _Nat;
+sppMaxItems = lens _sppMaxItems (\ s a -> s{_sppMaxItems = a}) . mapping _Nat
 
 -- | A list of context keys and corresponding values for the simulation to use. Whenever a context key is evaluated in one of the simulated IAM permission policies, the corresponding value is supplied.
 sppContextEntries :: Lens' SimulatePrincipalPolicy [ContextEntry]
-sppContextEntries = lens _sppContextEntries (\ s a -> s{_sppContextEntries = a}) . _Default . _Coerce;
+sppContextEntries = lens _sppContextEntries (\ s a -> s{_sppContextEntries = a}) . _Default . _Coerce
 
 -- | An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN, such as an S3 bucket or object. If @ResourceOwner@ is specified, it is also used as the account owner of any @ResourcePolicy@ included in the simulation. If the @ResourceOwner@ parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in @CallerArn@ . This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user @CallerArn@ .
 sppResourceOwner :: Lens' SimulatePrincipalPolicy (Maybe Text)
-sppResourceOwner = lens _sppResourceOwner (\ s a -> s{_sppResourceOwner = a});
+sppResourceOwner = lens _sppResourceOwner (\ s a -> s{_sppResourceOwner = a})
 
 -- | The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 sppPolicySourceARN :: Lens' SimulatePrincipalPolicy Text
-sppPolicySourceARN = lens _sppPolicySourceARN (\ s a -> s{_sppPolicySourceARN = a});
+sppPolicySourceARN = lens _sppPolicySourceARN (\ s a -> s{_sppPolicySourceARN = a})
 
--- | A list of names of API actions to evaluate in the simulation. Each action is evaluated for each resource. Each action must include the service identifier, such as @iam:CreateUser@ .
+-- | A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each resource. Each operation must include the service identifier, such as @iam:CreateUser@ .
 sppActionNames :: Lens' SimulatePrincipalPolicy [Text]
-sppActionNames = lens _sppActionNames (\ s a -> s{_sppActionNames = a}) . _Coerce;
+sppActionNames = lens _sppActionNames (\ s a -> s{_sppActionNames = a}) . _Coerce
 
 instance AWSPager SimulatePrincipalPolicy where
         page rq rs
diff --git a/gen/Network/AWS/IAM/Types.hs b/gen/Network/AWS/IAM/Types.hs
--- a/gen/Network/AWS/IAM/Types.hs
+++ b/gen/Network/AWS/IAM/Types.hs
@@ -4,7 +4,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.Types
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -285,6 +285,7 @@
     -- * Role
     , Role
     , role'
+    , rMaxSessionDuration
     , rAssumeRolePolicyDocument
     , rDescription
     , rPath
@@ -441,24 +442,24 @@
 iam :: Service
 iam =
   Service
-  { _svcAbbrev = "IAM"
-  , _svcSigner = v4
-  , _svcPrefix = "iam"
-  , _svcVersion = "2010-05-08"
-  , _svcEndpoint = defaultEndpoint iam
-  , _svcTimeout = Just 70
-  , _svcCheck = statusSuccess
-  , _svcError = parseXMLError "IAM"
-  , _svcRetry = retry
-  }
+    { _svcAbbrev = "IAM"
+    , _svcSigner = v4
+    , _svcPrefix = "iam"
+    , _svcVersion = "2010-05-08"
+    , _svcEndpoint = defaultEndpoint iam
+    , _svcTimeout = Just 70
+    , _svcCheck = statusSuccess
+    , _svcError = parseXMLError "IAM"
+    , _svcRetry = retry
+    }
   where
     retry =
       Exponential
-      { _retryBase = 5.0e-2
-      , _retryGrowth = 2
-      , _retryAttempts = 5
-      , _retryCheck = check
-      }
+        { _retryBase = 5.0e-2
+        , _retryGrowth = 2
+        , _retryAttempts = 5
+        , _retryCheck = check
+        }
     check e
       | has (hasCode "ThrottledException" . hasStatus 400) e =
         Just "throttled_exception"
@@ -467,6 +468,8 @@
         Just "throttling_exception"
       | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"
       | has (hasStatus 504) e = Just "gateway_timeout"
+      | has (hasCode "RequestThrottledException" . hasStatus 400) e =
+        Just "request_throttled_exception"
       | has (hasStatus 502) e = Just "bad_gateway"
       | has (hasStatus 503) e = Just "service_unavailable"
       | has (hasStatus 500) e = Just "general_server_error"
diff --git a/gen/Network/AWS/IAM/Types/Product.hs b/gen/Network/AWS/IAM/Types/Product.hs
--- a/gen/Network/AWS/IAM/Types/Product.hs
+++ b/gen/Network/AWS/IAM/Types/Product.hs
@@ -9,7 +9,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.Types.Product
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -24,7 +24,7 @@
 -- | Contains information about an AWS access key.
 --
 --
--- This data type is used as a response element in the 'CreateAccessKey' and 'ListAccessKeys' actions.
+-- This data type is used as a response element in the 'CreateAccessKey' and 'ListAccessKeys' operations.
 --
 --
 -- /See:/ 'accessKeyInfo' smart constructor.
@@ -47,7 +47,7 @@
 --
 -- * 'akiAccessKeyId' - The ID for this access key.
 --
--- * 'akiStatus' - The status of the access key. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- * 'akiStatus' - The status of the access key. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 --
 -- * 'akiSecretAccessKey' - The secret key used to sign requests.
 accessKeyInfo
@@ -58,33 +58,33 @@
     -> AccessKeyInfo
 accessKeyInfo pUserName_ pAccessKeyId_ pStatus_ pSecretAccessKey_ =
   AccessKeyInfo'
-  { _akiCreateDate = Nothing
-  , _akiUserName = pUserName_
-  , _akiAccessKeyId = pAccessKeyId_
-  , _akiStatus = pStatus_
-  , _akiSecretAccessKey = _Sensitive # pSecretAccessKey_
-  }
+    { _akiCreateDate = Nothing
+    , _akiUserName = pUserName_
+    , _akiAccessKeyId = pAccessKeyId_
+    , _akiStatus = pStatus_
+    , _akiSecretAccessKey = _Sensitive # pSecretAccessKey_
+    }
 
 
 -- | The date when the access key was created.
 akiCreateDate :: Lens' AccessKeyInfo (Maybe UTCTime)
-akiCreateDate = lens _akiCreateDate (\ s a -> s{_akiCreateDate = a}) . mapping _Time;
+akiCreateDate = lens _akiCreateDate (\ s a -> s{_akiCreateDate = a}) . mapping _Time
 
 -- | The name of the IAM user that the access key is associated with.
 akiUserName :: Lens' AccessKeyInfo Text
-akiUserName = lens _akiUserName (\ s a -> s{_akiUserName = a});
+akiUserName = lens _akiUserName (\ s a -> s{_akiUserName = a})
 
 -- | The ID for this access key.
 akiAccessKeyId :: Lens' AccessKeyInfo AccessKey
-akiAccessKeyId = lens _akiAccessKeyId (\ s a -> s{_akiAccessKeyId = a});
+akiAccessKeyId = lens _akiAccessKeyId (\ s a -> s{_akiAccessKeyId = a})
 
--- | The status of the access key. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- | The status of the access key. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 akiStatus :: Lens' AccessKeyInfo StatusType
-akiStatus = lens _akiStatus (\ s a -> s{_akiStatus = a});
+akiStatus = lens _akiStatus (\ s a -> s{_akiStatus = a})
 
 -- | The secret key used to sign requests.
 akiSecretAccessKey :: Lens' AccessKeyInfo Text
-akiSecretAccessKey = lens _akiSecretAccessKey (\ s a -> s{_akiSecretAccessKey = a}) . _Sensitive;
+akiSecretAccessKey = lens _akiSecretAccessKey (\ s a -> s{_akiSecretAccessKey = a}) . _Sensitive
 
 instance FromXML AccessKeyInfo where
         parseXML x
@@ -101,7 +101,7 @@
 -- | Contains information about the last time an AWS access key was used.
 --
 --
--- This data type is used as a response element in the 'GetAccessKeyLastUsed' action.
+-- This data type is used as a response element in the 'GetAccessKeyLastUsed' operation.
 --
 --
 -- /See:/ 'accessKeyLastUsed' smart constructor.
@@ -116,11 +116,11 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'akluLastUsedDate' - The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the access key was most recently used. This field is null when:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
+-- * 'akluLastUsedDate' - The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the access key was most recently used. This field is null in the following situations:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
 --
--- * 'akluServiceName' - The name of the AWS service with which this access key was most recently used. This field displays "N/A" when:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
+-- * 'akluServiceName' - The name of the AWS service with which this access key was most recently used. This field displays "N/A" in the following situations:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
 --
--- * 'akluRegion' - The AWS region where this access key was most recently used. This field is displays "N/A" when:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user For more information about AWS regions, see <http://docs.aws.amazon.com/general/latest/gr/rande.html Regions and Endpoints> in the Amazon Web Services General Reference.
+-- * 'akluRegion' - The AWS region where this access key was most recently used. This field is displays "N/A" in the following situations:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user For more information about AWS regions, see <http://docs.aws.amazon.com/general/latest/gr/rande.html Regions and Endpoints> in the Amazon Web Services General Reference.
 accessKeyLastUsed
     :: UTCTime -- ^ 'akluLastUsedDate'
     -> Text -- ^ 'akluServiceName'
@@ -128,23 +128,23 @@
     -> AccessKeyLastUsed
 accessKeyLastUsed pLastUsedDate_ pServiceName_ pRegion_ =
   AccessKeyLastUsed'
-  { _akluLastUsedDate = _Time # pLastUsedDate_
-  , _akluServiceName = pServiceName_
-  , _akluRegion = pRegion_
-  }
+    { _akluLastUsedDate = _Time # pLastUsedDate_
+    , _akluServiceName = pServiceName_
+    , _akluRegion = pRegion_
+    }
 
 
--- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the access key was most recently used. This field is null when:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
+-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the access key was most recently used. This field is null in the following situations:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
 akluLastUsedDate :: Lens' AccessKeyLastUsed UTCTime
-akluLastUsedDate = lens _akluLastUsedDate (\ s a -> s{_akluLastUsedDate = a}) . _Time;
+akluLastUsedDate = lens _akluLastUsedDate (\ s a -> s{_akluLastUsedDate = a}) . _Time
 
--- | The name of the AWS service with which this access key was most recently used. This field displays "N/A" when:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
+-- | The name of the AWS service with which this access key was most recently used. This field displays "N/A" in the following situations:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user
 akluServiceName :: Lens' AccessKeyLastUsed Text
-akluServiceName = lens _akluServiceName (\ s a -> s{_akluServiceName = a});
+akluServiceName = lens _akluServiceName (\ s a -> s{_akluServiceName = a})
 
--- | The AWS region where this access key was most recently used. This field is displays "N/A" when:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user For more information about AWS regions, see <http://docs.aws.amazon.com/general/latest/gr/rande.html Regions and Endpoints> in the Amazon Web Services General Reference.
+-- | The AWS region where this access key was most recently used. This field is displays "N/A" in the following situations:     * The user does not have an access key.     * An access key exists but has never been used, at least not since IAM started tracking this information on April 22nd, 2015.     * There is no sign-in data associated with the user For more information about AWS regions, see <http://docs.aws.amazon.com/general/latest/gr/rande.html Regions and Endpoints> in the Amazon Web Services General Reference.
 akluRegion :: Lens' AccessKeyLastUsed Text
-akluRegion = lens _akluRegion (\ s a -> s{_akluRegion = a});
+akluRegion = lens _akluRegion (\ s a -> s{_akluRegion = a})
 
 instance FromXML AccessKeyLastUsed where
         parseXML x
@@ -159,7 +159,7 @@
 -- | Contains information about an AWS access key, without its secret key.
 --
 --
--- This data type is used as a response element in the 'ListAccessKeys' action.
+-- This data type is used as a response element in the 'ListAccessKeys' operation.
 --
 --
 -- /See:/ 'accessKeyMetadata' smart constructor.
@@ -186,28 +186,28 @@
     :: AccessKeyMetadata
 accessKeyMetadata =
   AccessKeyMetadata'
-  { _akmStatus = Nothing
-  , _akmCreateDate = Nothing
-  , _akmUserName = Nothing
-  , _akmAccessKeyId = Nothing
-  }
+    { _akmStatus = Nothing
+    , _akmCreateDate = Nothing
+    , _akmUserName = Nothing
+    , _akmAccessKeyId = Nothing
+    }
 
 
 -- | The status of the access key. @Active@ means the key is valid for API calls; @Inactive@ means it is not.
 akmStatus :: Lens' AccessKeyMetadata (Maybe StatusType)
-akmStatus = lens _akmStatus (\ s a -> s{_akmStatus = a});
+akmStatus = lens _akmStatus (\ s a -> s{_akmStatus = a})
 
 -- | The date when the access key was created.
 akmCreateDate :: Lens' AccessKeyMetadata (Maybe UTCTime)
-akmCreateDate = lens _akmCreateDate (\ s a -> s{_akmCreateDate = a}) . mapping _Time;
+akmCreateDate = lens _akmCreateDate (\ s a -> s{_akmCreateDate = a}) . mapping _Time
 
 -- | The name of the IAM user that the key is associated with.
 akmUserName :: Lens' AccessKeyMetadata (Maybe Text)
-akmUserName = lens _akmUserName (\ s a -> s{_akmUserName = a});
+akmUserName = lens _akmUserName (\ s a -> s{_akmUserName = a})
 
 -- | The ID for this access key.
 akmAccessKeyId :: Lens' AccessKeyMetadata (Maybe AccessKey)
-akmAccessKeyId = lens _akmAccessKeyId (\ s a -> s{_akmAccessKeyId = a});
+akmAccessKeyId = lens _akmAccessKeyId (\ s a -> s{_akmAccessKeyId = a})
 
 instance FromXML AccessKeyMetadata where
         parseXML x
@@ -223,7 +223,7 @@
 -- | Contains information about an attached policy.
 --
 --
--- An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the 'ListAttachedGroupPolicies' , 'ListAttachedRolePolicies' , 'ListAttachedUserPolicies' , and 'GetAccountAuthorizationDetails' actions.
+-- An attached policy is a managed policy that has been attached to a user, group, or role. This data type is used as a response element in the 'ListAttachedGroupPolicies' , 'ListAttachedRolePolicies' , 'ListAttachedUserPolicies' , and 'GetAccountAuthorizationDetails' operations.
 --
 -- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
 --
@@ -250,11 +250,11 @@
 
 -- | The friendly name of the attached policy.
 apPolicyName :: Lens' AttachedPolicy (Maybe Text)
-apPolicyName = lens _apPolicyName (\ s a -> s{_apPolicyName = a});
+apPolicyName = lens _apPolicyName (\ s a -> s{_apPolicyName = a})
 
 -- | Undocumented member.
 apPolicyARN :: Lens' AttachedPolicy (Maybe Text)
-apPolicyARN = lens _apPolicyARN (\ s a -> s{_apPolicyARN = a});
+apPolicyARN = lens _apPolicyARN (\ s a -> s{_apPolicyARN = a})
 
 instance FromXML AttachedPolicy where
         parseXML x
@@ -283,7 +283,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'ceContextKeyValues' - The value (or values, if the condition context key supports multiple values) to provide to the simulation for use when the key is referenced by a @Condition@ element in an input policy.
+-- * 'ceContextKeyValues' - The value (or values, if the condition context key supports multiple values) to provide to the simulation when the key is referenced by a @Condition@ element in an input policy.
 --
 -- * 'ceContextKeyName' - The full name of a condition context key, including the service prefix. For example, @aws:SourceIp@ or @s3:VersionId@ .
 --
@@ -292,23 +292,23 @@
     :: ContextEntry
 contextEntry =
   ContextEntry'
-  { _ceContextKeyValues = Nothing
-  , _ceContextKeyName = Nothing
-  , _ceContextKeyType = Nothing
-  }
+    { _ceContextKeyValues = Nothing
+    , _ceContextKeyName = Nothing
+    , _ceContextKeyType = Nothing
+    }
 
 
--- | The value (or values, if the condition context key supports multiple values) to provide to the simulation for use when the key is referenced by a @Condition@ element in an input policy.
+-- | The value (or values, if the condition context key supports multiple values) to provide to the simulation when the key is referenced by a @Condition@ element in an input policy.
 ceContextKeyValues :: Lens' ContextEntry [Text]
-ceContextKeyValues = lens _ceContextKeyValues (\ s a -> s{_ceContextKeyValues = a}) . _Default . _Coerce;
+ceContextKeyValues = lens _ceContextKeyValues (\ s a -> s{_ceContextKeyValues = a}) . _Default . _Coerce
 
 -- | The full name of a condition context key, including the service prefix. For example, @aws:SourceIp@ or @s3:VersionId@ .
 ceContextKeyName :: Lens' ContextEntry (Maybe Text)
-ceContextKeyName = lens _ceContextKeyName (\ s a -> s{_ceContextKeyName = a});
+ceContextKeyName = lens _ceContextKeyName (\ s a -> s{_ceContextKeyName = a})
 
 -- | The data type of the value (or values) specified in the @ContextKeyValues@ parameter.
 ceContextKeyType :: Lens' ContextEntry (Maybe ContextKeyTypeEnum)
-ceContextKeyType = lens _ceContextKeyType (\ s a -> s{_ceContextKeyType = a});
+ceContextKeyType = lens _ceContextKeyType (\ s a -> s{_ceContextKeyType = a})
 
 instance Hashable ContextEntry where
 
@@ -340,23 +340,23 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'dtfrtRoleUsageList' - A list of objects that contains details about the service-linked role deletion failure. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the region in which the resources are being used.
+-- * 'dtfrtRoleUsageList' - A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the region in which the resources are being used.
 --
 -- * 'dtfrtReason' - A short description of the reason that the service-linked role deletion failed.
 deletionTaskFailureReasonType
     :: DeletionTaskFailureReasonType
 deletionTaskFailureReasonType =
   DeletionTaskFailureReasonType'
-  {_dtfrtRoleUsageList = Nothing, _dtfrtReason = Nothing}
+    {_dtfrtRoleUsageList = Nothing, _dtfrtReason = Nothing}
 
 
--- | A list of objects that contains details about the service-linked role deletion failure. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the region in which the resources are being used.
+-- | A list of objects that contains details about the service-linked role deletion failure, if that information is returned by the service. If the service-linked role has active sessions or if any resources that were used by the role have not been deleted from the linked service, the role can't be deleted. This parameter includes a list of the resources that are associated with the role and the region in which the resources are being used.
 dtfrtRoleUsageList :: Lens' DeletionTaskFailureReasonType [RoleUsageType]
-dtfrtRoleUsageList = lens _dtfrtRoleUsageList (\ s a -> s{_dtfrtRoleUsageList = a}) . _Default . _Coerce;
+dtfrtRoleUsageList = lens _dtfrtRoleUsageList (\ s a -> s{_dtfrtRoleUsageList = a}) . _Default . _Coerce
 
 -- | A short description of the reason that the service-linked role deletion failed.
 dtfrtReason :: Lens' DeletionTaskFailureReasonType (Maybe Text)
-dtfrtReason = lens _dtfrtReason (\ s a -> s{_dtfrtReason = a});
+dtfrtReason = lens _dtfrtReason (\ s a -> s{_dtfrtReason = a})
 
 instance FromXML DeletionTaskFailureReasonType where
         parseXML x
@@ -392,19 +392,19 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'erMatchedStatements' - A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
+-- * 'erMatchedStatements' - A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
 --
 -- * 'erEvalDecisionDetails' - Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html How IAM Roles Differ from Resource-based Policies>
 --
--- * 'erResourceSpecificResults' - The individual results of the simulation of the API action specified in EvalActionName on each resource.
+-- * 'erResourceSpecificResults' - The individual results of the simulation of the API operation specified in EvalActionName on each resource.
 --
--- * 'erEvalResourceName' - The ARN of the resource that the indicated API action was tested on.
+-- * 'erEvalResourceName' - The ARN of the resource that the indicated API operation was tested on.
 --
 -- * 'erMissingContextValues' - A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the @ResourceArns@ parameter blank. If you include a list of resources, then any missing context values are instead included under the @ResourceSpecificResults@ section. To discover the context keys used by a set of policies, you can call 'GetContextKeysForCustomPolicy' or 'GetContextKeysForPrincipalPolicy' .
 --
 -- * 'erOrganizationsDecisionDetail' - A structure that details how AWS Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
 --
--- * 'erEvalActionName' - The name of the API action tested on the indicated resource.
+-- * 'erEvalActionName' - The name of the API operation tested on the indicated resource.
 --
 -- * 'erEvalDecision' - The result of the simulation.
 evaluationResult
@@ -413,48 +413,48 @@
     -> EvaluationResult
 evaluationResult pEvalActionName_ pEvalDecision_ =
   EvaluationResult'
-  { _erMatchedStatements = Nothing
-  , _erEvalDecisionDetails = Nothing
-  , _erResourceSpecificResults = Nothing
-  , _erEvalResourceName = Nothing
-  , _erMissingContextValues = Nothing
-  , _erOrganizationsDecisionDetail = Nothing
-  , _erEvalActionName = pEvalActionName_
-  , _erEvalDecision = pEvalDecision_
-  }
+    { _erMatchedStatements = Nothing
+    , _erEvalDecisionDetails = Nothing
+    , _erResourceSpecificResults = Nothing
+    , _erEvalResourceName = Nothing
+    , _erMissingContextValues = Nothing
+    , _erOrganizationsDecisionDetail = Nothing
+    , _erEvalActionName = pEvalActionName_
+    , _erEvalDecision = pEvalDecision_
+    }
 
 
--- | A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the action on the resource, if only one statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
+-- | A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
 erMatchedStatements :: Lens' EvaluationResult [Statement]
-erMatchedStatements = lens _erMatchedStatements (\ s a -> s{_erMatchedStatements = a}) . _Default . _Coerce;
+erMatchedStatements = lens _erMatchedStatements (\ s a -> s{_erMatchedStatements = a}) . _Default . _Coerce
 
 -- | Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access. See <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html How IAM Roles Differ from Resource-based Policies>
 erEvalDecisionDetails :: Lens' EvaluationResult (HashMap Text PolicyEvaluationDecisionType)
-erEvalDecisionDetails = lens _erEvalDecisionDetails (\ s a -> s{_erEvalDecisionDetails = a}) . _Default . _Map;
+erEvalDecisionDetails = lens _erEvalDecisionDetails (\ s a -> s{_erEvalDecisionDetails = a}) . _Default . _Map
 
--- | The individual results of the simulation of the API action specified in EvalActionName on each resource.
+-- | The individual results of the simulation of the API operation specified in EvalActionName on each resource.
 erResourceSpecificResults :: Lens' EvaluationResult [ResourceSpecificResult]
-erResourceSpecificResults = lens _erResourceSpecificResults (\ s a -> s{_erResourceSpecificResults = a}) . _Default . _Coerce;
+erResourceSpecificResults = lens _erResourceSpecificResults (\ s a -> s{_erResourceSpecificResults = a}) . _Default . _Coerce
 
--- | The ARN of the resource that the indicated API action was tested on.
+-- | The ARN of the resource that the indicated API operation was tested on.
 erEvalResourceName :: Lens' EvaluationResult (Maybe Text)
-erEvalResourceName = lens _erEvalResourceName (\ s a -> s{_erEvalResourceName = a});
+erEvalResourceName = lens _erEvalResourceName (\ s a -> s{_erEvalResourceName = a})
 
 -- | A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when the resource in a simulation is "*", either explicitly, or when the @ResourceArns@ parameter blank. If you include a list of resources, then any missing context values are instead included under the @ResourceSpecificResults@ section. To discover the context keys used by a set of policies, you can call 'GetContextKeysForCustomPolicy' or 'GetContextKeysForPrincipalPolicy' .
 erMissingContextValues :: Lens' EvaluationResult [Text]
-erMissingContextValues = lens _erMissingContextValues (\ s a -> s{_erMissingContextValues = a}) . _Default . _Coerce;
+erMissingContextValues = lens _erMissingContextValues (\ s a -> s{_erMissingContextValues = a}) . _Default . _Coerce
 
 -- | A structure that details how AWS Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user's account is part of an organization.
 erOrganizationsDecisionDetail :: Lens' EvaluationResult (Maybe OrganizationsDecisionDetail)
-erOrganizationsDecisionDetail = lens _erOrganizationsDecisionDetail (\ s a -> s{_erOrganizationsDecisionDetail = a});
+erOrganizationsDecisionDetail = lens _erOrganizationsDecisionDetail (\ s a -> s{_erOrganizationsDecisionDetail = a})
 
--- | The name of the API action tested on the indicated resource.
+-- | The name of the API operation tested on the indicated resource.
 erEvalActionName :: Lens' EvaluationResult Text
-erEvalActionName = lens _erEvalActionName (\ s a -> s{_erEvalActionName = a});
+erEvalActionName = lens _erEvalActionName (\ s a -> s{_erEvalActionName = a})
 
 -- | The result of the simulation.
 erEvalDecision :: Lens' EvaluationResult PolicyEvaluationDecisionType
-erEvalDecision = lens _erEvalDecision (\ s a -> s{_erEvalDecision = a});
+erEvalDecision = lens _erEvalDecision (\ s a -> s{_erEvalDecision = a})
 
 instance FromXML EvaluationResult where
         parseXML x
@@ -502,7 +502,7 @@
 
 -- | The list of context keys that are referenced in the input policies.
 gckfpContextKeyNames :: Lens' GetContextKeysForPolicyResponse [Text]
-gckfpContextKeyNames = lens _gckfpContextKeyNames (\ s a -> s{_gckfpContextKeyNames = a}) . _Default . _Coerce;
+gckfpContextKeyNames = lens _gckfpContextKeyNames (\ s a -> s{_gckfpContextKeyNames = a}) . _Default . _Coerce
 
 instance FromXML GetContextKeysForPolicyResponse
          where
@@ -519,7 +519,7 @@
 -- | Contains information about an IAM group entity.
 --
 --
--- This data type is used as a response element in the following actions:
+-- This data type is used as a response element in the following operations:
 --
 --     * 'CreateGroup'
 --
@@ -562,33 +562,33 @@
     -> Group
 group' pPath_ pGroupName_ pGroupId_ pARN_ pCreateDate_ =
   Group'
-  { _gPath = pPath_
-  , _gGroupName = pGroupName_
-  , _gGroupId = pGroupId_
-  , _gARN = pARN_
-  , _gCreateDate = _Time # pCreateDate_
-  }
+    { _gPath = pPath_
+    , _gGroupName = pGroupName_
+    , _gGroupId = pGroupId_
+    , _gARN = pARN_
+    , _gCreateDate = _Time # pCreateDate_
+    }
 
 
 -- | The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 gPath :: Lens' Group Text
-gPath = lens _gPath (\ s a -> s{_gPath = a});
+gPath = lens _gPath (\ s a -> s{_gPath = a})
 
 -- | The friendly name that identifies the group.
 gGroupName :: Lens' Group Text
-gGroupName = lens _gGroupName (\ s a -> s{_gGroupName = a});
+gGroupName = lens _gGroupName (\ s a -> s{_gGroupName = a})
 
 -- | The stable and unique string identifying the group. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 gGroupId :: Lens' Group Text
-gGroupId = lens _gGroupId (\ s a -> s{_gGroupId = a});
+gGroupId = lens _gGroupId (\ s a -> s{_gGroupId = a})
 
 -- | The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 gARN :: Lens' Group Text
-gARN = lens _gARN (\ s a -> s{_gARN = a});
+gARN = lens _gARN (\ s a -> s{_gARN = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the group was created.
 gCreateDate :: Lens' Group UTCTime
-gCreateDate = lens _gCreateDate (\ s a -> s{_gCreateDate = a}) . _Time;
+gCreateDate = lens _gCreateDate (\ s a -> s{_gCreateDate = a}) . _Time
 
 instance FromXML Group where
         parseXML x
@@ -605,7 +605,7 @@
 -- | Contains information about an IAM group, including all of the group's policies.
 --
 --
--- This data type is used as a response element in the 'GetAccountAuthorizationDetails' action.
+-- This data type is used as a response element in the 'GetAccountAuthorizationDetails' operation.
 --
 --
 -- /See:/ 'groupDetail' smart constructor.
@@ -641,43 +641,43 @@
     :: GroupDetail
 groupDetail =
   GroupDetail'
-  { _gdARN = Nothing
-  , _gdPath = Nothing
-  , _gdCreateDate = Nothing
-  , _gdGroupId = Nothing
-  , _gdGroupPolicyList = Nothing
-  , _gdGroupName = Nothing
-  , _gdAttachedManagedPolicies = Nothing
-  }
+    { _gdARN = Nothing
+    , _gdPath = Nothing
+    , _gdCreateDate = Nothing
+    , _gdGroupId = Nothing
+    , _gdGroupPolicyList = Nothing
+    , _gdGroupName = Nothing
+    , _gdAttachedManagedPolicies = Nothing
+    }
 
 
 -- | Undocumented member.
 gdARN :: Lens' GroupDetail (Maybe Text)
-gdARN = lens _gdARN (\ s a -> s{_gdARN = a});
+gdARN = lens _gdARN (\ s a -> s{_gdARN = a})
 
 -- | The path to the group. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 gdPath :: Lens' GroupDetail (Maybe Text)
-gdPath = lens _gdPath (\ s a -> s{_gdPath = a});
+gdPath = lens _gdPath (\ s a -> s{_gdPath = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the group was created.
 gdCreateDate :: Lens' GroupDetail (Maybe UTCTime)
-gdCreateDate = lens _gdCreateDate (\ s a -> s{_gdCreateDate = a}) . mapping _Time;
+gdCreateDate = lens _gdCreateDate (\ s a -> s{_gdCreateDate = a}) . mapping _Time
 
 -- | The stable and unique string identifying the group. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 gdGroupId :: Lens' GroupDetail (Maybe Text)
-gdGroupId = lens _gdGroupId (\ s a -> s{_gdGroupId = a});
+gdGroupId = lens _gdGroupId (\ s a -> s{_gdGroupId = a})
 
 -- | A list of the inline policies embedded in the group.
 gdGroupPolicyList :: Lens' GroupDetail [PolicyDetail]
-gdGroupPolicyList = lens _gdGroupPolicyList (\ s a -> s{_gdGroupPolicyList = a}) . _Default . _Coerce;
+gdGroupPolicyList = lens _gdGroupPolicyList (\ s a -> s{_gdGroupPolicyList = a}) . _Default . _Coerce
 
 -- | The friendly name that identifies the group.
 gdGroupName :: Lens' GroupDetail (Maybe Text)
-gdGroupName = lens _gdGroupName (\ s a -> s{_gdGroupName = a});
+gdGroupName = lens _gdGroupName (\ s a -> s{_gdGroupName = a})
 
 -- | A list of the managed policies attached to the group.
 gdAttachedManagedPolicies :: Lens' GroupDetail [AttachedPolicy]
-gdAttachedManagedPolicies = lens _gdAttachedManagedPolicies (\ s a -> s{_gdAttachedManagedPolicies = a}) . _Default . _Coerce;
+gdAttachedManagedPolicies = lens _gdAttachedManagedPolicies (\ s a -> s{_gdAttachedManagedPolicies = a}) . _Default . _Coerce
 
 instance FromXML GroupDetail where
         parseXML x
@@ -700,7 +700,7 @@
 -- | Contains information about an instance profile.
 --
 --
--- This data type is used as a response element in the following actions:
+-- This data type is used as a response element in the following operations:
 --
 --     * 'CreateInstanceProfile'
 --
@@ -748,38 +748,38 @@
     -> InstanceProfile
 instanceProfile pPath_ pInstanceProfileName_ pInstanceProfileId_ pARN_ pCreateDate_ =
   InstanceProfile'
-  { _ipPath = pPath_
-  , _ipInstanceProfileName = pInstanceProfileName_
-  , _ipInstanceProfileId = pInstanceProfileId_
-  , _ipARN = pARN_
-  , _ipCreateDate = _Time # pCreateDate_
-  , _ipRoles = mempty
-  }
+    { _ipPath = pPath_
+    , _ipInstanceProfileName = pInstanceProfileName_
+    , _ipInstanceProfileId = pInstanceProfileId_
+    , _ipARN = pARN_
+    , _ipCreateDate = _Time # pCreateDate_
+    , _ipRoles = mempty
+    }
 
 
 -- | The path to the instance profile. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 ipPath :: Lens' InstanceProfile Text
-ipPath = lens _ipPath (\ s a -> s{_ipPath = a});
+ipPath = lens _ipPath (\ s a -> s{_ipPath = a})
 
 -- | The name identifying the instance profile.
 ipInstanceProfileName :: Lens' InstanceProfile Text
-ipInstanceProfileName = lens _ipInstanceProfileName (\ s a -> s{_ipInstanceProfileName = a});
+ipInstanceProfileName = lens _ipInstanceProfileName (\ s a -> s{_ipInstanceProfileName = a})
 
 -- | The stable and unique string identifying the instance profile. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 ipInstanceProfileId :: Lens' InstanceProfile Text
-ipInstanceProfileId = lens _ipInstanceProfileId (\ s a -> s{_ipInstanceProfileId = a});
+ipInstanceProfileId = lens _ipInstanceProfileId (\ s a -> s{_ipInstanceProfileId = a})
 
 -- | The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 ipARN :: Lens' InstanceProfile Text
-ipARN = lens _ipARN (\ s a -> s{_ipARN = a});
+ipARN = lens _ipARN (\ s a -> s{_ipARN = a})
 
 -- | The date when the instance profile was created.
 ipCreateDate :: Lens' InstanceProfile UTCTime
-ipCreateDate = lens _ipCreateDate (\ s a -> s{_ipCreateDate = a}) . _Time;
+ipCreateDate = lens _ipCreateDate (\ s a -> s{_ipCreateDate = a}) . _Time
 
 -- | The role associated with the instance profile.
 ipRoles :: Lens' InstanceProfile [Role]
-ipRoles = lens _ipRoles (\ s a -> s{_ipRoles = a}) . _Coerce;
+ipRoles = lens _ipRoles (\ s a -> s{_ipRoles = a}) . _Coerce
 
 instance FromXML InstanceProfile where
         parseXML x
@@ -798,7 +798,7 @@
 -- | Contains the user name and password create date for a user.
 --
 --
--- This data type is used as a response element in the 'CreateLoginProfile' and 'GetLoginProfile' actions.
+-- This data type is used as a response element in the 'CreateLoginProfile' and 'GetLoginProfile' operations.
 --
 --
 -- /See:/ 'loginProfile' smart constructor.
@@ -824,23 +824,23 @@
     -> LoginProfile
 loginProfile pUserName_ pCreateDate_ =
   LoginProfile'
-  { _lpPasswordResetRequired = Nothing
-  , _lpUserName = pUserName_
-  , _lpCreateDate = _Time # pCreateDate_
-  }
+    { _lpPasswordResetRequired = Nothing
+    , _lpUserName = pUserName_
+    , _lpCreateDate = _Time # pCreateDate_
+    }
 
 
 -- | Specifies whether the user is required to set a new password on next sign-in.
 lpPasswordResetRequired :: Lens' LoginProfile (Maybe Bool)
-lpPasswordResetRequired = lens _lpPasswordResetRequired (\ s a -> s{_lpPasswordResetRequired = a});
+lpPasswordResetRequired = lens _lpPasswordResetRequired (\ s a -> s{_lpPasswordResetRequired = a})
 
 -- | The name of the user, which can be used for signing in to the AWS Management Console.
 lpUserName :: Lens' LoginProfile Text
-lpUserName = lens _lpUserName (\ s a -> s{_lpUserName = a});
+lpUserName = lens _lpUserName (\ s a -> s{_lpUserName = a})
 
 -- | The date when the password for the user was created.
 lpCreateDate :: Lens' LoginProfile UTCTime
-lpCreateDate = lens _lpCreateDate (\ s a -> s{_lpCreateDate = a}) . _Time;
+lpCreateDate = lens _lpCreateDate (\ s a -> s{_lpCreateDate = a}) . _Time
 
 instance FromXML LoginProfile where
         parseXML x
@@ -855,7 +855,7 @@
 -- | Contains information about an MFA device.
 --
 --
--- This data type is used as a response element in the 'ListMFADevices' action.
+-- This data type is used as a response element in the 'ListMFADevices' operation.
 --
 --
 -- /See:/ 'mfaDevice' smart constructor.
@@ -882,23 +882,23 @@
     -> MFADevice
 mfaDevice pUserName_ pSerialNumber_ pEnableDate_ =
   MFADevice'
-  { _mdUserName = pUserName_
-  , _mdSerialNumber = pSerialNumber_
-  , _mdEnableDate = _Time # pEnableDate_
-  }
+    { _mdUserName = pUserName_
+    , _mdSerialNumber = pSerialNumber_
+    , _mdEnableDate = _Time # pEnableDate_
+    }
 
 
 -- | The user with whom the MFA device is associated.
 mdUserName :: Lens' MFADevice Text
-mdUserName = lens _mdUserName (\ s a -> s{_mdUserName = a});
+mdUserName = lens _mdUserName (\ s a -> s{_mdUserName = a})
 
 -- | The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.
 mdSerialNumber :: Lens' MFADevice Text
-mdSerialNumber = lens _mdSerialNumber (\ s a -> s{_mdSerialNumber = a});
+mdSerialNumber = lens _mdSerialNumber (\ s a -> s{_mdSerialNumber = a})
 
 -- | The date when the MFA device was enabled for the user.
 mdEnableDate :: Lens' MFADevice UTCTime
-mdEnableDate = lens _mdEnableDate (\ s a -> s{_mdEnableDate = a}) . _Time;
+mdEnableDate = lens _mdEnableDate (\ s a -> s{_mdEnableDate = a}) . _Time
 
 instance FromXML MFADevice where
         parseXML x
@@ -913,7 +913,7 @@
 -- | Contains information about a managed policy, including the policy's ARN, versions, and the number of principal entities (users, groups, and roles) that the policy is attached to.
 --
 --
--- This data type is used as a response element in the 'GetAccountAuthorizationDetails' action.
+-- This data type is used as a response element in the 'GetAccountAuthorizationDetails' operation.
 --
 -- For more information about managed policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
 --
@@ -963,63 +963,63 @@
     :: ManagedPolicyDetail
 managedPolicyDetail =
   ManagedPolicyDetail'
-  { _mpdPolicyName = Nothing
-  , _mpdARN = Nothing
-  , _mpdUpdateDate = Nothing
-  , _mpdPolicyId = Nothing
-  , _mpdPath = Nothing
-  , _mpdPolicyVersionList = Nothing
-  , _mpdCreateDate = Nothing
-  , _mpdIsAttachable = Nothing
-  , _mpdDefaultVersionId = Nothing
-  , _mpdAttachmentCount = Nothing
-  , _mpdDescription = Nothing
-  }
+    { _mpdPolicyName = Nothing
+    , _mpdARN = Nothing
+    , _mpdUpdateDate = Nothing
+    , _mpdPolicyId = Nothing
+    , _mpdPath = Nothing
+    , _mpdPolicyVersionList = Nothing
+    , _mpdCreateDate = Nothing
+    , _mpdIsAttachable = Nothing
+    , _mpdDefaultVersionId = Nothing
+    , _mpdAttachmentCount = Nothing
+    , _mpdDescription = Nothing
+    }
 
 
 -- | The friendly name (not ARN) identifying the policy.
 mpdPolicyName :: Lens' ManagedPolicyDetail (Maybe Text)
-mpdPolicyName = lens _mpdPolicyName (\ s a -> s{_mpdPolicyName = a});
+mpdPolicyName = lens _mpdPolicyName (\ s a -> s{_mpdPolicyName = a})
 
 -- | Undocumented member.
 mpdARN :: Lens' ManagedPolicyDetail (Maybe Text)
-mpdARN = lens _mpdARN (\ s a -> s{_mpdARN = a});
+mpdARN = lens _mpdARN (\ s a -> s{_mpdARN = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
 mpdUpdateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
-mpdUpdateDate = lens _mpdUpdateDate (\ s a -> s{_mpdUpdateDate = a}) . mapping _Time;
+mpdUpdateDate = lens _mpdUpdateDate (\ s a -> s{_mpdUpdateDate = a}) . mapping _Time
 
 -- | The stable and unique string identifying the policy. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 mpdPolicyId :: Lens' ManagedPolicyDetail (Maybe Text)
-mpdPolicyId = lens _mpdPolicyId (\ s a -> s{_mpdPolicyId = a});
+mpdPolicyId = lens _mpdPolicyId (\ s a -> s{_mpdPolicyId = a})
 
 -- | The path to the policy. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 mpdPath :: Lens' ManagedPolicyDetail (Maybe Text)
-mpdPath = lens _mpdPath (\ s a -> s{_mpdPath = a});
+mpdPath = lens _mpdPath (\ s a -> s{_mpdPath = a})
 
 -- | A list containing information about the versions of the policy.
 mpdPolicyVersionList :: Lens' ManagedPolicyDetail [PolicyVersion]
-mpdPolicyVersionList = lens _mpdPolicyVersionList (\ s a -> s{_mpdPolicyVersionList = a}) . _Default . _Coerce;
+mpdPolicyVersionList = lens _mpdPolicyVersionList (\ s a -> s{_mpdPolicyVersionList = a}) . _Default . _Coerce
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the policy was created.
 mpdCreateDate :: Lens' ManagedPolicyDetail (Maybe UTCTime)
-mpdCreateDate = lens _mpdCreateDate (\ s a -> s{_mpdCreateDate = a}) . mapping _Time;
+mpdCreateDate = lens _mpdCreateDate (\ s a -> s{_mpdCreateDate = a}) . mapping _Time
 
 -- | Specifies whether the policy can be attached to an IAM user, group, or role.
 mpdIsAttachable :: Lens' ManagedPolicyDetail (Maybe Bool)
-mpdIsAttachable = lens _mpdIsAttachable (\ s a -> s{_mpdIsAttachable = a});
+mpdIsAttachable = lens _mpdIsAttachable (\ s a -> s{_mpdIsAttachable = a})
 
 -- | The identifier for the version of the policy that is set as the default (operative) version. For more information about policy versions, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html Versioning for Managed Policies> in the /Using IAM/ guide.
 mpdDefaultVersionId :: Lens' ManagedPolicyDetail (Maybe Text)
-mpdDefaultVersionId = lens _mpdDefaultVersionId (\ s a -> s{_mpdDefaultVersionId = a});
+mpdDefaultVersionId = lens _mpdDefaultVersionId (\ s a -> s{_mpdDefaultVersionId = a})
 
 -- | The number of principal entities (users, groups, and roles) that the policy is attached to.
 mpdAttachmentCount :: Lens' ManagedPolicyDetail (Maybe Int)
-mpdAttachmentCount = lens _mpdAttachmentCount (\ s a -> s{_mpdAttachmentCount = a});
+mpdAttachmentCount = lens _mpdAttachmentCount (\ s a -> s{_mpdAttachmentCount = a})
 
 -- | A friendly description of the policy.
 mpdDescription :: Lens' ManagedPolicyDetail (Maybe Text)
-mpdDescription = lens _mpdDescription (\ s a -> s{_mpdDescription = a});
+mpdDescription = lens _mpdDescription (\ s a -> s{_mpdDescription = a})
 
 instance FromXML ManagedPolicyDetail where
         parseXML x
@@ -1064,7 +1064,7 @@
 
 -- | Undocumented member.
 oicpleARN :: Lens' OpenIdConnectProviderListEntry (Maybe Text)
-oicpleARN = lens _oicpleARN (\ s a -> s{_oicpleARN = a});
+oicpleARN = lens _oicpleARN (\ s a -> s{_oicpleARN = a})
 
 instance FromXML OpenIdConnectProviderListEntry where
         parseXML x
@@ -1075,7 +1075,7 @@
 
 instance NFData OpenIdConnectProviderListEntry where
 
--- | Contains information about AWS Organizations's affect on a policy simulation.
+-- | Contains information about AWS Organizations's effect on a policy simulation.
 --
 --
 --
@@ -1089,16 +1089,16 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'oddAllowedByOrganizations' - Specifies whether the simulated action is allowed by the AWS Organizations service control policies that impact the simulated user's account.
+-- * 'oddAllowedByOrganizations' - Specifies whether the simulated operation is allowed by the AWS Organizations service control policies that impact the simulated user's account.
 organizationsDecisionDetail
     :: OrganizationsDecisionDetail
 organizationsDecisionDetail =
   OrganizationsDecisionDetail' {_oddAllowedByOrganizations = Nothing}
 
 
--- | Specifies whether the simulated action is allowed by the AWS Organizations service control policies that impact the simulated user's account.
+-- | Specifies whether the simulated operation is allowed by the AWS Organizations service control policies that impact the simulated user's account.
 oddAllowedByOrganizations :: Lens' OrganizationsDecisionDetail (Maybe Bool)
-oddAllowedByOrganizations = lens _oddAllowedByOrganizations (\ s a -> s{_oddAllowedByOrganizations = a});
+oddAllowedByOrganizations = lens _oddAllowedByOrganizations (\ s a -> s{_oddAllowedByOrganizations = a})
 
 instance FromXML OrganizationsDecisionDetail where
         parseXML x
@@ -1112,7 +1112,7 @@
 -- | Contains information about the account password policy.
 --
 --
--- This data type is used as a response element in the 'GetAccountPasswordPolicy' action.
+-- This data type is used as a response element in the 'GetAccountPasswordPolicy' operation.
 --
 --
 -- /See:/ 'passwordPolicy' smart constructor.
@@ -1134,7 +1134,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'ppExpirePasswords' - Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
+-- * 'ppExpirePasswords' - Indicates whether passwords in the account expire. Returns true if @MaxPasswordAge@ contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
 --
 -- * 'ppMinimumPasswordLength' - Minimum length to require for IAM user passwords.
 --
@@ -1157,58 +1157,58 @@
     :: PasswordPolicy
 passwordPolicy =
   PasswordPolicy'
-  { _ppExpirePasswords = Nothing
-  , _ppMinimumPasswordLength = Nothing
-  , _ppRequireNumbers = Nothing
-  , _ppPasswordReusePrevention = Nothing
-  , _ppRequireLowercaseCharacters = Nothing
-  , _ppMaxPasswordAge = Nothing
-  , _ppHardExpiry = Nothing
-  , _ppRequireSymbols = Nothing
-  , _ppRequireUppercaseCharacters = Nothing
-  , _ppAllowUsersToChangePassword = Nothing
-  }
+    { _ppExpirePasswords = Nothing
+    , _ppMinimumPasswordLength = Nothing
+    , _ppRequireNumbers = Nothing
+    , _ppPasswordReusePrevention = Nothing
+    , _ppRequireLowercaseCharacters = Nothing
+    , _ppMaxPasswordAge = Nothing
+    , _ppHardExpiry = Nothing
+    , _ppRequireSymbols = Nothing
+    , _ppRequireUppercaseCharacters = Nothing
+    , _ppAllowUsersToChangePassword = Nothing
+    }
 
 
--- | Indicates whether passwords in the account expire. Returns true if MaxPasswordAge is contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
+-- | Indicates whether passwords in the account expire. Returns true if @MaxPasswordAge@ contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
 ppExpirePasswords :: Lens' PasswordPolicy (Maybe Bool)
-ppExpirePasswords = lens _ppExpirePasswords (\ s a -> s{_ppExpirePasswords = a});
+ppExpirePasswords = lens _ppExpirePasswords (\ s a -> s{_ppExpirePasswords = a})
 
 -- | Minimum length to require for IAM user passwords.
 ppMinimumPasswordLength :: Lens' PasswordPolicy (Maybe Natural)
-ppMinimumPasswordLength = lens _ppMinimumPasswordLength (\ s a -> s{_ppMinimumPasswordLength = a}) . mapping _Nat;
+ppMinimumPasswordLength = lens _ppMinimumPasswordLength (\ s a -> s{_ppMinimumPasswordLength = a}) . mapping _Nat
 
 -- | Specifies whether to require numbers for IAM user passwords.
 ppRequireNumbers :: Lens' PasswordPolicy (Maybe Bool)
-ppRequireNumbers = lens _ppRequireNumbers (\ s a -> s{_ppRequireNumbers = a});
+ppRequireNumbers = lens _ppRequireNumbers (\ s a -> s{_ppRequireNumbers = a})
 
 -- | Specifies the number of previous passwords that IAM users are prevented from reusing.
 ppPasswordReusePrevention :: Lens' PasswordPolicy (Maybe Natural)
-ppPasswordReusePrevention = lens _ppPasswordReusePrevention (\ s a -> s{_ppPasswordReusePrevention = a}) . mapping _Nat;
+ppPasswordReusePrevention = lens _ppPasswordReusePrevention (\ s a -> s{_ppPasswordReusePrevention = a}) . mapping _Nat
 
 -- | Specifies whether to require lowercase characters for IAM user passwords.
 ppRequireLowercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
-ppRequireLowercaseCharacters = lens _ppRequireLowercaseCharacters (\ s a -> s{_ppRequireLowercaseCharacters = a});
+ppRequireLowercaseCharacters = lens _ppRequireLowercaseCharacters (\ s a -> s{_ppRequireLowercaseCharacters = a})
 
 -- | The number of days that an IAM user password is valid.
 ppMaxPasswordAge :: Lens' PasswordPolicy (Maybe Natural)
-ppMaxPasswordAge = lens _ppMaxPasswordAge (\ s a -> s{_ppMaxPasswordAge = a}) . mapping _Nat;
+ppMaxPasswordAge = lens _ppMaxPasswordAge (\ s a -> s{_ppMaxPasswordAge = a}) . mapping _Nat
 
 -- | Specifies whether IAM users are prevented from setting a new password after their password has expired.
 ppHardExpiry :: Lens' PasswordPolicy (Maybe Bool)
-ppHardExpiry = lens _ppHardExpiry (\ s a -> s{_ppHardExpiry = a});
+ppHardExpiry = lens _ppHardExpiry (\ s a -> s{_ppHardExpiry = a})
 
 -- | Specifies whether to require symbols for IAM user passwords.
 ppRequireSymbols :: Lens' PasswordPolicy (Maybe Bool)
-ppRequireSymbols = lens _ppRequireSymbols (\ s a -> s{_ppRequireSymbols = a});
+ppRequireSymbols = lens _ppRequireSymbols (\ s a -> s{_ppRequireSymbols = a})
 
 -- | Specifies whether to require uppercase characters for IAM user passwords.
 ppRequireUppercaseCharacters :: Lens' PasswordPolicy (Maybe Bool)
-ppRequireUppercaseCharacters = lens _ppRequireUppercaseCharacters (\ s a -> s{_ppRequireUppercaseCharacters = a});
+ppRequireUppercaseCharacters = lens _ppRequireUppercaseCharacters (\ s a -> s{_ppRequireUppercaseCharacters = a})
 
 -- | Specifies whether IAM users are allowed to change their own password.
 ppAllowUsersToChangePassword :: Lens' PasswordPolicy (Maybe Bool)
-ppAllowUsersToChangePassword = lens _ppAllowUsersToChangePassword (\ s a -> s{_ppAllowUsersToChangePassword = a});
+ppAllowUsersToChangePassword = lens _ppAllowUsersToChangePassword (\ s a -> s{_ppAllowUsersToChangePassword = a})
 
 instance FromXML PasswordPolicy where
         parseXML x
@@ -1231,7 +1231,7 @@
 -- | Contains information about a managed policy.
 --
 --
--- This data type is used as a response element in the 'CreatePolicy' , 'GetPolicy' , and 'ListPolicies' actions.
+-- This data type is used as a response element in the 'CreatePolicy' , 'GetPolicy' , and 'ListPolicies' operations.
 --
 -- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
 --
@@ -1278,58 +1278,58 @@
     :: Policy
 policy =
   Policy'
-  { _pPolicyName = Nothing
-  , _pARN = Nothing
-  , _pUpdateDate = Nothing
-  , _pPolicyId = Nothing
-  , _pPath = Nothing
-  , _pCreateDate = Nothing
-  , _pIsAttachable = Nothing
-  , _pDefaultVersionId = Nothing
-  , _pAttachmentCount = Nothing
-  , _pDescription = Nothing
-  }
+    { _pPolicyName = Nothing
+    , _pARN = Nothing
+    , _pUpdateDate = Nothing
+    , _pPolicyId = Nothing
+    , _pPath = Nothing
+    , _pCreateDate = Nothing
+    , _pIsAttachable = Nothing
+    , _pDefaultVersionId = Nothing
+    , _pAttachmentCount = Nothing
+    , _pDescription = Nothing
+    }
 
 
 -- | The friendly name (not ARN) identifying the policy.
 pPolicyName :: Lens' Policy (Maybe Text)
-pPolicyName = lens _pPolicyName (\ s a -> s{_pPolicyName = a});
+pPolicyName = lens _pPolicyName (\ s a -> s{_pPolicyName = a})
 
 -- | Undocumented member.
 pARN :: Lens' Policy (Maybe Text)
-pARN = lens _pARN (\ s a -> s{_pARN = a});
+pARN = lens _pARN (\ s a -> s{_pARN = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the policy was last updated. When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.
 pUpdateDate :: Lens' Policy (Maybe UTCTime)
-pUpdateDate = lens _pUpdateDate (\ s a -> s{_pUpdateDate = a}) . mapping _Time;
+pUpdateDate = lens _pUpdateDate (\ s a -> s{_pUpdateDate = a}) . mapping _Time
 
 -- | The stable and unique string identifying the policy. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 pPolicyId :: Lens' Policy (Maybe Text)
-pPolicyId = lens _pPolicyId (\ s a -> s{_pPolicyId = a});
+pPolicyId = lens _pPolicyId (\ s a -> s{_pPolicyId = a})
 
 -- | The path to the policy. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 pPath :: Lens' Policy (Maybe Text)
-pPath = lens _pPath (\ s a -> s{_pPath = a});
+pPath = lens _pPath (\ s a -> s{_pPath = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the policy was created.
 pCreateDate :: Lens' Policy (Maybe UTCTime)
-pCreateDate = lens _pCreateDate (\ s a -> s{_pCreateDate = a}) . mapping _Time;
+pCreateDate = lens _pCreateDate (\ s a -> s{_pCreateDate = a}) . mapping _Time
 
 -- | Specifies whether the policy can be attached to an IAM user, group, or role.
 pIsAttachable :: Lens' Policy (Maybe Bool)
-pIsAttachable = lens _pIsAttachable (\ s a -> s{_pIsAttachable = a});
+pIsAttachable = lens _pIsAttachable (\ s a -> s{_pIsAttachable = a})
 
 -- | The identifier for the version of the policy that is set as the default version.
 pDefaultVersionId :: Lens' Policy (Maybe Text)
-pDefaultVersionId = lens _pDefaultVersionId (\ s a -> s{_pDefaultVersionId = a});
+pDefaultVersionId = lens _pDefaultVersionId (\ s a -> s{_pDefaultVersionId = a})
 
 -- | The number of entities (users, groups, and roles) that the policy is attached to.
 pAttachmentCount :: Lens' Policy (Maybe Int)
-pAttachmentCount = lens _pAttachmentCount (\ s a -> s{_pAttachmentCount = a});
+pAttachmentCount = lens _pAttachmentCount (\ s a -> s{_pAttachmentCount = a})
 
 -- | A friendly description of the policy. This element is included in the response to the 'GetPolicy' operation. It is not included in the response to the 'ListPolicies' operation.
 pDescription :: Lens' Policy (Maybe Text)
-pDescription = lens _pDescription (\ s a -> s{_pDescription = a});
+pDescription = lens _pDescription (\ s a -> s{_pDescription = a})
 
 instance FromXML Policy where
         parseXML x
@@ -1351,7 +1351,7 @@
 -- | Contains information about an IAM policy, including the policy document.
 --
 --
--- This data type is used as a response element in the 'GetAccountAuthorizationDetails' action.
+-- This data type is used as a response element in the 'GetAccountAuthorizationDetails' operation.
 --
 --
 -- /See:/ 'policyDetail' smart constructor.
@@ -1376,11 +1376,11 @@
 
 -- | The policy document.
 pdPolicyDocument :: Lens' PolicyDetail (Maybe Text)
-pdPolicyDocument = lens _pdPolicyDocument (\ s a -> s{_pdPolicyDocument = a});
+pdPolicyDocument = lens _pdPolicyDocument (\ s a -> s{_pdPolicyDocument = a})
 
 -- | The name of the policy.
 pdPolicyName :: Lens' PolicyDetail (Maybe Text)
-pdPolicyName = lens _pdPolicyName (\ s a -> s{_pdPolicyName = a});
+pdPolicyName = lens _pdPolicyName (\ s a -> s{_pdPolicyName = a})
 
 instance FromXML PolicyDetail where
         parseXML x
@@ -1394,7 +1394,7 @@
 -- | Contains information about a group that a managed policy is attached to.
 --
 --
--- This data type is used as a response element in the 'ListEntitiesForPolicy' action.
+-- This data type is used as a response element in the 'ListEntitiesForPolicy' operation.
 --
 -- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
 --
@@ -1420,11 +1420,11 @@
 
 -- | The stable and unique string identifying the group. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers> in the /IAM User Guide/ .
 pgGroupId :: Lens' PolicyGroup (Maybe Text)
-pgGroupId = lens _pgGroupId (\ s a -> s{_pgGroupId = a});
+pgGroupId = lens _pgGroupId (\ s a -> s{_pgGroupId = a})
 
 -- | The name (friendly name, not ARN) identifying the group.
 pgGroupName :: Lens' PolicyGroup (Maybe Text)
-pgGroupName = lens _pgGroupName (\ s a -> s{_pgGroupName = a});
+pgGroupName = lens _pgGroupName (\ s a -> s{_pgGroupName = a})
 
 instance FromXML PolicyGroup where
         parseXML x
@@ -1438,7 +1438,7 @@
 -- | Contains information about a role that a managed policy is attached to.
 --
 --
--- This data type is used as a response element in the 'ListEntitiesForPolicy' action.
+-- This data type is used as a response element in the 'ListEntitiesForPolicy' operation.
 --
 -- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
 --
@@ -1464,11 +1464,11 @@
 
 -- | The name (friendly name, not ARN) identifying the role.
 prRoleName :: Lens' PolicyRole (Maybe Text)
-prRoleName = lens _prRoleName (\ s a -> s{_prRoleName = a});
+prRoleName = lens _prRoleName (\ s a -> s{_prRoleName = a})
 
 -- | The stable and unique string identifying the role. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers> in the /IAM User Guide/ .
 prRoleId :: Lens' PolicyRole (Maybe Text)
-prRoleId = lens _prRoleId (\ s a -> s{_prRoleId = a});
+prRoleId = lens _prRoleId (\ s a -> s{_prRoleId = a})
 
 instance FromXML PolicyRole where
         parseXML x
@@ -1482,7 +1482,7 @@
 -- | Contains information about a user that a managed policy is attached to.
 --
 --
--- This data type is used as a response element in the 'ListEntitiesForPolicy' action.
+-- This data type is used as a response element in the 'ListEntitiesForPolicy' operation.
 --
 -- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
 --
@@ -1508,11 +1508,11 @@
 
 -- | The name (friendly name, not ARN) identifying the user.
 puUserName :: Lens' PolicyUser (Maybe Text)
-puUserName = lens _puUserName (\ s a -> s{_puUserName = a});
+puUserName = lens _puUserName (\ s a -> s{_puUserName = a})
 
 -- | The stable and unique string identifying the user. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html IAM Identifiers> in the /IAM User Guide/ .
 puUserId :: Lens' PolicyUser (Maybe Text)
-puUserId = lens _puUserId (\ s a -> s{_puUserId = a});
+puUserId = lens _puUserId (\ s a -> s{_puUserId = a})
 
 instance FromXML PolicyUser where
         parseXML x
@@ -1526,7 +1526,7 @@
 -- | Contains information about a version of a managed policy.
 --
 --
--- This data type is used as a response element in the 'CreatePolicyVersion' , 'GetPolicyVersion' , 'ListPolicyVersions' , and 'GetAccountAuthorizationDetails' actions.
+-- This data type is used as a response element in the 'CreatePolicyVersion' , 'GetPolicyVersion' , 'ListPolicyVersions' , and 'GetAccountAuthorizationDetails' operations.
 --
 -- For more information about managed policies, refer to <http://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html Managed Policies and Inline Policies> in the /Using IAM/ guide.
 --
@@ -1548,35 +1548,35 @@
 --
 -- * 'pvCreateDate' - The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the policy version was created.
 --
--- * 'pvDocument' - The policy document. The policy document is returned in the response to the 'GetPolicyVersion' and 'GetAccountAuthorizationDetails' operations. It is not returned in the response to the 'CreatePolicyVersion' or 'ListPolicyVersions' operations.
+-- * 'pvDocument' - The policy document. The policy document is returned in the response to the 'GetPolicyVersion' and 'GetAccountAuthorizationDetails' operations. It is not returned in the response to the 'CreatePolicyVersion' or 'ListPolicyVersions' operations.  The policy document returned in this structure is URL-encoded compliant with <https://tools.ietf.org/html/rfc3986 RFC 3986> . You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the @decode@ method of the @java.net.URLDecoder@ utility class in the Java SDK. Other languages and SDKs provide similar functionality.
 --
 -- * 'pvIsDefaultVersion' - Specifies whether the policy version is set as the policy's default version.
 policyVersion
     :: PolicyVersion
 policyVersion =
   PolicyVersion'
-  { _pvVersionId = Nothing
-  , _pvCreateDate = Nothing
-  , _pvDocument = Nothing
-  , _pvIsDefaultVersion = Nothing
-  }
+    { _pvVersionId = Nothing
+    , _pvCreateDate = Nothing
+    , _pvDocument = Nothing
+    , _pvIsDefaultVersion = Nothing
+    }
 
 
 -- | The identifier for the policy version. Policy version identifiers always begin with @v@ (always lowercase). When a policy is created, the first policy version is @v1@ .
 pvVersionId :: Lens' PolicyVersion (Maybe Text)
-pvVersionId = lens _pvVersionId (\ s a -> s{_pvVersionId = a});
+pvVersionId = lens _pvVersionId (\ s a -> s{_pvVersionId = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the policy version was created.
 pvCreateDate :: Lens' PolicyVersion (Maybe UTCTime)
-pvCreateDate = lens _pvCreateDate (\ s a -> s{_pvCreateDate = a}) . mapping _Time;
+pvCreateDate = lens _pvCreateDate (\ s a -> s{_pvCreateDate = a}) . mapping _Time
 
--- | The policy document. The policy document is returned in the response to the 'GetPolicyVersion' and 'GetAccountAuthorizationDetails' operations. It is not returned in the response to the 'CreatePolicyVersion' or 'ListPolicyVersions' operations.
+-- | The policy document. The policy document is returned in the response to the 'GetPolicyVersion' and 'GetAccountAuthorizationDetails' operations. It is not returned in the response to the 'CreatePolicyVersion' or 'ListPolicyVersions' operations.  The policy document returned in this structure is URL-encoded compliant with <https://tools.ietf.org/html/rfc3986 RFC 3986> . You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the @decode@ method of the @java.net.URLDecoder@ utility class in the Java SDK. Other languages and SDKs provide similar functionality.
 pvDocument :: Lens' PolicyVersion (Maybe Text)
-pvDocument = lens _pvDocument (\ s a -> s{_pvDocument = a});
+pvDocument = lens _pvDocument (\ s a -> s{_pvDocument = a})
 
 -- | Specifies whether the policy version is set as the policy's default version.
 pvIsDefaultVersion :: Lens' PolicyVersion (Maybe Bool)
-pvIsDefaultVersion = lens _pvIsDefaultVersion (\ s a -> s{_pvIsDefaultVersion = a});
+pvIsDefaultVersion = lens _pvIsDefaultVersion (\ s a -> s{_pvIsDefaultVersion = a})
 
 instance FromXML PolicyVersion where
         parseXML x
@@ -1616,11 +1616,11 @@
 
 -- | The line containing the specified position in the document.
 pLine :: Lens' Position (Maybe Int)
-pLine = lens _pLine (\ s a -> s{_pLine = a});
+pLine = lens _pLine (\ s a -> s{_pLine = a})
 
 -- | The column in the line containing the specified position in the document.
 pColumn :: Lens' Position (Maybe Int)
-pColumn = lens _pColumn (\ s a -> s{_pColumn = a});
+pColumn = lens _pColumn (\ s a -> s{_pColumn = a})
 
 instance FromXML Position where
         parseXML x
@@ -1630,7 +1630,7 @@
 
 instance NFData Position where
 
--- | Contains the result of the simulation of a single API action call on a single resource.
+-- | Contains the result of the simulation of a single API operation call on a single resource.
 --
 --
 -- This data type is used by a member of the 'EvaluationResult' data type.
@@ -1650,7 +1650,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'rsrMatchedStatements' - A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if /any/ statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
+-- * 'rsrMatchedStatements' - A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if /any/ statement denies that operation, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
 --
 -- * 'rsrEvalDecisionDetails' - Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access.
 --
@@ -1658,40 +1658,40 @@
 --
 -- * 'rsrEvalResourceName' - The name of the simulated resource, in Amazon Resource Name (ARN) format.
 --
--- * 'rsrEvalResourceDecision' - The result of the simulation of the simulated API action on the resource specified in @EvalResourceName@ .
+-- * 'rsrEvalResourceDecision' - The result of the simulation of the simulated API operation on the resource specified in @EvalResourceName@ .
 resourceSpecificResult
     :: Text -- ^ 'rsrEvalResourceName'
     -> PolicyEvaluationDecisionType -- ^ 'rsrEvalResourceDecision'
     -> ResourceSpecificResult
 resourceSpecificResult pEvalResourceName_ pEvalResourceDecision_ =
   ResourceSpecificResult'
-  { _rsrMatchedStatements = Nothing
-  , _rsrEvalDecisionDetails = Nothing
-  , _rsrMissingContextValues = Nothing
-  , _rsrEvalResourceName = pEvalResourceName_
-  , _rsrEvalResourceDecision = pEvalResourceDecision_
-  }
+    { _rsrMatchedStatements = Nothing
+    , _rsrEvalDecisionDetails = Nothing
+    , _rsrMissingContextValues = Nothing
+    , _rsrEvalResourceName = pEvalResourceName_
+    , _rsrEvalResourceDecision = pEvalResourceDecision_
+    }
 
 
--- | A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the action on the resource, if /any/ statement denies that action, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
+-- | A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if /any/ statement denies that operation, then the explicit deny overrides any allow, and the deny statement is the only entry included in the result.
 rsrMatchedStatements :: Lens' ResourceSpecificResult [Statement]
-rsrMatchedStatements = lens _rsrMatchedStatements (\ s a -> s{_rsrMatchedStatements = a}) . _Default . _Coerce;
+rsrMatchedStatements = lens _rsrMatchedStatements (\ s a -> s{_rsrMatchedStatements = a}) . _Default . _Coerce
 
 -- | Additional details about the results of the evaluation decision. When there are both IAM policies and resource policies, this parameter explains how each set of policies contributes to the final evaluation decision. When simulating cross-account access to a resource, both the resource-based policy and the caller's IAM policy must grant access.
 rsrEvalDecisionDetails :: Lens' ResourceSpecificResult (HashMap Text PolicyEvaluationDecisionType)
-rsrEvalDecisionDetails = lens _rsrEvalDecisionDetails (\ s a -> s{_rsrEvalDecisionDetails = a}) . _Default . _Map;
+rsrEvalDecisionDetails = lens _rsrEvalDecisionDetails (\ s a -> s{_rsrEvalDecisionDetails = a}) . _Default . _Map
 
 -- | A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the @ResourceArns@ parameter instead of "*". If you do not specify individual resources, by setting @ResourceArns@ to "*" or by not including the @ResourceArns@ parameter, then any missing context values are instead included under the @EvaluationResults@ section. To discover the context keys used by a set of policies, you can call 'GetContextKeysForCustomPolicy' or 'GetContextKeysForPrincipalPolicy' .
 rsrMissingContextValues :: Lens' ResourceSpecificResult [Text]
-rsrMissingContextValues = lens _rsrMissingContextValues (\ s a -> s{_rsrMissingContextValues = a}) . _Default . _Coerce;
+rsrMissingContextValues = lens _rsrMissingContextValues (\ s a -> s{_rsrMissingContextValues = a}) . _Default . _Coerce
 
 -- | The name of the simulated resource, in Amazon Resource Name (ARN) format.
 rsrEvalResourceName :: Lens' ResourceSpecificResult Text
-rsrEvalResourceName = lens _rsrEvalResourceName (\ s a -> s{_rsrEvalResourceName = a});
+rsrEvalResourceName = lens _rsrEvalResourceName (\ s a -> s{_rsrEvalResourceName = a})
 
--- | The result of the simulation of the simulated API action on the resource specified in @EvalResourceName@ .
+-- | The result of the simulation of the simulated API operation on the resource specified in @EvalResourceName@ .
 rsrEvalResourceDecision :: Lens' ResourceSpecificResult PolicyEvaluationDecisionType
-rsrEvalResourceDecision = lens _rsrEvalResourceDecision (\ s a -> s{_rsrEvalResourceDecision = a});
+rsrEvalResourceDecision = lens _rsrEvalResourceDecision (\ s a -> s{_rsrEvalResourceDecision = a})
 
 instance FromXML ResourceSpecificResult where
         parseXML x
@@ -1711,13 +1711,14 @@
 
 instance NFData ResourceSpecificResult where
 
--- | Contains information about an IAM role. This structure is returned as a response element in several APIs that interact with roles.
+-- | Contains information about an IAM role. This structure is returned as a response element in several API operations that interact with roles.
 --
 --
 --
 -- /See:/ 'role'' smart constructor.
 data Role = Role'
-  { _rAssumeRolePolicyDocument :: !(Maybe Text)
+  { _rMaxSessionDuration       :: !(Maybe Nat)
+  , _rAssumeRolePolicyDocument :: !(Maybe Text)
   , _rDescription              :: !(Maybe Text)
   , _rPath                     :: !Text
   , _rRoleName                 :: !Text
@@ -1731,6 +1732,8 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
+-- * 'rMaxSessionDuration' - The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI or API to assume the role can specify the duration using the optional @DurationSeconds@ API parameter or @duration-seconds@ CLI parameter.
+--
 -- * 'rAssumeRolePolicyDocument' - The policy that grants an entity permission to assume the role.
 --
 -- * 'rDescription' - A description of the role that you provide.
@@ -1753,49 +1756,55 @@
     -> Role
 role' pPath_ pRoleName_ pRoleId_ pARN_ pCreateDate_ =
   Role'
-  { _rAssumeRolePolicyDocument = Nothing
-  , _rDescription = Nothing
-  , _rPath = pPath_
-  , _rRoleName = pRoleName_
-  , _rRoleId = pRoleId_
-  , _rARN = pARN_
-  , _rCreateDate = _Time # pCreateDate_
-  }
+    { _rMaxSessionDuration = Nothing
+    , _rAssumeRolePolicyDocument = Nothing
+    , _rDescription = Nothing
+    , _rPath = pPath_
+    , _rRoleName = pRoleName_
+    , _rRoleId = pRoleId_
+    , _rARN = pARN_
+    , _rCreateDate = _Time # pCreateDate_
+    }
 
 
+-- | The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI or API to assume the role can specify the duration using the optional @DurationSeconds@ API parameter or @duration-seconds@ CLI parameter.
+rMaxSessionDuration :: Lens' Role (Maybe Natural)
+rMaxSessionDuration = lens _rMaxSessionDuration (\ s a -> s{_rMaxSessionDuration = a}) . mapping _Nat
+
 -- | The policy that grants an entity permission to assume the role.
 rAssumeRolePolicyDocument :: Lens' Role (Maybe Text)
-rAssumeRolePolicyDocument = lens _rAssumeRolePolicyDocument (\ s a -> s{_rAssumeRolePolicyDocument = a});
+rAssumeRolePolicyDocument = lens _rAssumeRolePolicyDocument (\ s a -> s{_rAssumeRolePolicyDocument = a})
 
 -- | A description of the role that you provide.
 rDescription :: Lens' Role (Maybe Text)
-rDescription = lens _rDescription (\ s a -> s{_rDescription = a});
+rDescription = lens _rDescription (\ s a -> s{_rDescription = a})
 
 -- | The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 rPath :: Lens' Role Text
-rPath = lens _rPath (\ s a -> s{_rPath = a});
+rPath = lens _rPath (\ s a -> s{_rPath = a})
 
 -- | The friendly name that identifies the role.
 rRoleName :: Lens' Role Text
-rRoleName = lens _rRoleName (\ s a -> s{_rRoleName = a});
+rRoleName = lens _rRoleName (\ s a -> s{_rRoleName = a})
 
 -- | The stable and unique string identifying the role. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 rRoleId :: Lens' Role Text
-rRoleId = lens _rRoleId (\ s a -> s{_rRoleId = a});
+rRoleId = lens _rRoleId (\ s a -> s{_rRoleId = a})
 
 -- | The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ guide.
 rARN :: Lens' Role Text
-rARN = lens _rARN (\ s a -> s{_rARN = a});
+rARN = lens _rARN (\ s a -> s{_rARN = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the role was created.
 rCreateDate :: Lens' Role UTCTime
-rCreateDate = lens _rCreateDate (\ s a -> s{_rCreateDate = a}) . _Time;
+rCreateDate = lens _rCreateDate (\ s a -> s{_rCreateDate = a}) . _Time
 
 instance FromXML Role where
         parseXML x
           = Role' <$>
-              (x .@? "AssumeRolePolicyDocument") <*>
-                (x .@? "Description")
+              (x .@? "MaxSessionDuration") <*>
+                (x .@? "AssumeRolePolicyDocument")
+                <*> (x .@? "Description")
                 <*> (x .@ "Path")
                 <*> (x .@ "RoleName")
                 <*> (x .@ "RoleId")
@@ -1809,7 +1818,7 @@
 -- | Contains information about an IAM role, including all of the role's policies.
 --
 --
--- This data type is used as a response element in the 'GetAccountAuthorizationDetails' action.
+-- This data type is used as a response element in the 'GetAccountAuthorizationDetails' operation.
 --
 --
 -- /See:/ 'roleDetail' smart constructor.
@@ -1851,53 +1860,53 @@
     :: RoleDetail
 roleDetail =
   RoleDetail'
-  { _rdAssumeRolePolicyDocument = Nothing
-  , _rdARN = Nothing
-  , _rdPath = Nothing
-  , _rdInstanceProfileList = Nothing
-  , _rdCreateDate = Nothing
-  , _rdRoleName = Nothing
-  , _rdRoleId = Nothing
-  , _rdRolePolicyList = Nothing
-  , _rdAttachedManagedPolicies = Nothing
-  }
+    { _rdAssumeRolePolicyDocument = Nothing
+    , _rdARN = Nothing
+    , _rdPath = Nothing
+    , _rdInstanceProfileList = Nothing
+    , _rdCreateDate = Nothing
+    , _rdRoleName = Nothing
+    , _rdRoleId = Nothing
+    , _rdRolePolicyList = Nothing
+    , _rdAttachedManagedPolicies = Nothing
+    }
 
 
 -- | The trust policy that grants permission to assume the role.
 rdAssumeRolePolicyDocument :: Lens' RoleDetail (Maybe Text)
-rdAssumeRolePolicyDocument = lens _rdAssumeRolePolicyDocument (\ s a -> s{_rdAssumeRolePolicyDocument = a});
+rdAssumeRolePolicyDocument = lens _rdAssumeRolePolicyDocument (\ s a -> s{_rdAssumeRolePolicyDocument = a})
 
 -- | Undocumented member.
 rdARN :: Lens' RoleDetail (Maybe Text)
-rdARN = lens _rdARN (\ s a -> s{_rdARN = a});
+rdARN = lens _rdARN (\ s a -> s{_rdARN = a})
 
 -- | The path to the role. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 rdPath :: Lens' RoleDetail (Maybe Text)
-rdPath = lens _rdPath (\ s a -> s{_rdPath = a});
+rdPath = lens _rdPath (\ s a -> s{_rdPath = a})
 
 -- | A list of instance profiles that contain this role.
 rdInstanceProfileList :: Lens' RoleDetail [InstanceProfile]
-rdInstanceProfileList = lens _rdInstanceProfileList (\ s a -> s{_rdInstanceProfileList = a}) . _Default . _Coerce;
+rdInstanceProfileList = lens _rdInstanceProfileList (\ s a -> s{_rdInstanceProfileList = a}) . _Default . _Coerce
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the role was created.
 rdCreateDate :: Lens' RoleDetail (Maybe UTCTime)
-rdCreateDate = lens _rdCreateDate (\ s a -> s{_rdCreateDate = a}) . mapping _Time;
+rdCreateDate = lens _rdCreateDate (\ s a -> s{_rdCreateDate = a}) . mapping _Time
 
 -- | The friendly name that identifies the role.
 rdRoleName :: Lens' RoleDetail (Maybe Text)
-rdRoleName = lens _rdRoleName (\ s a -> s{_rdRoleName = a});
+rdRoleName = lens _rdRoleName (\ s a -> s{_rdRoleName = a})
 
 -- | The stable and unique string identifying the role. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 rdRoleId :: Lens' RoleDetail (Maybe Text)
-rdRoleId = lens _rdRoleId (\ s a -> s{_rdRoleId = a});
+rdRoleId = lens _rdRoleId (\ s a -> s{_rdRoleId = a})
 
 -- | A list of inline policies embedded in the role. These policies are the role's access (permissions) policies.
 rdRolePolicyList :: Lens' RoleDetail [PolicyDetail]
-rdRolePolicyList = lens _rdRolePolicyList (\ s a -> s{_rdRolePolicyList = a}) . _Default . _Coerce;
+rdRolePolicyList = lens _rdRolePolicyList (\ s a -> s{_rdRolePolicyList = a}) . _Default . _Coerce
 
 -- | A list of managed policies attached to the role. These policies are the role's access (permissions) policies.
 rdAttachedManagedPolicies :: Lens' RoleDetail [AttachedPolicy]
-rdAttachedManagedPolicies = lens _rdAttachedManagedPolicies (\ s a -> s{_rdAttachedManagedPolicies = a}) . _Default . _Coerce;
+rdAttachedManagedPolicies = lens _rdAttachedManagedPolicies (\ s a -> s{_rdAttachedManagedPolicies = a}) . _Default . _Coerce
 
 instance FromXML RoleDetail where
         parseXML x
@@ -1921,7 +1930,7 @@
 
 instance NFData RoleDetail where
 
--- | An object that contains details about how a service-linked role is used.
+-- | An object that contains details about how a service-linked role is used, if that information is returned by the service.
 --
 --
 -- This data type is used as a response element in the 'GetServiceLinkedRoleDeletionStatus' operation.
@@ -1948,11 +1957,11 @@
 
 -- | The name of the resource that is using the service-linked role.
 rutResources :: Lens' RoleUsageType [Text]
-rutResources = lens _rutResources (\ s a -> s{_rutResources = a}) . _Default . _Coerce;
+rutResources = lens _rutResources (\ s a -> s{_rutResources = a}) . _Default . _Coerce
 
 -- | The name of the region where the service-linked role is being used.
 rutRegion :: Lens' RoleUsageType (Maybe Text)
-rutRegion = lens _rutRegion (\ s a -> s{_rutRegion = a});
+rutRegion = lens _rutRegion (\ s a -> s{_rutRegion = a})
 
 instance FromXML RoleUsageType where
         parseXML x
@@ -1990,23 +1999,23 @@
     :: SAMLProviderListEntry
 sAMLProviderListEntry =
   SAMLProviderListEntry'
-  { _samlpleARN = Nothing
-  , _samlpleCreateDate = Nothing
-  , _samlpleValidUntil = Nothing
-  }
+    { _samlpleARN = Nothing
+    , _samlpleCreateDate = Nothing
+    , _samlpleValidUntil = Nothing
+    }
 
 
 -- | The Amazon Resource Name (ARN) of the SAML provider.
 samlpleARN :: Lens' SAMLProviderListEntry (Maybe Text)
-samlpleARN = lens _samlpleARN (\ s a -> s{_samlpleARN = a});
+samlpleARN = lens _samlpleARN (\ s a -> s{_samlpleARN = a})
 
 -- | The date and time when the SAML provider was created.
 samlpleCreateDate :: Lens' SAMLProviderListEntry (Maybe UTCTime)
-samlpleCreateDate = lens _samlpleCreateDate (\ s a -> s{_samlpleCreateDate = a}) . mapping _Time;
+samlpleCreateDate = lens _samlpleCreateDate (\ s a -> s{_samlpleCreateDate = a}) . mapping _Time
 
 -- | The expiration date and time for the SAML provider.
 samlpleValidUntil :: Lens' SAMLProviderListEntry (Maybe UTCTime)
-samlpleValidUntil = lens _samlpleValidUntil (\ s a -> s{_samlpleValidUntil = a}) . mapping _Time;
+samlpleValidUntil = lens _samlpleValidUntil (\ s a -> s{_samlpleValidUntil = a}) . mapping _Time
 
 instance FromXML SAMLProviderListEntry where
         parseXML x
@@ -2021,7 +2030,7 @@
 -- | Contains information about an SSH public key.
 --
 --
--- This data type is used as a response element in the 'GetSSHPublicKey' and 'UploadSSHPublicKey' actions.
+-- This data type is used as a response element in the 'GetSSHPublicKey' and 'UploadSSHPublicKey' operations.
 --
 --
 -- /See:/ 'sshPublicKey' smart constructor.
@@ -2049,7 +2058,7 @@
 --
 -- * 'spkSSHPublicKeyBody' - The SSH public key.
 --
--- * 'spkStatus' - The status of the SSH public key. @Active@ means the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means the key cannot be used.
+-- * 'spkStatus' - The status of the SSH public key. @Active@ means that the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means that the key cannot be used.
 sshPublicKey
     :: Text -- ^ 'spkUserName'
     -> Text -- ^ 'spkSSHPublicKeyId'
@@ -2059,38 +2068,38 @@
     -> SSHPublicKey
 sshPublicKey pUserName_ pSSHPublicKeyId_ pFingerprint_ pSSHPublicKeyBody_ pStatus_ =
   SSHPublicKey'
-  { _spkUploadDate = Nothing
-  , _spkUserName = pUserName_
-  , _spkSSHPublicKeyId = pSSHPublicKeyId_
-  , _spkFingerprint = pFingerprint_
-  , _spkSSHPublicKeyBody = pSSHPublicKeyBody_
-  , _spkStatus = pStatus_
-  }
+    { _spkUploadDate = Nothing
+    , _spkUserName = pUserName_
+    , _spkSSHPublicKeyId = pSSHPublicKeyId_
+    , _spkFingerprint = pFingerprint_
+    , _spkSSHPublicKeyBody = pSSHPublicKeyBody_
+    , _spkStatus = pStatus_
+    }
 
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the SSH public key was uploaded.
 spkUploadDate :: Lens' SSHPublicKey (Maybe UTCTime)
-spkUploadDate = lens _spkUploadDate (\ s a -> s{_spkUploadDate = a}) . mapping _Time;
+spkUploadDate = lens _spkUploadDate (\ s a -> s{_spkUploadDate = a}) . mapping _Time
 
 -- | The name of the IAM user associated with the SSH public key.
 spkUserName :: Lens' SSHPublicKey Text
-spkUserName = lens _spkUserName (\ s a -> s{_spkUserName = a});
+spkUserName = lens _spkUserName (\ s a -> s{_spkUserName = a})
 
 -- | The unique identifier for the SSH public key.
 spkSSHPublicKeyId :: Lens' SSHPublicKey Text
-spkSSHPublicKeyId = lens _spkSSHPublicKeyId (\ s a -> s{_spkSSHPublicKeyId = a});
+spkSSHPublicKeyId = lens _spkSSHPublicKeyId (\ s a -> s{_spkSSHPublicKeyId = a})
 
 -- | The MD5 message digest of the SSH public key.
 spkFingerprint :: Lens' SSHPublicKey Text
-spkFingerprint = lens _spkFingerprint (\ s a -> s{_spkFingerprint = a});
+spkFingerprint = lens _spkFingerprint (\ s a -> s{_spkFingerprint = a})
 
 -- | The SSH public key.
 spkSSHPublicKeyBody :: Lens' SSHPublicKey Text
-spkSSHPublicKeyBody = lens _spkSSHPublicKeyBody (\ s a -> s{_spkSSHPublicKeyBody = a});
+spkSSHPublicKeyBody = lens _spkSSHPublicKeyBody (\ s a -> s{_spkSSHPublicKeyBody = a})
 
--- | The status of the SSH public key. @Active@ means the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means the key cannot be used.
+-- | The status of the SSH public key. @Active@ means that the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means that the key cannot be used.
 spkStatus :: Lens' SSHPublicKey StatusType
-spkStatus = lens _spkStatus (\ s a -> s{_spkStatus = a});
+spkStatus = lens _spkStatus (\ s a -> s{_spkStatus = a})
 
 instance FromXML SSHPublicKey where
         parseXML x
@@ -2108,7 +2117,7 @@
 -- | Contains information about an SSH public key, without the key's body or fingerprint.
 --
 --
--- This data type is used as a response element in the 'ListSSHPublicKeys' action.
+-- This data type is used as a response element in the 'ListSSHPublicKeys' operation.
 --
 --
 -- /See:/ 'sshPublicKeyMetadata' smart constructor.
@@ -2128,7 +2137,7 @@
 --
 -- * 'spkmSSHPublicKeyId' - The unique identifier for the SSH public key.
 --
--- * 'spkmStatus' - The status of the SSH public key. @Active@ means the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means the key cannot be used.
+-- * 'spkmStatus' - The status of the SSH public key. @Active@ means that the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means that the key cannot be used.
 --
 -- * 'spkmUploadDate' - The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the SSH public key was uploaded.
 sshPublicKeyMetadata
@@ -2139,28 +2148,28 @@
     -> SSHPublicKeyMetadata
 sshPublicKeyMetadata pUserName_ pSSHPublicKeyId_ pStatus_ pUploadDate_ =
   SSHPublicKeyMetadata'
-  { _spkmUserName = pUserName_
-  , _spkmSSHPublicKeyId = pSSHPublicKeyId_
-  , _spkmStatus = pStatus_
-  , _spkmUploadDate = _Time # pUploadDate_
-  }
+    { _spkmUserName = pUserName_
+    , _spkmSSHPublicKeyId = pSSHPublicKeyId_
+    , _spkmStatus = pStatus_
+    , _spkmUploadDate = _Time # pUploadDate_
+    }
 
 
 -- | The name of the IAM user associated with the SSH public key.
 spkmUserName :: Lens' SSHPublicKeyMetadata Text
-spkmUserName = lens _spkmUserName (\ s a -> s{_spkmUserName = a});
+spkmUserName = lens _spkmUserName (\ s a -> s{_spkmUserName = a})
 
 -- | The unique identifier for the SSH public key.
 spkmSSHPublicKeyId :: Lens' SSHPublicKeyMetadata Text
-spkmSSHPublicKeyId = lens _spkmSSHPublicKeyId (\ s a -> s{_spkmSSHPublicKeyId = a});
+spkmSSHPublicKeyId = lens _spkmSSHPublicKeyId (\ s a -> s{_spkmSSHPublicKeyId = a})
 
--- | The status of the SSH public key. @Active@ means the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means the key cannot be used.
+-- | The status of the SSH public key. @Active@ means that the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means that the key cannot be used.
 spkmStatus :: Lens' SSHPublicKeyMetadata StatusType
-spkmStatus = lens _spkmStatus (\ s a -> s{_spkmStatus = a});
+spkmStatus = lens _spkmStatus (\ s a -> s{_spkmStatus = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the SSH public key was uploaded.
 spkmUploadDate :: Lens' SSHPublicKeyMetadata UTCTime
-spkmUploadDate = lens _spkmUploadDate (\ s a -> s{_spkmUploadDate = a}) . _Time;
+spkmUploadDate = lens _spkmUploadDate (\ s a -> s{_spkmUploadDate = a}) . _Time
 
 instance FromXML SSHPublicKeyMetadata where
         parseXML x
@@ -2176,7 +2185,7 @@
 -- | Contains information about a server certificate.
 --
 --
--- This data type is used as a response element in the 'GetServerCertificate' action.
+-- This data type is used as a response element in the 'GetServerCertificate' operation.
 --
 --
 -- /See:/ 'serverCertificate' smart constructor.
@@ -2202,23 +2211,23 @@
     -> ServerCertificate
 serverCertificate pServerCertificateMetadata_ pCertificateBody_ =
   ServerCertificate'
-  { _sCertificateChain = Nothing
-  , _sServerCertificateMetadata = pServerCertificateMetadata_
-  , _sCertificateBody = pCertificateBody_
-  }
+    { _sCertificateChain = Nothing
+    , _sServerCertificateMetadata = pServerCertificateMetadata_
+    , _sCertificateBody = pCertificateBody_
+    }
 
 
 -- | The contents of the public key certificate chain.
 sCertificateChain :: Lens' ServerCertificate (Maybe Text)
-sCertificateChain = lens _sCertificateChain (\ s a -> s{_sCertificateChain = a});
+sCertificateChain = lens _sCertificateChain (\ s a -> s{_sCertificateChain = a})
 
 -- | The meta information of the server certificate, such as its name, path, ID, and ARN.
 sServerCertificateMetadata :: Lens' ServerCertificate ServerCertificateMetadata
-sServerCertificateMetadata = lens _sServerCertificateMetadata (\ s a -> s{_sServerCertificateMetadata = a});
+sServerCertificateMetadata = lens _sServerCertificateMetadata (\ s a -> s{_sServerCertificateMetadata = a})
 
 -- | The contents of the public key certificate.
 sCertificateBody :: Lens' ServerCertificate Text
-sCertificateBody = lens _sCertificateBody (\ s a -> s{_sCertificateBody = a});
+sCertificateBody = lens _sCertificateBody (\ s a -> s{_sCertificateBody = a})
 
 instance FromXML ServerCertificate where
         parseXML x
@@ -2234,7 +2243,7 @@
 -- | Contains information about a server certificate without its certificate body, certificate chain, and private key.
 --
 --
--- This data type is used as a response element in the 'UploadServerCertificate' and 'ListServerCertificates' actions.
+-- This data type is used as a response element in the 'UploadServerCertificate' and 'ListServerCertificates' operations.
 --
 --
 -- /See:/ 'serverCertificateMetadata' smart constructor.
@@ -2271,38 +2280,38 @@
     -> ServerCertificateMetadata
 serverCertificateMetadata pPath_ pServerCertificateName_ pServerCertificateId_ pARN_ =
   ServerCertificateMetadata'
-  { _scmUploadDate = Nothing
-  , _scmExpiration = Nothing
-  , _scmPath = pPath_
-  , _scmServerCertificateName = pServerCertificateName_
-  , _scmServerCertificateId = pServerCertificateId_
-  , _scmARN = pARN_
-  }
+    { _scmUploadDate = Nothing
+    , _scmExpiration = Nothing
+    , _scmPath = pPath_
+    , _scmServerCertificateName = pServerCertificateName_
+    , _scmServerCertificateId = pServerCertificateId_
+    , _scmARN = pARN_
+    }
 
 
 -- | The date when the server certificate was uploaded.
 scmUploadDate :: Lens' ServerCertificateMetadata (Maybe UTCTime)
-scmUploadDate = lens _scmUploadDate (\ s a -> s{_scmUploadDate = a}) . mapping _Time;
+scmUploadDate = lens _scmUploadDate (\ s a -> s{_scmUploadDate = a}) . mapping _Time
 
 -- | The date on which the certificate is set to expire.
 scmExpiration :: Lens' ServerCertificateMetadata (Maybe UTCTime)
-scmExpiration = lens _scmExpiration (\ s a -> s{_scmExpiration = a}) . mapping _Time;
+scmExpiration = lens _scmExpiration (\ s a -> s{_scmExpiration = a}) . mapping _Time
 
 -- | The path to the server certificate. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 scmPath :: Lens' ServerCertificateMetadata Text
-scmPath = lens _scmPath (\ s a -> s{_scmPath = a});
+scmPath = lens _scmPath (\ s a -> s{_scmPath = a})
 
 -- | The name that identifies the server certificate.
 scmServerCertificateName :: Lens' ServerCertificateMetadata Text
-scmServerCertificateName = lens _scmServerCertificateName (\ s a -> s{_scmServerCertificateName = a});
+scmServerCertificateName = lens _scmServerCertificateName (\ s a -> s{_scmServerCertificateName = a})
 
 -- | The stable and unique string identifying the server certificate. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 scmServerCertificateId :: Lens' ServerCertificateMetadata Text
-scmServerCertificateId = lens _scmServerCertificateId (\ s a -> s{_scmServerCertificateId = a});
+scmServerCertificateId = lens _scmServerCertificateId (\ s a -> s{_scmServerCertificateId = a})
 
 -- | The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 scmARN :: Lens' ServerCertificateMetadata Text
-scmARN = lens _scmARN (\ s a -> s{_scmARN = a});
+scmARN = lens _scmARN (\ s a -> s{_scmARN = a})
 
 instance FromXML ServerCertificateMetadata where
         parseXML x
@@ -2317,7 +2326,7 @@
 
 instance NFData ServerCertificateMetadata where
 
--- | Contains the details of a service specific credential.
+-- | Contains the details of a service-specific credential.
 --
 --
 --
@@ -2349,7 +2358,7 @@
 --
 -- * 'sscUserName' - The name of the IAM user associated with the service-specific credential.
 --
--- * 'sscStatus' - The status of the service-specific credential. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- * 'sscStatus' - The status of the service-specific credential. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 serviceSpecificCredential
     :: UTCTime -- ^ 'sscCreateDate'
     -> Text -- ^ 'sscServiceName'
@@ -2361,43 +2370,43 @@
     -> ServiceSpecificCredential
 serviceSpecificCredential pCreateDate_ pServiceName_ pServiceUserName_ pServicePassword_ pServiceSpecificCredentialId_ pUserName_ pStatus_ =
   ServiceSpecificCredential'
-  { _sscCreateDate = _Time # pCreateDate_
-  , _sscServiceName = pServiceName_
-  , _sscServiceUserName = pServiceUserName_
-  , _sscServicePassword = _Sensitive # pServicePassword_
-  , _sscServiceSpecificCredentialId = pServiceSpecificCredentialId_
-  , _sscUserName = pUserName_
-  , _sscStatus = pStatus_
-  }
+    { _sscCreateDate = _Time # pCreateDate_
+    , _sscServiceName = pServiceName_
+    , _sscServiceUserName = pServiceUserName_
+    , _sscServicePassword = _Sensitive # pServicePassword_
+    , _sscServiceSpecificCredentialId = pServiceSpecificCredentialId_
+    , _sscUserName = pUserName_
+    , _sscStatus = pStatus_
+    }
 
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the service-specific credential were created.
 sscCreateDate :: Lens' ServiceSpecificCredential UTCTime
-sscCreateDate = lens _sscCreateDate (\ s a -> s{_sscCreateDate = a}) . _Time;
+sscCreateDate = lens _sscCreateDate (\ s a -> s{_sscCreateDate = a}) . _Time
 
 -- | The name of the service associated with the service-specific credential.
 sscServiceName :: Lens' ServiceSpecificCredential Text
-sscServiceName = lens _sscServiceName (\ s a -> s{_sscServiceName = a});
+sscServiceName = lens _sscServiceName (\ s a -> s{_sscServiceName = a})
 
 -- | The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the AWS account, as in @jane-at-123456789012@ , for example. This value cannot be configured by the user.
 sscServiceUserName :: Lens' ServiceSpecificCredential Text
-sscServiceUserName = lens _sscServiceUserName (\ s a -> s{_sscServiceUserName = a});
+sscServiceUserName = lens _sscServiceUserName (\ s a -> s{_sscServiceUserName = a})
 
 -- | The generated password for the service-specific credential.
 sscServicePassword :: Lens' ServiceSpecificCredential Text
-sscServicePassword = lens _sscServicePassword (\ s a -> s{_sscServicePassword = a}) . _Sensitive;
+sscServicePassword = lens _sscServicePassword (\ s a -> s{_sscServicePassword = a}) . _Sensitive
 
 -- | The unique identifier for the service-specific credential.
 sscServiceSpecificCredentialId :: Lens' ServiceSpecificCredential Text
-sscServiceSpecificCredentialId = lens _sscServiceSpecificCredentialId (\ s a -> s{_sscServiceSpecificCredentialId = a});
+sscServiceSpecificCredentialId = lens _sscServiceSpecificCredentialId (\ s a -> s{_sscServiceSpecificCredentialId = a})
 
 -- | The name of the IAM user associated with the service-specific credential.
 sscUserName :: Lens' ServiceSpecificCredential Text
-sscUserName = lens _sscUserName (\ s a -> s{_sscUserName = a});
+sscUserName = lens _sscUserName (\ s a -> s{_sscUserName = a})
 
--- | The status of the service-specific credential. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- | The status of the service-specific credential. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 sscStatus :: Lens' ServiceSpecificCredential StatusType
-sscStatus = lens _sscStatus (\ s a -> s{_sscStatus = a});
+sscStatus = lens _sscStatus (\ s a -> s{_sscStatus = a})
 
 instance FromXML ServiceSpecificCredential where
         parseXML x
@@ -2434,7 +2443,7 @@
 --
 -- * 'sscmUserName' - The name of the IAM user associated with the service-specific credential.
 --
--- * 'sscmStatus' - The status of the service-specific credential. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- * 'sscmStatus' - The status of the service-specific credential. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 --
 -- * 'sscmServiceUserName' - The generated user name for the service-specific credential.
 --
@@ -2453,38 +2462,38 @@
     -> ServiceSpecificCredentialMetadata
 serviceSpecificCredentialMetadata pUserName_ pStatus_ pServiceUserName_ pCreateDate_ pServiceSpecificCredentialId_ pServiceName_ =
   ServiceSpecificCredentialMetadata'
-  { _sscmUserName = pUserName_
-  , _sscmStatus = pStatus_
-  , _sscmServiceUserName = pServiceUserName_
-  , _sscmCreateDate = _Time # pCreateDate_
-  , _sscmServiceSpecificCredentialId = pServiceSpecificCredentialId_
-  , _sscmServiceName = pServiceName_
-  }
+    { _sscmUserName = pUserName_
+    , _sscmStatus = pStatus_
+    , _sscmServiceUserName = pServiceUserName_
+    , _sscmCreateDate = _Time # pCreateDate_
+    , _sscmServiceSpecificCredentialId = pServiceSpecificCredentialId_
+    , _sscmServiceName = pServiceName_
+    }
 
 
 -- | The name of the IAM user associated with the service-specific credential.
 sscmUserName :: Lens' ServiceSpecificCredentialMetadata Text
-sscmUserName = lens _sscmUserName (\ s a -> s{_sscmUserName = a});
+sscmUserName = lens _sscmUserName (\ s a -> s{_sscmUserName = a})
 
--- | The status of the service-specific credential. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- | The status of the service-specific credential. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 sscmStatus :: Lens' ServiceSpecificCredentialMetadata StatusType
-sscmStatus = lens _sscmStatus (\ s a -> s{_sscmStatus = a});
+sscmStatus = lens _sscmStatus (\ s a -> s{_sscmStatus = a})
 
 -- | The generated user name for the service-specific credential.
 sscmServiceUserName :: Lens' ServiceSpecificCredentialMetadata Text
-sscmServiceUserName = lens _sscmServiceUserName (\ s a -> s{_sscmServiceUserName = a});
+sscmServiceUserName = lens _sscmServiceUserName (\ s a -> s{_sscmServiceUserName = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the service-specific credential were created.
 sscmCreateDate :: Lens' ServiceSpecificCredentialMetadata UTCTime
-sscmCreateDate = lens _sscmCreateDate (\ s a -> s{_sscmCreateDate = a}) . _Time;
+sscmCreateDate = lens _sscmCreateDate (\ s a -> s{_sscmCreateDate = a}) . _Time
 
 -- | The unique identifier for the service-specific credential.
 sscmServiceSpecificCredentialId :: Lens' ServiceSpecificCredentialMetadata Text
-sscmServiceSpecificCredentialId = lens _sscmServiceSpecificCredentialId (\ s a -> s{_sscmServiceSpecificCredentialId = a});
+sscmServiceSpecificCredentialId = lens _sscmServiceSpecificCredentialId (\ s a -> s{_sscmServiceSpecificCredentialId = a})
 
 -- | The name of the service associated with the service-specific credential.
 sscmServiceName :: Lens' ServiceSpecificCredentialMetadata Text
-sscmServiceName = lens _sscmServiceName (\ s a -> s{_sscmServiceName = a});
+sscmServiceName = lens _sscmServiceName (\ s a -> s{_sscmServiceName = a})
 
 instance FromXML ServiceSpecificCredentialMetadata
          where
@@ -2505,7 +2514,7 @@
 -- | Contains information about an X.509 signing certificate.
 --
 --
--- This data type is used as a response element in the 'UploadSigningCertificate' and 'ListSigningCertificates' actions.
+-- This data type is used as a response element in the 'UploadSigningCertificate' and 'ListSigningCertificates' operations.
 --
 --
 -- /See:/ 'signingCertificate' smart constructor.
@@ -2530,7 +2539,7 @@
 --
 -- * 'scCertificateBody' - The contents of the signing certificate.
 --
--- * 'scStatus' - The status of the signing certificate. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- * 'scStatus' - The status of the signing certificate. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 signingCertificate
     :: Text -- ^ 'scUserName'
     -> Text -- ^ 'scCertificateId'
@@ -2539,33 +2548,33 @@
     -> SigningCertificate
 signingCertificate pUserName_ pCertificateId_ pCertificateBody_ pStatus_ =
   SigningCertificate'
-  { _scUploadDate = Nothing
-  , _scUserName = pUserName_
-  , _scCertificateId = pCertificateId_
-  , _scCertificateBody = pCertificateBody_
-  , _scStatus = pStatus_
-  }
+    { _scUploadDate = Nothing
+    , _scUserName = pUserName_
+    , _scCertificateId = pCertificateId_
+    , _scCertificateBody = pCertificateBody_
+    , _scStatus = pStatus_
+    }
 
 
 -- | The date when the signing certificate was uploaded.
 scUploadDate :: Lens' SigningCertificate (Maybe UTCTime)
-scUploadDate = lens _scUploadDate (\ s a -> s{_scUploadDate = a}) . mapping _Time;
+scUploadDate = lens _scUploadDate (\ s a -> s{_scUploadDate = a}) . mapping _Time
 
 -- | The name of the user the signing certificate is associated with.
 scUserName :: Lens' SigningCertificate Text
-scUserName = lens _scUserName (\ s a -> s{_scUserName = a});
+scUserName = lens _scUserName (\ s a -> s{_scUserName = a})
 
 -- | The ID for the signing certificate.
 scCertificateId :: Lens' SigningCertificate Text
-scCertificateId = lens _scCertificateId (\ s a -> s{_scCertificateId = a});
+scCertificateId = lens _scCertificateId (\ s a -> s{_scCertificateId = a})
 
 -- | The contents of the signing certificate.
 scCertificateBody :: Lens' SigningCertificate Text
-scCertificateBody = lens _scCertificateBody (\ s a -> s{_scCertificateBody = a});
+scCertificateBody = lens _scCertificateBody (\ s a -> s{_scCertificateBody = a})
 
--- | The status of the signing certificate. @Active@ means the key is valid for API calls, while @Inactive@ means it is not.
+-- | The status of the signing certificate. @Active@ means that the key is valid for API calls, while @Inactive@ means it is not.
 scStatus :: Lens' SigningCertificate StatusType
-scStatus = lens _scStatus (\ s a -> s{_scStatus = a});
+scStatus = lens _scStatus (\ s a -> s{_scStatus = a})
 
 instance FromXML SigningCertificate where
         parseXML x
@@ -2604,23 +2613,23 @@
     :: SimulatePolicyResponse
 simulatePolicyResponse =
   SimulatePolicyResponse'
-  { _spEvaluationResults = Nothing
-  , _spMarker = Nothing
-  , _spIsTruncated = Nothing
-  }
+    { _spEvaluationResults = Nothing
+    , _spMarker = Nothing
+    , _spIsTruncated = Nothing
+    }
 
 
 -- | The results of the simulation.
 spEvaluationResults :: Lens' SimulatePolicyResponse [EvaluationResult]
-spEvaluationResults = lens _spEvaluationResults (\ s a -> s{_spEvaluationResults = a}) . _Default . _Coerce;
+spEvaluationResults = lens _spEvaluationResults (\ s a -> s{_spEvaluationResults = a}) . _Default . _Coerce
 
 -- | When @IsTruncated@ is @true@ , this element is present and contains the value to use for the @Marker@ parameter in a subsequent pagination request.
 spMarker :: Lens' SimulatePolicyResponse (Maybe Text)
-spMarker = lens _spMarker (\ s a -> s{_spMarker = a});
+spMarker = lens _spMarker (\ s a -> s{_spMarker = a})
 
 -- | A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the @Marker@ request parameter to retrieve more items. Note that IAM might return fewer than the @MaxItems@ number of results even when there are more results available. We recommend that you check @IsTruncated@ after every call to ensure that you receive all of your results.
 spIsTruncated :: Lens' SimulatePolicyResponse (Maybe Bool)
-spIsTruncated = lens _spIsTruncated (\ s a -> s{_spIsTruncated = a});
+spIsTruncated = lens _spIsTruncated (\ s a -> s{_spIsTruncated = a})
 
 instance FromXML SimulatePolicyResponse where
         parseXML x
@@ -2664,28 +2673,28 @@
     :: Statement
 statement =
   Statement'
-  { _sSourcePolicyType = Nothing
-  , _sSourcePolicyId = Nothing
-  , _sEndPosition = Nothing
-  , _sStartPosition = Nothing
-  }
+    { _sSourcePolicyType = Nothing
+    , _sSourcePolicyId = Nothing
+    , _sEndPosition = Nothing
+    , _sStartPosition = Nothing
+    }
 
 
 -- | The type of the policy.
 sSourcePolicyType :: Lens' Statement (Maybe PolicySourceType)
-sSourcePolicyType = lens _sSourcePolicyType (\ s a -> s{_sSourcePolicyType = a});
+sSourcePolicyType = lens _sSourcePolicyType (\ s a -> s{_sSourcePolicyType = a})
 
 -- | The identifier of the policy that was provided as an input.
 sSourcePolicyId :: Lens' Statement (Maybe Text)
-sSourcePolicyId = lens _sSourcePolicyId (\ s a -> s{_sSourcePolicyId = a});
+sSourcePolicyId = lens _sSourcePolicyId (\ s a -> s{_sSourcePolicyId = a})
 
 -- | The row and column of the end of a @Statement@ in an IAM policy.
 sEndPosition :: Lens' Statement (Maybe Position)
-sEndPosition = lens _sEndPosition (\ s a -> s{_sEndPosition = a});
+sEndPosition = lens _sEndPosition (\ s a -> s{_sEndPosition = a})
 
 -- | The row and column of the beginning of the @Statement@ in an IAM policy.
 sStartPosition :: Lens' Statement (Maybe Position)
-sStartPosition = lens _sStartPosition (\ s a -> s{_sStartPosition = a});
+sStartPosition = lens _sStartPosition (\ s a -> s{_sStartPosition = a})
 
 instance FromXML Statement where
         parseXML x
@@ -2702,7 +2711,7 @@
 -- | Contains information about an IAM user entity.
 --
 --
--- This data type is used as a response element in the following actions:
+-- This data type is used as a response element in the following operations:
 --
 --     * 'CreateUser'
 --
@@ -2728,7 +2737,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uPasswordLastUsed' - The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Credential Reports> topic in the /Using IAM/ guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value) then it indicates that they never signed in with a password. This can be because:     * The user never had a password.     * A password exists but has not been used since IAM started tracking this information on October 20th, 2014. A null does not mean that the user /never/ had a password. Also, if the user does not currently have a password, but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the 'GetUser' and 'ListUsers' actions.
+-- * 'uPasswordLastUsed' - The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Credential Reports> topic in the /Using IAM/ guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value) then it indicates that they never signed in with a password. This can be because:     * The user never had a password.     * A password exists but has not been used since IAM started tracking this information on October 20th, 2014. A null does not mean that the user /never/ had a password. Also, if the user does not currently have a password, but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the 'GetUser' and 'ListUsers' operations.
 --
 -- * 'uPath' - The path to the user. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 --
@@ -2748,38 +2757,38 @@
     -> User
 user pPath_ pUserName_ pUserId_ pARN_ pCreateDate_ =
   User'
-  { _uPasswordLastUsed = Nothing
-  , _uPath = pPath_
-  , _uUserName = pUserName_
-  , _uUserId = pUserId_
-  , _uARN = pARN_
-  , _uCreateDate = _Time # pCreateDate_
-  }
+    { _uPasswordLastUsed = Nothing
+    , _uPath = pPath_
+    , _uUserName = pUserName_
+    , _uUserId = pUserId_
+    , _uARN = pARN_
+    , _uCreateDate = _Time # pCreateDate_
+    }
 
 
--- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Credential Reports> topic in the /Using IAM/ guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value) then it indicates that they never signed in with a password. This can be because:     * The user never had a password.     * A password exists but has not been used since IAM started tracking this information on October 20th, 2014. A null does not mean that the user /never/ had a password. Also, if the user does not currently have a password, but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the 'GetUser' and 'ListUsers' actions.
+-- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the <http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html Credential Reports> topic in the /Using IAM/ guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value) then it indicates that they never signed in with a password. This can be because:     * The user never had a password.     * A password exists but has not been used since IAM started tracking this information on October 20th, 2014. A null does not mean that the user /never/ had a password. Also, if the user does not currently have a password, but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the 'GetUser' and 'ListUsers' operations.
 uPasswordLastUsed :: Lens' User (Maybe UTCTime)
-uPasswordLastUsed = lens _uPasswordLastUsed (\ s a -> s{_uPasswordLastUsed = a}) . mapping _Time;
+uPasswordLastUsed = lens _uPasswordLastUsed (\ s a -> s{_uPasswordLastUsed = a}) . mapping _Time
 
 -- | The path to the user. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 uPath :: Lens' User Text
-uPath = lens _uPath (\ s a -> s{_uPath = a});
+uPath = lens _uPath (\ s a -> s{_uPath = a})
 
 -- | The friendly name identifying the user.
 uUserName :: Lens' User Text
-uUserName = lens _uUserName (\ s a -> s{_uUserName = a});
+uUserName = lens _uUserName (\ s a -> s{_uUserName = a})
 
 -- | The stable and unique string identifying the user. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 uUserId :: Lens' User Text
-uUserId = lens _uUserId (\ s a -> s{_uUserId = a});
+uUserId = lens _uUserId (\ s a -> s{_uUserId = a})
 
 -- | The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 uARN :: Lens' User Text
-uARN = lens _uARN (\ s a -> s{_uARN = a});
+uARN = lens _uARN (\ s a -> s{_uARN = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the user was created.
 uCreateDate :: Lens' User UTCTime
-uCreateDate = lens _uCreateDate (\ s a -> s{_uCreateDate = a}) . _Time;
+uCreateDate = lens _uCreateDate (\ s a -> s{_uCreateDate = a}) . _Time
 
 instance FromXML User where
         parseXML x
@@ -2797,7 +2806,7 @@
 -- | Contains information about an IAM user, including all the user's policies and all the IAM groups the user is in.
 --
 --
--- This data type is used as a response element in the 'GetAccountAuthorizationDetails' action.
+-- This data type is used as a response element in the 'GetAccountAuthorizationDetails' operation.
 --
 --
 -- /See:/ 'userDetail' smart constructor.
@@ -2836,48 +2845,48 @@
     :: UserDetail
 userDetail =
   UserDetail'
-  { _udGroupList = Nothing
-  , _udARN = Nothing
-  , _udPath = Nothing
-  , _udCreateDate = Nothing
-  , _udUserName = Nothing
-  , _udUserId = Nothing
-  , _udUserPolicyList = Nothing
-  , _udAttachedManagedPolicies = Nothing
-  }
+    { _udGroupList = Nothing
+    , _udARN = Nothing
+    , _udPath = Nothing
+    , _udCreateDate = Nothing
+    , _udUserName = Nothing
+    , _udUserId = Nothing
+    , _udUserPolicyList = Nothing
+    , _udAttachedManagedPolicies = Nothing
+    }
 
 
 -- | A list of IAM groups that the user is in.
 udGroupList :: Lens' UserDetail [Text]
-udGroupList = lens _udGroupList (\ s a -> s{_udGroupList = a}) . _Default . _Coerce;
+udGroupList = lens _udGroupList (\ s a -> s{_udGroupList = a}) . _Default . _Coerce
 
 -- | Undocumented member.
 udARN :: Lens' UserDetail (Maybe Text)
-udARN = lens _udARN (\ s a -> s{_udARN = a});
+udARN = lens _udARN (\ s a -> s{_udARN = a})
 
 -- | The path to the user. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 udPath :: Lens' UserDetail (Maybe Text)
-udPath = lens _udPath (\ s a -> s{_udPath = a});
+udPath = lens _udPath (\ s a -> s{_udPath = a})
 
 -- | The date and time, in <http://www.iso.org/iso/iso8601 ISO 8601 date-time format> , when the user was created.
 udCreateDate :: Lens' UserDetail (Maybe UTCTime)
-udCreateDate = lens _udCreateDate (\ s a -> s{_udCreateDate = a}) . mapping _Time;
+udCreateDate = lens _udCreateDate (\ s a -> s{_udCreateDate = a}) . mapping _Time
 
 -- | The friendly name identifying the user.
 udUserName :: Lens' UserDetail (Maybe Text)
-udUserName = lens _udUserName (\ s a -> s{_udUserName = a});
+udUserName = lens _udUserName (\ s a -> s{_udUserName = a})
 
 -- | The stable and unique string identifying the user. For more information about IDs, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /Using IAM/ guide.
 udUserId :: Lens' UserDetail (Maybe Text)
-udUserId = lens _udUserId (\ s a -> s{_udUserId = a});
+udUserId = lens _udUserId (\ s a -> s{_udUserId = a})
 
 -- | A list of the inline policies embedded in the user.
 udUserPolicyList :: Lens' UserDetail [PolicyDetail]
-udUserPolicyList = lens _udUserPolicyList (\ s a -> s{_udUserPolicyList = a}) . _Default . _Coerce;
+udUserPolicyList = lens _udUserPolicyList (\ s a -> s{_udUserPolicyList = a}) . _Default . _Coerce
 
 -- | A list of the managed policies attached to the user.
 udAttachedManagedPolicies :: Lens' UserDetail [AttachedPolicy]
-udAttachedManagedPolicies = lens _udAttachedManagedPolicies (\ s a -> s{_udAttachedManagedPolicies = a}) . _Default . _Coerce;
+udAttachedManagedPolicies = lens _udAttachedManagedPolicies (\ s a -> s{_udAttachedManagedPolicies = a}) . _Default . _Coerce
 
 instance FromXML UserDetail where
         parseXML x
@@ -2932,33 +2941,33 @@
     -> VirtualMFADevice
 virtualMFADevice pSerialNumber_ =
   VirtualMFADevice'
-  { _vmdQRCodePNG = Nothing
-  , _vmdBase32StringSeed = Nothing
-  , _vmdUser = Nothing
-  , _vmdEnableDate = Nothing
-  , _vmdSerialNumber = pSerialNumber_
-  }
+    { _vmdQRCodePNG = Nothing
+    , _vmdBase32StringSeed = Nothing
+    , _vmdUser = Nothing
+    , _vmdEnableDate = Nothing
+    , _vmdSerialNumber = pSerialNumber_
+    }
 
 
 -- | A QR code PNG image that encodes @otpauth://totp/$virtualMFADeviceName@$AccountName?secret=$Base32String@ where @> virtualMFADeviceName@ is one of the create call arguments, @AccountName@ is the user name if set (otherwise, the account ID otherwise), and @Base32String@ is the seed in Base32 format. The @Base32String@ value is Base64-encoded. -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.
 vmdQRCodePNG :: Lens' VirtualMFADevice (Maybe ByteString)
-vmdQRCodePNG = lens _vmdQRCodePNG (\ s a -> s{_vmdQRCodePNG = a}) . mapping (_Sensitive . _Base64);
+vmdQRCodePNG = lens _vmdQRCodePNG (\ s a -> s{_vmdQRCodePNG = a}) . mapping (_Sensitive . _Base64)
 
 -- | The Base32 seed defined as specified in <https://tools.ietf.org/html/rfc3548.txt RFC3548> . The @Base32StringSeed@ is Base64-encoded. -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.
 vmdBase32StringSeed :: Lens' VirtualMFADevice (Maybe ByteString)
-vmdBase32StringSeed = lens _vmdBase32StringSeed (\ s a -> s{_vmdBase32StringSeed = a}) . mapping (_Sensitive . _Base64);
+vmdBase32StringSeed = lens _vmdBase32StringSeed (\ s a -> s{_vmdBase32StringSeed = a}) . mapping (_Sensitive . _Base64)
 
 -- | The IAM user associated with this virtual MFA device.
 vmdUser :: Lens' VirtualMFADevice (Maybe User)
-vmdUser = lens _vmdUser (\ s a -> s{_vmdUser = a});
+vmdUser = lens _vmdUser (\ s a -> s{_vmdUser = a})
 
 -- | The date and time on which the virtual MFA device was enabled.
 vmdEnableDate :: Lens' VirtualMFADevice (Maybe UTCTime)
-vmdEnableDate = lens _vmdEnableDate (\ s a -> s{_vmdEnableDate = a}) . mapping _Time;
+vmdEnableDate = lens _vmdEnableDate (\ s a -> s{_vmdEnableDate = a}) . mapping _Time
 
 -- | The serial number associated with @VirtualMFADevice@ .
 vmdSerialNumber :: Lens' VirtualMFADevice Text
-vmdSerialNumber = lens _vmdSerialNumber (\ s a -> s{_vmdSerialNumber = a});
+vmdSerialNumber = lens _vmdSerialNumber (\ s a -> s{_vmdSerialNumber = a})
 
 instance FromXML VirtualMFADevice where
         parseXML x
diff --git a/gen/Network/AWS/IAM/Types/Sum.hs b/gen/Network/AWS/IAM/Types/Sum.hs
--- a/gen/Network/AWS/IAM/Types/Sum.hs
+++ b/gen/Network/AWS/IAM/Types/Sum.hs
@@ -9,7 +9,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.Types.Sum
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/gen/Network/AWS/IAM/UpdateAccessKey.hs b/gen/Network/AWS/IAM/UpdateAccessKey.hs
--- a/gen/Network/AWS/IAM/UpdateAccessKey.hs
+++ b/gen/Network/AWS/IAM/UpdateAccessKey.hs
@@ -12,16 +12,16 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateAccessKey
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be used to disable a user's key as part of a key rotation work flow.
+-- Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
 --
 --
--- If the @UserName@ field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
+-- If the @UserName@ field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
 --
 -- For information about rotating keys, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html Managing Keys and Certificates> in the /IAM User Guide/ .
 --
@@ -59,34 +59,34 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uakUserName' - The name of the user whose key you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uakUserName' - The name of the user whose key you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'uakAccessKeyId' - The access key ID of the secret access key you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 --
--- * 'uakStatus' - The status you want to assign to the secret access key. @Active@ means the key can be used for API calls to AWS, while @Inactive@ means the key cannot be used.
+-- * 'uakStatus' - The status you want to assign to the secret access key. @Active@ means that the key can be used for API calls to AWS, while @Inactive@ means that the key cannot be used.
 updateAccessKey
     :: AccessKey -- ^ 'uakAccessKeyId'
     -> StatusType -- ^ 'uakStatus'
     -> UpdateAccessKey
 updateAccessKey pAccessKeyId_ pStatus_ =
   UpdateAccessKey'
-  { _uakUserName = Nothing
-  , _uakAccessKeyId = pAccessKeyId_
-  , _uakStatus = pStatus_
-  }
+    { _uakUserName = Nothing
+    , _uakAccessKeyId = pAccessKeyId_
+    , _uakStatus = pStatus_
+    }
 
 
--- | The name of the user whose key you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose key you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uakUserName :: Lens' UpdateAccessKey (Maybe Text)
-uakUserName = lens _uakUserName (\ s a -> s{_uakUserName = a});
+uakUserName = lens _uakUserName (\ s a -> s{_uakUserName = a})
 
 -- | The access key ID of the secret access key you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 uakAccessKeyId :: Lens' UpdateAccessKey AccessKey
-uakAccessKeyId = lens _uakAccessKeyId (\ s a -> s{_uakAccessKeyId = a});
+uakAccessKeyId = lens _uakAccessKeyId (\ s a -> s{_uakAccessKeyId = a})
 
--- | The status you want to assign to the secret access key. @Active@ means the key can be used for API calls to AWS, while @Inactive@ means the key cannot be used.
+-- | The status you want to assign to the secret access key. @Active@ means that the key can be used for API calls to AWS, while @Inactive@ means that the key cannot be used.
 uakStatus :: Lens' UpdateAccessKey StatusType
-uakStatus = lens _uakStatus (\ s a -> s{_uakStatus = a});
+uakStatus = lens _uakStatus (\ s a -> s{_uakStatus = a})
 
 instance AWSRequest UpdateAccessKey where
         type Rs UpdateAccessKey = UpdateAccessKeyResponse
diff --git a/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs b/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs
--- a/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs
+++ b/gen/Network/AWS/IAM/UpdateAccountPasswordPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateAccountPasswordPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -69,74 +69,74 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uappMinimumPasswordLength' - The minimum number of characters allowed in an IAM user password. Default value: 6
+-- * 'uappMinimumPasswordLength' - The minimum number of characters allowed in an IAM user password. If you do not specify a value for this parameter, then the operation uses the default value of @6@ .
 --
--- * 'uappRequireNumbers' - Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). Default value: false
+-- * 'uappRequireNumbers' - Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one numeric character.
 --
--- * 'uappPasswordReusePrevention' - Specifies the number of previous passwords that IAM users are prevented from reusing. The default value of 0 means IAM users are not prevented from reusing previous passwords. Default value: 0
+-- * 'uappPasswordReusePrevention' - Specifies the number of previous passwords that IAM users are prevented from reusing. If you do not specify a value for this parameter, then the operation uses the default value of @0@ . The result is that IAM users are not prevented from reusing previous passwords.
 --
--- * 'uappRequireLowercaseCharacters' - Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). Default value: false
+-- * 'uappRequireLowercaseCharacters' - Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one lowercase character.
 --
--- * 'uappMaxPasswordAge' - The number of days that an IAM user password is valid. The default value of 0 means IAM user passwords never expire. Default value: 0
+-- * 'uappMaxPasswordAge' - The number of days that an IAM user password is valid. If you do not specify a value for this parameter, then the operation uses the default value of @0@ . The result is that IAM user passwords never expire.
 --
--- * 'uappHardExpiry' - Prevents IAM users from setting a new password after their password has expired. Default value: false
+-- * 'uappHardExpiry' - Prevents IAM users from setting a new password after their password has expired. The IAM user cannot be accessed until an administrator resets the password. If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that IAM users can change their passwords after they expire and continue to sign in as the user.
 --
--- * 'uappRequireSymbols' - Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ &amp; * ( ) _ + - = [ ] { } | ' Default value: false
+-- * 'uappRequireSymbols' - Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ &amp; * ( ) _ + - = [ ] { } | ' If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one symbol character.
 --
--- * 'uappRequireUppercaseCharacters' - Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). Default value: false
+-- * 'uappRequireUppercaseCharacters' - Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one uppercase character.
 --
--- * 'uappAllowUsersToChangePassword' - Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html Letting IAM Users Change Their Own Passwords> in the /IAM User Guide/ . Default value: false
+-- * 'uappAllowUsersToChangePassword' - Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html Letting IAM Users Change Their Own Passwords> in the /IAM User Guide/ . If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that IAM users in the account do not automatically have permissions to change their own password.
 updateAccountPasswordPolicy
     :: UpdateAccountPasswordPolicy
 updateAccountPasswordPolicy =
   UpdateAccountPasswordPolicy'
-  { _uappMinimumPasswordLength = Nothing
-  , _uappRequireNumbers = Nothing
-  , _uappPasswordReusePrevention = Nothing
-  , _uappRequireLowercaseCharacters = Nothing
-  , _uappMaxPasswordAge = Nothing
-  , _uappHardExpiry = Nothing
-  , _uappRequireSymbols = Nothing
-  , _uappRequireUppercaseCharacters = Nothing
-  , _uappAllowUsersToChangePassword = Nothing
-  }
+    { _uappMinimumPasswordLength = Nothing
+    , _uappRequireNumbers = Nothing
+    , _uappPasswordReusePrevention = Nothing
+    , _uappRequireLowercaseCharacters = Nothing
+    , _uappMaxPasswordAge = Nothing
+    , _uappHardExpiry = Nothing
+    , _uappRequireSymbols = Nothing
+    , _uappRequireUppercaseCharacters = Nothing
+    , _uappAllowUsersToChangePassword = Nothing
+    }
 
 
--- | The minimum number of characters allowed in an IAM user password. Default value: 6
+-- | The minimum number of characters allowed in an IAM user password. If you do not specify a value for this parameter, then the operation uses the default value of @6@ .
 uappMinimumPasswordLength :: Lens' UpdateAccountPasswordPolicy (Maybe Natural)
-uappMinimumPasswordLength = lens _uappMinimumPasswordLength (\ s a -> s{_uappMinimumPasswordLength = a}) . mapping _Nat;
+uappMinimumPasswordLength = lens _uappMinimumPasswordLength (\ s a -> s{_uappMinimumPasswordLength = a}) . mapping _Nat
 
--- | Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). Default value: false
+-- | Specifies whether IAM user passwords must contain at least one numeric character (0 to 9). If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one numeric character.
 uappRequireNumbers :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)
-uappRequireNumbers = lens _uappRequireNumbers (\ s a -> s{_uappRequireNumbers = a});
+uappRequireNumbers = lens _uappRequireNumbers (\ s a -> s{_uappRequireNumbers = a})
 
--- | Specifies the number of previous passwords that IAM users are prevented from reusing. The default value of 0 means IAM users are not prevented from reusing previous passwords. Default value: 0
+-- | Specifies the number of previous passwords that IAM users are prevented from reusing. If you do not specify a value for this parameter, then the operation uses the default value of @0@ . The result is that IAM users are not prevented from reusing previous passwords.
 uappPasswordReusePrevention :: Lens' UpdateAccountPasswordPolicy (Maybe Natural)
-uappPasswordReusePrevention = lens _uappPasswordReusePrevention (\ s a -> s{_uappPasswordReusePrevention = a}) . mapping _Nat;
+uappPasswordReusePrevention = lens _uappPasswordReusePrevention (\ s a -> s{_uappPasswordReusePrevention = a}) . mapping _Nat
 
--- | Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). Default value: false
+-- | Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z). If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one lowercase character.
 uappRequireLowercaseCharacters :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)
-uappRequireLowercaseCharacters = lens _uappRequireLowercaseCharacters (\ s a -> s{_uappRequireLowercaseCharacters = a});
+uappRequireLowercaseCharacters = lens _uappRequireLowercaseCharacters (\ s a -> s{_uappRequireLowercaseCharacters = a})
 
--- | The number of days that an IAM user password is valid. The default value of 0 means IAM user passwords never expire. Default value: 0
+-- | The number of days that an IAM user password is valid. If you do not specify a value for this parameter, then the operation uses the default value of @0@ . The result is that IAM user passwords never expire.
 uappMaxPasswordAge :: Lens' UpdateAccountPasswordPolicy (Maybe Natural)
-uappMaxPasswordAge = lens _uappMaxPasswordAge (\ s a -> s{_uappMaxPasswordAge = a}) . mapping _Nat;
+uappMaxPasswordAge = lens _uappMaxPasswordAge (\ s a -> s{_uappMaxPasswordAge = a}) . mapping _Nat
 
--- | Prevents IAM users from setting a new password after their password has expired. Default value: false
+-- | Prevents IAM users from setting a new password after their password has expired. The IAM user cannot be accessed until an administrator resets the password. If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that IAM users can change their passwords after they expire and continue to sign in as the user.
 uappHardExpiry :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)
-uappHardExpiry = lens _uappHardExpiry (\ s a -> s{_uappHardExpiry = a});
+uappHardExpiry = lens _uappHardExpiry (\ s a -> s{_uappHardExpiry = a})
 
--- | Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ &amp; * ( ) _ + - = [ ] { } | ' Default value: false
+-- | Specifies whether IAM user passwords must contain at least one of the following non-alphanumeric characters: ! @ # $ % ^ &amp; * ( ) _ + - = [ ] { } | ' If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one symbol character.
 uappRequireSymbols :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)
-uappRequireSymbols = lens _uappRequireSymbols (\ s a -> s{_uappRequireSymbols = a});
+uappRequireSymbols = lens _uappRequireSymbols (\ s a -> s{_uappRequireSymbols = a})
 
--- | Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). Default value: false
+-- | Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that passwords do not require at least one uppercase character.
 uappRequireUppercaseCharacters :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)
-uappRequireUppercaseCharacters = lens _uappRequireUppercaseCharacters (\ s a -> s{_uappRequireUppercaseCharacters = a});
+uappRequireUppercaseCharacters = lens _uappRequireUppercaseCharacters (\ s a -> s{_uappRequireUppercaseCharacters = a})
 
--- | Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html Letting IAM Users Change Their Own Passwords> in the /IAM User Guide/ . Default value: false
+-- | Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html Letting IAM Users Change Their Own Passwords> in the /IAM User Guide/ . If you do not specify a value for this parameter, then the operation uses the default value of @false@ . The result is that IAM users in the account do not automatically have permissions to change their own password.
 uappAllowUsersToChangePassword :: Lens' UpdateAccountPasswordPolicy (Maybe Bool)
-uappAllowUsersToChangePassword = lens _uappAllowUsersToChangePassword (\ s a -> s{_uappAllowUsersToChangePassword = a});
+uappAllowUsersToChangePassword = lens _uappAllowUsersToChangePassword (\ s a -> s{_uappAllowUsersToChangePassword = a})
 
 instance AWSRequest UpdateAccountPasswordPolicy where
         type Rs UpdateAccountPasswordPolicy =
diff --git a/gen/Network/AWS/IAM/UpdateAssumeRolePolicy.hs b/gen/Network/AWS/IAM/UpdateAssumeRolePolicy.hs
--- a/gen/Network/AWS/IAM/UpdateAssumeRolePolicy.hs
+++ b/gen/Network/AWS/IAM/UpdateAssumeRolePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateAssumeRolePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -55,23 +55,23 @@
 --
 -- * 'uarpRoleName' - The name of the role to update with the new policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'uarpPolicyDocument' - The policy that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'uarpPolicyDocument' - The policy that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 updateAssumeRolePolicy
     :: Text -- ^ 'uarpRoleName'
     -> Text -- ^ 'uarpPolicyDocument'
     -> UpdateAssumeRolePolicy
 updateAssumeRolePolicy pRoleName_ pPolicyDocument_ =
   UpdateAssumeRolePolicy'
-  {_uarpRoleName = pRoleName_, _uarpPolicyDocument = pPolicyDocument_}
+    {_uarpRoleName = pRoleName_, _uarpPolicyDocument = pPolicyDocument_}
 
 
 -- | The name of the role to update with the new policy. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uarpRoleName :: Lens' UpdateAssumeRolePolicy Text
-uarpRoleName = lens _uarpRoleName (\ s a -> s{_uarpRoleName = a});
+uarpRoleName = lens _uarpRoleName (\ s a -> s{_uarpRoleName = a})
 
--- | The policy that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The policy that grants an entity permission to assume the role. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uarpPolicyDocument :: Lens' UpdateAssumeRolePolicy Text
-uarpPolicyDocument = lens _uarpPolicyDocument (\ s a -> s{_uarpPolicyDocument = a});
+uarpPolicyDocument = lens _uarpPolicyDocument (\ s a -> s{_uarpPolicyDocument = a})
 
 instance AWSRequest UpdateAssumeRolePolicy where
         type Rs UpdateAssumeRolePolicy =
diff --git a/gen/Network/AWS/IAM/UpdateGroup.hs b/gen/Network/AWS/IAM/UpdateGroup.hs
--- a/gen/Network/AWS/IAM/UpdateGroup.hs
+++ b/gen/Network/AWS/IAM/UpdateGroup.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateGroup
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,30 +57,33 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'ugNewGroupName' - New name for the IAM group. Only include this if changing the group's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'ugNewGroupName' - New name for the IAM group. Only include this if changing the group's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'ugNewPath' - New path for the IAM group. Only include this if changing the group's path. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'ugNewPath' - New path for the IAM group. Only include this if changing the group's path. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'ugGroupName' - Name of the IAM group to update. If you're changing the name of the group, this is the original name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'ugGroupName' - Name of the IAM group to update. If you're changing the name of the group, this is the original name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 updateGroup
     :: Text -- ^ 'ugGroupName'
     -> UpdateGroup
 updateGroup pGroupName_ =
   UpdateGroup'
-  {_ugNewGroupName = Nothing, _ugNewPath = Nothing, _ugGroupName = pGroupName_}
+    { _ugNewGroupName = Nothing
+    , _ugNewPath = Nothing
+    , _ugGroupName = pGroupName_
+    }
 
 
--- | New name for the IAM group. Only include this if changing the group's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | New name for the IAM group. Only include this if changing the group's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 ugNewGroupName :: Lens' UpdateGroup (Maybe Text)
-ugNewGroupName = lens _ugNewGroupName (\ s a -> s{_ugNewGroupName = a});
+ugNewGroupName = lens _ugNewGroupName (\ s a -> s{_ugNewGroupName = a})
 
--- | New path for the IAM group. Only include this if changing the group's path. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | New path for the IAM group. Only include this if changing the group's path. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 ugNewPath :: Lens' UpdateGroup (Maybe Text)
-ugNewPath = lens _ugNewPath (\ s a -> s{_ugNewPath = a});
+ugNewPath = lens _ugNewPath (\ s a -> s{_ugNewPath = a})
 
--- | Name of the IAM group to update. If you're changing the name of the group, this is the original name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | Name of the IAM group to update. If you're changing the name of the group, this is the original name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 ugGroupName :: Lens' UpdateGroup Text
-ugGroupName = lens _ugGroupName (\ s a -> s{_ugGroupName = a});
+ugGroupName = lens _ugGroupName (\ s a -> s{_ugGroupName = a})
 
 instance AWSRequest UpdateGroup where
         type Rs UpdateGroup = UpdateGroupResponse
diff --git a/gen/Network/AWS/IAM/UpdateLoginProfile.hs b/gen/Network/AWS/IAM/UpdateLoginProfile.hs
--- a/gen/Network/AWS/IAM/UpdateLoginProfile.hs
+++ b/gen/Network/AWS/IAM/UpdateLoginProfile.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateLoginProfile
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,33 +57,33 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'ulpPassword' - The new password for the specified IAM user. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D). However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see 'UpdateAccountPasswordPolicy' .
+-- * 'ulpPassword' - The new password for the specified IAM user. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D) However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see 'UpdateAccountPasswordPolicy' .
 --
 -- * 'ulpPasswordResetRequired' - Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in.
 --
--- * 'ulpUserName' - The name of the user whose password you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'ulpUserName' - The name of the user whose password you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 updateLoginProfile
     :: Text -- ^ 'ulpUserName'
     -> UpdateLoginProfile
 updateLoginProfile pUserName_ =
   UpdateLoginProfile'
-  { _ulpPassword = Nothing
-  , _ulpPasswordResetRequired = Nothing
-  , _ulpUserName = pUserName_
-  }
+    { _ulpPassword = Nothing
+    , _ulpPasswordResetRequired = Nothing
+    , _ulpUserName = pUserName_
+    }
 
 
--- | The new password for the specified IAM user. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D). However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see 'UpdateAccountPasswordPolicy' .
+-- | The new password for the specified IAM user. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D) However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see 'UpdateAccountPasswordPolicy' .
 ulpPassword :: Lens' UpdateLoginProfile (Maybe Text)
-ulpPassword = lens _ulpPassword (\ s a -> s{_ulpPassword = a}) . mapping _Sensitive;
+ulpPassword = lens _ulpPassword (\ s a -> s{_ulpPassword = a}) . mapping _Sensitive
 
 -- | Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in.
 ulpPasswordResetRequired :: Lens' UpdateLoginProfile (Maybe Bool)
-ulpPasswordResetRequired = lens _ulpPasswordResetRequired (\ s a -> s{_ulpPasswordResetRequired = a});
+ulpPasswordResetRequired = lens _ulpPasswordResetRequired (\ s a -> s{_ulpPasswordResetRequired = a})
 
--- | The name of the user whose password you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user whose password you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 ulpUserName :: Lens' UpdateLoginProfile Text
-ulpUserName = lens _ulpUserName (\ s a -> s{_ulpUserName = a});
+ulpUserName = lens _ulpUserName (\ s a -> s{_ulpUserName = a})
 
 instance AWSRequest UpdateLoginProfile where
         type Rs UpdateLoginProfile =
diff --git a/gen/Network/AWS/IAM/UpdateOpenIdConnectProviderThumbprint.hs b/gen/Network/AWS/IAM/UpdateOpenIdConnectProviderThumbprint.hs
--- a/gen/Network/AWS/IAM/UpdateOpenIdConnectProviderThumbprint.hs
+++ b/gen/Network/AWS/IAM/UpdateOpenIdConnectProviderThumbprint.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateOpenIdConnectProviderThumbprint
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider resource object with a new list of thumbprints.
 --
 --
--- The list that you pass with this action completely replaces the existing list of thumbprints. (The lists are not merged.)
+-- The list that you pass with this operation completely replaces the existing list of thumbprints. (The lists are not merged.)
 --
 -- Typically, you need to update a thumbprint only when the identity provider's certificate changes, which occurs rarely. However, if the provider's certificate /does/ change, any attempt to assume an IAM role that specifies the OIDC provider as a principal fails until the certificate thumbprint is updated.
 --
@@ -57,7 +57,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uoicptOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' action. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- * 'uoicptOpenIdConnectProviderARN' - The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' operation. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 --
 -- * 'uoicptThumbprintList' - A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see 'CreateOpenIDConnectProvider' .
 updateOpenIdConnectProviderThumbprint
@@ -65,18 +65,18 @@
     -> UpdateOpenIdConnectProviderThumbprint
 updateOpenIdConnectProviderThumbprint pOpenIdConnectProviderARN_ =
   UpdateOpenIdConnectProviderThumbprint'
-  { _uoicptOpenIdConnectProviderARN = pOpenIdConnectProviderARN_
-  , _uoicptThumbprintList = mempty
-  }
+    { _uoicptOpenIdConnectProviderARN = pOpenIdConnectProviderARN_
+    , _uoicptThumbprintList = mempty
+    }
 
 
--- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' action. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
+-- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the 'ListOpenIDConnectProviders' operation. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 uoicptOpenIdConnectProviderARN :: Lens' UpdateOpenIdConnectProviderThumbprint Text
-uoicptOpenIdConnectProviderARN = lens _uoicptOpenIdConnectProviderARN (\ s a -> s{_uoicptOpenIdConnectProviderARN = a});
+uoicptOpenIdConnectProviderARN = lens _uoicptOpenIdConnectProviderARN (\ s a -> s{_uoicptOpenIdConnectProviderARN = a})
 
 -- | A list of certificate thumbprints that are associated with the specified IAM OpenID Connect provider. For more information, see 'CreateOpenIDConnectProvider' .
 uoicptThumbprintList :: Lens' UpdateOpenIdConnectProviderThumbprint [Text]
-uoicptThumbprintList = lens _uoicptThumbprintList (\ s a -> s{_uoicptThumbprintList = a}) . _Coerce;
+uoicptThumbprintList = lens _uoicptThumbprintList (\ s a -> s{_uoicptThumbprintList = a}) . _Coerce
 
 instance AWSRequest
            UpdateOpenIdConnectProviderThumbprint
diff --git a/gen/Network/AWS/IAM/UpdateRole.hs b/gen/Network/AWS/IAM/UpdateRole.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/IAM/UpdateRole.hs
@@ -0,0 +1,137 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.IAM.UpdateRole
+-- Copyright   : (c) 2013-2018 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the description or maximum session duration setting of a role.
+--
+--
+module Network.AWS.IAM.UpdateRole
+    (
+    -- * Creating a Request
+      updateRole
+    , UpdateRole
+    -- * Request Lenses
+    , urMaxSessionDuration
+    , urDescription
+    , urRoleName
+
+    -- * Destructuring the Response
+    , updateRoleResponse
+    , UpdateRoleResponse
+    -- * Response Lenses
+    , urrsResponseStatus
+    ) where
+
+import Network.AWS.IAM.Types
+import Network.AWS.IAM.Types.Product
+import Network.AWS.Lens
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
+
+-- | /See:/ 'updateRole' smart constructor.
+data UpdateRole = UpdateRole'
+  { _urMaxSessionDuration :: !(Maybe Nat)
+  , _urDescription        :: !(Maybe Text)
+  , _urRoleName           :: !Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'UpdateRole' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'urMaxSessionDuration' - The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI or API can use the @DurationSeconds@ API parameter or the @duration-seconds@ CLI parameter to request a longer session. The @MaxSessionDuration@ setting determines the maximum duration that can be requested using the @DurationSeconds@ parameter. If users don't specify a value for the @DurationSeconds@ parameter, their security credentials are valid for one hour by default. This applies when you use the @AssumeRole*@ API operations or the @assume-role*@ CLI operations but does not apply when you use those operations to create a console URL. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html Using IAM Roles> in the /IAM User Guide/ .
+--
+-- * 'urDescription' - The new description that you want to apply to the specified role.
+--
+-- * 'urRoleName' - The name of the role that you want to modify.
+updateRole
+    :: Text -- ^ 'urRoleName'
+    -> UpdateRole
+updateRole pRoleName_ =
+  UpdateRole'
+    { _urMaxSessionDuration = Nothing
+    , _urDescription = Nothing
+    , _urRoleName = pRoleName_
+    }
+
+
+-- | The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. Anyone who assumes the role from the AWS CLI or API can use the @DurationSeconds@ API parameter or the @duration-seconds@ CLI parameter to request a longer session. The @MaxSessionDuration@ setting determines the maximum duration that can be requested using the @DurationSeconds@ parameter. If users don't specify a value for the @DurationSeconds@ parameter, their security credentials are valid for one hour by default. This applies when you use the @AssumeRole*@ API operations or the @assume-role*@ CLI operations but does not apply when you use those operations to create a console URL. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html Using IAM Roles> in the /IAM User Guide/ .
+urMaxSessionDuration :: Lens' UpdateRole (Maybe Natural)
+urMaxSessionDuration = lens _urMaxSessionDuration (\ s a -> s{_urMaxSessionDuration = a}) . mapping _Nat
+
+-- | The new description that you want to apply to the specified role.
+urDescription :: Lens' UpdateRole (Maybe Text)
+urDescription = lens _urDescription (\ s a -> s{_urDescription = a})
+
+-- | The name of the role that you want to modify.
+urRoleName :: Lens' UpdateRole Text
+urRoleName = lens _urRoleName (\ s a -> s{_urRoleName = a})
+
+instance AWSRequest UpdateRole where
+        type Rs UpdateRole = UpdateRoleResponse
+        request = postQuery iam
+        response
+          = receiveXMLWrapper "UpdateRoleResult"
+              (\ s h x ->
+                 UpdateRoleResponse' <$> (pure (fromEnum s)))
+
+instance Hashable UpdateRole where
+
+instance NFData UpdateRole where
+
+instance ToHeaders UpdateRole where
+        toHeaders = const mempty
+
+instance ToPath UpdateRole where
+        toPath = const "/"
+
+instance ToQuery UpdateRole where
+        toQuery UpdateRole'{..}
+          = mconcat
+              ["Action" =: ("UpdateRole" :: ByteString),
+               "Version" =: ("2010-05-08" :: ByteString),
+               "MaxSessionDuration" =: _urMaxSessionDuration,
+               "Description" =: _urDescription,
+               "RoleName" =: _urRoleName]
+
+-- | /See:/ 'updateRoleResponse' smart constructor.
+newtype UpdateRoleResponse = UpdateRoleResponse'
+  { _urrsResponseStatus :: Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'UpdateRoleResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'urrsResponseStatus' - -- | The response status code.
+updateRoleResponse
+    :: Int -- ^ 'urrsResponseStatus'
+    -> UpdateRoleResponse
+updateRoleResponse pResponseStatus_ =
+  UpdateRoleResponse' {_urrsResponseStatus = pResponseStatus_}
+
+
+-- | -- | The response status code.
+urrsResponseStatus :: Lens' UpdateRoleResponse Int
+urrsResponseStatus = lens _urrsResponseStatus (\ s a -> s{_urrsResponseStatus = a})
+
+instance NFData UpdateRoleResponse where
diff --git a/gen/Network/AWS/IAM/UpdateRoleDescription.hs b/gen/Network/AWS/IAM/UpdateRoleDescription.hs
--- a/gen/Network/AWS/IAM/UpdateRoleDescription.hs
+++ b/gen/Network/AWS/IAM/UpdateRoleDescription.hs
@@ -12,15 +12,17 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateRoleDescription
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Modifies the description of a role.
+-- Use instead.
 --
 --
+-- Modifies only the description of a role. This operation performs the same function as the @Description@ parameter in the @UpdateRole@ operation.
+--
 module Network.AWS.IAM.UpdateRoleDescription
     (
     -- * Creating a Request
@@ -65,16 +67,16 @@
     -> UpdateRoleDescription
 updateRoleDescription pRoleName_ pDescription_ =
   UpdateRoleDescription'
-  {_urdRoleName = pRoleName_, _urdDescription = pDescription_}
+    {_urdRoleName = pRoleName_, _urdDescription = pDescription_}
 
 
 -- | The name of the role that you want to modify.
 urdRoleName :: Lens' UpdateRoleDescription Text
-urdRoleName = lens _urdRoleName (\ s a -> s{_urdRoleName = a});
+urdRoleName = lens _urdRoleName (\ s a -> s{_urdRoleName = a})
 
 -- | The new description that you want to apply to the specified role.
 urdDescription :: Lens' UpdateRoleDescription Text
-urdDescription = lens _urdDescription (\ s a -> s{_urdDescription = a});
+urdDescription = lens _urdDescription (\ s a -> s{_urdDescription = a})
 
 instance AWSRequest UpdateRoleDescription where
         type Rs UpdateRoleDescription =
@@ -123,15 +125,15 @@
     -> UpdateRoleDescriptionResponse
 updateRoleDescriptionResponse pResponseStatus_ =
   UpdateRoleDescriptionResponse'
-  {_urdrsRole = Nothing, _urdrsResponseStatus = pResponseStatus_}
+    {_urdrsRole = Nothing, _urdrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the modified role.
 urdrsRole :: Lens' UpdateRoleDescriptionResponse (Maybe Role)
-urdrsRole = lens _urdrsRole (\ s a -> s{_urdrsRole = a});
+urdrsRole = lens _urdrsRole (\ s a -> s{_urdrsRole = a})
 
 -- | -- | The response status code.
 urdrsResponseStatus :: Lens' UpdateRoleDescriptionResponse Int
-urdrsResponseStatus = lens _urdrsResponseStatus (\ s a -> s{_urdrsResponseStatus = a});
+urdrsResponseStatus = lens _urdrsResponseStatus (\ s a -> s{_urdrsResponseStatus = a})
 
 instance NFData UpdateRoleDescriptionResponse where
diff --git a/gen/Network/AWS/IAM/UpdateSAMLProvider.hs b/gen/Network/AWS/IAM/UpdateSAMLProvider.hs
--- a/gen/Network/AWS/IAM/UpdateSAMLProvider.hs
+++ b/gen/Network/AWS/IAM/UpdateSAMLProvider.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateSAMLProvider
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -65,18 +65,18 @@
     -> UpdateSAMLProvider
 updateSAMLProvider pSAMLMetadataDocument_ pSAMLProviderARN_ =
   UpdateSAMLProvider'
-  { _usamlpSAMLMetadataDocument = pSAMLMetadataDocument_
-  , _usamlpSAMLProviderARN = pSAMLProviderARN_
-  }
+    { _usamlpSAMLMetadataDocument = pSAMLMetadataDocument_
+    , _usamlpSAMLProviderARN = pSAMLProviderARN_
+    }
 
 
 -- | An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
 usamlpSAMLMetadataDocument :: Lens' UpdateSAMLProvider Text
-usamlpSAMLMetadataDocument = lens _usamlpSAMLMetadataDocument (\ s a -> s{_usamlpSAMLMetadataDocument = a});
+usamlpSAMLMetadataDocument = lens _usamlpSAMLMetadataDocument (\ s a -> s{_usamlpSAMLMetadataDocument = a})
 
 -- | The Amazon Resource Name (ARN) of the SAML provider to update. For more information about ARNs, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces> in the /AWS General Reference/ .
 usamlpSAMLProviderARN :: Lens' UpdateSAMLProvider Text
-usamlpSAMLProviderARN = lens _usamlpSAMLProviderARN (\ s a -> s{_usamlpSAMLProviderARN = a});
+usamlpSAMLProviderARN = lens _usamlpSAMLProviderARN (\ s a -> s{_usamlpSAMLProviderARN = a})
 
 instance AWSRequest UpdateSAMLProvider where
         type Rs UpdateSAMLProvider =
@@ -130,17 +130,17 @@
     -> UpdateSAMLProviderResponse
 updateSAMLProviderResponse pResponseStatus_ =
   UpdateSAMLProviderResponse'
-  { _usamlprsSAMLProviderARN = Nothing
-  , _usamlprsResponseStatus = pResponseStatus_
-  }
+    { _usamlprsSAMLProviderARN = Nothing
+    , _usamlprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The Amazon Resource Name (ARN) of the SAML provider that was updated.
 usamlprsSAMLProviderARN :: Lens' UpdateSAMLProviderResponse (Maybe Text)
-usamlprsSAMLProviderARN = lens _usamlprsSAMLProviderARN (\ s a -> s{_usamlprsSAMLProviderARN = a});
+usamlprsSAMLProviderARN = lens _usamlprsSAMLProviderARN (\ s a -> s{_usamlprsSAMLProviderARN = a})
 
 -- | -- | The response status code.
 usamlprsResponseStatus :: Lens' UpdateSAMLProviderResponse Int
-usamlprsResponseStatus = lens _usamlprsResponseStatus (\ s a -> s{_usamlprsResponseStatus = a});
+usamlprsResponseStatus = lens _usamlprsResponseStatus (\ s a -> s{_usamlprsResponseStatus = a})
 
 instance NFData UpdateSAMLProviderResponse where
diff --git a/gen/Network/AWS/IAM/UpdateSSHPublicKey.hs b/gen/Network/AWS/IAM/UpdateSSHPublicKey.hs
--- a/gen/Network/AWS/IAM/UpdateSSHPublicKey.hs
+++ b/gen/Network/AWS/IAM/UpdateSSHPublicKey.hs
@@ -12,16 +12,16 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateSSHPublicKey
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This action can be used to disable a user's SSH public key as part of a key rotation work flow.
+-- Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.
 --
 --
--- The SSH public key affected by this action is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
+-- The SSH public key affected by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
 --
 module Network.AWS.IAM.UpdateSSHPublicKey
     (
@@ -57,11 +57,11 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uspkUserName' - The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uspkUserName' - The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'uspkSSHPublicKeyId' - The unique identifier for the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 --
--- * 'uspkStatus' - The status to assign to the SSH public key. @Active@ means the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means the key cannot be used.
+-- * 'uspkStatus' - The status to assign to the SSH public key. @Active@ means that the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means that the key cannot be used.
 updateSSHPublicKey
     :: Text -- ^ 'uspkUserName'
     -> Text -- ^ 'uspkSSHPublicKeyId'
@@ -69,23 +69,23 @@
     -> UpdateSSHPublicKey
 updateSSHPublicKey pUserName_ pSSHPublicKeyId_ pStatus_ =
   UpdateSSHPublicKey'
-  { _uspkUserName = pUserName_
-  , _uspkSSHPublicKeyId = pSSHPublicKeyId_
-  , _uspkStatus = pStatus_
-  }
+    { _uspkUserName = pUserName_
+    , _uspkSSHPublicKeyId = pSSHPublicKeyId_
+    , _uspkStatus = pStatus_
+    }
 
 
--- | The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user associated with the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uspkUserName :: Lens' UpdateSSHPublicKey Text
-uspkUserName = lens _uspkUserName (\ s a -> s{_uspkUserName = a});
+uspkUserName = lens _uspkUserName (\ s a -> s{_uspkUserName = a})
 
 -- | The unique identifier for the SSH public key. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 uspkSSHPublicKeyId :: Lens' UpdateSSHPublicKey Text
-uspkSSHPublicKeyId = lens _uspkSSHPublicKeyId (\ s a -> s{_uspkSSHPublicKeyId = a});
+uspkSSHPublicKeyId = lens _uspkSSHPublicKeyId (\ s a -> s{_uspkSSHPublicKeyId = a})
 
--- | The status to assign to the SSH public key. @Active@ means the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means the key cannot be used.
+-- | The status to assign to the SSH public key. @Active@ means that the key can be used for authentication with an AWS CodeCommit repository. @Inactive@ means that the key cannot be used.
 uspkStatus :: Lens' UpdateSSHPublicKey StatusType
-uspkStatus = lens _uspkStatus (\ s a -> s{_uspkStatus = a});
+uspkStatus = lens _uspkStatus (\ s a -> s{_uspkStatus = a})
 
 instance AWSRequest UpdateSSHPublicKey where
         type Rs UpdateSSHPublicKey =
diff --git a/gen/Network/AWS/IAM/UpdateServerCertificate.hs b/gen/Network/AWS/IAM/UpdateServerCertificate.hs
--- a/gen/Network/AWS/IAM/UpdateServerCertificate.hs
+++ b/gen/Network/AWS/IAM/UpdateServerCertificate.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateServerCertificate
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Updates the name and/or the path of the specified server certificate stored in IAM.
 --
 --
--- For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ .
+-- For more information about working with server certificates, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ . This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.
 --
 -- /Important:/ You should understand the implications of changing a server certificate's path or name. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts Renaming a Server Certificate> in the /IAM User Guide/ .
 --
@@ -59,33 +59,33 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uNewServerCertificateName' - The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uNewServerCertificateName' - The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'uNewPath' - The new path for the server certificate. Include this only if you are updating the server certificate's path. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'uNewPath' - The new path for the server certificate. Include this only if you are updating the server certificate's path. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'uServerCertificateName' - The name of the server certificate that you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uServerCertificateName' - The name of the server certificate that you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 updateServerCertificate
     :: Text -- ^ 'uServerCertificateName'
     -> UpdateServerCertificate
 updateServerCertificate pServerCertificateName_ =
   UpdateServerCertificate'
-  { _uNewServerCertificateName = Nothing
-  , _uNewPath = Nothing
-  , _uServerCertificateName = pServerCertificateName_
-  }
+    { _uNewServerCertificateName = Nothing
+    , _uNewPath = Nothing
+    , _uServerCertificateName = pServerCertificateName_
+    }
 
 
--- | The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uNewServerCertificateName :: Lens' UpdateServerCertificate (Maybe Text)
-uNewServerCertificateName = lens _uNewServerCertificateName (\ s a -> s{_uNewServerCertificateName = a});
+uNewServerCertificateName = lens _uNewServerCertificateName (\ s a -> s{_uNewServerCertificateName = a})
 
--- | The new path for the server certificate. Include this only if you are updating the server certificate's path. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The new path for the server certificate. Include this only if you are updating the server certificate's path. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 uNewPath :: Lens' UpdateServerCertificate (Maybe Text)
-uNewPath = lens _uNewPath (\ s a -> s{_uNewPath = a});
+uNewPath = lens _uNewPath (\ s a -> s{_uNewPath = a})
 
--- | The name of the server certificate that you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the server certificate that you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uServerCertificateName :: Lens' UpdateServerCertificate Text
-uServerCertificateName = lens _uServerCertificateName (\ s a -> s{_uServerCertificateName = a});
+uServerCertificateName = lens _uServerCertificateName (\ s a -> s{_uServerCertificateName = a})
 
 instance AWSRequest UpdateServerCertificate where
         type Rs UpdateServerCertificate =
diff --git a/gen/Network/AWS/IAM/UpdateServiceSpecificCredential.hs b/gen/Network/AWS/IAM/UpdateServiceSpecificCredential.hs
--- a/gen/Network/AWS/IAM/UpdateServiceSpecificCredential.hs
+++ b/gen/Network/AWS/IAM/UpdateServiceSpecificCredential.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateServiceSpecificCredential
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Sets the status of a service-specific credential to @Active@ or @Inactive@ . Service-specific credentials that are inactive cannot be used for authentication to the service. This action can be used to disable a user’s service-specific credential as part of a credential rotation work flow.
+-- Sets the status of a service-specific credential to @Active@ or @Inactive@ . Service-specific credentials that are inactive cannot be used for authentication to the service. This operation can be used to disable a user’s service-specific credential as part of a credential rotation work flow.
 --
 --
 module Network.AWS.IAM.UpdateServiceSpecificCredential
@@ -55,7 +55,7 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'usscUserName' - The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'usscUserName' - The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'usscServiceSpecificCredentialId' - The unique identifier of the service-specific credential. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 --
@@ -66,23 +66,23 @@
     -> UpdateServiceSpecificCredential
 updateServiceSpecificCredential pServiceSpecificCredentialId_ pStatus_ =
   UpdateServiceSpecificCredential'
-  { _usscUserName = Nothing
-  , _usscServiceSpecificCredentialId = pServiceSpecificCredentialId_
-  , _usscStatus = pStatus_
-  }
+    { _usscUserName = Nothing
+    , _usscServiceSpecificCredentialId = pServiceSpecificCredentialId_
+    , _usscStatus = pStatus_
+    }
 
 
--- | The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user associated with the service-specific credential. If you do not specify this value, then the operation assumes the user whose credentials are used to call the operation. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 usscUserName :: Lens' UpdateServiceSpecificCredential (Maybe Text)
-usscUserName = lens _usscUserName (\ s a -> s{_usscUserName = a});
+usscUserName = lens _usscUserName (\ s a -> s{_usscUserName = a})
 
 -- | The unique identifier of the service-specific credential. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 usscServiceSpecificCredentialId :: Lens' UpdateServiceSpecificCredential Text
-usscServiceSpecificCredentialId = lens _usscServiceSpecificCredentialId (\ s a -> s{_usscServiceSpecificCredentialId = a});
+usscServiceSpecificCredentialId = lens _usscServiceSpecificCredentialId (\ s a -> s{_usscServiceSpecificCredentialId = a})
 
 -- | The status to be assigned to the service-specific credential.
 usscStatus :: Lens' UpdateServiceSpecificCredential StatusType
-usscStatus = lens _usscStatus (\ s a -> s{_usscStatus = a});
+usscStatus = lens _usscStatus (\ s a -> s{_usscStatus = a})
 
 instance AWSRequest UpdateServiceSpecificCredential
          where
diff --git a/gen/Network/AWS/IAM/UpdateSigningCertificate.hs b/gen/Network/AWS/IAM/UpdateSigningCertificate.hs
--- a/gen/Network/AWS/IAM/UpdateSigningCertificate.hs
+++ b/gen/Network/AWS/IAM/UpdateSigningCertificate.hs
@@ -12,16 +12,16 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateSigningCertificate
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Changes the status of the specified user signing certificate from active to disabled, or vice versa. This action can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.
+-- Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.
 --
 --
--- If the @UserName@ field is not specified, the UserName is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
+-- If the @UserName@ field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
 --
 module Network.AWS.IAM.UpdateSigningCertificate
     (
@@ -57,34 +57,34 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uscUserName' - The name of the IAM user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uscUserName' - The name of the IAM user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
 -- * 'uscCertificateId' - The ID of the signing certificate you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 --
--- * 'uscStatus' - The status you want to assign to the certificate. @Active@ means the certificate can be used for API calls to AWS, while @Inactive@ means the certificate cannot be used.
+-- * 'uscStatus' - The status you want to assign to the certificate. @Active@ means that the certificate can be used for API calls to AWS @Inactive@ means that the certificate cannot be used.
 updateSigningCertificate
     :: Text -- ^ 'uscCertificateId'
     -> StatusType -- ^ 'uscStatus'
     -> UpdateSigningCertificate
 updateSigningCertificate pCertificateId_ pStatus_ =
   UpdateSigningCertificate'
-  { _uscUserName = Nothing
-  , _uscCertificateId = pCertificateId_
-  , _uscStatus = pStatus_
-  }
+    { _uscUserName = Nothing
+    , _uscCertificateId = pCertificateId_
+    , _uscStatus = pStatus_
+    }
 
 
--- | The name of the IAM user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user the signing certificate belongs to. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uscUserName :: Lens' UpdateSigningCertificate (Maybe Text)
-uscUserName = lens _uscUserName (\ s a -> s{_uscUserName = a});
+uscUserName = lens _uscUserName (\ s a -> s{_uscUserName = a})
 
 -- | The ID of the signing certificate you want to update. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters that can consist of any upper or lowercased letter or digit.
 uscCertificateId :: Lens' UpdateSigningCertificate Text
-uscCertificateId = lens _uscCertificateId (\ s a -> s{_uscCertificateId = a});
+uscCertificateId = lens _uscCertificateId (\ s a -> s{_uscCertificateId = a})
 
--- | The status you want to assign to the certificate. @Active@ means the certificate can be used for API calls to AWS, while @Inactive@ means the certificate cannot be used.
+-- | The status you want to assign to the certificate. @Active@ means that the certificate can be used for API calls to AWS @Inactive@ means that the certificate cannot be used.
 uscStatus :: Lens' UpdateSigningCertificate StatusType
-uscStatus = lens _uscStatus (\ s a -> s{_uscStatus = a});
+uscStatus = lens _uscStatus (\ s a -> s{_uscStatus = a})
 
 instance AWSRequest UpdateSigningCertificate where
         type Rs UpdateSigningCertificate =
diff --git a/gen/Network/AWS/IAM/UpdateUser.hs b/gen/Network/AWS/IAM/UpdateUser.hs
--- a/gen/Network/AWS/IAM/UpdateUser.hs
+++ b/gen/Network/AWS/IAM/UpdateUser.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UpdateUser
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -57,30 +57,30 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uuNewUserName' - New name for the user. Include this parameter only if you're changing the user's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uuNewUserName' - New name for the user. Include this parameter only if you're changing the user's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'uuNewPath' - New path for the IAM user. Include this parameter only if you're changing the user's path. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'uuNewPath' - New path for the IAM user. Include this parameter only if you're changing the user's path. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'uuUserName' - Name of the user to update. If you're changing the name of the user, this is the original user name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uuUserName' - Name of the user to update. If you're changing the name of the user, this is the original user name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 updateUser
     :: Text -- ^ 'uuUserName'
     -> UpdateUser
 updateUser pUserName_ =
   UpdateUser'
-  {_uuNewUserName = Nothing, _uuNewPath = Nothing, _uuUserName = pUserName_}
+    {_uuNewUserName = Nothing, _uuNewPath = Nothing, _uuUserName = pUserName_}
 
 
--- | New name for the user. Include this parameter only if you're changing the user's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | New name for the user. Include this parameter only if you're changing the user's name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uuNewUserName :: Lens' UpdateUser (Maybe Text)
-uuNewUserName = lens _uuNewUserName (\ s a -> s{_uuNewUserName = a});
+uuNewUserName = lens _uuNewUserName (\ s a -> s{_uuNewUserName = a})
 
--- | New path for the IAM user. Include this parameter only if you're changing the user's path. This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | New path for the IAM user. Include this parameter only if you're changing the user's path. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 uuNewPath :: Lens' UpdateUser (Maybe Text)
-uuNewPath = lens _uuNewPath (\ s a -> s{_uuNewPath = a});
+uuNewPath = lens _uuNewPath (\ s a -> s{_uuNewPath = a})
 
--- | Name of the user to update. If you're changing the name of the user, this is the original user name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | Name of the user to update. If you're changing the name of the user, this is the original user name. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uuUserName :: Lens' UpdateUser Text
-uuUserName = lens _uuUserName (\ s a -> s{_uuUserName = a});
+uuUserName = lens _uuUserName (\ s a -> s{_uuUserName = a})
 
 instance AWSRequest UpdateUser where
         type Rs UpdateUser = UpdateUserResponse
diff --git a/gen/Network/AWS/IAM/UploadSSHPublicKey.hs b/gen/Network/AWS/IAM/UploadSSHPublicKey.hs
--- a/gen/Network/AWS/IAM/UploadSSHPublicKey.hs
+++ b/gen/Network/AWS/IAM/UploadSSHPublicKey.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UploadSSHPublicKey
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Uploads an SSH public key and associates it with the specified IAM user.
 --
 --
--- The SSH public key uploaded by this action can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
+-- The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see <http://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html Set up AWS CodeCommit for SSH Connections> in the /AWS CodeCommit User Guide/ .
 --
 module Network.AWS.IAM.UploadSSHPublicKey
     (
@@ -58,25 +58,25 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'usshpkUserName' - The name of the IAM user to associate the SSH public key with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'usshpkUserName' - The name of the IAM user to associate the SSH public key with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'usshpkSSHPublicKeyBody' - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'usshpkSSHPublicKeyBody' - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uploadSSHPublicKey
     :: Text -- ^ 'usshpkUserName'
     -> Text -- ^ 'usshpkSSHPublicKeyBody'
     -> UploadSSHPublicKey
 uploadSSHPublicKey pUserName_ pSSHPublicKeyBody_ =
   UploadSSHPublicKey'
-  {_usshpkUserName = pUserName_, _usshpkSSHPublicKeyBody = pSSHPublicKeyBody_}
+    {_usshpkUserName = pUserName_, _usshpkSSHPublicKeyBody = pSSHPublicKeyBody_}
 
 
--- | The name of the IAM user to associate the SSH public key with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the IAM user to associate the SSH public key with. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 usshpkUserName :: Lens' UploadSSHPublicKey Text
-usshpkUserName = lens _usshpkUserName (\ s a -> s{_usshpkUserName = a});
+usshpkUserName = lens _usshpkUserName (\ s a -> s{_usshpkUserName = a})
 
--- | The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 usshpkSSHPublicKeyBody :: Lens' UploadSSHPublicKey Text
-usshpkSSHPublicKeyBody = lens _usshpkSSHPublicKeyBody (\ s a -> s{_usshpkSSHPublicKeyBody = a});
+usshpkSSHPublicKeyBody = lens _usshpkSSHPublicKeyBody (\ s a -> s{_usshpkSSHPublicKeyBody = a})
 
 instance AWSRequest UploadSSHPublicKey where
         type Rs UploadSSHPublicKey =
@@ -129,15 +129,15 @@
     -> UploadSSHPublicKeyResponse
 uploadSSHPublicKeyResponse pResponseStatus_ =
   UploadSSHPublicKeyResponse'
-  {_uspkrsSSHPublicKey = Nothing, _uspkrsResponseStatus = pResponseStatus_}
+    {_uspkrsSSHPublicKey = Nothing, _uspkrsResponseStatus = pResponseStatus_}
 
 
 -- | Contains information about the SSH public key.
 uspkrsSSHPublicKey :: Lens' UploadSSHPublicKeyResponse (Maybe SSHPublicKey)
-uspkrsSSHPublicKey = lens _uspkrsSSHPublicKey (\ s a -> s{_uspkrsSSHPublicKey = a});
+uspkrsSSHPublicKey = lens _uspkrsSSHPublicKey (\ s a -> s{_uspkrsSSHPublicKey = a})
 
 -- | -- | The response status code.
 uspkrsResponseStatus :: Lens' UploadSSHPublicKeyResponse Int
-uspkrsResponseStatus = lens _uspkrsResponseStatus (\ s a -> s{_uspkrsResponseStatus = a});
+uspkrsResponseStatus = lens _uspkrsResponseStatus (\ s a -> s{_uspkrsResponseStatus = a})
 
 instance NFData UploadSSHPublicKeyResponse where
diff --git a/gen/Network/AWS/IAM/UploadServerCertificate.hs b/gen/Network/AWS/IAM/UploadServerCertificate.hs
--- a/gen/Network/AWS/IAM/UploadServerCertificate.hs
+++ b/gen/Network/AWS/IAM/UploadServerCertificate.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UploadServerCertificate
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- We recommend that you use <https://aws.amazon.com/certificate-manager/ AWS Certificate Manager> to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the <http://docs.aws.amazon.com/acm/latest/userguide/ AWS Certificate Manager User Guide> .
 --
--- For more information about working with server certificates, including a list of AWS services that can use the server certificates that you manage with IAM, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ .
+-- For more information about working with server certificates, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Working with Server Certificates> in the /IAM User Guide/ . This topic includes a list of AWS services that can use the server certificates that you manage with IAM.
 --
 -- For information about the number of server certificates you can upload, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html Limitations on IAM Entities and Objects> in the /IAM User Guide/ .
 --
@@ -68,15 +68,15 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uscPath' - The path for the server certificate. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- * 'uscPath' - The path for the server certificate. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 --
--- * 'uscCertificateChain' - The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'uscCertificateChain' - The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 --
--- * 'uscServerCertificateName' - The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uscServerCertificateName' - The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'uscCertificateBody' - The contents of the public key certificate in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'uscCertificateBody' - The contents of the public key certificate in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 --
--- * 'uscPrivateKey' - The contents of the private key in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'uscPrivateKey' - The contents of the private key in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uploadServerCertificate
     :: Text -- ^ 'uscServerCertificateName'
     -> Text -- ^ 'uscCertificateBody'
@@ -84,33 +84,33 @@
     -> UploadServerCertificate
 uploadServerCertificate pServerCertificateName_ pCertificateBody_ pPrivateKey_ =
   UploadServerCertificate'
-  { _uscPath = Nothing
-  , _uscCertificateChain = Nothing
-  , _uscServerCertificateName = pServerCertificateName_
-  , _uscCertificateBody = pCertificateBody_
-  , _uscPrivateKey = _Sensitive # pPrivateKey_
-  }
+    { _uscPath = Nothing
+    , _uscCertificateChain = Nothing
+    , _uscServerCertificateName = pServerCertificateName_
+    , _uscCertificateBody = pCertificateBody_
+    , _uscPrivateKey = _Sensitive # pPrivateKey_
+    }
 
 
--- | The path for the server certificate. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This paramater allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
+-- | The path for the server certificate. For more information about paths, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html IAM Identifiers> in the /IAM User Guide/ . This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
 uscPath :: Lens' UploadServerCertificate (Maybe Text)
-uscPath = lens _uscPath (\ s a -> s{_uscPath = a});
+uscPath = lens _uscPath (\ s a -> s{_uscPath = a})
 
--- | The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uscCertificateChain :: Lens' UploadServerCertificate (Maybe Text)
-uscCertificateChain = lens _uscCertificateChain (\ s a -> s{_uscCertificateChain = a});
+uscCertificateChain = lens _uscCertificateChain (\ s a -> s{_uscCertificateChain = a})
 
--- | The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uscServerCertificateName :: Lens' UploadServerCertificate Text
-uscServerCertificateName = lens _uscServerCertificateName (\ s a -> s{_uscServerCertificateName = a});
+uscServerCertificateName = lens _uscServerCertificateName (\ s a -> s{_uscServerCertificateName = a})
 
--- | The contents of the public key certificate in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The contents of the public key certificate in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uscCertificateBody :: Lens' UploadServerCertificate Text
-uscCertificateBody = lens _uscCertificateBody (\ s a -> s{_uscCertificateBody = a});
+uscCertificateBody = lens _uscCertificateBody (\ s a -> s{_uscCertificateBody = a})
 
--- | The contents of the private key in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The contents of the private key in PEM-encoded format. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uscPrivateKey :: Lens' UploadServerCertificate Text
-uscPrivateKey = lens _uscPrivateKey (\ s a -> s{_uscPrivateKey = a}) . _Sensitive;
+uscPrivateKey = lens _uscPrivateKey (\ s a -> s{_uscPrivateKey = a}) . _Sensitive
 
 instance AWSRequest UploadServerCertificate where
         type Rs UploadServerCertificate =
@@ -168,17 +168,17 @@
     -> UploadServerCertificateResponse
 uploadServerCertificateResponse pResponseStatus_ =
   UploadServerCertificateResponse'
-  { _ursServerCertificateMetadata = Nothing
-  , _ursResponseStatus = pResponseStatus_
-  }
+    { _ursServerCertificateMetadata = Nothing
+    , _ursResponseStatus = pResponseStatus_
+    }
 
 
 -- | The meta information of the uploaded server certificate without its certificate body, certificate chain, and private key.
 ursServerCertificateMetadata :: Lens' UploadServerCertificateResponse (Maybe ServerCertificateMetadata)
-ursServerCertificateMetadata = lens _ursServerCertificateMetadata (\ s a -> s{_ursServerCertificateMetadata = a});
+ursServerCertificateMetadata = lens _ursServerCertificateMetadata (\ s a -> s{_ursServerCertificateMetadata = a})
 
 -- | -- | The response status code.
 ursResponseStatus :: Lens' UploadServerCertificateResponse Int
-ursResponseStatus = lens _ursResponseStatus (\ s a -> s{_ursResponseStatus = a});
+ursResponseStatus = lens _ursResponseStatus (\ s a -> s{_ursResponseStatus = a})
 
 instance NFData UploadServerCertificateResponse where
diff --git a/gen/Network/AWS/IAM/UploadSigningCertificate.hs b/gen/Network/AWS/IAM/UploadSigningCertificate.hs
--- a/gen/Network/AWS/IAM/UploadSigningCertificate.hs
+++ b/gen/Network/AWS/IAM/UploadSigningCertificate.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.UploadSigningCertificate
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -21,7 +21,7 @@
 -- Uploads an X.509 signing certificate and associates it with the specified IAM user. Some AWS services use X.509 signing certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is @Active@ .
 --
 --
--- If the @UserName@ field is not specified, the IAM user name is determined implicitly based on the AWS access key ID used to sign the request. Because this action works for access keys under the AWS account, you can use this action to manage root credentials even if the AWS account has no associated users.
+-- If the @UserName@ field is not specified, the IAM user name is determined implicitly based on the AWS access key ID used to sign the request. Because this operation works for access keys under the AWS account, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.
 --
 module Network.AWS.IAM.UploadSigningCertificate
     (
@@ -58,24 +58,24 @@
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'uplUserName' - The name of the user the signing certificate is for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- * 'uplUserName' - The name of the user the signing certificate is for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 --
--- * 'uplCertificateBody' - The contents of the signing certificate. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- * 'uplCertificateBody' - The contents of the signing certificate. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uploadSigningCertificate
     :: Text -- ^ 'uplCertificateBody'
     -> UploadSigningCertificate
 uploadSigningCertificate pCertificateBody_ =
   UploadSigningCertificate'
-  {_uplUserName = Nothing, _uplCertificateBody = pCertificateBody_}
+    {_uplUserName = Nothing, _uplCertificateBody = pCertificateBody_}
 
 
--- | The name of the user the signing certificate is for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-
+-- | The name of the user the signing certificate is for. This parameter allows (per its <http://wikipedia.org/wiki/regex regex pattern> ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 uplUserName :: Lens' UploadSigningCertificate (Maybe Text)
-uplUserName = lens _uplUserName (\ s a -> s{_uplUserName = a});
+uplUserName = lens _uplUserName (\ s a -> s{_uplUserName = a})
 
--- | The contents of the signing certificate. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).
+-- | The contents of the signing certificate. The <http://wikipedia.org/wiki/regex regex pattern> used to validate this parameter is a string of characters consisting of the following:     * Any printable ASCII character ranging from the space character (\u0020) through the end of the ASCII character range     * The printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF)     * The special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D)
 uplCertificateBody :: Lens' UploadSigningCertificate Text
-uplCertificateBody = lens _uplCertificateBody (\ s a -> s{_uplCertificateBody = a});
+uplCertificateBody = lens _uplCertificateBody (\ s a -> s{_uplCertificateBody = a})
 
 instance AWSRequest UploadSigningCertificate where
         type Rs UploadSigningCertificate =
@@ -130,16 +130,16 @@
     -> UploadSigningCertificateResponse
 uploadSigningCertificateResponse pResponseStatus_ pCertificate_ =
   UploadSigningCertificateResponse'
-  {_uscrsResponseStatus = pResponseStatus_, _uscrsCertificate = pCertificate_}
+    {_uscrsResponseStatus = pResponseStatus_, _uscrsCertificate = pCertificate_}
 
 
 -- | -- | The response status code.
 uscrsResponseStatus :: Lens' UploadSigningCertificateResponse Int
-uscrsResponseStatus = lens _uscrsResponseStatus (\ s a -> s{_uscrsResponseStatus = a});
+uscrsResponseStatus = lens _uscrsResponseStatus (\ s a -> s{_uscrsResponseStatus = a})
 
 -- | Information about the certificate.
 uscrsCertificate :: Lens' UploadSigningCertificateResponse SigningCertificate
-uscrsCertificate = lens _uscrsCertificate (\ s a -> s{_uscrsCertificate = a});
+uscrsCertificate = lens _uscrsCertificate (\ s a -> s{_uscrsCertificate = a})
 
 instance NFData UploadSigningCertificateResponse
          where
diff --git a/gen/Network/AWS/IAM/Waiters.hs b/gen/Network/AWS/IAM/Waiters.hs
--- a/gen/Network/AWS/IAM/Waiters.hs
+++ b/gen/Network/AWS/IAM/Waiters.hs
@@ -7,7 +7,7 @@
 
 -- |
 -- Module      : Network.AWS.IAM.Waiters
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -26,22 +26,22 @@
 instanceProfileExists :: Wait GetInstanceProfile
 instanceProfileExists =
   Wait
-  { _waitName = "InstanceProfileExists"
-  , _waitAttempts = 40
-  , _waitDelay = 1
-  , _waitAcceptors =
-      [matchStatus 200 AcceptSuccess, matchStatus 404 AcceptRetry]
-  }
+    { _waitName = "InstanceProfileExists"
+    , _waitAttempts = 40
+    , _waitDelay = 1
+    , _waitAcceptors =
+        [matchStatus 200 AcceptSuccess, matchStatus 404 AcceptRetry]
+    }
 
 
 -- | Polls 'Network.AWS.IAM.GetUser' every 1 seconds until a successful state is reached. An error is returned after 20 failed checks.
 userExists :: Wait GetUser
 userExists =
   Wait
-  { _waitName = "UserExists"
-  , _waitAttempts = 20
-  , _waitDelay = 1
-  , _waitAcceptors =
-      [matchStatus 200 AcceptSuccess, matchError "NoSuchEntity" AcceptRetry]
-  }
+    { _waitName = "UserExists"
+    , _waitAttempts = 20
+    , _waitDelay = 1
+    , _waitAcceptors =
+        [matchStatus 200 AcceptSuccess, matchError "NoSuchEntity" AcceptRetry]
+    }
 
diff --git a/test/Main.hs b/test/Main.hs
--- a/test/Main.hs
+++ b/test/Main.hs
@@ -2,7 +2,7 @@
 
 -- |
 -- Module      : Main
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/test/Test/AWS/Gen/IAM.hs b/test/Test/AWS/Gen/IAM.hs
--- a/test/Test/AWS/Gen/IAM.hs
+++ b/test/Test/AWS/Gen/IAM.hs
@@ -5,7 +5,7 @@
 
 -- |
 -- Module      : Test.AWS.Gen.IAM
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -106,6 +106,9 @@
 --         , requestSimulateCustomPolicy $
 --             simulateCustomPolicy
 --
+--         , requestUpdateRole $
+--             updateRole
+--
 --         , requestDeleteRole $
 --             deleteRole
 --
@@ -475,6 +478,9 @@
 --         , responseSimulateCustomPolicy $
 --             simulatePolicyResponse
 --
+--         , responseUpdateRole $
+--             updateRoleResponse
+--
 --         , responseDeleteRole $
 --             deleteRoleResponse
 --
@@ -898,6 +904,11 @@
     "SimulateCustomPolicy"
     "fixture/SimulateCustomPolicy.yaml"
 
+requestUpdateRole :: UpdateRole -> TestTree
+requestUpdateRole = req
+    "UpdateRole"
+    "fixture/UpdateRole.yaml"
+
 requestDeleteRole :: DeleteRole -> TestTree
 requestDeleteRole = req
     "DeleteRole"
@@ -1561,6 +1572,13 @@
     "fixture/SimulateCustomPolicyResponse.proto"
     iam
     (Proxy :: Proxy SimulateCustomPolicy)
+
+responseUpdateRole :: UpdateRoleResponse -> TestTree
+responseUpdateRole = res
+    "UpdateRoleResponse"
+    "fixture/UpdateRoleResponse.proto"
+    iam
+    (Proxy :: Proxy UpdateRole)
 
 responseDeleteRole :: DeleteRoleResponse -> TestTree
 responseDeleteRole = res
diff --git a/test/Test/AWS/IAM.hs b/test/Test/AWS/IAM.hs
--- a/test/Test/AWS/IAM.hs
+++ b/test/Test/AWS/IAM.hs
@@ -1,7 +1,7 @@
 {-# LANGUAGE OverloadedStrings #-}
 
 -- Module      : Test.AWS.IAM
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : This Source Code Form is subject to the terms of
 --               the Mozilla Public License, v. 2.0.
 --               A copy of the MPL can be found in the LICENSE file or
diff --git a/test/Test/AWS/IAM/Internal.hs b/test/Test/AWS/IAM/Internal.hs
--- a/test/Test/AWS/IAM/Internal.hs
+++ b/test/Test/AWS/IAM/Internal.hs
@@ -2,7 +2,7 @@
 {-# OPTIONS_GHC -fno-warn-unused-imports #-}
 
 -- Module      : Test.AWS.IAM.Internal
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : This Source Code Form is subject to the terms of
 --               the Mozilla Public License, v. 2.0.
 --               A copy of the MPL can be found in the LICENSE file or
