diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 
 ## Version
 
-`1.5.0`
+`1.6.0`
 
 
 ## Description
diff --git a/amazonka-organizations.cabal b/amazonka-organizations.cabal
--- a/amazonka-organizations.cabal
+++ b/amazonka-organizations.cabal
@@ -1,5 +1,5 @@
 name:                  amazonka-organizations
-version:               1.5.0
+version:               1.6.0
 synopsis:              Amazon Organizations SDK.
 homepage:              https://github.com/brendanhay/amazonka
 bug-reports:           https://github.com/brendanhay/amazonka/issues
@@ -7,7 +7,7 @@
 license-file:          LICENSE
 author:                Brendan Hay
 maintainer:            Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-copyright:             Copyright (c) 2013-2017 Brendan Hay
+copyright:             Copyright (c) 2013-2018 Brendan Hay
 category:              Network, AWS, Cloud, Distributed Computing
 build-type:            Simple
 cabal-version:         >= 1.10
@@ -63,11 +63,14 @@
         , Network.AWS.Organizations.DescribeOrganizationalUnit
         , Network.AWS.Organizations.DescribePolicy
         , Network.AWS.Organizations.DetachPolicy
+        , Network.AWS.Organizations.DisableAWSServiceAccess
         , Network.AWS.Organizations.DisablePolicyType
+        , Network.AWS.Organizations.EnableAWSServiceAccess
         , Network.AWS.Organizations.EnableAllFeatures
         , Network.AWS.Organizations.EnablePolicyType
         , Network.AWS.Organizations.InviteAccountToOrganization
         , Network.AWS.Organizations.LeaveOrganization
+        , Network.AWS.Organizations.ListAWSServiceAccessForOrganization
         , Network.AWS.Organizations.ListAccounts
         , Network.AWS.Organizations.ListAccountsForParent
         , Network.AWS.Organizations.ListChildren
@@ -92,7 +95,7 @@
         , Network.AWS.Organizations.Types.Sum
 
     build-depends:
-          amazonka-core == 1.5.0.*
+          amazonka-core == 1.6.0.*
         , base          >= 4.7     && < 5
 
 test-suite amazonka-organizations-test
@@ -112,8 +115,8 @@
         , Test.AWS.Organizations.Internal
 
     build-depends:
-          amazonka-core == 1.5.0.*
-        , amazonka-test == 1.5.0.*
+          amazonka-core == 1.6.0.*
+        , amazonka-test == 1.6.0.*
         , amazonka-organizations
         , base
         , bytestring
diff --git a/fixture/DisableAWSServiceAccess.yaml b/fixture/DisableAWSServiceAccess.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableAWSServiceAccess.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/organizations/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  organizations.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableAWSServiceAccessResponse.proto b/fixture/DisableAWSServiceAccessResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableAWSServiceAccessResponse.proto
diff --git a/fixture/EnableAWSServiceAccess.yaml b/fixture/EnableAWSServiceAccess.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableAWSServiceAccess.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/organizations/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  organizations.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableAWSServiceAccessResponse.proto b/fixture/EnableAWSServiceAccessResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableAWSServiceAccessResponse.proto
diff --git a/fixture/ListAWSServiceAccessForOrganization.yaml b/fixture/ListAWSServiceAccessForOrganization.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAWSServiceAccessForOrganization.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/organizations/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  organizations.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAWSServiceAccessForOrganizationResponse.proto b/fixture/ListAWSServiceAccessForOrganizationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAWSServiceAccessForOrganizationResponse.proto
diff --git a/gen/Network/AWS/Organizations.hs b/gen/Network/AWS/Organizations.hs
--- a/gen/Network/AWS/Organizations.hs
+++ b/gen/Network/AWS/Organizations.hs
@@ -5,7 +5,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -35,7 +35,7 @@
 --
 -- __Support and Feedback for AWS Organizations__
 --
--- We welcome your feedback. Send your comments to <mailto:feedback-awsorganizations@amazon.com feedback-awsorganizations@amazon.com> or post your feedback and questions in our private <http://forums.aws.amazon.com/forum.jspa?forumID=219 AWS Organizations support forum> . If you don't have access to the forum, send a request for access to the email address, along with your forum user ID. For more information about the AWS support forums, see <http://forums.aws.amazon.com/help.jspa Forums Help> .
+-- We welcome your feedback. Send your comments to <mailto:feedback-awsorganizations@amazon.com feedback-awsorganizations@amazon.com> or post your feedback and questions in the <http://forums.aws.amazon.com/forum.jspa?forumID=219 AWS Organizations support forum> . For more information about the AWS support forums, see <http://forums.aws.amazon.com/help.jspa Forums Help> .
 --
 -- __Endpoint to Call When Using the CLI or the AWS API__
 --
@@ -226,6 +226,9 @@
     -- ** DescribePolicy
     , module Network.AWS.Organizations.DescribePolicy
 
+    -- ** DisableAWSServiceAccess
+    , module Network.AWS.Organizations.DisableAWSServiceAccess
+
     -- ** LeaveOrganization
     , module Network.AWS.Organizations.LeaveOrganization
 
@@ -238,6 +241,9 @@
     -- ** InviteAccountToOrganization
     , module Network.AWS.Organizations.InviteAccountToOrganization
 
+    -- ** ListAWSServiceAccessForOrganization (Paginated)
+    , module Network.AWS.Organizations.ListAWSServiceAccessForOrganization
+
     -- ** ListOrganizationalUnitsForParent (Paginated)
     , module Network.AWS.Organizations.ListOrganizationalUnitsForParent
 
@@ -274,6 +280,9 @@
     -- ** RemoveAccountFromOrganization
     , module Network.AWS.Organizations.RemoveAccountFromOrganization
 
+    -- ** EnableAWSServiceAccess
+    , module Network.AWS.Organizations.EnableAWSServiceAccess
+
     -- ** DescribeOrganizationalUnit
     , module Network.AWS.Organizations.DescribeOrganizationalUnit
 
@@ -385,6 +394,12 @@
     , casId
     , casRequestedTimestamp
 
+    -- ** EnabledServicePrincipal
+    , EnabledServicePrincipal
+    , enabledServicePrincipal
+    , espServicePrincipal
+    , espDateEnabled
+
     -- ** Handshake
     , Handshake
     , handshake
@@ -497,13 +512,16 @@
 import Network.AWS.Organizations.DescribeOrganizationalUnit
 import Network.AWS.Organizations.DescribePolicy
 import Network.AWS.Organizations.DetachPolicy
+import Network.AWS.Organizations.DisableAWSServiceAccess
 import Network.AWS.Organizations.DisablePolicyType
 import Network.AWS.Organizations.EnableAllFeatures
+import Network.AWS.Organizations.EnableAWSServiceAccess
 import Network.AWS.Organizations.EnablePolicyType
 import Network.AWS.Organizations.InviteAccountToOrganization
 import Network.AWS.Organizations.LeaveOrganization
 import Network.AWS.Organizations.ListAccounts
 import Network.AWS.Organizations.ListAccountsForParent
+import Network.AWS.Organizations.ListAWSServiceAccessForOrganization
 import Network.AWS.Organizations.ListChildren
 import Network.AWS.Organizations.ListCreateAccountStatus
 import Network.AWS.Organizations.ListHandshakesForAccount
diff --git a/gen/Network/AWS/Organizations/AcceptHandshake.hs b/gen/Network/AWS/Organizations/AcceptHandshake.hs
--- a/gen/Network/AWS/Organizations/AcceptHandshake.hs
+++ b/gen/Network/AWS/Organizations/AcceptHandshake.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.AcceptHandshake
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -78,7 +78,7 @@
 
 -- | The unique identifier (ID) of the handshake that you want to accept. The <http://wikipedia.org/wiki/regex regex pattern> for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
 ahHandshakeId :: Lens' AcceptHandshake Text
-ahHandshakeId = lens _ahHandshakeId (\ s a -> s{_ahHandshakeId = a});
+ahHandshakeId = lens _ahHandshakeId (\ s a -> s{_ahHandshakeId = a})
 
 instance AWSRequest AcceptHandshake where
         type Rs AcceptHandshake = AcceptHandshakeResponse
@@ -133,15 +133,15 @@
     -> AcceptHandshakeResponse
 acceptHandshakeResponse pResponseStatus_ =
   AcceptHandshakeResponse'
-  {_ahrsHandshake = Nothing, _ahrsResponseStatus = pResponseStatus_}
+    {_ahrsHandshake = Nothing, _ahrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the accepted handshake.
 ahrsHandshake :: Lens' AcceptHandshakeResponse (Maybe Handshake)
-ahrsHandshake = lens _ahrsHandshake (\ s a -> s{_ahrsHandshake = a});
+ahrsHandshake = lens _ahrsHandshake (\ s a -> s{_ahrsHandshake = a})
 
 -- | -- | The response status code.
 ahrsResponseStatus :: Lens' AcceptHandshakeResponse Int
-ahrsResponseStatus = lens _ahrsResponseStatus (\ s a -> s{_ahrsResponseStatus = a});
+ahrsResponseStatus = lens _ahrsResponseStatus (\ s a -> s{_ahrsResponseStatus = a})
 
 instance NFData AcceptHandshakeResponse where
diff --git a/gen/Network/AWS/Organizations/AttachPolicy.hs b/gen/Network/AWS/Organizations/AttachPolicy.hs
--- a/gen/Network/AWS/Organizations/AttachPolicy.hs
+++ b/gen/Network/AWS/Organizations/AttachPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.AttachPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -86,11 +86,11 @@
 
 -- | The unique identifier (ID) of the policy that you want to attach to the target. You can get the ID for the policy by calling the 'ListPolicies' operation. The <http://wikipedia.org/wiki/regex regex pattern> for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
 apPolicyId :: Lens' AttachPolicy Text
-apPolicyId = lens _apPolicyId (\ s a -> s{_apPolicyId = a});
+apPolicyId = lens _apPolicyId (\ s a -> s{_apPolicyId = a})
 
 -- | The unique identifier (ID) of the root, OU, or account that you want to attach the policy to. You can get the ID by calling the 'ListRoots' , 'ListOrganizationalUnitsForParent' , or 'ListAccounts' operations. The <http://wikipedia.org/wiki/regex regex pattern> for a target ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Account: a string that consists of exactly 12 digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 apTargetId :: Lens' AttachPolicy Text
-apTargetId = lens _apTargetId (\ s a -> s{_apTargetId = a});
+apTargetId = lens _apTargetId (\ s a -> s{_apTargetId = a})
 
 instance AWSRequest AttachPolicy where
         type Rs AttachPolicy = AttachPolicyResponse
diff --git a/gen/Network/AWS/Organizations/CancelHandshake.hs b/gen/Network/AWS/Organizations/CancelHandshake.hs
--- a/gen/Network/AWS/Organizations/CancelHandshake.hs
+++ b/gen/Network/AWS/Organizations/CancelHandshake.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.CancelHandshake
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -68,7 +68,7 @@
 
 -- | The unique identifier (ID) of the handshake that you want to cancel. You can get the ID from the 'ListHandshakesForOrganization' operation. The <http://wikipedia.org/wiki/regex regex pattern> for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
 chHandshakeId :: Lens' CancelHandshake Text
-chHandshakeId = lens _chHandshakeId (\ s a -> s{_chHandshakeId = a});
+chHandshakeId = lens _chHandshakeId (\ s a -> s{_chHandshakeId = a})
 
 instance AWSRequest CancelHandshake where
         type Rs CancelHandshake = CancelHandshakeResponse
@@ -123,15 +123,15 @@
     -> CancelHandshakeResponse
 cancelHandshakeResponse pResponseStatus_ =
   CancelHandshakeResponse'
-  {_chrsHandshake = Nothing, _chrsResponseStatus = pResponseStatus_}
+    {_chrsHandshake = Nothing, _chrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the handshake that you canceled.
 chrsHandshake :: Lens' CancelHandshakeResponse (Maybe Handshake)
-chrsHandshake = lens _chrsHandshake (\ s a -> s{_chrsHandshake = a});
+chrsHandshake = lens _chrsHandshake (\ s a -> s{_chrsHandshake = a})
 
 -- | -- | The response status code.
 chrsResponseStatus :: Lens' CancelHandshakeResponse Int
-chrsResponseStatus = lens _chrsResponseStatus (\ s a -> s{_chrsResponseStatus = a});
+chrsResponseStatus = lens _chrsResponseStatus (\ s a -> s{_chrsResponseStatus = a})
 
 instance NFData CancelHandshakeResponse where
diff --git a/gen/Network/AWS/Organizations/CreateAccount.hs b/gen/Network/AWS/Organizations/CreateAccount.hs
--- a/gen/Network/AWS/Organizations/CreateAccount.hs
+++ b/gen/Network/AWS/Organizations/CreateAccount.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.CreateAccount
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,7 +23,7 @@
 --
 -- The user who calls the API for an invitation to join must have the @organizations:CreateAccount@ permission. If you enabled all features in the organization, then the user must also have the @iam:CreateServiceLinkedRole@ permission so that Organizations can create the required service-linked role named /OrgsServiceLinkedRoleName/ . For more information, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles AWS Organizations and Service-Linked Roles> in the /AWS Organizations User Guide/ .
 --
--- The user in the master account who calls this API must also have the @iam:CreateRole@ permission because AWS Organizations preconfigures the new member account with a role (named @OrganizationAccountAccessRole@ ) that grants users in the master account administrator permissions in the new member account. Principals in the master account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's master account.
+-- The user in the master account who calls this API must also have the @iam:CreateRole@ permission because AWS Organizations preconfigures the new member account with a role (named @OrganizationAccountAccessRole@ by default) that grants users in the master account administrator permissions in the new member account. Principals in the master account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's master account.
 --
 -- This operation can be called only from the organization's master account.
 --
@@ -31,6 +31,8 @@
 --
 -- /Important:/ When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the End User Licence Agreement (EULA) is /not/ automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info To leave an organization when all required account information has not yet been provided> in the /AWS Organizations User Guide/ .
 --
+-- This operation can be called only from the organization's master account.
+--
 -- /Important:/ If you get an exception that indicates that you exceeded your account limits for the organization or that you can"t add an account because your organization is still initializing, please contact <https://console.aws.amazon.com/support/home#/ AWS Customer Support> .
 --
 module Network.AWS.Organizations.CreateAccount
@@ -85,28 +87,28 @@
     -> CreateAccount
 createAccount pEmail_ pAccountName_ =
   CreateAccount'
-  { _caIAMUserAccessToBilling = Nothing
-  , _caRoleName = Nothing
-  , _caEmail = _Sensitive # pEmail_
-  , _caAccountName = _Sensitive # pAccountName_
-  }
+    { _caIAMUserAccessToBilling = Nothing
+    , _caRoleName = Nothing
+    , _caEmail = _Sensitive # pEmail_
+    , _caAccountName = _Sensitive # pAccountName_
+    }
 
 
 -- | If set to @ALLOW@ , the new account enables IAM users to access account billing information /if/ they have the required permissions. If set to @DENY@ , then only the root user of the new account can access account billing information. For more information, see <http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate Activating Access to the Billing and Cost Management Console> in the /AWS Billing and Cost Management User Guide/ . If you do not specify this parameter, the value defaults to ALLOW, and IAM users and roles with the required permissions can access billing information for the new account.
 caIAMUserAccessToBilling :: Lens' CreateAccount (Maybe IAMUserAccessToBilling)
-caIAMUserAccessToBilling = lens _caIAMUserAccessToBilling (\ s a -> s{_caIAMUserAccessToBilling = a});
+caIAMUserAccessToBilling = lens _caIAMUserAccessToBilling (\ s a -> s{_caIAMUserAccessToBilling = a})
 
 -- | (Optional) The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. If you do not specify this parameter, the role name defaults to @OrganizationAccountAccessRole@ . For more information about how to use this role to access the member account, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role Accessing and Administering the Member Accounts in Your Organization> in the /AWS Organizations User Guide/ , and steps 2 and 3 in <http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html Tutorial: Delegate Access Across AWS Accounts Using IAM Roles> in the /IAM User Guide/ . The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of characters that can consist of uppercase letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@-
 caRoleName :: Lens' CreateAccount (Maybe Text)
-caRoleName = lens _caRoleName (\ s a -> s{_caRoleName = a});
+caRoleName = lens _caRoleName (\ s a -> s{_caRoleName = a})
 
 -- | The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account. You must use a valid email address to complete account creation. You cannot access the root user of the account or remove an account that was created with an invalid email address.
 caEmail :: Lens' CreateAccount Text
-caEmail = lens _caEmail (\ s a -> s{_caEmail = a}) . _Sensitive;
+caEmail = lens _caEmail (\ s a -> s{_caEmail = a}) . _Sensitive
 
 -- | The friendly name of the member account.
 caAccountName :: Lens' CreateAccount Text
-caAccountName = lens _caAccountName (\ s a -> s{_caAccountName = a}) . _Sensitive;
+caAccountName = lens _caAccountName (\ s a -> s{_caAccountName = a}) . _Sensitive
 
 instance AWSRequest CreateAccount where
         type Rs CreateAccount = CreateAccountResponse
@@ -167,15 +169,15 @@
     -> CreateAccountResponse
 createAccountResponse pResponseStatus_ =
   CreateAccountResponse'
-  {_carsCreateAccountStatus = Nothing, _carsResponseStatus = pResponseStatus_}
+    {_carsCreateAccountStatus = Nothing, _carsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the request to create an account. This response structure might not be fully populated when you first receive it because account creation is an asynchronous process. You can pass the returned CreateAccountStatus ID as a parameter to @'DescribeCreateAccountStatus' @ to get status about the progress of the request at later times.
 carsCreateAccountStatus :: Lens' CreateAccountResponse (Maybe CreateAccountStatus)
-carsCreateAccountStatus = lens _carsCreateAccountStatus (\ s a -> s{_carsCreateAccountStatus = a});
+carsCreateAccountStatus = lens _carsCreateAccountStatus (\ s a -> s{_carsCreateAccountStatus = a})
 
 -- | -- | The response status code.
 carsResponseStatus :: Lens' CreateAccountResponse Int
-carsResponseStatus = lens _carsResponseStatus (\ s a -> s{_carsResponseStatus = a});
+carsResponseStatus = lens _carsResponseStatus (\ s a -> s{_carsResponseStatus = a})
 
 instance NFData CreateAccountResponse where
diff --git a/gen/Network/AWS/Organizations/CreateOrganization.hs b/gen/Network/AWS/Organizations/CreateOrganization.hs
--- a/gen/Network/AWS/Organizations/CreateOrganization.hs
+++ b/gen/Network/AWS/Organizations/CreateOrganization.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.CreateOrganization
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -66,7 +66,7 @@
 
 -- | Specifies the feature set supported by the new organization. Each feature set supports different levels of functionality.     * /CONSOLIDATED_BILLING/ : All member accounts have their bills consolidated to and paid by the master account. For more information, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only Consolidated Billing> in the /AWS Organizations User Guide/ .     * /ALL/ : In addition to all the features supported by the consolidated billing feature set, the master account can also apply any type of policy to any member account in the organization. For more information, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all All features> in the /AWS Organizations User Guide/ .
 coFeatureSet :: Lens' CreateOrganization (Maybe OrganizationFeatureSet)
-coFeatureSet = lens _coFeatureSet (\ s a -> s{_coFeatureSet = a});
+coFeatureSet = lens _coFeatureSet (\ s a -> s{_coFeatureSet = a})
 
 instance AWSRequest CreateOrganization where
         type Rs CreateOrganization =
@@ -122,15 +122,15 @@
     -> CreateOrganizationResponse
 createOrganizationResponse pResponseStatus_ =
   CreateOrganizationResponse'
-  {_corsOrganization = Nothing, _corsResponseStatus = pResponseStatus_}
+    {_corsOrganization = Nothing, _corsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the newly created organization.
 corsOrganization :: Lens' CreateOrganizationResponse (Maybe Organization)
-corsOrganization = lens _corsOrganization (\ s a -> s{_corsOrganization = a});
+corsOrganization = lens _corsOrganization (\ s a -> s{_corsOrganization = a})
 
 -- | -- | The response status code.
 corsResponseStatus :: Lens' CreateOrganizationResponse Int
-corsResponseStatus = lens _corsResponseStatus (\ s a -> s{_corsResponseStatus = a});
+corsResponseStatus = lens _corsResponseStatus (\ s a -> s{_corsResponseStatus = a})
 
 instance NFData CreateOrganizationResponse where
diff --git a/gen/Network/AWS/Organizations/CreateOrganizationalUnit.hs b/gen/Network/AWS/Organizations/CreateOrganizationalUnit.hs
--- a/gen/Network/AWS/Organizations/CreateOrganizationalUnit.hs
+++ b/gen/Network/AWS/Organizations/CreateOrganizationalUnit.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.CreateOrganizationalUnit
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -73,11 +73,11 @@
 
 -- | The unique identifier (ID) of the parent root or OU in which you want to create the new OU. The <http://wikipedia.org/wiki/regex regex pattern> for a parent ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 couParentId :: Lens' CreateOrganizationalUnit Text
-couParentId = lens _couParentId (\ s a -> s{_couParentId = a});
+couParentId = lens _couParentId (\ s a -> s{_couParentId = a})
 
 -- | The friendly name to assign to the new OU.
 couName :: Lens' CreateOrganizationalUnit Text
-couName = lens _couName (\ s a -> s{_couName = a});
+couName = lens _couName (\ s a -> s{_couName = a})
 
 instance AWSRequest CreateOrganizationalUnit where
         type Rs CreateOrganizationalUnit =
@@ -135,16 +135,18 @@
     -> CreateOrganizationalUnitResponse
 createOrganizationalUnitResponse pResponseStatus_ =
   CreateOrganizationalUnitResponse'
-  {_coursOrganizationalUnit = Nothing, _coursResponseStatus = pResponseStatus_}
+    { _coursOrganizationalUnit = Nothing
+    , _coursResponseStatus = pResponseStatus_
+    }
 
 
 -- | A structure that contains details about the newly created OU.
 coursOrganizationalUnit :: Lens' CreateOrganizationalUnitResponse (Maybe OrganizationalUnit)
-coursOrganizationalUnit = lens _coursOrganizationalUnit (\ s a -> s{_coursOrganizationalUnit = a});
+coursOrganizationalUnit = lens _coursOrganizationalUnit (\ s a -> s{_coursOrganizationalUnit = a})
 
 -- | -- | The response status code.
 coursResponseStatus :: Lens' CreateOrganizationalUnitResponse Int
-coursResponseStatus = lens _coursResponseStatus (\ s a -> s{_coursResponseStatus = a});
+coursResponseStatus = lens _coursResponseStatus (\ s a -> s{_coursResponseStatus = a})
 
 instance NFData CreateOrganizationalUnitResponse
          where
diff --git a/gen/Network/AWS/Organizations/CreatePolicy.hs b/gen/Network/AWS/Organizations/CreatePolicy.hs
--- a/gen/Network/AWS/Organizations/CreatePolicy.hs
+++ b/gen/Network/AWS/Organizations/CreatePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.CreatePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -79,28 +79,28 @@
     -> CreatePolicy
 createPolicy pContent_ pDescription_ pName_ pType_ =
   CreatePolicy'
-  { _cpContent = pContent_
-  , _cpDescription = pDescription_
-  , _cpName = pName_
-  , _cpType = pType_
-  }
+    { _cpContent = pContent_
+    , _cpDescription = pDescription_
+    , _cpName = pName_
+    , _cpType = pType_
+    }
 
 
 -- | The policy content to add to the new policy. For example, if you create a <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html service control policy> (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html Service Control Policy Syntax> in the /AWS Organizations User Guide/ .
 cpContent :: Lens' CreatePolicy Text
-cpContent = lens _cpContent (\ s a -> s{_cpContent = a});
+cpContent = lens _cpContent (\ s a -> s{_cpContent = a})
 
 -- | An optional description to assign to the policy.
 cpDescription :: Lens' CreatePolicy Text
-cpDescription = lens _cpDescription (\ s a -> s{_cpDescription = a});
+cpDescription = lens _cpDescription (\ s a -> s{_cpDescription = a})
 
 -- | The friendly name to assign to the policy. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 cpName :: Lens' CreatePolicy Text
-cpName = lens _cpName (\ s a -> s{_cpName = a});
+cpName = lens _cpName (\ s a -> s{_cpName = a})
 
 -- | The type of policy to create.
 cpType :: Lens' CreatePolicy PolicyType
-cpType = lens _cpType (\ s a -> s{_cpType = a});
+cpType = lens _cpType (\ s a -> s{_cpType = a})
 
 instance AWSRequest CreatePolicy where
         type Rs CreatePolicy = CreatePolicyResponse
@@ -158,15 +158,15 @@
     -> CreatePolicyResponse
 createPolicyResponse pResponseStatus_ =
   CreatePolicyResponse'
-  {_cprsPolicy = Nothing, _cprsResponseStatus = pResponseStatus_}
+    {_cprsPolicy = Nothing, _cprsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the newly created policy.
 cprsPolicy :: Lens' CreatePolicyResponse (Maybe Policy)
-cprsPolicy = lens _cprsPolicy (\ s a -> s{_cprsPolicy = a});
+cprsPolicy = lens _cprsPolicy (\ s a -> s{_cprsPolicy = a})
 
 -- | -- | The response status code.
 cprsResponseStatus :: Lens' CreatePolicyResponse Int
-cprsResponseStatus = lens _cprsResponseStatus (\ s a -> s{_cprsResponseStatus = a});
+cprsResponseStatus = lens _cprsResponseStatus (\ s a -> s{_cprsResponseStatus = a})
 
 instance NFData CreatePolicyResponse where
diff --git a/gen/Network/AWS/Organizations/DeclineHandshake.hs b/gen/Network/AWS/Organizations/DeclineHandshake.hs
--- a/gen/Network/AWS/Organizations/DeclineHandshake.hs
+++ b/gen/Network/AWS/Organizations/DeclineHandshake.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DeclineHandshake
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -68,7 +68,7 @@
 
 -- | The unique identifier (ID) of the handshake that you want to decline. You can get the ID from the 'ListHandshakesForAccount' operation. The <http://wikipedia.org/wiki/regex regex pattern> for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
 dHandshakeId :: Lens' DeclineHandshake Text
-dHandshakeId = lens _dHandshakeId (\ s a -> s{_dHandshakeId = a});
+dHandshakeId = lens _dHandshakeId (\ s a -> s{_dHandshakeId = a})
 
 instance AWSRequest DeclineHandshake where
         type Rs DeclineHandshake = DeclineHandshakeResponse
@@ -123,15 +123,15 @@
     -> DeclineHandshakeResponse
 declineHandshakeResponse pResponseStatus_ =
   DeclineHandshakeResponse'
-  {_drsHandshake = Nothing, _drsResponseStatus = pResponseStatus_}
+    {_drsHandshake = Nothing, _drsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the declined handshake. The state is updated to show the value @DECLINED@ .
 drsHandshake :: Lens' DeclineHandshakeResponse (Maybe Handshake)
-drsHandshake = lens _drsHandshake (\ s a -> s{_drsHandshake = a});
+drsHandshake = lens _drsHandshake (\ s a -> s{_drsHandshake = a})
 
 -- | -- | The response status code.
 drsResponseStatus :: Lens' DeclineHandshakeResponse Int
-drsResponseStatus = lens _drsResponseStatus (\ s a -> s{_drsResponseStatus = a});
+drsResponseStatus = lens _drsResponseStatus (\ s a -> s{_drsResponseStatus = a})
 
 instance NFData DeclineHandshakeResponse where
diff --git a/gen/Network/AWS/Organizations/DeleteOrganization.hs b/gen/Network/AWS/Organizations/DeleteOrganization.hs
--- a/gen/Network/AWS/Organizations/DeleteOrganization.hs
+++ b/gen/Network/AWS/Organizations/DeleteOrganization.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DeleteOrganization
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/gen/Network/AWS/Organizations/DeleteOrganizationalUnit.hs b/gen/Network/AWS/Organizations/DeleteOrganizationalUnit.hs
--- a/gen/Network/AWS/Organizations/DeleteOrganizationalUnit.hs
+++ b/gen/Network/AWS/Organizations/DeleteOrganizationalUnit.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DeleteOrganizationalUnit
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -63,7 +63,7 @@
 
 -- | The unique identifier (ID) of the organizational unit that you want to delete. You can get the ID from the 'ListOrganizationalUnitsForParent' operation. The <http://wikipedia.org/wiki/regex regex pattern> for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 dOrganizationalUnitId :: Lens' DeleteOrganizationalUnit Text
-dOrganizationalUnitId = lens _dOrganizationalUnitId (\ s a -> s{_dOrganizationalUnitId = a});
+dOrganizationalUnitId = lens _dOrganizationalUnitId (\ s a -> s{_dOrganizationalUnitId = a})
 
 instance AWSRequest DeleteOrganizationalUnit where
         type Rs DeleteOrganizationalUnit =
diff --git a/gen/Network/AWS/Organizations/DeletePolicy.hs b/gen/Network/AWS/Organizations/DeletePolicy.hs
--- a/gen/Network/AWS/Organizations/DeletePolicy.hs
+++ b/gen/Network/AWS/Organizations/DeletePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DeletePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -62,7 +62,7 @@
 
 -- | The unique identifier (ID) of the policy that you want to delete. You can get the ID from the 'ListPolicies' or 'ListPoliciesForTarget' operations. The <http://wikipedia.org/wiki/regex regex pattern> for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
 dPolicyId :: Lens' DeletePolicy Text
-dPolicyId = lens _dPolicyId (\ s a -> s{_dPolicyId = a});
+dPolicyId = lens _dPolicyId (\ s a -> s{_dPolicyId = a})
 
 instance AWSRequest DeletePolicy where
         type Rs DeletePolicy = DeletePolicyResponse
diff --git a/gen/Network/AWS/Organizations/DescribeAccount.hs b/gen/Network/AWS/Organizations/DescribeAccount.hs
--- a/gen/Network/AWS/Organizations/DescribeAccount.hs
+++ b/gen/Network/AWS/Organizations/DescribeAccount.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DescribeAccount
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -65,7 +65,7 @@
 
 -- | The unique identifier (ID) of the AWS account that you want information about. You can get the ID from the 'ListAccounts' or 'ListAccountsForParent' operations. The <http://wikipedia.org/wiki/regex regex pattern> for an account ID string requires exactly 12 digits.
 daAccountId :: Lens' DescribeAccount Text
-daAccountId = lens _daAccountId (\ s a -> s{_daAccountId = a});
+daAccountId = lens _daAccountId (\ s a -> s{_daAccountId = a})
 
 instance AWSRequest DescribeAccount where
         type Rs DescribeAccount = DescribeAccountResponse
@@ -120,15 +120,15 @@
     -> DescribeAccountResponse
 describeAccountResponse pResponseStatus_ =
   DescribeAccountResponse'
-  {_darsAccount = Nothing, _darsResponseStatus = pResponseStatus_}
+    {_darsAccount = Nothing, _darsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains information about the requested account.
 darsAccount :: Lens' DescribeAccountResponse (Maybe Account)
-darsAccount = lens _darsAccount (\ s a -> s{_darsAccount = a});
+darsAccount = lens _darsAccount (\ s a -> s{_darsAccount = a})
 
 -- | -- | The response status code.
 darsResponseStatus :: Lens' DescribeAccountResponse Int
-darsResponseStatus = lens _darsResponseStatus (\ s a -> s{_darsResponseStatus = a});
+darsResponseStatus = lens _darsResponseStatus (\ s a -> s{_darsResponseStatus = a})
 
 instance NFData DescribeAccountResponse where
diff --git a/gen/Network/AWS/Organizations/DescribeCreateAccountStatus.hs b/gen/Network/AWS/Organizations/DescribeCreateAccountStatus.hs
--- a/gen/Network/AWS/Organizations/DescribeCreateAccountStatus.hs
+++ b/gen/Network/AWS/Organizations/DescribeCreateAccountStatus.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DescribeCreateAccountStatus
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -62,12 +62,12 @@
     -> DescribeCreateAccountStatus
 describeCreateAccountStatus pCreateAccountRequestId_ =
   DescribeCreateAccountStatus'
-  {_dcasCreateAccountRequestId = pCreateAccountRequestId_}
+    {_dcasCreateAccountRequestId = pCreateAccountRequestId_}
 
 
 -- | Specifies the @operationId@ that uniquely identifies the request. You can get the ID from the response to an earlier 'CreateAccount' request, or from the 'ListCreateAccountStatus' operation. The <http://wikipedia.org/wiki/regex regex pattern> for an create account request ID string requires "car-" followed by from 8 to 32 lower-case letters or digits.
 dcasCreateAccountRequestId :: Lens' DescribeCreateAccountStatus Text
-dcasCreateAccountRequestId = lens _dcasCreateAccountRequestId (\ s a -> s{_dcasCreateAccountRequestId = a});
+dcasCreateAccountRequestId = lens _dcasCreateAccountRequestId (\ s a -> s{_dcasCreateAccountRequestId = a})
 
 instance AWSRequest DescribeCreateAccountStatus where
         type Rs DescribeCreateAccountStatus =
@@ -127,18 +127,18 @@
     -> DescribeCreateAccountStatusResponse
 describeCreateAccountStatusResponse pResponseStatus_ =
   DescribeCreateAccountStatusResponse'
-  { _dcasrsCreateAccountStatus = Nothing
-  , _dcasrsResponseStatus = pResponseStatus_
-  }
+    { _dcasrsCreateAccountStatus = Nothing
+    , _dcasrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A structure that contains the current status of an account creation request.
 dcasrsCreateAccountStatus :: Lens' DescribeCreateAccountStatusResponse (Maybe CreateAccountStatus)
-dcasrsCreateAccountStatus = lens _dcasrsCreateAccountStatus (\ s a -> s{_dcasrsCreateAccountStatus = a});
+dcasrsCreateAccountStatus = lens _dcasrsCreateAccountStatus (\ s a -> s{_dcasrsCreateAccountStatus = a})
 
 -- | -- | The response status code.
 dcasrsResponseStatus :: Lens' DescribeCreateAccountStatusResponse Int
-dcasrsResponseStatus = lens _dcasrsResponseStatus (\ s a -> s{_dcasrsResponseStatus = a});
+dcasrsResponseStatus = lens _dcasrsResponseStatus (\ s a -> s{_dcasrsResponseStatus = a})
 
 instance NFData DescribeCreateAccountStatusResponse
          where
diff --git a/gen/Network/AWS/Organizations/DescribeHandshake.hs b/gen/Network/AWS/Organizations/DescribeHandshake.hs
--- a/gen/Network/AWS/Organizations/DescribeHandshake.hs
+++ b/gen/Network/AWS/Organizations/DescribeHandshake.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DescribeHandshake
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -68,7 +68,7 @@
 
 -- | The unique identifier (ID) of the handshake that you want information about. You can get the ID from the original call to 'InviteAccountToOrganization' , or from a call to 'ListHandshakesForAccount' or 'ListHandshakesForOrganization' . The <http://wikipedia.org/wiki/regex regex pattern> for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
 dhHandshakeId :: Lens' DescribeHandshake Text
-dhHandshakeId = lens _dhHandshakeId (\ s a -> s{_dhHandshakeId = a});
+dhHandshakeId = lens _dhHandshakeId (\ s a -> s{_dhHandshakeId = a})
 
 instance AWSRequest DescribeHandshake where
         type Rs DescribeHandshake = DescribeHandshakeResponse
@@ -123,15 +123,15 @@
     -> DescribeHandshakeResponse
 describeHandshakeResponse pResponseStatus_ =
   DescribeHandshakeResponse'
-  {_dhrsHandshake = Nothing, _dhrsResponseStatus = pResponseStatus_}
+    {_dhrsHandshake = Nothing, _dhrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains information about the specified handshake.
 dhrsHandshake :: Lens' DescribeHandshakeResponse (Maybe Handshake)
-dhrsHandshake = lens _dhrsHandshake (\ s a -> s{_dhrsHandshake = a});
+dhrsHandshake = lens _dhrsHandshake (\ s a -> s{_dhrsHandshake = a})
 
 -- | -- | The response status code.
 dhrsResponseStatus :: Lens' DescribeHandshakeResponse Int
-dhrsResponseStatus = lens _dhrsResponseStatus (\ s a -> s{_dhrsResponseStatus = a});
+dhrsResponseStatus = lens _dhrsResponseStatus (\ s a -> s{_dhrsResponseStatus = a})
 
 instance NFData DescribeHandshakeResponse where
diff --git a/gen/Network/AWS/Organizations/DescribeOrganization.hs b/gen/Network/AWS/Organizations/DescribeOrganization.hs
--- a/gen/Network/AWS/Organizations/DescribeOrganization.hs
+++ b/gen/Network/AWS/Organizations/DescribeOrganization.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DescribeOrganization
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -109,15 +109,15 @@
     -> DescribeOrganizationResponse
 describeOrganizationResponse pResponseStatus_ =
   DescribeOrganizationResponse'
-  {_dorsOrganization = Nothing, _dorsResponseStatus = pResponseStatus_}
+    {_dorsOrganization = Nothing, _dorsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains information about the organization.
 dorsOrganization :: Lens' DescribeOrganizationResponse (Maybe Organization)
-dorsOrganization = lens _dorsOrganization (\ s a -> s{_dorsOrganization = a});
+dorsOrganization = lens _dorsOrganization (\ s a -> s{_dorsOrganization = a})
 
 -- | -- | The response status code.
 dorsResponseStatus :: Lens' DescribeOrganizationResponse Int
-dorsResponseStatus = lens _dorsResponseStatus (\ s a -> s{_dorsResponseStatus = a});
+dorsResponseStatus = lens _dorsResponseStatus (\ s a -> s{_dorsResponseStatus = a})
 
 instance NFData DescribeOrganizationResponse where
diff --git a/gen/Network/AWS/Organizations/DescribeOrganizationalUnit.hs b/gen/Network/AWS/Organizations/DescribeOrganizationalUnit.hs
--- a/gen/Network/AWS/Organizations/DescribeOrganizationalUnit.hs
+++ b/gen/Network/AWS/Organizations/DescribeOrganizationalUnit.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DescribeOrganizationalUnit
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -62,12 +62,12 @@
     -> DescribeOrganizationalUnit
 describeOrganizationalUnit pOrganizationalUnitId_ =
   DescribeOrganizationalUnit'
-  {_douOrganizationalUnitId = pOrganizationalUnitId_}
+    {_douOrganizationalUnitId = pOrganizationalUnitId_}
 
 
 -- | The unique identifier (ID) of the organizational unit that you want details about. You can get the ID from the 'ListOrganizationalUnitsForParent' operation. The <http://wikipedia.org/wiki/regex regex pattern> for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 douOrganizationalUnitId :: Lens' DescribeOrganizationalUnit Text
-douOrganizationalUnitId = lens _douOrganizationalUnitId (\ s a -> s{_douOrganizationalUnitId = a});
+douOrganizationalUnitId = lens _douOrganizationalUnitId (\ s a -> s{_douOrganizationalUnitId = a})
 
 instance AWSRequest DescribeOrganizationalUnit where
         type Rs DescribeOrganizationalUnit =
@@ -126,16 +126,18 @@
     -> DescribeOrganizationalUnitResponse
 describeOrganizationalUnitResponse pResponseStatus_ =
   DescribeOrganizationalUnitResponse'
-  {_doursOrganizationalUnit = Nothing, _doursResponseStatus = pResponseStatus_}
+    { _doursOrganizationalUnit = Nothing
+    , _doursResponseStatus = pResponseStatus_
+    }
 
 
 -- | A structure that contains details about the specified OU.
 doursOrganizationalUnit :: Lens' DescribeOrganizationalUnitResponse (Maybe OrganizationalUnit)
-doursOrganizationalUnit = lens _doursOrganizationalUnit (\ s a -> s{_doursOrganizationalUnit = a});
+doursOrganizationalUnit = lens _doursOrganizationalUnit (\ s a -> s{_doursOrganizationalUnit = a})
 
 -- | -- | The response status code.
 doursResponseStatus :: Lens' DescribeOrganizationalUnitResponse Int
-doursResponseStatus = lens _doursResponseStatus (\ s a -> s{_doursResponseStatus = a});
+doursResponseStatus = lens _doursResponseStatus (\ s a -> s{_doursResponseStatus = a})
 
 instance NFData DescribeOrganizationalUnitResponse
          where
diff --git a/gen/Network/AWS/Organizations/DescribePolicy.hs b/gen/Network/AWS/Organizations/DescribePolicy.hs
--- a/gen/Network/AWS/Organizations/DescribePolicy.hs
+++ b/gen/Network/AWS/Organizations/DescribePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DescribePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -65,7 +65,7 @@
 
 -- | The unique identifier (ID) of the policy that you want details about. You can get the ID from the 'ListPolicies' or 'ListPoliciesForTarget' operations. The <http://wikipedia.org/wiki/regex regex pattern> for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
 dpPolicyId :: Lens' DescribePolicy Text
-dpPolicyId = lens _dpPolicyId (\ s a -> s{_dpPolicyId = a});
+dpPolicyId = lens _dpPolicyId (\ s a -> s{_dpPolicyId = a})
 
 instance AWSRequest DescribePolicy where
         type Rs DescribePolicy = DescribePolicyResponse
@@ -120,15 +120,15 @@
     -> DescribePolicyResponse
 describePolicyResponse pResponseStatus_ =
   DescribePolicyResponse'
-  {_dprsPolicy = Nothing, _dprsResponseStatus = pResponseStatus_}
+    {_dprsPolicy = Nothing, _dprsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the specified policy.
 dprsPolicy :: Lens' DescribePolicyResponse (Maybe Policy)
-dprsPolicy = lens _dprsPolicy (\ s a -> s{_dprsPolicy = a});
+dprsPolicy = lens _dprsPolicy (\ s a -> s{_dprsPolicy = a})
 
 -- | -- | The response status code.
 dprsResponseStatus :: Lens' DescribePolicyResponse Int
-dprsResponseStatus = lens _dprsResponseStatus (\ s a -> s{_dprsResponseStatus = a});
+dprsResponseStatus = lens _dprsResponseStatus (\ s a -> s{_dprsResponseStatus = a})
 
 instance NFData DescribePolicyResponse where
diff --git a/gen/Network/AWS/Organizations/DetachPolicy.hs b/gen/Network/AWS/Organizations/DetachPolicy.hs
--- a/gen/Network/AWS/Organizations/DetachPolicy.hs
+++ b/gen/Network/AWS/Organizations/DetachPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DetachPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -70,11 +70,11 @@
 
 -- | The unique identifier (ID) of the policy you want to detach. You can get the ID from the 'ListPolicies' or 'ListPoliciesForTarget' operations. The <http://wikipedia.org/wiki/regex regex pattern> for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
 detPolicyId :: Lens' DetachPolicy Text
-detPolicyId = lens _detPolicyId (\ s a -> s{_detPolicyId = a});
+detPolicyId = lens _detPolicyId (\ s a -> s{_detPolicyId = a})
 
 -- | The unique identifier (ID) of the root, OU, or account from which you want to detach the policy. You can get the ID from the 'ListRoots' , 'ListOrganizationalUnitsForParent' , or 'ListAccounts' operations. The <http://wikipedia.org/wiki/regex regex pattern> for a target ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Account: a string that consists of exactly 12 digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 detTargetId :: Lens' DetachPolicy Text
-detTargetId = lens _detTargetId (\ s a -> s{_detTargetId = a});
+detTargetId = lens _detTargetId (\ s a -> s{_detTargetId = a})
 
 instance AWSRequest DetachPolicy where
         type Rs DetachPolicy = DetachPolicyResponse
diff --git a/gen/Network/AWS/Organizations/DisableAWSServiceAccess.hs b/gen/Network/AWS/Organizations/DisableAWSServiceAccess.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/Organizations/DisableAWSServiceAccess.hs
@@ -0,0 +1,122 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.Organizations.DisableAWSServiceAccess
+-- Copyright   : (c) 2013-2018 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables the integration of an AWS service (the service that is specified by @ServicePrincipal@ ) with AWS Organizations. When you disable integration, the specified service no longer can create a <http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html service-linked role> in /new/ accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from AWS Organizations.
+--
+--
+--
+--
+-- /Important:/ We recommend that you disable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization's accounts depends on that service. For more information, see the documentation for the other AWS service.
+--
+-- After you perform the @DisableAWSServiceAccess@ operation, the specified service can no longer perform operations in your organization's accounts unless the operations are explicitly permitted by the IAM policies that are attached to your roles.
+--
+-- For more information about integrating other services with AWS Organizations, including the list of services that work with Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html Integrating AWS Organizations with Other AWS Services> in the /AWS Organizations User Guide/ .
+--
+-- This operation can be called only from the organization's master account.
+--
+module Network.AWS.Organizations.DisableAWSServiceAccess
+    (
+    -- * Creating a Request
+      disableAWSServiceAccess
+    , DisableAWSServiceAccess
+    -- * Request Lenses
+    , dasaServicePrincipal
+
+    -- * Destructuring the Response
+    , disableAWSServiceAccessResponse
+    , DisableAWSServiceAccessResponse
+    ) where
+
+import Network.AWS.Lens
+import Network.AWS.Organizations.Types
+import Network.AWS.Organizations.Types.Product
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
+
+-- | /See:/ 'disableAWSServiceAccess' smart constructor.
+newtype DisableAWSServiceAccess = DisableAWSServiceAccess'
+  { _dasaServicePrincipal :: Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'DisableAWSServiceAccess' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'dasaServicePrincipal' - The service principal name of the AWS service for which you want to disable integration with your organization. This is typically in the form of a URL, such as @/service-abbreviation/ .amazonaws.com@ .
+disableAWSServiceAccess
+    :: Text -- ^ 'dasaServicePrincipal'
+    -> DisableAWSServiceAccess
+disableAWSServiceAccess pServicePrincipal_ =
+  DisableAWSServiceAccess' {_dasaServicePrincipal = pServicePrincipal_}
+
+
+-- | The service principal name of the AWS service for which you want to disable integration with your organization. This is typically in the form of a URL, such as @/service-abbreviation/ .amazonaws.com@ .
+dasaServicePrincipal :: Lens' DisableAWSServiceAccess Text
+dasaServicePrincipal = lens _dasaServicePrincipal (\ s a -> s{_dasaServicePrincipal = a})
+
+instance AWSRequest DisableAWSServiceAccess where
+        type Rs DisableAWSServiceAccess =
+             DisableAWSServiceAccessResponse
+        request = postJSON organizations
+        response
+          = receiveNull DisableAWSServiceAccessResponse'
+
+instance Hashable DisableAWSServiceAccess where
+
+instance NFData DisableAWSServiceAccess where
+
+instance ToHeaders DisableAWSServiceAccess where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSOrganizationsV20161128.DisableAWSServiceAccess"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON DisableAWSServiceAccess where
+        toJSON DisableAWSServiceAccess'{..}
+          = object
+              (catMaybes
+                 [Just ("ServicePrincipal" .= _dasaServicePrincipal)])
+
+instance ToPath DisableAWSServiceAccess where
+        toPath = const "/"
+
+instance ToQuery DisableAWSServiceAccess where
+        toQuery = const mempty
+
+-- | /See:/ 'disableAWSServiceAccessResponse' smart constructor.
+data DisableAWSServiceAccessResponse =
+  DisableAWSServiceAccessResponse'
+  deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'DisableAWSServiceAccessResponse' with the minimum fields required to make a request.
+--
+disableAWSServiceAccessResponse
+    :: DisableAWSServiceAccessResponse
+disableAWSServiceAccessResponse = DisableAWSServiceAccessResponse'
+
+
+instance NFData DisableAWSServiceAccessResponse where
diff --git a/gen/Network/AWS/Organizations/DisablePolicyType.hs b/gen/Network/AWS/Organizations/DisablePolicyType.hs
--- a/gen/Network/AWS/Organizations/DisablePolicyType.hs
+++ b/gen/Network/AWS/Organizations/DisablePolicyType.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.DisablePolicyType
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -71,11 +71,11 @@
 
 -- | The unique identifier (ID) of the root in which you want to disable a policy type. You can get the ID from the 'ListRoots' operation. The <http://wikipedia.org/wiki/regex regex pattern> for a root ID string requires "r-" followed by from 4 to 32 lower-case letters or digits.
 dptRootId :: Lens' DisablePolicyType Text
-dptRootId = lens _dptRootId (\ s a -> s{_dptRootId = a});
+dptRootId = lens _dptRootId (\ s a -> s{_dptRootId = a})
 
 -- | The policy type that you want to disable in this root.
 dptPolicyType :: Lens' DisablePolicyType PolicyType
-dptPolicyType = lens _dptPolicyType (\ s a -> s{_dptPolicyType = a});
+dptPolicyType = lens _dptPolicyType (\ s a -> s{_dptPolicyType = a})
 
 instance AWSRequest DisablePolicyType where
         type Rs DisablePolicyType = DisablePolicyTypeResponse
@@ -132,15 +132,15 @@
     -> DisablePolicyTypeResponse
 disablePolicyTypeResponse pResponseStatus_ =
   DisablePolicyTypeResponse'
-  {_dptrsRoot = Nothing, _dptrsResponseStatus = pResponseStatus_}
+    {_dptrsRoot = Nothing, _dptrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that shows the root with the updated list of enabled policy types.
 dptrsRoot :: Lens' DisablePolicyTypeResponse (Maybe Root)
-dptrsRoot = lens _dptrsRoot (\ s a -> s{_dptrsRoot = a});
+dptrsRoot = lens _dptrsRoot (\ s a -> s{_dptrsRoot = a})
 
 -- | -- | The response status code.
 dptrsResponseStatus :: Lens' DisablePolicyTypeResponse Int
-dptrsResponseStatus = lens _dptrsResponseStatus (\ s a -> s{_dptrsResponseStatus = a});
+dptrsResponseStatus = lens _dptrsResponseStatus (\ s a -> s{_dptrsResponseStatus = a})
 
 instance NFData DisablePolicyTypeResponse where
diff --git a/gen/Network/AWS/Organizations/EnableAWSServiceAccess.hs b/gen/Network/AWS/Organizations/EnableAWSServiceAccess.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/Organizations/EnableAWSServiceAccess.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.Organizations.EnableAWSServiceAccess
+-- Copyright   : (c) 2013-2018 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables the integration of an AWS service (the service that is specified by @ServicePrincipal@ ) with AWS Organizations. When you enable integration, you allow the specified service to create a <http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html service-linked role> in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.
+--
+--
+-- /Important:/ We recommend that you enable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other AWS service.
+--
+-- For more information about enabling services to integrate with AWS Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html Integrating AWS Organizations with Other AWS Services> in the /AWS Organizations User Guide/ .
+--
+-- This operation can be called only from the organization's master account and only if the organization has <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html enabled all features> .
+--
+module Network.AWS.Organizations.EnableAWSServiceAccess
+    (
+    -- * Creating a Request
+      enableAWSServiceAccess
+    , EnableAWSServiceAccess
+    -- * Request Lenses
+    , easaServicePrincipal
+
+    -- * Destructuring the Response
+    , enableAWSServiceAccessResponse
+    , EnableAWSServiceAccessResponse
+    ) where
+
+import Network.AWS.Lens
+import Network.AWS.Organizations.Types
+import Network.AWS.Organizations.Types.Product
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
+
+-- | /See:/ 'enableAWSServiceAccess' smart constructor.
+newtype EnableAWSServiceAccess = EnableAWSServiceAccess'
+  { _easaServicePrincipal :: Text
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'EnableAWSServiceAccess' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'easaServicePrincipal' - The service principal name of the AWS service for which you want to enable integration with your organization. This is typically in the form of a URL, such as @/service-abbreviation/ .amazonaws.com@ .
+enableAWSServiceAccess
+    :: Text -- ^ 'easaServicePrincipal'
+    -> EnableAWSServiceAccess
+enableAWSServiceAccess pServicePrincipal_ =
+  EnableAWSServiceAccess' {_easaServicePrincipal = pServicePrincipal_}
+
+
+-- | The service principal name of the AWS service for which you want to enable integration with your organization. This is typically in the form of a URL, such as @/service-abbreviation/ .amazonaws.com@ .
+easaServicePrincipal :: Lens' EnableAWSServiceAccess Text
+easaServicePrincipal = lens _easaServicePrincipal (\ s a -> s{_easaServicePrincipal = a})
+
+instance AWSRequest EnableAWSServiceAccess where
+        type Rs EnableAWSServiceAccess =
+             EnableAWSServiceAccessResponse
+        request = postJSON organizations
+        response
+          = receiveNull EnableAWSServiceAccessResponse'
+
+instance Hashable EnableAWSServiceAccess where
+
+instance NFData EnableAWSServiceAccess where
+
+instance ToHeaders EnableAWSServiceAccess where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSOrganizationsV20161128.EnableAWSServiceAccess"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON EnableAWSServiceAccess where
+        toJSON EnableAWSServiceAccess'{..}
+          = object
+              (catMaybes
+                 [Just ("ServicePrincipal" .= _easaServicePrincipal)])
+
+instance ToPath EnableAWSServiceAccess where
+        toPath = const "/"
+
+instance ToQuery EnableAWSServiceAccess where
+        toQuery = const mempty
+
+-- | /See:/ 'enableAWSServiceAccessResponse' smart constructor.
+data EnableAWSServiceAccessResponse =
+  EnableAWSServiceAccessResponse'
+  deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'EnableAWSServiceAccessResponse' with the minimum fields required to make a request.
+--
+enableAWSServiceAccessResponse
+    :: EnableAWSServiceAccessResponse
+enableAWSServiceAccessResponse = EnableAWSServiceAccessResponse'
+
+
+instance NFData EnableAWSServiceAccessResponse where
diff --git a/gen/Network/AWS/Organizations/EnableAllFeatures.hs b/gen/Network/AWS/Organizations/EnableAllFeatures.hs
--- a/gen/Network/AWS/Organizations/EnableAllFeatures.hs
+++ b/gen/Network/AWS/Organizations/EnableAllFeatures.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.EnableAllFeatures
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,6 +23,8 @@
 --
 -- /Important:/ This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled, or that were migrated from a Consolidated Billing account family to Organizations. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
 --
+-- After you enable all features, you can separately enable or disable individual policy types in a root using 'EnablePolicyType' and 'DisablePolicyType' . To see the status of policy types in a root, use 'ListRoots' .
+--
 -- After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains @"Action": "ENABLE_ALL_FEATURES"@ . This completes the change.
 --
 -- After you enable all features in your organization, the master account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The master account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
@@ -114,15 +116,15 @@
     -> EnableAllFeaturesResponse
 enableAllFeaturesResponse pResponseStatus_ =
   EnableAllFeaturesResponse'
-  {_eafrsHandshake = Nothing, _eafrsResponseStatus = pResponseStatus_}
+    {_eafrsHandshake = Nothing, _eafrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the handshake created to support this request to enable all features in the organization.
 eafrsHandshake :: Lens' EnableAllFeaturesResponse (Maybe Handshake)
-eafrsHandshake = lens _eafrsHandshake (\ s a -> s{_eafrsHandshake = a});
+eafrsHandshake = lens _eafrsHandshake (\ s a -> s{_eafrsHandshake = a})
 
 -- | -- | The response status code.
 eafrsResponseStatus :: Lens' EnableAllFeaturesResponse Int
-eafrsResponseStatus = lens _eafrsResponseStatus (\ s a -> s{_eafrsResponseStatus = a});
+eafrsResponseStatus = lens _eafrsResponseStatus (\ s a -> s{_eafrsResponseStatus = a})
 
 instance NFData EnableAllFeaturesResponse where
diff --git a/gen/Network/AWS/Organizations/EnablePolicyType.hs b/gen/Network/AWS/Organizations/EnablePolicyType.hs
--- a/gen/Network/AWS/Organizations/EnablePolicyType.hs
+++ b/gen/Network/AWS/Organizations/EnablePolicyType.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.EnablePolicyType
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -23,6 +23,10 @@
 --
 -- This operation can be called only from the organization's master account.
 --
+-- You can enable a policy type in a root only if that policy type is available in the organization. Use 'DescribeOrganization' to view the status of available policy types in the organization.
+--
+-- To view the status of policy type in a root, use 'ListRoots' .
+--
 module Network.AWS.Organizations.EnablePolicyType
     (
     -- * Creating a Request
@@ -71,11 +75,11 @@
 
 -- | The unique identifier (ID) of the root in which you want to enable a policy type. You can get the ID from the 'ListRoots' operation. The <http://wikipedia.org/wiki/regex regex pattern> for a root ID string requires "r-" followed by from 4 to 32 lower-case letters or digits.
 eptRootId :: Lens' EnablePolicyType Text
-eptRootId = lens _eptRootId (\ s a -> s{_eptRootId = a});
+eptRootId = lens _eptRootId (\ s a -> s{_eptRootId = a})
 
 -- | The policy type that you want to enable.
 eptPolicyType :: Lens' EnablePolicyType PolicyType
-eptPolicyType = lens _eptPolicyType (\ s a -> s{_eptPolicyType = a});
+eptPolicyType = lens _eptPolicyType (\ s a -> s{_eptPolicyType = a})
 
 instance AWSRequest EnablePolicyType where
         type Rs EnablePolicyType = EnablePolicyTypeResponse
@@ -132,15 +136,15 @@
     -> EnablePolicyTypeResponse
 enablePolicyTypeResponse pResponseStatus_ =
   EnablePolicyTypeResponse'
-  {_eptrsRoot = Nothing, _eptrsResponseStatus = pResponseStatus_}
+    {_eptrsRoot = Nothing, _eptrsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that shows the root with the updated list of enabled policy types.
 eptrsRoot :: Lens' EnablePolicyTypeResponse (Maybe Root)
-eptrsRoot = lens _eptrsRoot (\ s a -> s{_eptrsRoot = a});
+eptrsRoot = lens _eptrsRoot (\ s a -> s{_eptrsRoot = a})
 
 -- | -- | The response status code.
 eptrsResponseStatus :: Lens' EnablePolicyTypeResponse Int
-eptrsResponseStatus = lens _eptrsResponseStatus (\ s a -> s{_eptrsResponseStatus = a});
+eptrsResponseStatus = lens _eptrsResponseStatus (\ s a -> s{_eptrsResponseStatus = a})
 
 instance NFData EnablePolicyTypeResponse where
diff --git a/gen/Network/AWS/Organizations/InviteAccountToOrganization.hs b/gen/Network/AWS/Organizations/InviteAccountToOrganization.hs
--- a/gen/Network/AWS/Organizations/InviteAccountToOrganization.hs
+++ b/gen/Network/AWS/Organizations/InviteAccountToOrganization.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.InviteAccountToOrganization
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -74,11 +74,11 @@
 
 -- | Additional information that you want to include in the generated email to the recipient account owner.
 iatoNotes :: Lens' InviteAccountToOrganization (Maybe Text)
-iatoNotes = lens _iatoNotes (\ s a -> s{_iatoNotes = a}) . mapping _Sensitive;
+iatoNotes = lens _iatoNotes (\ s a -> s{_iatoNotes = a}) . mapping _Sensitive
 
 -- | The identifier (ID) of the AWS account that you want to invite to join your organization. This is a JSON object that contains the following elements:  @{ "Type": "ACCOUNT", "Id": "</__account id number__ / >" }@  If you use the AWS CLI, you can submit this as a single string, similar to the following example: @--target Id=123456789012,Type=ACCOUNT@  If you specify @"Type": "ACCOUNT"@ , then you must provide the AWS account ID number as the @Id@ . If you specify @"Type": "EMAIL"@ , then you must specify the email address that is associated with the account. @--target Id=bill@example.com,Type=EMAIL@
 iatoTarget :: Lens' InviteAccountToOrganization HandshakeParty
-iatoTarget = lens _iatoTarget (\ s a -> s{_iatoTarget = a});
+iatoTarget = lens _iatoTarget (\ s a -> s{_iatoTarget = a})
 
 instance AWSRequest InviteAccountToOrganization where
         type Rs InviteAccountToOrganization =
@@ -136,16 +136,16 @@
     -> InviteAccountToOrganizationResponse
 inviteAccountToOrganizationResponse pResponseStatus_ =
   InviteAccountToOrganizationResponse'
-  {_iatorsHandshake = Nothing, _iatorsResponseStatus = pResponseStatus_}
+    {_iatorsHandshake = Nothing, _iatorsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the handshake that is created to support this invitation request.
 iatorsHandshake :: Lens' InviteAccountToOrganizationResponse (Maybe Handshake)
-iatorsHandshake = lens _iatorsHandshake (\ s a -> s{_iatorsHandshake = a});
+iatorsHandshake = lens _iatorsHandshake (\ s a -> s{_iatorsHandshake = a})
 
 -- | -- | The response status code.
 iatorsResponseStatus :: Lens' InviteAccountToOrganizationResponse Int
-iatorsResponseStatus = lens _iatorsResponseStatus (\ s a -> s{_iatorsResponseStatus = a});
+iatorsResponseStatus = lens _iatorsResponseStatus (\ s a -> s{_iatorsResponseStatus = a})
 
 instance NFData InviteAccountToOrganizationResponse
          where
diff --git a/gen/Network/AWS/Organizations/LeaveOrganization.hs b/gen/Network/AWS/Organizations/LeaveOrganization.hs
--- a/gen/Network/AWS/Organizations/LeaveOrganization.hs
+++ b/gen/Network/AWS/Organizations/LeaveOrganization.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.LeaveOrganization
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/gen/Network/AWS/Organizations/ListAWSServiceAccessForOrganization.hs b/gen/Network/AWS/Organizations/ListAWSServiceAccessForOrganization.hs
new file mode 100644
--- /dev/null
+++ b/gen/Network/AWS/Organizations/ListAWSServiceAccessForOrganization.hs
@@ -0,0 +1,185 @@
+{-# LANGUAGE DeriveDataTypeable #-}
+{-# LANGUAGE DeriveGeneric      #-}
+{-# LANGUAGE OverloadedStrings  #-}
+{-# LANGUAGE RecordWildCards    #-}
+{-# LANGUAGE TypeFamilies       #-}
+
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Network.AWS.Organizations.ListAWSServiceAccessForOrganization
+-- Copyright   : (c) 2013-2018 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.
+--
+--
+-- For more information about integrating other services with AWS Organizations, including the list of services that currently work with Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html Integrating AWS Organizations with Other AWS Services> in the /AWS Organizations User Guide/ .
+--
+-- This operation can be called only from the organization's master account.
+--
+--
+-- This operation returns paginated results.
+module Network.AWS.Organizations.ListAWSServiceAccessForOrganization
+    (
+    -- * Creating a Request
+      listAWSServiceAccessForOrganization
+    , ListAWSServiceAccessForOrganization
+    -- * Request Lenses
+    , lasafoNextToken
+    , lasafoMaxResults
+
+    -- * Destructuring the Response
+    , listAWSServiceAccessForOrganizationResponse
+    , ListAWSServiceAccessForOrganizationResponse
+    -- * Response Lenses
+    , lasaforsNextToken
+    , lasaforsEnabledServicePrincipals
+    , lasaforsResponseStatus
+    ) where
+
+import Network.AWS.Lens
+import Network.AWS.Organizations.Types
+import Network.AWS.Organizations.Types.Product
+import Network.AWS.Pager
+import Network.AWS.Prelude
+import Network.AWS.Request
+import Network.AWS.Response
+
+-- | /See:/ 'listAWSServiceAccessForOrganization' smart constructor.
+data ListAWSServiceAccessForOrganization = ListAWSServiceAccessForOrganization'
+  { _lasafoNextToken  :: !(Maybe Text)
+  , _lasafoMaxResults :: !(Maybe Nat)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'ListAWSServiceAccessForOrganization' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lasafoNextToken' - Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
+--
+-- * 'lasafoMaxResults' - (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
+listAWSServiceAccessForOrganization
+    :: ListAWSServiceAccessForOrganization
+listAWSServiceAccessForOrganization =
+  ListAWSServiceAccessForOrganization'
+    {_lasafoNextToken = Nothing, _lasafoMaxResults = Nothing}
+
+
+-- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
+lasafoNextToken :: Lens' ListAWSServiceAccessForOrganization (Maybe Text)
+lasafoNextToken = lens _lasafoNextToken (\ s a -> s{_lasafoNextToken = a})
+
+-- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
+lasafoMaxResults :: Lens' ListAWSServiceAccessForOrganization (Maybe Natural)
+lasafoMaxResults = lens _lasafoMaxResults (\ s a -> s{_lasafoMaxResults = a}) . mapping _Nat
+
+instance AWSPager ListAWSServiceAccessForOrganization
+         where
+        page rq rs
+          | stop (rs ^. lasaforsNextToken) = Nothing
+          | stop (rs ^. lasaforsEnabledServicePrincipals) =
+            Nothing
+          | otherwise =
+            Just $ rq &
+              lasafoNextToken .~ rs ^. lasaforsNextToken
+
+instance AWSRequest
+           ListAWSServiceAccessForOrganization
+         where
+        type Rs ListAWSServiceAccessForOrganization =
+             ListAWSServiceAccessForOrganizationResponse
+        request = postJSON organizations
+        response
+          = receiveJSON
+              (\ s h x ->
+                 ListAWSServiceAccessForOrganizationResponse' <$>
+                   (x .?> "NextToken") <*>
+                     (x .?> "EnabledServicePrincipals" .!@ mempty)
+                     <*> (pure (fromEnum s)))
+
+instance Hashable ListAWSServiceAccessForOrganization
+         where
+
+instance NFData ListAWSServiceAccessForOrganization
+         where
+
+instance ToHeaders
+           ListAWSServiceAccessForOrganization
+         where
+        toHeaders
+          = const
+              (mconcat
+                 ["X-Amz-Target" =#
+                    ("AWSOrganizationsV20161128.ListAWSServiceAccessForOrganization"
+                       :: ByteString),
+                  "Content-Type" =#
+                    ("application/x-amz-json-1.1" :: ByteString)])
+
+instance ToJSON ListAWSServiceAccessForOrganization
+         where
+        toJSON ListAWSServiceAccessForOrganization'{..}
+          = object
+              (catMaybes
+                 [("NextToken" .=) <$> _lasafoNextToken,
+                  ("MaxResults" .=) <$> _lasafoMaxResults])
+
+instance ToPath ListAWSServiceAccessForOrganization
+         where
+        toPath = const "/"
+
+instance ToQuery ListAWSServiceAccessForOrganization
+         where
+        toQuery = const mempty
+
+-- | /See:/ 'listAWSServiceAccessForOrganizationResponse' smart constructor.
+data ListAWSServiceAccessForOrganizationResponse = ListAWSServiceAccessForOrganizationResponse'
+  { _lasaforsNextToken                :: !(Maybe Text)
+  , _lasaforsEnabledServicePrincipals :: !(Maybe [EnabledServicePrincipal])
+  , _lasaforsResponseStatus           :: !Int
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'ListAWSServiceAccessForOrganizationResponse' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'lasaforsNextToken' - If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
+--
+-- * 'lasaforsEnabledServicePrincipals' - A list of the service principals for the services that are enabled to integrate with your organization. Each principal is a structure that includes the name and the date that it was enabled for integration with AWS Organizations.
+--
+-- * 'lasaforsResponseStatus' - -- | The response status code.
+listAWSServiceAccessForOrganizationResponse
+    :: Int -- ^ 'lasaforsResponseStatus'
+    -> ListAWSServiceAccessForOrganizationResponse
+listAWSServiceAccessForOrganizationResponse pResponseStatus_ =
+  ListAWSServiceAccessForOrganizationResponse'
+    { _lasaforsNextToken = Nothing
+    , _lasaforsEnabledServicePrincipals = Nothing
+    , _lasaforsResponseStatus = pResponseStatus_
+    }
+
+
+-- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
+lasaforsNextToken :: Lens' ListAWSServiceAccessForOrganizationResponse (Maybe Text)
+lasaforsNextToken = lens _lasaforsNextToken (\ s a -> s{_lasaforsNextToken = a})
+
+-- | A list of the service principals for the services that are enabled to integrate with your organization. Each principal is a structure that includes the name and the date that it was enabled for integration with AWS Organizations.
+lasaforsEnabledServicePrincipals :: Lens' ListAWSServiceAccessForOrganizationResponse [EnabledServicePrincipal]
+lasaforsEnabledServicePrincipals = lens _lasaforsEnabledServicePrincipals (\ s a -> s{_lasaforsEnabledServicePrincipals = a}) . _Default . _Coerce
+
+-- | -- | The response status code.
+lasaforsResponseStatus :: Lens' ListAWSServiceAccessForOrganizationResponse Int
+lasaforsResponseStatus = lens _lasaforsResponseStatus (\ s a -> s{_lasaforsResponseStatus = a})
+
+instance NFData
+           ListAWSServiceAccessForOrganizationResponse
+         where
diff --git a/gen/Network/AWS/Organizations/ListAccounts.hs b/gen/Network/AWS/Organizations/ListAccounts.hs
--- a/gen/Network/AWS/Organizations/ListAccounts.hs
+++ b/gen/Network/AWS/Organizations/ListAccounts.hs
@@ -12,13 +12,13 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListAccounts
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
 --
--- Lists all the accounts in the organization. To request only the accounts in a root or OU, use the 'ListAccountsForParent' operation instead.
+-- Lists all the accounts in the organization. To request only the accounts in a specified root or OU, use the 'ListAccountsForParent' operation instead.
 --
 --
 -- This operation can be called only from the organization's master account.
@@ -72,11 +72,11 @@
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 laNextToken :: Lens' ListAccounts (Maybe Text)
-laNextToken = lens _laNextToken (\ s a -> s{_laNextToken = a});
+laNextToken = lens _laNextToken (\ s a -> s{_laNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 laMaxResults :: Lens' ListAccounts (Maybe Natural)
-laMaxResults = lens _laMaxResults (\ s a -> s{_laMaxResults = a}) . mapping _Nat;
+laMaxResults = lens _laMaxResults (\ s a -> s{_laMaxResults = a}) . mapping _Nat
 
 instance AWSPager ListAccounts where
         page rq rs
@@ -144,22 +144,22 @@
     -> ListAccountsResponse
 listAccountsResponse pResponseStatus_ =
   ListAccountsResponse'
-  { _larsAccounts = Nothing
-  , _larsNextToken = Nothing
-  , _larsResponseStatus = pResponseStatus_
-  }
+    { _larsAccounts = Nothing
+    , _larsNextToken = Nothing
+    , _larsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of objects in the organization.
 larsAccounts :: Lens' ListAccountsResponse [Account]
-larsAccounts = lens _larsAccounts (\ s a -> s{_larsAccounts = a}) . _Default . _Coerce;
+larsAccounts = lens _larsAccounts (\ s a -> s{_larsAccounts = a}) . _Default . _Coerce
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 larsNextToken :: Lens' ListAccountsResponse (Maybe Text)
-larsNextToken = lens _larsNextToken (\ s a -> s{_larsNextToken = a});
+larsNextToken = lens _larsNextToken (\ s a -> s{_larsNextToken = a})
 
 -- | -- | The response status code.
 larsResponseStatus :: Lens' ListAccountsResponse Int
-larsResponseStatus = lens _larsResponseStatus (\ s a -> s{_larsResponseStatus = a});
+larsResponseStatus = lens _larsResponseStatus (\ s a -> s{_larsResponseStatus = a})
 
 instance NFData ListAccountsResponse where
diff --git a/gen/Network/AWS/Organizations/ListAccountsForParent.hs b/gen/Network/AWS/Organizations/ListAccountsForParent.hs
--- a/gen/Network/AWS/Organizations/ListAccountsForParent.hs
+++ b/gen/Network/AWS/Organizations/ListAccountsForParent.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListAccountsForParent
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -74,23 +74,23 @@
     -> ListAccountsForParent
 listAccountsForParent pParentId_ =
   ListAccountsForParent'
-  { _lafpNextToken = Nothing
-  , _lafpMaxResults = Nothing
-  , _lafpParentId = pParentId_
-  }
+    { _lafpNextToken = Nothing
+    , _lafpMaxResults = Nothing
+    , _lafpParentId = pParentId_
+    }
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lafpNextToken :: Lens' ListAccountsForParent (Maybe Text)
-lafpNextToken = lens _lafpNextToken (\ s a -> s{_lafpNextToken = a});
+lafpNextToken = lens _lafpNextToken (\ s a -> s{_lafpNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lafpMaxResults :: Lens' ListAccountsForParent (Maybe Natural)
-lafpMaxResults = lens _lafpMaxResults (\ s a -> s{_lafpMaxResults = a}) . mapping _Nat;
+lafpMaxResults = lens _lafpMaxResults (\ s a -> s{_lafpMaxResults = a}) . mapping _Nat
 
 -- | The unique identifier (ID) for the parent root or organization unit (OU) whose accounts you want to list.
 lafpParentId :: Lens' ListAccountsForParent Text
-lafpParentId = lens _lafpParentId (\ s a -> s{_lafpParentId = a});
+lafpParentId = lens _lafpParentId (\ s a -> s{_lafpParentId = a})
 
 instance AWSPager ListAccountsForParent where
         page rq rs
@@ -160,22 +160,22 @@
     -> ListAccountsForParentResponse
 listAccountsForParentResponse pResponseStatus_ =
   ListAccountsForParentResponse'
-  { _lafprsAccounts = Nothing
-  , _lafprsNextToken = Nothing
-  , _lafprsResponseStatus = pResponseStatus_
-  }
+    { _lafprsAccounts = Nothing
+    , _lafprsNextToken = Nothing
+    , _lafprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of the accounts in the specified root or OU.
 lafprsAccounts :: Lens' ListAccountsForParentResponse [Account]
-lafprsAccounts = lens _lafprsAccounts (\ s a -> s{_lafprsAccounts = a}) . _Default . _Coerce;
+lafprsAccounts = lens _lafprsAccounts (\ s a -> s{_lafprsAccounts = a}) . _Default . _Coerce
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lafprsNextToken :: Lens' ListAccountsForParentResponse (Maybe Text)
-lafprsNextToken = lens _lafprsNextToken (\ s a -> s{_lafprsNextToken = a});
+lafprsNextToken = lens _lafprsNextToken (\ s a -> s{_lafprsNextToken = a})
 
 -- | -- | The response status code.
 lafprsResponseStatus :: Lens' ListAccountsForParentResponse Int
-lafprsResponseStatus = lens _lafprsResponseStatus (\ s a -> s{_lafprsResponseStatus = a});
+lafprsResponseStatus = lens _lafprsResponseStatus (\ s a -> s{_lafprsResponseStatus = a})
 
 instance NFData ListAccountsForParentResponse where
diff --git a/gen/Network/AWS/Organizations/ListChildren.hs b/gen/Network/AWS/Organizations/ListChildren.hs
--- a/gen/Network/AWS/Organizations/ListChildren.hs
+++ b/gen/Network/AWS/Organizations/ListChildren.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListChildren
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -79,28 +79,28 @@
     -> ListChildren
 listChildren pParentId_ pChildType_ =
   ListChildren'
-  { _lcNextToken = Nothing
-  , _lcMaxResults = Nothing
-  , _lcParentId = pParentId_
-  , _lcChildType = pChildType_
-  }
+    { _lcNextToken = Nothing
+    , _lcMaxResults = Nothing
+    , _lcParentId = pParentId_
+    , _lcChildType = pChildType_
+    }
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lcNextToken :: Lens' ListChildren (Maybe Text)
-lcNextToken = lens _lcNextToken (\ s a -> s{_lcNextToken = a});
+lcNextToken = lens _lcNextToken (\ s a -> s{_lcNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lcMaxResults :: Lens' ListChildren (Maybe Natural)
-lcMaxResults = lens _lcMaxResults (\ s a -> s{_lcMaxResults = a}) . mapping _Nat;
+lcMaxResults = lens _lcMaxResults (\ s a -> s{_lcMaxResults = a}) . mapping _Nat
 
 -- | The unique identifier (ID) for the parent root or OU whose children you want to list. The <http://wikipedia.org/wiki/regex regex pattern> for a parent ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 lcParentId :: Lens' ListChildren Text
-lcParentId = lens _lcParentId (\ s a -> s{_lcParentId = a});
+lcParentId = lens _lcParentId (\ s a -> s{_lcParentId = a})
 
 -- | Filters the output to include only the specified child type.
 lcChildType :: Lens' ListChildren ChildType
-lcChildType = lens _lcChildType (\ s a -> s{_lcChildType = a});
+lcChildType = lens _lcChildType (\ s a -> s{_lcChildType = a})
 
 instance AWSPager ListChildren where
         page rq rs
@@ -170,22 +170,22 @@
     -> ListChildrenResponse
 listChildrenResponse pResponseStatus_ =
   ListChildrenResponse'
-  { _lcrsChildren = Nothing
-  , _lcrsNextToken = Nothing
-  , _lcrsResponseStatus = pResponseStatus_
-  }
+    { _lcrsChildren = Nothing
+    , _lcrsNextToken = Nothing
+    , _lcrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | The list of children of the specified parent container.
 lcrsChildren :: Lens' ListChildrenResponse [Child]
-lcrsChildren = lens _lcrsChildren (\ s a -> s{_lcrsChildren = a}) . _Default . _Coerce;
+lcrsChildren = lens _lcrsChildren (\ s a -> s{_lcrsChildren = a}) . _Default . _Coerce
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lcrsNextToken :: Lens' ListChildrenResponse (Maybe Text)
-lcrsNextToken = lens _lcrsNextToken (\ s a -> s{_lcrsNextToken = a});
+lcrsNextToken = lens _lcrsNextToken (\ s a -> s{_lcrsNextToken = a})
 
 -- | -- | The response status code.
 lcrsResponseStatus :: Lens' ListChildrenResponse Int
-lcrsResponseStatus = lens _lcrsResponseStatus (\ s a -> s{_lcrsResponseStatus = a});
+lcrsResponseStatus = lens _lcrsResponseStatus (\ s a -> s{_lcrsResponseStatus = a})
 
 instance NFData ListChildrenResponse where
diff --git a/gen/Network/AWS/Organizations/ListCreateAccountStatus.hs b/gen/Network/AWS/Organizations/ListCreateAccountStatus.hs
--- a/gen/Network/AWS/Organizations/ListCreateAccountStatus.hs
+++ b/gen/Network/AWS/Organizations/ListCreateAccountStatus.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListCreateAccountStatus
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -73,20 +73,20 @@
     :: ListCreateAccountStatus
 listCreateAccountStatus =
   ListCreateAccountStatus'
-  {_lcasStates = Nothing, _lcasNextToken = Nothing, _lcasMaxResults = Nothing}
+    {_lcasStates = Nothing, _lcasNextToken = Nothing, _lcasMaxResults = Nothing}
 
 
 -- | A list of one or more states that you want included in the response. If this parameter is not present, then all requests are included in the response.
 lcasStates :: Lens' ListCreateAccountStatus [CreateAccountState]
-lcasStates = lens _lcasStates (\ s a -> s{_lcasStates = a}) . _Default . _Coerce;
+lcasStates = lens _lcasStates (\ s a -> s{_lcasStates = a}) . _Default . _Coerce
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lcasNextToken :: Lens' ListCreateAccountStatus (Maybe Text)
-lcasNextToken = lens _lcasNextToken (\ s a -> s{_lcasNextToken = a});
+lcasNextToken = lens _lcasNextToken (\ s a -> s{_lcasNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lcasMaxResults :: Lens' ListCreateAccountStatus (Maybe Natural)
-lcasMaxResults = lens _lcasMaxResults (\ s a -> s{_lcasMaxResults = a}) . mapping _Nat;
+lcasMaxResults = lens _lcasMaxResults (\ s a -> s{_lcasMaxResults = a}) . mapping _Nat
 
 instance AWSPager ListCreateAccountStatus where
         page rq rs
@@ -157,22 +157,22 @@
     -> ListCreateAccountStatusResponse
 listCreateAccountStatusResponse pResponseStatus_ =
   ListCreateAccountStatusResponse'
-  { _lcasrsCreateAccountStatuses = Nothing
-  , _lcasrsNextToken = Nothing
-  , _lcasrsResponseStatus = pResponseStatus_
-  }
+    { _lcasrsCreateAccountStatuses = Nothing
+    , _lcasrsNextToken = Nothing
+    , _lcasrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of objects with details about the requests. Certain elements, such as the accountId number, are present in the output only after the account has been successfully created.
 lcasrsCreateAccountStatuses :: Lens' ListCreateAccountStatusResponse [CreateAccountStatus]
-lcasrsCreateAccountStatuses = lens _lcasrsCreateAccountStatuses (\ s a -> s{_lcasrsCreateAccountStatuses = a}) . _Default . _Coerce;
+lcasrsCreateAccountStatuses = lens _lcasrsCreateAccountStatuses (\ s a -> s{_lcasrsCreateAccountStatuses = a}) . _Default . _Coerce
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lcasrsNextToken :: Lens' ListCreateAccountStatusResponse (Maybe Text)
-lcasrsNextToken = lens _lcasrsNextToken (\ s a -> s{_lcasrsNextToken = a});
+lcasrsNextToken = lens _lcasrsNextToken (\ s a -> s{_lcasrsNextToken = a})
 
 -- | -- | The response status code.
 lcasrsResponseStatus :: Lens' ListCreateAccountStatusResponse Int
-lcasrsResponseStatus = lens _lcasrsResponseStatus (\ s a -> s{_lcasrsResponseStatus = a});
+lcasrsResponseStatus = lens _lcasrsResponseStatus (\ s a -> s{_lcasrsResponseStatus = a})
 
 instance NFData ListCreateAccountStatusResponse where
diff --git a/gen/Network/AWS/Organizations/ListHandshakesForAccount.hs b/gen/Network/AWS/Organizations/ListHandshakesForAccount.hs
--- a/gen/Network/AWS/Organizations/ListHandshakesForAccount.hs
+++ b/gen/Network/AWS/Organizations/ListHandshakesForAccount.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListHandshakesForAccount
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -75,20 +75,20 @@
     :: ListHandshakesForAccount
 listHandshakesForAccount =
   ListHandshakesForAccount'
-  {_lhfaNextToken = Nothing, _lhfaFilter = Nothing, _lhfaMaxResults = Nothing}
+    {_lhfaNextToken = Nothing, _lhfaFilter = Nothing, _lhfaMaxResults = Nothing}
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lhfaNextToken :: Lens' ListHandshakesForAccount (Maybe Text)
-lhfaNextToken = lens _lhfaNextToken (\ s a -> s{_lhfaNextToken = a});
+lhfaNextToken = lens _lhfaNextToken (\ s a -> s{_lhfaNextToken = a})
 
 -- | Filters the handshakes that you want included in the response. The default is all types. Use the @ActionType@ element to limit the output to only a specified type, such as @INVITE@ , @ENABLE-FULL-CONTROL@ , or @APPROVE-FULL-CONTROL@ . Alternatively, for the @ENABLE-FULL-CONTROL@ handshake that generates a separate child handshake for each member account, you can specify @ParentHandshakeId@ to see only the handshakes that were generated by that parent request.
 lhfaFilter :: Lens' ListHandshakesForAccount (Maybe HandshakeFilter)
-lhfaFilter = lens _lhfaFilter (\ s a -> s{_lhfaFilter = a});
+lhfaFilter = lens _lhfaFilter (\ s a -> s{_lhfaFilter = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lhfaMaxResults :: Lens' ListHandshakesForAccount (Maybe Natural)
-lhfaMaxResults = lens _lhfaMaxResults (\ s a -> s{_lhfaMaxResults = a}) . mapping _Nat;
+lhfaMaxResults = lens _lhfaMaxResults (\ s a -> s{_lhfaMaxResults = a}) . mapping _Nat
 
 instance AWSPager ListHandshakesForAccount where
         page rq rs
@@ -159,23 +159,23 @@
     -> ListHandshakesForAccountResponse
 listHandshakesForAccountResponse pResponseStatus_ =
   ListHandshakesForAccountResponse'
-  { _lhfarsHandshakes = Nothing
-  , _lhfarsNextToken = Nothing
-  , _lhfarsResponseStatus = pResponseStatus_
-  }
+    { _lhfarsHandshakes = Nothing
+    , _lhfarsNextToken = Nothing
+    , _lhfarsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of 'Handshake' objects with details about each of the handshakes that is associated with the specified account.
 lhfarsHandshakes :: Lens' ListHandshakesForAccountResponse [Handshake]
-lhfarsHandshakes = lens _lhfarsHandshakes (\ s a -> s{_lhfarsHandshakes = a}) . _Default . _Coerce;
+lhfarsHandshakes = lens _lhfarsHandshakes (\ s a -> s{_lhfarsHandshakes = a}) . _Default . _Coerce
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lhfarsNextToken :: Lens' ListHandshakesForAccountResponse (Maybe Text)
-lhfarsNextToken = lens _lhfarsNextToken (\ s a -> s{_lhfarsNextToken = a});
+lhfarsNextToken = lens _lhfarsNextToken (\ s a -> s{_lhfarsNextToken = a})
 
 -- | -- | The response status code.
 lhfarsResponseStatus :: Lens' ListHandshakesForAccountResponse Int
-lhfarsResponseStatus = lens _lhfarsResponseStatus (\ s a -> s{_lhfarsResponseStatus = a});
+lhfarsResponseStatus = lens _lhfarsResponseStatus (\ s a -> s{_lhfarsResponseStatus = a})
 
 instance NFData ListHandshakesForAccountResponse
          where
diff --git a/gen/Network/AWS/Organizations/ListHandshakesForOrganization.hs b/gen/Network/AWS/Organizations/ListHandshakesForOrganization.hs
--- a/gen/Network/AWS/Organizations/ListHandshakesForOrganization.hs
+++ b/gen/Network/AWS/Organizations/ListHandshakesForOrganization.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListHandshakesForOrganization
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -75,20 +75,20 @@
     :: ListHandshakesForOrganization
 listHandshakesForOrganization =
   ListHandshakesForOrganization'
-  {_lhfoNextToken = Nothing, _lhfoFilter = Nothing, _lhfoMaxResults = Nothing}
+    {_lhfoNextToken = Nothing, _lhfoFilter = Nothing, _lhfoMaxResults = Nothing}
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lhfoNextToken :: Lens' ListHandshakesForOrganization (Maybe Text)
-lhfoNextToken = lens _lhfoNextToken (\ s a -> s{_lhfoNextToken = a});
+lhfoNextToken = lens _lhfoNextToken (\ s a -> s{_lhfoNextToken = a})
 
 -- | A filter of the handshakes that you want included in the response. The default is all types. Use the @ActionType@ element to limit the output to only a specified type, such as @INVITE@ , @ENABLE-ALL-FEATURES@ , or @APPROVE-ALL-FEATURES@ . Alternatively, for the @ENABLE-ALL-FEATURES@ handshake that generates a separate child handshake for each member account, you can specify the @ParentHandshakeId@ to see only the handshakes that were generated by that parent request.
 lhfoFilter :: Lens' ListHandshakesForOrganization (Maybe HandshakeFilter)
-lhfoFilter = lens _lhfoFilter (\ s a -> s{_lhfoFilter = a});
+lhfoFilter = lens _lhfoFilter (\ s a -> s{_lhfoFilter = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lhfoMaxResults :: Lens' ListHandshakesForOrganization (Maybe Natural)
-lhfoMaxResults = lens _lhfoMaxResults (\ s a -> s{_lhfoMaxResults = a}) . mapping _Nat;
+lhfoMaxResults = lens _lhfoMaxResults (\ s a -> s{_lhfoMaxResults = a}) . mapping _Nat
 
 instance AWSPager ListHandshakesForOrganization where
         page rq rs
@@ -161,23 +161,23 @@
     -> ListHandshakesForOrganizationResponse
 listHandshakesForOrganizationResponse pResponseStatus_ =
   ListHandshakesForOrganizationResponse'
-  { _lhforsHandshakes = Nothing
-  , _lhforsNextToken = Nothing
-  , _lhforsResponseStatus = pResponseStatus_
-  }
+    { _lhforsHandshakes = Nothing
+    , _lhforsNextToken = Nothing
+    , _lhforsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of 'Handshake' objects with details about each of the handshakes that are associated with an organization.
 lhforsHandshakes :: Lens' ListHandshakesForOrganizationResponse [Handshake]
-lhforsHandshakes = lens _lhforsHandshakes (\ s a -> s{_lhforsHandshakes = a}) . _Default . _Coerce;
+lhforsHandshakes = lens _lhforsHandshakes (\ s a -> s{_lhforsHandshakes = a}) . _Default . _Coerce
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lhforsNextToken :: Lens' ListHandshakesForOrganizationResponse (Maybe Text)
-lhforsNextToken = lens _lhforsNextToken (\ s a -> s{_lhforsNextToken = a});
+lhforsNextToken = lens _lhforsNextToken (\ s a -> s{_lhforsNextToken = a})
 
 -- | -- | The response status code.
 lhforsResponseStatus :: Lens' ListHandshakesForOrganizationResponse Int
-lhforsResponseStatus = lens _lhforsResponseStatus (\ s a -> s{_lhforsResponseStatus = a});
+lhforsResponseStatus = lens _lhforsResponseStatus (\ s a -> s{_lhforsResponseStatus = a})
 
 instance NFData ListHandshakesForOrganizationResponse
          where
diff --git a/gen/Network/AWS/Organizations/ListOrganizationalUnitsForParent.hs b/gen/Network/AWS/Organizations/ListOrganizationalUnitsForParent.hs
--- a/gen/Network/AWS/Organizations/ListOrganizationalUnitsForParent.hs
+++ b/gen/Network/AWS/Organizations/ListOrganizationalUnitsForParent.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListOrganizationalUnitsForParent
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -74,23 +74,23 @@
     -> ListOrganizationalUnitsForParent
 listOrganizationalUnitsForParent pParentId_ =
   ListOrganizationalUnitsForParent'
-  { _loufpNextToken = Nothing
-  , _loufpMaxResults = Nothing
-  , _loufpParentId = pParentId_
-  }
+    { _loufpNextToken = Nothing
+    , _loufpMaxResults = Nothing
+    , _loufpParentId = pParentId_
+    }
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 loufpNextToken :: Lens' ListOrganizationalUnitsForParent (Maybe Text)
-loufpNextToken = lens _loufpNextToken (\ s a -> s{_loufpNextToken = a});
+loufpNextToken = lens _loufpNextToken (\ s a -> s{_loufpNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 loufpMaxResults :: Lens' ListOrganizationalUnitsForParent (Maybe Natural)
-loufpMaxResults = lens _loufpMaxResults (\ s a -> s{_loufpMaxResults = a}) . mapping _Nat;
+loufpMaxResults = lens _loufpMaxResults (\ s a -> s{_loufpMaxResults = a}) . mapping _Nat
 
 -- | The unique identifier (ID) of the root or OU whose child OUs you want to list. The <http://wikipedia.org/wiki/regex regex pattern> for a parent ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 loufpParentId :: Lens' ListOrganizationalUnitsForParent Text
-loufpParentId = lens _loufpParentId (\ s a -> s{_loufpParentId = a});
+loufpParentId = lens _loufpParentId (\ s a -> s{_loufpParentId = a})
 
 instance AWSPager ListOrganizationalUnitsForParent
          where
@@ -169,23 +169,23 @@
     -> ListOrganizationalUnitsForParentResponse
 listOrganizationalUnitsForParentResponse pResponseStatus_ =
   ListOrganizationalUnitsForParentResponse'
-  { _loufprsNextToken = Nothing
-  , _loufprsOrganizationalUnits = Nothing
-  , _loufprsResponseStatus = pResponseStatus_
-  }
+    { _loufprsNextToken = Nothing
+    , _loufprsOrganizationalUnits = Nothing
+    , _loufprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 loufprsNextToken :: Lens' ListOrganizationalUnitsForParentResponse (Maybe Text)
-loufprsNextToken = lens _loufprsNextToken (\ s a -> s{_loufprsNextToken = a});
+loufprsNextToken = lens _loufprsNextToken (\ s a -> s{_loufprsNextToken = a})
 
 -- | A list of the OUs in the specified root or parent OU.
 loufprsOrganizationalUnits :: Lens' ListOrganizationalUnitsForParentResponse [OrganizationalUnit]
-loufprsOrganizationalUnits = lens _loufprsOrganizationalUnits (\ s a -> s{_loufprsOrganizationalUnits = a}) . _Default . _Coerce;
+loufprsOrganizationalUnits = lens _loufprsOrganizationalUnits (\ s a -> s{_loufprsOrganizationalUnits = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 loufprsResponseStatus :: Lens' ListOrganizationalUnitsForParentResponse Int
-loufprsResponseStatus = lens _loufprsResponseStatus (\ s a -> s{_loufprsResponseStatus = a});
+loufprsResponseStatus = lens _loufprsResponseStatus (\ s a -> s{_loufprsResponseStatus = a})
 
 instance NFData
            ListOrganizationalUnitsForParentResponse
diff --git a/gen/Network/AWS/Organizations/ListParents.hs b/gen/Network/AWS/Organizations/ListParents.hs
--- a/gen/Network/AWS/Organizations/ListParents.hs
+++ b/gen/Network/AWS/Organizations/ListParents.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListParents
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -74,20 +74,20 @@
     -> ListParents
 listParents pChildId_ =
   ListParents'
-  {_lNextToken = Nothing, _lMaxResults = Nothing, _lChildId = pChildId_}
+    {_lNextToken = Nothing, _lMaxResults = Nothing, _lChildId = pChildId_}
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lNextToken :: Lens' ListParents (Maybe Text)
-lNextToken = lens _lNextToken (\ s a -> s{_lNextToken = a});
+lNextToken = lens _lNextToken (\ s a -> s{_lNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lMaxResults :: Lens' ListParents (Maybe Natural)
-lMaxResults = lens _lMaxResults (\ s a -> s{_lMaxResults = a}) . mapping _Nat;
+lMaxResults = lens _lMaxResults (\ s a -> s{_lMaxResults = a}) . mapping _Nat
 
 -- | The unique identifier (ID) of the OU or account whose parent containers you want to list. Do not specify a root. The <http://wikipedia.org/wiki/regex regex pattern> for a child ID string requires one of the following:     * Account: a string that consists of exactly 12 digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 lChildId :: Lens' ListParents Text
-lChildId = lens _lChildId (\ s a -> s{_lChildId = a});
+lChildId = lens _lChildId (\ s a -> s{_lChildId = a})
 
 instance AWSPager ListParents where
         page rq rs
@@ -156,22 +156,22 @@
     -> ListParentsResponse
 listParentsResponse pResponseStatus_ =
   ListParentsResponse'
-  { _lrsNextToken = Nothing
-  , _lrsParents = Nothing
-  , _lrsResponseStatus = pResponseStatus_
-  }
+    { _lrsNextToken = Nothing
+    , _lrsParents = Nothing
+    , _lrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lrsNextToken :: Lens' ListParentsResponse (Maybe Text)
-lrsNextToken = lens _lrsNextToken (\ s a -> s{_lrsNextToken = a});
+lrsNextToken = lens _lrsNextToken (\ s a -> s{_lrsNextToken = a})
 
 -- | A list of parents for the specified child account or OU.
 lrsParents :: Lens' ListParentsResponse [Parent]
-lrsParents = lens _lrsParents (\ s a -> s{_lrsParents = a}) . _Default . _Coerce;
+lrsParents = lens _lrsParents (\ s a -> s{_lrsParents = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 lrsResponseStatus :: Lens' ListParentsResponse Int
-lrsResponseStatus = lens _lrsResponseStatus (\ s a -> s{_lrsResponseStatus = a});
+lrsResponseStatus = lens _lrsResponseStatus (\ s a -> s{_lrsResponseStatus = a})
 
 instance NFData ListParentsResponse where
diff --git a/gen/Network/AWS/Organizations/ListPolicies.hs b/gen/Network/AWS/Organizations/ListPolicies.hs
--- a/gen/Network/AWS/Organizations/ListPolicies.hs
+++ b/gen/Network/AWS/Organizations/ListPolicies.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListPolicies
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -74,20 +74,20 @@
     -> ListPolicies
 listPolicies pFilter_ =
   ListPolicies'
-  {_lpNextToken = Nothing, _lpMaxResults = Nothing, _lpFilter = pFilter_}
+    {_lpNextToken = Nothing, _lpMaxResults = Nothing, _lpFilter = pFilter_}
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lpNextToken :: Lens' ListPolicies (Maybe Text)
-lpNextToken = lens _lpNextToken (\ s a -> s{_lpNextToken = a});
+lpNextToken = lens _lpNextToken (\ s a -> s{_lpNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lpMaxResults :: Lens' ListPolicies (Maybe Natural)
-lpMaxResults = lens _lpMaxResults (\ s a -> s{_lpMaxResults = a}) . mapping _Nat;
+lpMaxResults = lens _lpMaxResults (\ s a -> s{_lpMaxResults = a}) . mapping _Nat
 
 -- | Specifies the type of policy that you want to include in the response.
 lpFilter :: Lens' ListPolicies PolicyType
-lpFilter = lens _lpFilter (\ s a -> s{_lpFilter = a});
+lpFilter = lens _lpFilter (\ s a -> s{_lpFilter = a})
 
 instance AWSPager ListPolicies where
         page rq rs
@@ -156,22 +156,22 @@
     -> ListPoliciesResponse
 listPoliciesResponse pResponseStatus_ =
   ListPoliciesResponse'
-  { _lprsNextToken = Nothing
-  , _lprsPolicies = Nothing
-  , _lprsResponseStatus = pResponseStatus_
-  }
+    { _lprsNextToken = Nothing
+    , _lprsPolicies = Nothing
+    , _lprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lprsNextToken :: Lens' ListPoliciesResponse (Maybe Text)
-lprsNextToken = lens _lprsNextToken (\ s a -> s{_lprsNextToken = a});
+lprsNextToken = lens _lprsNextToken (\ s a -> s{_lprsNextToken = a})
 
 -- | A list of policies that match the filter criteria in the request. The output list does not include the policy contents. To see the content for a policy, see 'DescribePolicy' .
 lprsPolicies :: Lens' ListPoliciesResponse [PolicySummary]
-lprsPolicies = lens _lprsPolicies (\ s a -> s{_lprsPolicies = a}) . _Default . _Coerce;
+lprsPolicies = lens _lprsPolicies (\ s a -> s{_lprsPolicies = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 lprsResponseStatus :: Lens' ListPoliciesResponse Int
-lprsResponseStatus = lens _lprsResponseStatus (\ s a -> s{_lprsResponseStatus = a});
+lprsResponseStatus = lens _lprsResponseStatus (\ s a -> s{_lprsResponseStatus = a})
 
 instance NFData ListPoliciesResponse where
diff --git a/gen/Network/AWS/Organizations/ListPoliciesForTarget.hs b/gen/Network/AWS/Organizations/ListPoliciesForTarget.hs
--- a/gen/Network/AWS/Organizations/ListPoliciesForTarget.hs
+++ b/gen/Network/AWS/Organizations/ListPoliciesForTarget.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListPoliciesForTarget
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -79,28 +79,28 @@
     -> ListPoliciesForTarget
 listPoliciesForTarget pTargetId_ pFilter_ =
   ListPoliciesForTarget'
-  { _lpftNextToken = Nothing
-  , _lpftMaxResults = Nothing
-  , _lpftTargetId = pTargetId_
-  , _lpftFilter = pFilter_
-  }
+    { _lpftNextToken = Nothing
+    , _lpftMaxResults = Nothing
+    , _lpftTargetId = pTargetId_
+    , _lpftFilter = pFilter_
+    }
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lpftNextToken :: Lens' ListPoliciesForTarget (Maybe Text)
-lpftNextToken = lens _lpftNextToken (\ s a -> s{_lpftNextToken = a});
+lpftNextToken = lens _lpftNextToken (\ s a -> s{_lpftNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lpftMaxResults :: Lens' ListPoliciesForTarget (Maybe Natural)
-lpftMaxResults = lens _lpftMaxResults (\ s a -> s{_lpftMaxResults = a}) . mapping _Nat;
+lpftMaxResults = lens _lpftMaxResults (\ s a -> s{_lpftMaxResults = a}) . mapping _Nat
 
 -- | The unique identifier (ID) of the root, organizational unit, or account whose policies you want to list. The <http://wikipedia.org/wiki/regex regex pattern> for a target ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Account: a string that consists of exactly 12 digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 lpftTargetId :: Lens' ListPoliciesForTarget Text
-lpftTargetId = lens _lpftTargetId (\ s a -> s{_lpftTargetId = a});
+lpftTargetId = lens _lpftTargetId (\ s a -> s{_lpftTargetId = a})
 
 -- | The type of policy that you want to include in the returned list.
 lpftFilter :: Lens' ListPoliciesForTarget PolicyType
-lpftFilter = lens _lpftFilter (\ s a -> s{_lpftFilter = a});
+lpftFilter = lens _lpftFilter (\ s a -> s{_lpftFilter = a})
 
 instance AWSPager ListPoliciesForTarget where
         page rq rs
@@ -171,22 +171,22 @@
     -> ListPoliciesForTargetResponse
 listPoliciesForTargetResponse pResponseStatus_ =
   ListPoliciesForTargetResponse'
-  { _lpftrsNextToken = Nothing
-  , _lpftrsPolicies = Nothing
-  , _lpftrsResponseStatus = pResponseStatus_
-  }
+    { _lpftrsNextToken = Nothing
+    , _lpftrsPolicies = Nothing
+    , _lpftrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lpftrsNextToken :: Lens' ListPoliciesForTargetResponse (Maybe Text)
-lpftrsNextToken = lens _lpftrsNextToken (\ s a -> s{_lpftrsNextToken = a});
+lpftrsNextToken = lens _lpftrsNextToken (\ s a -> s{_lpftrsNextToken = a})
 
 -- | The list of policies that match the criteria in the request.
 lpftrsPolicies :: Lens' ListPoliciesForTargetResponse [PolicySummary]
-lpftrsPolicies = lens _lpftrsPolicies (\ s a -> s{_lpftrsPolicies = a}) . _Default . _Coerce;
+lpftrsPolicies = lens _lpftrsPolicies (\ s a -> s{_lpftrsPolicies = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 lpftrsResponseStatus :: Lens' ListPoliciesForTargetResponse Int
-lpftrsResponseStatus = lens _lpftrsResponseStatus (\ s a -> s{_lpftrsResponseStatus = a});
+lpftrsResponseStatus = lens _lpftrsResponseStatus (\ s a -> s{_lpftrsResponseStatus = a})
 
 instance NFData ListPoliciesForTargetResponse where
diff --git a/gen/Network/AWS/Organizations/ListRoots.hs b/gen/Network/AWS/Organizations/ListRoots.hs
--- a/gen/Network/AWS/Organizations/ListRoots.hs
+++ b/gen/Network/AWS/Organizations/ListRoots.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListRoots
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -72,11 +72,11 @@
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 lrNextToken :: Lens' ListRoots (Maybe Text)
-lrNextToken = lens _lrNextToken (\ s a -> s{_lrNextToken = a});
+lrNextToken = lens _lrNextToken (\ s a -> s{_lrNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 lrMaxResults :: Lens' ListRoots (Maybe Natural)
-lrMaxResults = lens _lrMaxResults (\ s a -> s{_lrMaxResults = a}) . mapping _Nat;
+lrMaxResults = lens _lrMaxResults (\ s a -> s{_lrMaxResults = a}) . mapping _Nat
 
 instance AWSPager ListRoots where
         page rq rs
@@ -144,22 +144,22 @@
     -> ListRootsResponse
 listRootsResponse pResponseStatus_ =
   ListRootsResponse'
-  { _lrrsRoots = Nothing
-  , _lrrsNextToken = Nothing
-  , _lrrsResponseStatus = pResponseStatus_
-  }
+    { _lrrsRoots = Nothing
+    , _lrrsNextToken = Nothing
+    , _lrrsResponseStatus = pResponseStatus_
+    }
 
 
 -- | A list of roots that are defined in an organization.
 lrrsRoots :: Lens' ListRootsResponse [Root]
-lrrsRoots = lens _lrrsRoots (\ s a -> s{_lrrsRoots = a}) . _Default . _Coerce;
+lrrsRoots = lens _lrrsRoots (\ s a -> s{_lrrsRoots = a}) . _Default . _Coerce
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 lrrsNextToken :: Lens' ListRootsResponse (Maybe Text)
-lrrsNextToken = lens _lrrsNextToken (\ s a -> s{_lrrsNextToken = a});
+lrrsNextToken = lens _lrrsNextToken (\ s a -> s{_lrrsNextToken = a})
 
 -- | -- | The response status code.
 lrrsResponseStatus :: Lens' ListRootsResponse Int
-lrrsResponseStatus = lens _lrrsResponseStatus (\ s a -> s{_lrrsResponseStatus = a});
+lrrsResponseStatus = lens _lrrsResponseStatus (\ s a -> s{_lrrsResponseStatus = a})
 
 instance NFData ListRootsResponse where
diff --git a/gen/Network/AWS/Organizations/ListTargetsForPolicy.hs b/gen/Network/AWS/Organizations/ListTargetsForPolicy.hs
--- a/gen/Network/AWS/Organizations/ListTargetsForPolicy.hs
+++ b/gen/Network/AWS/Organizations/ListTargetsForPolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.ListTargetsForPolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -74,23 +74,23 @@
     -> ListTargetsForPolicy
 listTargetsForPolicy pPolicyId_ =
   ListTargetsForPolicy'
-  { _ltfpNextToken = Nothing
-  , _ltfpMaxResults = Nothing
-  , _ltfpPolicyId = pPolicyId_
-  }
+    { _ltfpNextToken = Nothing
+    , _ltfpMaxResults = Nothing
+    , _ltfpPolicyId = pPolicyId_
+    }
 
 
 -- | Use this parameter if you receive a @NextToken@ response in a previous request that indicates that there is more output available. Set it to the value of the previous call's @NextToken@ response to indicate where the output should continue from.
 ltfpNextToken :: Lens' ListTargetsForPolicy (Maybe Text)
-ltfpNextToken = lens _ltfpNextToken (\ s a -> s{_ltfpNextToken = a});
+ltfpNextToken = lens _ltfpNextToken (\ s a -> s{_ltfpNextToken = a})
 
 -- | (Optional) Use this to limit the number of results you want included in the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the @NextToken@ response element is present and has a value (is not null). Include that value as the @NextToken@ request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check @NextToken@ after every operation to ensure that you receive all of the results.
 ltfpMaxResults :: Lens' ListTargetsForPolicy (Maybe Natural)
-ltfpMaxResults = lens _ltfpMaxResults (\ s a -> s{_ltfpMaxResults = a}) . mapping _Nat;
+ltfpMaxResults = lens _ltfpMaxResults (\ s a -> s{_ltfpMaxResults = a}) . mapping _Nat
 
 -- | The unique identifier (ID) of the policy for which you want to know its attachments. The <http://wikipedia.org/wiki/regex regex pattern> for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
 ltfpPolicyId :: Lens' ListTargetsForPolicy Text
-ltfpPolicyId = lens _ltfpPolicyId (\ s a -> s{_ltfpPolicyId = a});
+ltfpPolicyId = lens _ltfpPolicyId (\ s a -> s{_ltfpPolicyId = a})
 
 instance AWSPager ListTargetsForPolicy where
         page rq rs
@@ -160,22 +160,22 @@
     -> ListTargetsForPolicyResponse
 listTargetsForPolicyResponse pResponseStatus_ =
   ListTargetsForPolicyResponse'
-  { _ltfprsNextToken = Nothing
-  , _ltfprsTargets = Nothing
-  , _ltfprsResponseStatus = pResponseStatus_
-  }
+    { _ltfprsNextToken = Nothing
+    , _ltfprsTargets = Nothing
+    , _ltfprsResponseStatus = pResponseStatus_
+    }
 
 
 -- | If present, this value indicates that there is more output available than is included in the current response. Use this value in the @NextToken@ request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the @NextToken@ response element comes back as @null@ .
 ltfprsNextToken :: Lens' ListTargetsForPolicyResponse (Maybe Text)
-ltfprsNextToken = lens _ltfprsNextToken (\ s a -> s{_ltfprsNextToken = a});
+ltfprsNextToken = lens _ltfprsNextToken (\ s a -> s{_ltfprsNextToken = a})
 
 -- | A list of structures, each of which contains details about one of the entities to which the specified policy is attached.
 ltfprsTargets :: Lens' ListTargetsForPolicyResponse [PolicyTargetSummary]
-ltfprsTargets = lens _ltfprsTargets (\ s a -> s{_ltfprsTargets = a}) . _Default . _Coerce;
+ltfprsTargets = lens _ltfprsTargets (\ s a -> s{_ltfprsTargets = a}) . _Default . _Coerce
 
 -- | -- | The response status code.
 ltfprsResponseStatus :: Lens' ListTargetsForPolicyResponse Int
-ltfprsResponseStatus = lens _ltfprsResponseStatus (\ s a -> s{_ltfprsResponseStatus = a});
+ltfprsResponseStatus = lens _ltfprsResponseStatus (\ s a -> s{_ltfprsResponseStatus = a})
 
 instance NFData ListTargetsForPolicyResponse where
diff --git a/gen/Network/AWS/Organizations/MoveAccount.hs b/gen/Network/AWS/Organizations/MoveAccount.hs
--- a/gen/Network/AWS/Organizations/MoveAccount.hs
+++ b/gen/Network/AWS/Organizations/MoveAccount.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.MoveAccount
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -69,23 +69,23 @@
     -> MoveAccount
 moveAccount pAccountId_ pSourceParentId_ pDestinationParentId_ =
   MoveAccount'
-  { _maAccountId = pAccountId_
-  , _maSourceParentId = pSourceParentId_
-  , _maDestinationParentId = pDestinationParentId_
-  }
+    { _maAccountId = pAccountId_
+    , _maSourceParentId = pSourceParentId_
+    , _maDestinationParentId = pDestinationParentId_
+    }
 
 
 -- | The unique identifier (ID) of the account that you want to move. The <http://wikipedia.org/wiki/regex regex pattern> for an account ID string requires exactly 12 digits.
 maAccountId :: Lens' MoveAccount Text
-maAccountId = lens _maAccountId (\ s a -> s{_maAccountId = a});
+maAccountId = lens _maAccountId (\ s a -> s{_maAccountId = a})
 
 -- | The unique identifier (ID) of the root or organizational unit that you want to move the account from. The <http://wikipedia.org/wiki/regex regex pattern> for a parent ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 maSourceParentId :: Lens' MoveAccount Text
-maSourceParentId = lens _maSourceParentId (\ s a -> s{_maSourceParentId = a});
+maSourceParentId = lens _maSourceParentId (\ s a -> s{_maSourceParentId = a})
 
 -- | The unique identifier (ID) of the root or organizational unit that you want to move the account to. The <http://wikipedia.org/wiki/regex regex pattern> for a parent ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 maDestinationParentId :: Lens' MoveAccount Text
-maDestinationParentId = lens _maDestinationParentId (\ s a -> s{_maDestinationParentId = a});
+maDestinationParentId = lens _maDestinationParentId (\ s a -> s{_maDestinationParentId = a})
 
 instance AWSRequest MoveAccount where
         type Rs MoveAccount = MoveAccountResponse
diff --git a/gen/Network/AWS/Organizations/RemoveAccountFromOrganization.hs b/gen/Network/AWS/Organizations/RemoveAccountFromOrganization.hs
--- a/gen/Network/AWS/Organizations/RemoveAccountFromOrganization.hs
+++ b/gen/Network/AWS/Organizations/RemoveAccountFromOrganization.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.RemoveAccountFromOrganization
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -71,7 +71,7 @@
 
 -- | The unique identifier (ID) of the member account that you want to remove from the organization. The <http://wikipedia.org/wiki/regex regex pattern> for an account ID string requires exactly 12 digits.
 rafoAccountId :: Lens' RemoveAccountFromOrganization Text
-rafoAccountId = lens _rafoAccountId (\ s a -> s{_rafoAccountId = a});
+rafoAccountId = lens _rafoAccountId (\ s a -> s{_rafoAccountId = a})
 
 instance AWSRequest RemoveAccountFromOrganization
          where
diff --git a/gen/Network/AWS/Organizations/Types.hs b/gen/Network/AWS/Organizations/Types.hs
--- a/gen/Network/AWS/Organizations/Types.hs
+++ b/gen/Network/AWS/Organizations/Types.hs
@@ -4,7 +4,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.Types
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -128,6 +128,12 @@
     , casId
     , casRequestedTimestamp
 
+    -- * EnabledServicePrincipal
+    , EnabledServicePrincipal
+    , enabledServicePrincipal
+    , espServicePrincipal
+    , espDateEnabled
+
     -- * Handshake
     , Handshake
     , handshake
@@ -232,24 +238,24 @@
 organizations :: Service
 organizations =
   Service
-  { _svcAbbrev = "Organizations"
-  , _svcSigner = v4
-  , _svcPrefix = "organizations"
-  , _svcVersion = "2016-11-28"
-  , _svcEndpoint = defaultEndpoint organizations
-  , _svcTimeout = Just 70
-  , _svcCheck = statusSuccess
-  , _svcError = parseJSONError "Organizations"
-  , _svcRetry = retry
-  }
+    { _svcAbbrev = "Organizations"
+    , _svcSigner = v4
+    , _svcPrefix = "organizations"
+    , _svcVersion = "2016-11-28"
+    , _svcEndpoint = defaultEndpoint organizations
+    , _svcTimeout = Just 70
+    , _svcCheck = statusSuccess
+    , _svcError = parseJSONError "Organizations"
+    , _svcRetry = retry
+    }
   where
     retry =
       Exponential
-      { _retryBase = 5.0e-2
-      , _retryGrowth = 2
-      , _retryAttempts = 5
-      , _retryCheck = check
-      }
+        { _retryBase = 5.0e-2
+        , _retryGrowth = 2
+        , _retryAttempts = 5
+        , _retryCheck = check
+        }
     check e
       | has (hasCode "ThrottledException" . hasStatus 400) e =
         Just "throttled_exception"
@@ -258,6 +264,8 @@
         Just "throttling_exception"
       | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"
       | has (hasStatus 504) e = Just "gateway_timeout"
+      | has (hasCode "RequestThrottledException" . hasStatus 400) e =
+        Just "request_throttled_exception"
       | has (hasStatus 502) e = Just "bad_gateway"
       | has (hasStatus 503) e = Just "service_unavailable"
       | has (hasStatus 500) e = Just "general_server_error"
@@ -357,7 +365,7 @@
   _MatchServiceError organizations "DuplicatePolicyException"
 
 
--- | Performing this operation violates a minimum or maximum value limit. For example, attempting to removing the last SCP from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit.
+-- | Performing this operation violates a minimum or maximum value limit. For example, attempting to removing the last SCP from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
 --
 --
 --
@@ -551,11 +559,9 @@
 -- | The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
 --
 --
---     * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
---
---     * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the organization.
+--     * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and cannot be modified.
 --
---     * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
+--     * INPUT_REQUIRED: You must include a value for all required parameters.
 --
 --     * INVALID_ENUM: You specified a value that is not valid for that parameter.
 --
@@ -563,25 +569,29 @@
 --
 --     * INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
 --
---     * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
---
---     * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
---
---     * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
---
---     * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
+--     * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
 --
---     * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and cannot be modified.
+--     * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
 --
 --     * INVALID_PATTERN: You provided a value that doesn't match the required pattern.
 --
 --     * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
 --
---     * INPUT_REQUIRED: You must include a value for all required parameters.
+--     * INVALID_ROLE_NAME: You provided a role name that is not valid. A role name can’t begin with the reserved prefix 'AWSServiceRoleFor'.
 --
---     * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
+--     * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid ARN for the organization.
 --
+--     * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
+--
 --     * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
+--
+--     * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
+--
+--     * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
+--
+--     * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
+--
+--     * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
 --
 --     * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
 --
diff --git a/gen/Network/AWS/Organizations/Types/Product.hs b/gen/Network/AWS/Organizations/Types/Product.hs
--- a/gen/Network/AWS/Organizations/Types/Product.hs
+++ b/gen/Network/AWS/Organizations/Types/Product.hs
@@ -9,7 +9,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.Types.Product
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -58,43 +58,43 @@
     :: Account
 account =
   Account'
-  { _aStatus = Nothing
-  , _aJoinedMethod = Nothing
-  , _aEmail = Nothing
-  , _aARN = Nothing
-  , _aJoinedTimestamp = Nothing
-  , _aName = Nothing
-  , _aId = Nothing
-  }
+    { _aStatus = Nothing
+    , _aJoinedMethod = Nothing
+    , _aEmail = Nothing
+    , _aARN = Nothing
+    , _aJoinedTimestamp = Nothing
+    , _aName = Nothing
+    , _aId = Nothing
+    }
 
 
 -- | The status of the account in the organization.
 aStatus :: Lens' Account (Maybe AccountStatus)
-aStatus = lens _aStatus (\ s a -> s{_aStatus = a});
+aStatus = lens _aStatus (\ s a -> s{_aStatus = a})
 
 -- | The method by which the account joined the organization.
 aJoinedMethod :: Lens' Account (Maybe AccountJoinedMethod)
-aJoinedMethod = lens _aJoinedMethod (\ s a -> s{_aJoinedMethod = a});
+aJoinedMethod = lens _aJoinedMethod (\ s a -> s{_aJoinedMethod = a})
 
 -- | The email address associated with the AWS account. The <http://wikipedia.org/wiki/regex regex pattern> for this parameter is a string of characters that represents a standard Internet email address.
 aEmail :: Lens' Account (Maybe Text)
-aEmail = lens _aEmail (\ s a -> s{_aEmail = a}) . mapping _Sensitive;
+aEmail = lens _aEmail (\ s a -> s{_aEmail = a}) . mapping _Sensitive
 
 -- | The Amazon Resource Name (ARN) of the account. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 aARN :: Lens' Account (Maybe Text)
-aARN = lens _aARN (\ s a -> s{_aARN = a});
+aARN = lens _aARN (\ s a -> s{_aARN = a})
 
 -- | The date the account became a part of the organization.
 aJoinedTimestamp :: Lens' Account (Maybe UTCTime)
-aJoinedTimestamp = lens _aJoinedTimestamp (\ s a -> s{_aJoinedTimestamp = a}) . mapping _Time;
+aJoinedTimestamp = lens _aJoinedTimestamp (\ s a -> s{_aJoinedTimestamp = a}) . mapping _Time
 
 -- | The friendly name of the account. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 aName :: Lens' Account (Maybe Text)
-aName = lens _aName (\ s a -> s{_aName = a}) . mapping _Sensitive;
+aName = lens _aName (\ s a -> s{_aName = a}) . mapping _Sensitive
 
 -- | The unique identifier (ID) of the account. The <http://wikipedia.org/wiki/regex regex pattern> for an account ID string requires exactly 12 digits.
 aId :: Lens' Account (Maybe Text)
-aId = lens _aId (\ s a -> s{_aId = a});
+aId = lens _aId (\ s a -> s{_aId = a})
 
 instance FromJSON Account where
         parseJSON
@@ -137,11 +137,11 @@
 
 -- | The unique identifier (ID) of this child entity. The <http://wikipedia.org/wiki/regex regex pattern> for a child ID string requires one of the following:     * Account: a string that consists of exactly 12 digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 cId :: Lens' Child (Maybe Text)
-cId = lens _cId (\ s a -> s{_cId = a});
+cId = lens _cId (\ s a -> s{_cId = a})
 
 -- | The type of this child entity.
 cType :: Lens' Child (Maybe ChildType)
-cType = lens _cType (\ s a -> s{_cType = a});
+cType = lens _cType (\ s a -> s{_cType = a})
 
 instance FromJSON Child where
         parseJSON
@@ -189,43 +189,43 @@
     :: CreateAccountStatus
 createAccountStatus =
   CreateAccountStatus'
-  { _casFailureReason = Nothing
-  , _casState = Nothing
-  , _casCompletedTimestamp = Nothing
-  , _casAccountName = Nothing
-  , _casAccountId = Nothing
-  , _casId = Nothing
-  , _casRequestedTimestamp = Nothing
-  }
+    { _casFailureReason = Nothing
+    , _casState = Nothing
+    , _casCompletedTimestamp = Nothing
+    , _casAccountName = Nothing
+    , _casAccountId = Nothing
+    , _casId = Nothing
+    , _casRequestedTimestamp = Nothing
+    }
 
 
 -- | If the request failed, a description of the reason for the failure.     * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you have reached the limit on the number of accounts in your organization.     * EMAIL_ALREADY_EXISTS: The account could not be created because another AWS account with that email address already exists.     * INVALID_ADDRESS: The account could not be created because the address you provided is not valid.     * INVALID_EMAIL: The account could not be created because the email address you provided is not valid.     * INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Customer Support.
 casFailureReason :: Lens' CreateAccountStatus (Maybe CreateAccountFailureReason)
-casFailureReason = lens _casFailureReason (\ s a -> s{_casFailureReason = a});
+casFailureReason = lens _casFailureReason (\ s a -> s{_casFailureReason = a})
 
 -- | The status of the request.
 casState :: Lens' CreateAccountStatus (Maybe CreateAccountState)
-casState = lens _casState (\ s a -> s{_casState = a});
+casState = lens _casState (\ s a -> s{_casState = a})
 
 -- | The date and time that the account was created and the request completed.
 casCompletedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
-casCompletedTimestamp = lens _casCompletedTimestamp (\ s a -> s{_casCompletedTimestamp = a}) . mapping _Time;
+casCompletedTimestamp = lens _casCompletedTimestamp (\ s a -> s{_casCompletedTimestamp = a}) . mapping _Time
 
 -- | The account name given to the account when it was created.
 casAccountName :: Lens' CreateAccountStatus (Maybe Text)
-casAccountName = lens _casAccountName (\ s a -> s{_casAccountName = a}) . mapping _Sensitive;
+casAccountName = lens _casAccountName (\ s a -> s{_casAccountName = a}) . mapping _Sensitive
 
 -- | If the account was created successfully, the unique identifier (ID) of the new account. The <http://wikipedia.org/wiki/regex regex pattern> for an account ID string requires exactly 12 digits.
 casAccountId :: Lens' CreateAccountStatus (Maybe Text)
-casAccountId = lens _casAccountId (\ s a -> s{_casAccountId = a});
+casAccountId = lens _casAccountId (\ s a -> s{_casAccountId = a})
 
 -- | The unique identifier (ID) that references this request. You get this value from the response of the initial 'CreateAccount' request to create the account. The <http://wikipedia.org/wiki/regex regex pattern> for an create account request ID string requires "car-" followed by from 8 to 32 lower-case letters or digits.
 casId :: Lens' CreateAccountStatus (Maybe Text)
-casId = lens _casId (\ s a -> s{_casId = a});
+casId = lens _casId (\ s a -> s{_casId = a})
 
 -- | The date and time that the request was made for the account creation.
 casRequestedTimestamp :: Lens' CreateAccountStatus (Maybe UTCTime)
-casRequestedTimestamp = lens _casRequestedTimestamp (\ s a -> s{_casRequestedTimestamp = a}) . mapping _Time;
+casRequestedTimestamp = lens _casRequestedTimestamp (\ s a -> s{_casRequestedTimestamp = a}) . mapping _Time
 
 instance FromJSON CreateAccountStatus where
         parseJSON
@@ -243,6 +243,50 @@
 
 instance NFData CreateAccountStatus where
 
+-- | A structure that contains details of a service principal that is enabled to integrate with AWS Organizations.
+--
+--
+--
+-- /See:/ 'enabledServicePrincipal' smart constructor.
+data EnabledServicePrincipal = EnabledServicePrincipal'
+  { _espServicePrincipal :: !(Maybe Text)
+  , _espDateEnabled      :: !(Maybe POSIX)
+  } deriving (Eq, Read, Show, Data, Typeable, Generic)
+
+
+-- | Creates a value of 'EnabledServicePrincipal' with the minimum fields required to make a request.
+--
+-- Use one of the following lenses to modify other fields as desired:
+--
+-- * 'espServicePrincipal' - The name of the service principal. This is typically in the form of a URL, such as: @/servicename/ .amazonaws.com@ .
+--
+-- * 'espDateEnabled' - The date that the service principal was enabled for integration with AWS Organizations.
+enabledServicePrincipal
+    :: EnabledServicePrincipal
+enabledServicePrincipal =
+  EnabledServicePrincipal'
+    {_espServicePrincipal = Nothing, _espDateEnabled = Nothing}
+
+
+-- | The name of the service principal. This is typically in the form of a URL, such as: @/servicename/ .amazonaws.com@ .
+espServicePrincipal :: Lens' EnabledServicePrincipal (Maybe Text)
+espServicePrincipal = lens _espServicePrincipal (\ s a -> s{_espServicePrincipal = a})
+
+-- | The date that the service principal was enabled for integration with AWS Organizations.
+espDateEnabled :: Lens' EnabledServicePrincipal (Maybe UTCTime)
+espDateEnabled = lens _espDateEnabled (\ s a -> s{_espDateEnabled = a}) . mapping _Time
+
+instance FromJSON EnabledServicePrincipal where
+        parseJSON
+          = withObject "EnabledServicePrincipal"
+              (\ x ->
+                 EnabledServicePrincipal' <$>
+                   (x .:? "ServicePrincipal") <*> (x .:? "DateEnabled"))
+
+instance Hashable EnabledServicePrincipal where
+
+instance NFData EnabledServicePrincipal where
+
 -- | Contains information that must be exchanged to securely establish a relationship between two accounts (an /originator/ and a /recipient/ ). For example, when a master account (the originator) invites another account (the recipient) to join its organization, the two accounts exchange information as a series of handshake requests and responses.
 --
 --
@@ -285,48 +329,48 @@
     :: Handshake
 handshake =
   Handshake'
-  { _hState = Nothing
-  , _hARN = Nothing
-  , _hAction = Nothing
-  , _hResources = Nothing
-  , _hId = Nothing
-  , _hExpirationTimestamp = Nothing
-  , _hParties = Nothing
-  , _hRequestedTimestamp = Nothing
-  }
+    { _hState = Nothing
+    , _hARN = Nothing
+    , _hAction = Nothing
+    , _hResources = Nothing
+    , _hId = Nothing
+    , _hExpirationTimestamp = Nothing
+    , _hParties = Nothing
+    , _hRequestedTimestamp = Nothing
+    }
 
 
 -- | The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows:     * __REQUESTED__ : This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond.     * __OPEN__ : This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action.     * __CANCELED__ : This handshake is no longer active because it was canceled by the originating account.     * __ACCEPTED__ : This handshake is complete because it has been accepted by the recipient.     * __DECLINED__ : This handshake is no longer active because it was declined by the recipient account.     * __EXPIRED__ : This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
 hState :: Lens' Handshake (Maybe HandshakeState)
-hState = lens _hState (\ s a -> s{_hState = a});
+hState = lens _hState (\ s a -> s{_hState = a})
 
 -- | The Amazon Resource Name (ARN) of a handshake. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 hARN :: Lens' Handshake (Maybe Text)
-hARN = lens _hARN (\ s a -> s{_hARN = a});
+hARN = lens _hARN (\ s a -> s{_hARN = a})
 
 -- | The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported:     * __INVITE__ : This type of handshake represents a request to join an organization. It is always sent from the master account to only non-member accounts.     * __ENABLE_ALL_FEATURES__ : This type of handshake represents a request to enable all features in an organization. It is always sent from the master account to only /invited/ member accounts. Created accounts do not receive this because those accounts were created by the organization's master account and approval is inferred.     * __APPROVE_ALL_FEATURES__ : This type of handshake is sent from the Organizations service when all member accounts have approved the @ENABLE_ALL_FEATURES@ invitation. It is sent only to the master account and signals the master that it can finalize the process to enable all features.
 hAction :: Lens' Handshake (Maybe ActionType)
-hAction = lens _hAction (\ s a -> s{_hAction = a});
+hAction = lens _hAction (\ s a -> s{_hAction = a})
 
 -- | Additional information that is needed to process the handshake.
 hResources :: Lens' Handshake [HandshakeResource]
-hResources = lens _hResources (\ s a -> s{_hResources = a}) . _Default . _Coerce;
+hResources = lens _hResources (\ s a -> s{_hResources = a}) . _Default . _Coerce
 
 -- | The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake. The <http://wikipedia.org/wiki/regex regex pattern> for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
 hId :: Lens' Handshake (Maybe Text)
-hId = lens _hId (\ s a -> s{_hId = a});
+hId = lens _hId (\ s a -> s{_hId = a})
 
 -- | The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
 hExpirationTimestamp :: Lens' Handshake (Maybe UTCTime)
-hExpirationTimestamp = lens _hExpirationTimestamp (\ s a -> s{_hExpirationTimestamp = a}) . mapping _Time;
+hExpirationTimestamp = lens _hExpirationTimestamp (\ s a -> s{_hExpirationTimestamp = a}) . mapping _Time
 
 -- | Information about the two accounts that are participating in the handshake.
 hParties :: Lens' Handshake [HandshakeParty]
-hParties = lens _hParties (\ s a -> s{_hParties = a}) . _Default . _Coerce;
+hParties = lens _hParties (\ s a -> s{_hParties = a}) . _Default . _Coerce
 
 -- | The date and time that the handshake request was made.
 hRequestedTimestamp :: Lens' Handshake (Maybe UTCTime)
-hRequestedTimestamp = lens _hRequestedTimestamp (\ s a -> s{_hRequestedTimestamp = a}) . mapping _Time;
+hRequestedTimestamp = lens _hRequestedTimestamp (\ s a -> s{_hRequestedTimestamp = a}) . mapping _Time
 
 instance FromJSON Handshake where
         parseJSON
@@ -371,11 +415,11 @@
 
 -- | Specifies the parent handshake. Only used for handshake types that are a child of another type. If you specify @ParentHandshakeId@ , you cannot also specify @ActionType@ . The <http://wikipedia.org/wiki/regex regex pattern> for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
 hfParentHandshakeId :: Lens' HandshakeFilter (Maybe Text)
-hfParentHandshakeId = lens _hfParentHandshakeId (\ s a -> s{_hfParentHandshakeId = a});
+hfParentHandshakeId = lens _hfParentHandshakeId (\ s a -> s{_hfParentHandshakeId = a})
 
 -- | Specifies the type of handshake action. If you specify @ActionType@ , you cannot also specify @ParentHandshakeId@ .
 hfActionType :: Lens' HandshakeFilter (Maybe ActionType)
-hfActionType = lens _hfActionType (\ s a -> s{_hfActionType = a});
+hfActionType = lens _hfActionType (\ s a -> s{_hfActionType = a})
 
 instance Hashable HandshakeFilter where
 
@@ -416,11 +460,11 @@
 
 -- | The unique identifier (ID) for the party. The <http://wikipedia.org/wiki/regex regex pattern> for handshake ID string requires "h-" followed by from 8 to 32 lower-case letters or digits.
 hpId :: Lens' HandshakeParty Text
-hpId = lens _hpId (\ s a -> s{_hpId = a}) . _Sensitive;
+hpId = lens _hpId (\ s a -> s{_hpId = a}) . _Sensitive
 
 -- | The type of party.
 hpType :: Lens' HandshakeParty HandshakePartyType
-hpType = lens _hpType (\ s a -> s{_hpType = a});
+hpType = lens _hpType (\ s a -> s{_hpType = a})
 
 instance FromJSON HandshakeParty where
         parseJSON
@@ -463,20 +507,20 @@
     :: HandshakeResource
 handshakeResource =
   HandshakeResource'
-  {_hrValue = Nothing, _hrResources = Nothing, _hrType = Nothing}
+    {_hrValue = Nothing, _hrResources = Nothing, _hrType = Nothing}
 
 
 -- | The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
 hrValue :: Lens' HandshakeResource (Maybe Text)
-hrValue = lens _hrValue (\ s a -> s{_hrValue = a}) . mapping _Sensitive;
+hrValue = lens _hrValue (\ s a -> s{_hrValue = a}) . mapping _Sensitive
 
 -- | When needed, contains an additional array of @HandshakeResource@ objects.
 hrResources :: Lens' HandshakeResource [HandshakeResource]
-hrResources = lens _hrResources (\ s a -> s{_hrResources = a}) . _Default . _Coerce;
+hrResources = lens _hrResources (\ s a -> s{_hrResources = a}) . _Default . _Coerce
 
 -- | The type of information being passed, specifying how the value is to be interpreted by the other party:     * @ACCOUNT@ - Specifies an AWS account ID number.     * @ORGANIZATION@ - Specifies an organization ID number.     * @EMAIL@ - Specifies the email address that is associated with the account that receives the handshake.      * @OWNER_EMAIL@ - Specifies the email address associated with the master account. Included as information about an organization.      * @OWNER_NAME@ - Specifies the name associated with the master account. Included as information about an organization.      * @NOTES@ - Additional text provided by the handshake initiator and intended for the recipient to read.
 hrType :: Lens' HandshakeResource (Maybe HandshakeResourceType)
-hrType = lens _hrType (\ s a -> s{_hrType = a});
+hrType = lens _hrType (\ s a -> s{_hrType = a})
 
 instance FromJSON HandshakeResource where
         parseJSON
@@ -527,43 +571,43 @@
     :: Organization
 organization =
   Organization'
-  { _oARN = Nothing
-  , _oMasterAccountId = Nothing
-  , _oMasterAccountARN = Nothing
-  , _oMasterAccountEmail = Nothing
-  , _oAvailablePolicyTypes = Nothing
-  , _oId = Nothing
-  , _oFeatureSet = Nothing
-  }
+    { _oARN = Nothing
+    , _oMasterAccountId = Nothing
+    , _oMasterAccountARN = Nothing
+    , _oMasterAccountEmail = Nothing
+    , _oAvailablePolicyTypes = Nothing
+    , _oId = Nothing
+    , _oFeatureSet = Nothing
+    }
 
 
 -- | The Amazon Resource Name (ARN) of an organization. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 oARN :: Lens' Organization (Maybe Text)
-oARN = lens _oARN (\ s a -> s{_oARN = a});
+oARN = lens _oARN (\ s a -> s{_oARN = a})
 
 -- | The unique identifier (ID) of the master account of an organization. The <http://wikipedia.org/wiki/regex regex pattern> for an account ID string requires exactly 12 digits.
 oMasterAccountId :: Lens' Organization (Maybe Text)
-oMasterAccountId = lens _oMasterAccountId (\ s a -> s{_oMasterAccountId = a});
+oMasterAccountId = lens _oMasterAccountId (\ s a -> s{_oMasterAccountId = a})
 
 -- | The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 oMasterAccountARN :: Lens' Organization (Maybe Text)
-oMasterAccountARN = lens _oMasterAccountARN (\ s a -> s{_oMasterAccountARN = a});
+oMasterAccountARN = lens _oMasterAccountARN (\ s a -> s{_oMasterAccountARN = a})
 
 -- | The email address that is associated with the AWS account that is designated as the master account for the organization.
 oMasterAccountEmail :: Lens' Organization (Maybe Text)
-oMasterAccountEmail = lens _oMasterAccountEmail (\ s a -> s{_oMasterAccountEmail = a}) . mapping _Sensitive;
+oMasterAccountEmail = lens _oMasterAccountEmail (\ s a -> s{_oMasterAccountEmail = a}) . mapping _Sensitive
 
 -- | A list of policy types that are enabled for this organization. For example, if your organization has all features enabled, then service control policies (SCPs) are included in the list.
 oAvailablePolicyTypes :: Lens' Organization [PolicyTypeSummary]
-oAvailablePolicyTypes = lens _oAvailablePolicyTypes (\ s a -> s{_oAvailablePolicyTypes = a}) . _Default . _Coerce;
+oAvailablePolicyTypes = lens _oAvailablePolicyTypes (\ s a -> s{_oAvailablePolicyTypes = a}) . _Default . _Coerce
 
 -- | The unique identifier (ID) of an organization. The <http://wikipedia.org/wiki/regex regex pattern> for an organization ID string requires "o-" followed by from 10 to 32 lower-case letters or digits.
 oId :: Lens' Organization (Maybe Text)
-oId = lens _oId (\ s a -> s{_oId = a});
+oId = lens _oId (\ s a -> s{_oId = a})
 
 -- | Specifies the functionality that currently is available to the organization. If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/orgs_manage_org_support-all-features.html Enabling All Features in Your Organization> in the /AWS Organizations User Guide/ .
 oFeatureSet :: Lens' Organization (Maybe OrganizationFeatureSet)
-oFeatureSet = lens _oFeatureSet (\ s a -> s{_oFeatureSet = a});
+oFeatureSet = lens _oFeatureSet (\ s a -> s{_oFeatureSet = a})
 
 instance FromJSON Organization where
         parseJSON
@@ -610,15 +654,15 @@
 
 -- | The Amazon Resource Name (ARN) of this OU. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 ouARN :: Lens' OrganizationalUnit (Maybe Text)
-ouARN = lens _ouARN (\ s a -> s{_ouARN = a});
+ouARN = lens _ouARN (\ s a -> s{_ouARN = a})
 
 -- | The friendly name of this OU. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 ouName :: Lens' OrganizationalUnit (Maybe Text)
-ouName = lens _ouName (\ s a -> s{_ouName = a});
+ouName = lens _ouName (\ s a -> s{_ouName = a})
 
 -- | The unique identifier (ID) associated with this OU. The <http://wikipedia.org/wiki/regex regex pattern> for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 ouId :: Lens' OrganizationalUnit (Maybe Text)
-ouId = lens _ouId (\ s a -> s{_ouId = a});
+ouId = lens _ouId (\ s a -> s{_ouId = a})
 
 instance FromJSON OrganizationalUnit where
         parseJSON
@@ -656,11 +700,11 @@
 
 -- | The unique identifier (ID) of the parent entity. The <http://wikipedia.org/wiki/regex regex pattern> for a parent ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 pId :: Lens' Parent (Maybe Text)
-pId = lens _pId (\ s a -> s{_pId = a});
+pId = lens _pId (\ s a -> s{_pId = a})
 
 -- | The type of the parent entity.
 pType :: Lens' Parent (Maybe ParentType)
-pType = lens _pType (\ s a -> s{_pType = a});
+pType = lens _pType (\ s a -> s{_pType = a})
 
 instance FromJSON Parent where
         parseJSON
@@ -696,11 +740,11 @@
 
 -- | The text content of the policy.
 pContent :: Lens' Policy (Maybe Text)
-pContent = lens _pContent (\ s a -> s{_pContent = a});
+pContent = lens _pContent (\ s a -> s{_pContent = a})
 
 -- | A structure that contains additional details about the policy.
 pPolicySummary :: Lens' Policy (Maybe PolicySummary)
-pPolicySummary = lens _pPolicySummary (\ s a -> s{_pPolicySummary = a});
+pPolicySummary = lens _pPolicySummary (\ s a -> s{_pPolicySummary = a})
 
 instance FromJSON Policy where
         parseJSON
@@ -747,38 +791,38 @@
     :: PolicySummary
 policySummary =
   PolicySummary'
-  { _psARN = Nothing
-  , _psName = Nothing
-  , _psId = Nothing
-  , _psAWSManaged = Nothing
-  , _psType = Nothing
-  , _psDescription = Nothing
-  }
+    { _psARN = Nothing
+    , _psName = Nothing
+    , _psId = Nothing
+    , _psAWSManaged = Nothing
+    , _psType = Nothing
+    , _psDescription = Nothing
+    }
 
 
 -- | The Amazon Resource Name (ARN) of the policy. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 psARN :: Lens' PolicySummary (Maybe Text)
-psARN = lens _psARN (\ s a -> s{_psARN = a});
+psARN = lens _psARN (\ s a -> s{_psARN = a})
 
 -- | The friendly name of the policy. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 psName :: Lens' PolicySummary (Maybe Text)
-psName = lens _psName (\ s a -> s{_psName = a});
+psName = lens _psName (\ s a -> s{_psName = a})
 
 -- | The unique identifier (ID) of the policy. The <http://wikipedia.org/wiki/regex regex pattern> for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
 psId :: Lens' PolicySummary (Maybe Text)
-psId = lens _psId (\ s a -> s{_psId = a});
+psId = lens _psId (\ s a -> s{_psId = a})
 
 -- | A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
 psAWSManaged :: Lens' PolicySummary (Maybe Bool)
-psAWSManaged = lens _psAWSManaged (\ s a -> s{_psAWSManaged = a});
+psAWSManaged = lens _psAWSManaged (\ s a -> s{_psAWSManaged = a})
 
 -- | The type of policy.
 psType :: Lens' PolicySummary (Maybe PolicyType)
-psType = lens _psType (\ s a -> s{_psType = a});
+psType = lens _psType (\ s a -> s{_psType = a})
 
 -- | The description of the policy.
 psDescription :: Lens' PolicySummary (Maybe Text)
-psDescription = lens _psDescription (\ s a -> s{_psDescription = a});
+psDescription = lens _psDescription (\ s a -> s{_psDescription = a})
 
 instance FromJSON PolicySummary where
         parseJSON
@@ -822,28 +866,28 @@
     :: PolicyTargetSummary
 policyTargetSummary =
   PolicyTargetSummary'
-  { _polTargetId = Nothing
-  , _polARN = Nothing
-  , _polName = Nothing
-  , _polType = Nothing
-  }
+    { _polTargetId = Nothing
+    , _polARN = Nothing
+    , _polName = Nothing
+    , _polType = Nothing
+    }
 
 
 -- | The unique identifier (ID) of the policy target. The <http://wikipedia.org/wiki/regex regex pattern> for a target ID string requires one of the following:     * Root: a string that begins with "r-" followed by from 4 to 32 lower-case letters or digits.     * Account: a string that consists of exactly 12 digits.     * Organizational unit (OU): a string that begins with "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that the OU is in) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 polTargetId :: Lens' PolicyTargetSummary (Maybe Text)
-polTargetId = lens _polTargetId (\ s a -> s{_polTargetId = a});
+polTargetId = lens _polTargetId (\ s a -> s{_polTargetId = a})
 
 -- | The Amazon Resource Name (ARN) of the policy target. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 polARN :: Lens' PolicyTargetSummary (Maybe Text)
-polARN = lens _polARN (\ s a -> s{_polARN = a});
+polARN = lens _polARN (\ s a -> s{_polARN = a})
 
 -- | The friendly name of the policy target. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 polName :: Lens' PolicyTargetSummary (Maybe Text)
-polName = lens _polName (\ s a -> s{_polName = a});
+polName = lens _polName (\ s a -> s{_polName = a})
 
 -- | The type of the policy target.
 polType :: Lens' PolicyTargetSummary (Maybe TargetType)
-polType = lens _polType (\ s a -> s{_polType = a});
+polType = lens _polType (\ s a -> s{_polType = a})
 
 instance FromJSON PolicyTargetSummary where
         parseJSON
@@ -884,11 +928,11 @@
 
 -- | The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.
 ptsStatus :: Lens' PolicyTypeSummary (Maybe PolicyTypeStatus)
-ptsStatus = lens _ptsStatus (\ s a -> s{_ptsStatus = a});
+ptsStatus = lens _ptsStatus (\ s a -> s{_ptsStatus = a})
 
 -- | The name of the policy type.
 ptsType :: Lens' PolicyTypeSummary (Maybe PolicyType)
-ptsType = lens _ptsType (\ s a -> s{_ptsType = a});
+ptsType = lens _ptsType (\ s a -> s{_ptsType = a})
 
 instance FromJSON PolicyTypeSummary where
         parseJSON
@@ -929,24 +973,24 @@
     :: Root
 root =
   Root'
-  {_rARN = Nothing, _rName = Nothing, _rId = Nothing, _rPolicyTypes = Nothing}
+    {_rARN = Nothing, _rName = Nothing, _rId = Nothing, _rPolicyTypes = Nothing}
 
 
 -- | The Amazon Resource Name (ARN) of the root. For more information about ARNs in Organizations, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns ARN Formats Supported by Organizations> in the /AWS Organizations User Guide/ .
 rARN :: Lens' Root (Maybe Text)
-rARN = lens _rARN (\ s a -> s{_rARN = a});
+rARN = lens _rARN (\ s a -> s{_rARN = a})
 
 -- | The friendly name of the root. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 rName :: Lens' Root (Maybe Text)
-rName = lens _rName (\ s a -> s{_rName = a});
+rName = lens _rName (\ s a -> s{_rName = a})
 
 -- | The unique identifier (ID) for the root. The <http://wikipedia.org/wiki/regex regex pattern> for a root ID string requires "r-" followed by from 4 to 32 lower-case letters or digits.
 rId :: Lens' Root (Maybe Text)
-rId = lens _rId (\ s a -> s{_rId = a});
+rId = lens _rId (\ s a -> s{_rId = a})
 
 -- | The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.
 rPolicyTypes :: Lens' Root [PolicyTypeSummary]
-rPolicyTypes = lens _rPolicyTypes (\ s a -> s{_rPolicyTypes = a}) . _Default . _Coerce;
+rPolicyTypes = lens _rPolicyTypes (\ s a -> s{_rPolicyTypes = a}) . _Default . _Coerce
 
 instance FromJSON Root where
         parseJSON
diff --git a/gen/Network/AWS/Organizations/Types/Sum.hs b/gen/Network/AWS/Organizations/Types/Sum.hs
--- a/gen/Network/AWS/Organizations/Types/Sum.hs
+++ b/gen/Network/AWS/Organizations/Types/Sum.hs
@@ -9,7 +9,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.Types.Sum
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/gen/Network/AWS/Organizations/UpdateOrganizationalUnit.hs b/gen/Network/AWS/Organizations/UpdateOrganizationalUnit.hs
--- a/gen/Network/AWS/Organizations/UpdateOrganizationalUnit.hs
+++ b/gen/Network/AWS/Organizations/UpdateOrganizationalUnit.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.UpdateOrganizationalUnit
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -66,16 +66,16 @@
     -> UpdateOrganizationalUnit
 updateOrganizationalUnit pOrganizationalUnitId_ =
   UpdateOrganizationalUnit'
-  {_uouName = Nothing, _uouOrganizationalUnitId = pOrganizationalUnitId_}
+    {_uouName = Nothing, _uouOrganizationalUnitId = pOrganizationalUnitId_}
 
 
 -- | The new name that you want to assign to the OU. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 uouName :: Lens' UpdateOrganizationalUnit (Maybe Text)
-uouName = lens _uouName (\ s a -> s{_uouName = a});
+uouName = lens _uouName (\ s a -> s{_uouName = a})
 
 -- | The unique identifier (ID) of the OU that you want to rename. You can get the ID from the 'ListOrganizationalUnitsForParent' operation. The <http://wikipedia.org/wiki/regex regex pattern> for an organizational unit ID string requires "ou-" followed by from 4 to 32 lower-case letters or digits (the ID of the root that contains the OU) followed by a second "-" dash and from 8 to 32 additional lower-case letters or digits.
 uouOrganizationalUnitId :: Lens' UpdateOrganizationalUnit Text
-uouOrganizationalUnitId = lens _uouOrganizationalUnitId (\ s a -> s{_uouOrganizationalUnitId = a});
+uouOrganizationalUnitId = lens _uouOrganizationalUnitId (\ s a -> s{_uouOrganizationalUnitId = a})
 
 instance AWSRequest UpdateOrganizationalUnit where
         type Rs UpdateOrganizationalUnit =
@@ -135,16 +135,18 @@
     -> UpdateOrganizationalUnitResponse
 updateOrganizationalUnitResponse pResponseStatus_ =
   UpdateOrganizationalUnitResponse'
-  {_uoursOrganizationalUnit = Nothing, _uoursResponseStatus = pResponseStatus_}
+    { _uoursOrganizationalUnit = Nothing
+    , _uoursResponseStatus = pResponseStatus_
+    }
 
 
 -- | A structure that contains the details about the specified OU, including its new name.
 uoursOrganizationalUnit :: Lens' UpdateOrganizationalUnitResponse (Maybe OrganizationalUnit)
-uoursOrganizationalUnit = lens _uoursOrganizationalUnit (\ s a -> s{_uoursOrganizationalUnit = a});
+uoursOrganizationalUnit = lens _uoursOrganizationalUnit (\ s a -> s{_uoursOrganizationalUnit = a})
 
 -- | -- | The response status code.
 uoursResponseStatus :: Lens' UpdateOrganizationalUnitResponse Int
-uoursResponseStatus = lens _uoursResponseStatus (\ s a -> s{_uoursResponseStatus = a});
+uoursResponseStatus = lens _uoursResponseStatus (\ s a -> s{_uoursResponseStatus = a})
 
 instance NFData UpdateOrganizationalUnitResponse
          where
diff --git a/gen/Network/AWS/Organizations/UpdatePolicy.hs b/gen/Network/AWS/Organizations/UpdatePolicy.hs
--- a/gen/Network/AWS/Organizations/UpdatePolicy.hs
+++ b/gen/Network/AWS/Organizations/UpdatePolicy.hs
@@ -12,7 +12,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.UpdatePolicy
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -74,28 +74,28 @@
     -> UpdatePolicy
 updatePolicy pPolicyId_ =
   UpdatePolicy'
-  { _upContent = Nothing
-  , _upName = Nothing
-  , _upDescription = Nothing
-  , _upPolicyId = pPolicyId_
-  }
+    { _upContent = Nothing
+    , _upName = Nothing
+    , _upDescription = Nothing
+    , _upPolicyId = pPolicyId_
+    }
 
 
 -- | If provided, the new content for the policy. The text must be correctly formatted JSON that complies with the syntax for the policy's type. For more information, see <http://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html Service Control Policy Syntax> in the /AWS Organizations User Guide/ .
 upContent :: Lens' UpdatePolicy (Maybe Text)
-upContent = lens _upContent (\ s a -> s{_upContent = a});
+upContent = lens _upContent (\ s a -> s{_upContent = a})
 
 -- | If provided, the new name for the policy. The <http://wikipedia.org/wiki/regex regex pattern> that is used to validate this parameter is a string of any of the characters in the ASCII character range.
 upName :: Lens' UpdatePolicy (Maybe Text)
-upName = lens _upName (\ s a -> s{_upName = a});
+upName = lens _upName (\ s a -> s{_upName = a})
 
 -- | If provided, the new description for the policy.
 upDescription :: Lens' UpdatePolicy (Maybe Text)
-upDescription = lens _upDescription (\ s a -> s{_upDescription = a});
+upDescription = lens _upDescription (\ s a -> s{_upDescription = a})
 
 -- | The unique identifier (ID) of the policy that you want to update. The <http://wikipedia.org/wiki/regex regex pattern> for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
 upPolicyId :: Lens' UpdatePolicy Text
-upPolicyId = lens _upPolicyId (\ s a -> s{_upPolicyId = a});
+upPolicyId = lens _upPolicyId (\ s a -> s{_upPolicyId = a})
 
 instance AWSRequest UpdatePolicy where
         type Rs UpdatePolicy = UpdatePolicyResponse
@@ -154,15 +154,15 @@
     -> UpdatePolicyResponse
 updatePolicyResponse pResponseStatus_ =
   UpdatePolicyResponse'
-  {_uprsPolicy = Nothing, _uprsResponseStatus = pResponseStatus_}
+    {_uprsPolicy = Nothing, _uprsResponseStatus = pResponseStatus_}
 
 
 -- | A structure that contains details about the updated policy, showing the requested changes.
 uprsPolicy :: Lens' UpdatePolicyResponse (Maybe Policy)
-uprsPolicy = lens _uprsPolicy (\ s a -> s{_uprsPolicy = a});
+uprsPolicy = lens _uprsPolicy (\ s a -> s{_uprsPolicy = a})
 
 -- | -- | The response status code.
 uprsResponseStatus :: Lens' UpdatePolicyResponse Int
-uprsResponseStatus = lens _uprsResponseStatus (\ s a -> s{_uprsResponseStatus = a});
+uprsResponseStatus = lens _uprsResponseStatus (\ s a -> s{_uprsResponseStatus = a})
 
 instance NFData UpdatePolicyResponse where
diff --git a/gen/Network/AWS/Organizations/Waiters.hs b/gen/Network/AWS/Organizations/Waiters.hs
--- a/gen/Network/AWS/Organizations/Waiters.hs
+++ b/gen/Network/AWS/Organizations/Waiters.hs
@@ -7,7 +7,7 @@
 
 -- |
 -- Module      : Network.AWS.Organizations.Waiters
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/test/Main.hs b/test/Main.hs
--- a/test/Main.hs
+++ b/test/Main.hs
@@ -2,7 +2,7 @@
 
 -- |
 -- Module      : Main
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
diff --git a/test/Test/AWS/Gen/Organizations.hs b/test/Test/AWS/Gen/Organizations.hs
--- a/test/Test/AWS/Gen/Organizations.hs
+++ b/test/Test/AWS/Gen/Organizations.hs
@@ -5,7 +5,7 @@
 
 -- |
 -- Module      : Test.AWS.Gen.Organizations
--- Copyright   : (c) 2013-2017 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
 -- Stability   : auto-generated
@@ -61,6 +61,9 @@
 --         , requestDescribePolicy $
 --             describePolicy
 --
+--         , requestDisableAWSServiceAccess $
+--             disableAWSServiceAccess
+--
 --         , requestLeaveOrganization $
 --             leaveOrganization
 --
@@ -73,6 +76,9 @@
 --         , requestInviteAccountToOrganization $
 --             inviteAccountToOrganization
 --
+--         , requestListAWSServiceAccessForOrganization $
+--             listAWSServiceAccessForOrganization
+--
 --         , requestListOrganizationalUnitsForParent $
 --             listOrganizationalUnitsForParent
 --
@@ -109,6 +115,9 @@
 --         , requestRemoveAccountFromOrganization $
 --             removeAccountFromOrganization
 --
+--         , requestEnableAWSServiceAccess $
+--             enableAWSServiceAccess
+--
 --         , requestDescribeOrganizationalUnit $
 --             describeOrganizationalUnit
 --
@@ -181,6 +190,9 @@
 --         , responseDescribePolicy $
 --             describePolicyResponse
 --
+--         , responseDisableAWSServiceAccess $
+--             disableAWSServiceAccessResponse
+--
 --         , responseLeaveOrganization $
 --             leaveOrganizationResponse
 --
@@ -193,6 +205,9 @@
 --         , responseInviteAccountToOrganization $
 --             inviteAccountToOrganizationResponse
 --
+--         , responseListAWSServiceAccessForOrganization $
+--             listAWSServiceAccessForOrganizationResponse
+--
 --         , responseListOrganizationalUnitsForParent $
 --             listOrganizationalUnitsForParentResponse
 --
@@ -229,6 +244,9 @@
 --         , responseRemoveAccountFromOrganization $
 --             removeAccountFromOrganizationResponse
 --
+--         , responseEnableAWSServiceAccess $
+--             enableAWSServiceAccessResponse
+--
 --         , responseDescribeOrganizationalUnit $
 --             describeOrganizationalUnitResponse
 --
@@ -325,6 +343,11 @@
     "DescribePolicy"
     "fixture/DescribePolicy.yaml"
 
+requestDisableAWSServiceAccess :: DisableAWSServiceAccess -> TestTree
+requestDisableAWSServiceAccess = req
+    "DisableAWSServiceAccess"
+    "fixture/DisableAWSServiceAccess.yaml"
+
 requestLeaveOrganization :: LeaveOrganization -> TestTree
 requestLeaveOrganization = req
     "LeaveOrganization"
@@ -345,6 +368,11 @@
     "InviteAccountToOrganization"
     "fixture/InviteAccountToOrganization.yaml"
 
+requestListAWSServiceAccessForOrganization :: ListAWSServiceAccessForOrganization -> TestTree
+requestListAWSServiceAccessForOrganization = req
+    "ListAWSServiceAccessForOrganization"
+    "fixture/ListAWSServiceAccessForOrganization.yaml"
+
 requestListOrganizationalUnitsForParent :: ListOrganizationalUnitsForParent -> TestTree
 requestListOrganizationalUnitsForParent = req
     "ListOrganizationalUnitsForParent"
@@ -405,6 +433,11 @@
     "RemoveAccountFromOrganization"
     "fixture/RemoveAccountFromOrganization.yaml"
 
+requestEnableAWSServiceAccess :: EnableAWSServiceAccess -> TestTree
+requestEnableAWSServiceAccess = req
+    "EnableAWSServiceAccess"
+    "fixture/EnableAWSServiceAccess.yaml"
+
 requestDescribeOrganizationalUnit :: DescribeOrganizationalUnit -> TestTree
 requestDescribeOrganizationalUnit = req
     "DescribeOrganizationalUnit"
@@ -544,6 +577,13 @@
     organizations
     (Proxy :: Proxy DescribePolicy)
 
+responseDisableAWSServiceAccess :: DisableAWSServiceAccessResponse -> TestTree
+responseDisableAWSServiceAccess = res
+    "DisableAWSServiceAccessResponse"
+    "fixture/DisableAWSServiceAccessResponse.proto"
+    organizations
+    (Proxy :: Proxy DisableAWSServiceAccess)
+
 responseLeaveOrganization :: LeaveOrganizationResponse -> TestTree
 responseLeaveOrganization = res
     "LeaveOrganizationResponse"
@@ -572,6 +612,13 @@
     organizations
     (Proxy :: Proxy InviteAccountToOrganization)
 
+responseListAWSServiceAccessForOrganization :: ListAWSServiceAccessForOrganizationResponse -> TestTree
+responseListAWSServiceAccessForOrganization = res
+    "ListAWSServiceAccessForOrganizationResponse"
+    "fixture/ListAWSServiceAccessForOrganizationResponse.proto"
+    organizations
+    (Proxy :: Proxy ListAWSServiceAccessForOrganization)
+
 responseListOrganizationalUnitsForParent :: ListOrganizationalUnitsForParentResponse -> TestTree
 responseListOrganizationalUnitsForParent = res
     "ListOrganizationalUnitsForParentResponse"
@@ -655,6 +702,13 @@
     "fixture/RemoveAccountFromOrganizationResponse.proto"
     organizations
     (Proxy :: Proxy RemoveAccountFromOrganization)
+
+responseEnableAWSServiceAccess :: EnableAWSServiceAccessResponse -> TestTree
+responseEnableAWSServiceAccess = res
+    "EnableAWSServiceAccessResponse"
+    "fixture/EnableAWSServiceAccessResponse.proto"
+    organizations
+    (Proxy :: Proxy EnableAWSServiceAccess)
 
 responseDescribeOrganizationalUnit :: DescribeOrganizationalUnitResponse -> TestTree
 responseDescribeOrganizationalUnit = res
diff --git a/test/Test/AWS/Organizations.hs b/test/Test/AWS/Organizations.hs
--- a/test/Test/AWS/Organizations.hs
+++ b/test/Test/AWS/Organizations.hs
@@ -1,6 +1,6 @@
 -- |
 -- Module      : Test.AWS.Organizations
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
 -- Stability   : auto-generated
diff --git a/test/Test/AWS/Organizations/Internal.hs b/test/Test/AWS/Organizations/Internal.hs
--- a/test/Test/AWS/Organizations/Internal.hs
+++ b/test/Test/AWS/Organizations/Internal.hs
@@ -1,6 +1,6 @@
 -- |
 -- Module      : Test.AWS.Organizations.Internal
--- Copyright   : (c) 2013-2016 Brendan Hay
+-- Copyright   : (c) 2013-2018 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
 -- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
 -- Stability   : auto-generated
