diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon IAM Roles Anywhere SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2018-05-10@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-rolesanywhere)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.RolesAnywhere](http://hackage.haskell.org/package/amazonka-rolesanywhere/docs/Amazonka-RolesAnywhere.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-rolesanywhere` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-rolesanywhere.cabal b/amazonka-rolesanywhere.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-rolesanywhere.cabal
@@ -0,0 +1,127 @@
+cabal-version:      2.2
+name:               amazonka-rolesanywhere
+version:            2.0
+synopsis:           Amazon IAM Roles Anywhere SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2018-05-10@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.RolesAnywhere.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.RolesAnywhere" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-rolesanywhere
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.RolesAnywhere
+    Amazonka.RolesAnywhere.CreateProfile
+    Amazonka.RolesAnywhere.CreateTrustAnchor
+    Amazonka.RolesAnywhere.DeleteCrl
+    Amazonka.RolesAnywhere.DeleteProfile
+    Amazonka.RolesAnywhere.DeleteTrustAnchor
+    Amazonka.RolesAnywhere.DisableCrl
+    Amazonka.RolesAnywhere.DisableProfile
+    Amazonka.RolesAnywhere.DisableTrustAnchor
+    Amazonka.RolesAnywhere.EnableCrl
+    Amazonka.RolesAnywhere.EnableProfile
+    Amazonka.RolesAnywhere.EnableTrustAnchor
+    Amazonka.RolesAnywhere.GetCrl
+    Amazonka.RolesAnywhere.GetProfile
+    Amazonka.RolesAnywhere.GetSubject
+    Amazonka.RolesAnywhere.GetTrustAnchor
+    Amazonka.RolesAnywhere.ImportCrl
+    Amazonka.RolesAnywhere.Lens
+    Amazonka.RolesAnywhere.ListCrls
+    Amazonka.RolesAnywhere.ListProfiles
+    Amazonka.RolesAnywhere.ListSubjects
+    Amazonka.RolesAnywhere.ListTagsForResource
+    Amazonka.RolesAnywhere.ListTrustAnchors
+    Amazonka.RolesAnywhere.TagResource
+    Amazonka.RolesAnywhere.Types
+    Amazonka.RolesAnywhere.Types.CredentialSummary
+    Amazonka.RolesAnywhere.Types.CrlDetail
+    Amazonka.RolesAnywhere.Types.CrlDetailResponse
+    Amazonka.RolesAnywhere.Types.InstanceProperty
+    Amazonka.RolesAnywhere.Types.ListRequest
+    Amazonka.RolesAnywhere.Types.ProfileDetail
+    Amazonka.RolesAnywhere.Types.ProfileDetailResponse
+    Amazonka.RolesAnywhere.Types.ScalarCrlRequest
+    Amazonka.RolesAnywhere.Types.ScalarProfileRequest
+    Amazonka.RolesAnywhere.Types.ScalarTrustAnchorRequest
+    Amazonka.RolesAnywhere.Types.Source
+    Amazonka.RolesAnywhere.Types.SourceData
+    Amazonka.RolesAnywhere.Types.SubjectDetail
+    Amazonka.RolesAnywhere.Types.SubjectSummary
+    Amazonka.RolesAnywhere.Types.Tag
+    Amazonka.RolesAnywhere.Types.TrustAnchorDetail
+    Amazonka.RolesAnywhere.Types.TrustAnchorDetailResponse
+    Amazonka.RolesAnywhere.Types.TrustAnchorType
+    Amazonka.RolesAnywhere.UntagResource
+    Amazonka.RolesAnywhere.UpdateCrl
+    Amazonka.RolesAnywhere.UpdateProfile
+    Amazonka.RolesAnywhere.UpdateTrustAnchor
+    Amazonka.RolesAnywhere.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-rolesanywhere-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.RolesAnywhere
+    Test.Amazonka.RolesAnywhere
+    Test.Amazonka.RolesAnywhere.Internal
+
+  build-depends:
+    , amazonka-core           >=2.0 && <2.1
+    , amazonka-rolesanywhere
+    , amazonka-test           >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/CreateProfile.yaml b/fixture/CreateProfile.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateProfile.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateProfileResponse.proto b/fixture/CreateProfileResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateProfileResponse.proto
diff --git a/fixture/CreateTrustAnchor.yaml b/fixture/CreateTrustAnchor.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateTrustAnchor.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateTrustAnchorResponse.proto b/fixture/CreateTrustAnchorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateTrustAnchorResponse.proto
diff --git a/fixture/DeleteCrl.yaml b/fixture/DeleteCrl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteCrl.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteCrlResponse.proto b/fixture/DeleteCrlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteCrlResponse.proto
diff --git a/fixture/DeleteProfile.yaml b/fixture/DeleteProfile.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteProfile.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteProfileResponse.proto b/fixture/DeleteProfileResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteProfileResponse.proto
diff --git a/fixture/DeleteTrustAnchor.yaml b/fixture/DeleteTrustAnchor.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteTrustAnchor.yaml
@@ -0,0 +1,10 @@
+---
+method: DELETE
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteTrustAnchorResponse.proto b/fixture/DeleteTrustAnchorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteTrustAnchorResponse.proto
diff --git a/fixture/DisableCrl.yaml b/fixture/DisableCrl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableCrl.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableCrlResponse.proto b/fixture/DisableCrlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableCrlResponse.proto
diff --git a/fixture/DisableProfile.yaml b/fixture/DisableProfile.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableProfile.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableProfileResponse.proto b/fixture/DisableProfileResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableProfileResponse.proto
diff --git a/fixture/DisableTrustAnchor.yaml b/fixture/DisableTrustAnchor.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableTrustAnchor.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableTrustAnchorResponse.proto b/fixture/DisableTrustAnchorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableTrustAnchorResponse.proto
diff --git a/fixture/EnableCrl.yaml b/fixture/EnableCrl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableCrl.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableCrlResponse.proto b/fixture/EnableCrlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableCrlResponse.proto
diff --git a/fixture/EnableProfile.yaml b/fixture/EnableProfile.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableProfile.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableProfileResponse.proto b/fixture/EnableProfileResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableProfileResponse.proto
diff --git a/fixture/EnableTrustAnchor.yaml b/fixture/EnableTrustAnchor.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableTrustAnchor.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableTrustAnchorResponse.proto b/fixture/EnableTrustAnchorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableTrustAnchorResponse.proto
diff --git a/fixture/GetCrl.yaml b/fixture/GetCrl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetCrl.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetCrlResponse.proto b/fixture/GetCrlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetCrlResponse.proto
diff --git a/fixture/GetProfile.yaml b/fixture/GetProfile.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetProfile.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetProfileResponse.proto b/fixture/GetProfileResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetProfileResponse.proto
diff --git a/fixture/GetSubject.yaml b/fixture/GetSubject.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetSubject.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetSubjectResponse.proto b/fixture/GetSubjectResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetSubjectResponse.proto
diff --git a/fixture/GetTrustAnchor.yaml b/fixture/GetTrustAnchor.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetTrustAnchor.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetTrustAnchorResponse.proto b/fixture/GetTrustAnchorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetTrustAnchorResponse.proto
diff --git a/fixture/ImportCrl.yaml b/fixture/ImportCrl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ImportCrl.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ImportCrlResponse.proto b/fixture/ImportCrlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ImportCrlResponse.proto
diff --git a/fixture/ListCrls.yaml b/fixture/ListCrls.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListCrls.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListCrlsResponse.proto b/fixture/ListCrlsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListCrlsResponse.proto
diff --git a/fixture/ListProfiles.yaml b/fixture/ListProfiles.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListProfiles.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListProfilesResponse.proto b/fixture/ListProfilesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListProfilesResponse.proto
diff --git a/fixture/ListSubjects.yaml b/fixture/ListSubjects.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListSubjects.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListSubjectsResponse.proto b/fixture/ListSubjectsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListSubjectsResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/ListTrustAnchors.yaml b/fixture/ListTrustAnchors.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTrustAnchors.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTrustAnchorsResponse.proto b/fixture/ListTrustAnchorsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTrustAnchorsResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateCrl.yaml b/fixture/UpdateCrl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateCrl.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateCrlResponse.proto b/fixture/UpdateCrlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateCrlResponse.proto
diff --git a/fixture/UpdateProfile.yaml b/fixture/UpdateProfile.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateProfile.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateProfileResponse.proto b/fixture/UpdateProfileResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateProfileResponse.proto
diff --git a/fixture/UpdateTrustAnchor.yaml b/fixture/UpdateTrustAnchor.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateTrustAnchor.yaml
@@ -0,0 +1,10 @@
+---
+method: PATCH
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/rolesanywhere/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  rolesanywhere.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateTrustAnchorResponse.proto b/fixture/UpdateTrustAnchorResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateTrustAnchorResponse.proto
diff --git a/gen/Amazonka/RolesAnywhere.hs b/gen/Amazonka/RolesAnywhere.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere.hs
@@ -0,0 +1,345 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.RolesAnywhere
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2018-05-10@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- AWS Identity and Access Management Roles Anywhere provides a secure way
+-- for your workloads such as servers, containers, and applications running
+-- outside of AWS to obtain Temporary AWS credentials. Your workloads can
+-- use the same IAM policies and roles that you have configured with native
+-- AWS applications to access AWS resources. Using IAM Roles Anywhere will
+-- eliminate the need to manage long term credentials for workloads running
+-- outside of AWS.
+--
+-- To use IAM Roles Anywhere customer workloads will need to use X.509
+-- certificates issued by their Certificate Authority (CA) . The
+-- Certificate Authority (CA) needs to be registered with IAM Roles
+-- Anywhere as a trust anchor to establish trust between customer PKI and
+-- IAM Roles Anywhere. Customers who do not manage their own PKI system can
+-- use AWS Certificate Manager Private Certificate Authority (ACM PCA) to
+-- create a Certificate Authority and use that to establish trust with IAM
+-- Roles Anywhere
+--
+-- This guide describes the IAM rolesanywhere operations that you can call
+-- programmatically. For general information about IAM Roles Anywhere see
+-- <https://docs.aws.amazon.com/>
+module Amazonka.RolesAnywhere
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- ** TooManyTagsException
+    _TooManyTagsException,
+
+    -- ** ValidationException
+    _ValidationException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** CreateProfile
+    CreateProfile (CreateProfile'),
+    newCreateProfile,
+    ProfileDetailResponse (ProfileDetailResponse'),
+    newProfileDetailResponse,
+
+    -- ** CreateTrustAnchor
+    CreateTrustAnchor (CreateTrustAnchor'),
+    newCreateTrustAnchor,
+    TrustAnchorDetailResponse (TrustAnchorDetailResponse'),
+    newTrustAnchorDetailResponse,
+
+    -- ** DeleteCrl
+    DeleteCrl (DeleteCrl'),
+    newDeleteCrl,
+    CrlDetailResponse (CrlDetailResponse'),
+    newCrlDetailResponse,
+
+    -- ** DeleteProfile
+    DeleteProfile (DeleteProfile'),
+    newDeleteProfile,
+    ProfileDetailResponse (ProfileDetailResponse'),
+    newProfileDetailResponse,
+
+    -- ** DeleteTrustAnchor
+    DeleteTrustAnchor (DeleteTrustAnchor'),
+    newDeleteTrustAnchor,
+    TrustAnchorDetailResponse (TrustAnchorDetailResponse'),
+    newTrustAnchorDetailResponse,
+
+    -- ** DisableCrl
+    DisableCrl (DisableCrl'),
+    newDisableCrl,
+    CrlDetailResponse (CrlDetailResponse'),
+    newCrlDetailResponse,
+
+    -- ** DisableProfile
+    DisableProfile (DisableProfile'),
+    newDisableProfile,
+    ProfileDetailResponse (ProfileDetailResponse'),
+    newProfileDetailResponse,
+
+    -- ** DisableTrustAnchor
+    DisableTrustAnchor (DisableTrustAnchor'),
+    newDisableTrustAnchor,
+    TrustAnchorDetailResponse (TrustAnchorDetailResponse'),
+    newTrustAnchorDetailResponse,
+
+    -- ** EnableCrl
+    EnableCrl (EnableCrl'),
+    newEnableCrl,
+    CrlDetailResponse (CrlDetailResponse'),
+    newCrlDetailResponse,
+
+    -- ** EnableProfile
+    EnableProfile (EnableProfile'),
+    newEnableProfile,
+    ProfileDetailResponse (ProfileDetailResponse'),
+    newProfileDetailResponse,
+
+    -- ** EnableTrustAnchor
+    EnableTrustAnchor (EnableTrustAnchor'),
+    newEnableTrustAnchor,
+    TrustAnchorDetailResponse (TrustAnchorDetailResponse'),
+    newTrustAnchorDetailResponse,
+
+    -- ** GetCrl
+    GetCrl (GetCrl'),
+    newGetCrl,
+    CrlDetailResponse (CrlDetailResponse'),
+    newCrlDetailResponse,
+
+    -- ** GetProfile
+    GetProfile (GetProfile'),
+    newGetProfile,
+    ProfileDetailResponse (ProfileDetailResponse'),
+    newProfileDetailResponse,
+
+    -- ** GetSubject
+    GetSubject (GetSubject'),
+    newGetSubject,
+    GetSubjectResponse (GetSubjectResponse'),
+    newGetSubjectResponse,
+
+    -- ** GetTrustAnchor
+    GetTrustAnchor (GetTrustAnchor'),
+    newGetTrustAnchor,
+    TrustAnchorDetailResponse (TrustAnchorDetailResponse'),
+    newTrustAnchorDetailResponse,
+
+    -- ** ImportCrl
+    ImportCrl (ImportCrl'),
+    newImportCrl,
+    CrlDetailResponse (CrlDetailResponse'),
+    newCrlDetailResponse,
+
+    -- ** ListCrls (Paginated)
+    ListCrls (ListCrls'),
+    newListCrls,
+    ListCrlsResponse (ListCrlsResponse'),
+    newListCrlsResponse,
+
+    -- ** ListProfiles (Paginated)
+    ListProfiles (ListProfiles'),
+    newListProfiles,
+    ListProfilesResponse (ListProfilesResponse'),
+    newListProfilesResponse,
+
+    -- ** ListSubjects (Paginated)
+    ListSubjects (ListSubjects'),
+    newListSubjects,
+    ListSubjectsResponse (ListSubjectsResponse'),
+    newListSubjectsResponse,
+
+    -- ** ListTagsForResource
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** ListTrustAnchors (Paginated)
+    ListTrustAnchors (ListTrustAnchors'),
+    newListTrustAnchors,
+    ListTrustAnchorsResponse (ListTrustAnchorsResponse'),
+    newListTrustAnchorsResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateCrl
+    UpdateCrl (UpdateCrl'),
+    newUpdateCrl,
+    CrlDetailResponse (CrlDetailResponse'),
+    newCrlDetailResponse,
+
+    -- ** UpdateProfile
+    UpdateProfile (UpdateProfile'),
+    newUpdateProfile,
+    ProfileDetailResponse (ProfileDetailResponse'),
+    newProfileDetailResponse,
+
+    -- ** UpdateTrustAnchor
+    UpdateTrustAnchor (UpdateTrustAnchor'),
+    newUpdateTrustAnchor,
+    TrustAnchorDetailResponse (TrustAnchorDetailResponse'),
+    newTrustAnchorDetailResponse,
+
+    -- * Types
+
+    -- ** TrustAnchorType
+    TrustAnchorType (..),
+
+    -- ** CredentialSummary
+    CredentialSummary (CredentialSummary'),
+    newCredentialSummary,
+
+    -- ** CrlDetail
+    CrlDetail (CrlDetail'),
+    newCrlDetail,
+
+    -- ** CrlDetailResponse
+    CrlDetailResponse (CrlDetailResponse'),
+    newCrlDetailResponse,
+
+    -- ** InstanceProperty
+    InstanceProperty (InstanceProperty'),
+    newInstanceProperty,
+
+    -- ** ListRequest
+    ListRequest (ListRequest'),
+    newListRequest,
+
+    -- ** ProfileDetail
+    ProfileDetail (ProfileDetail'),
+    newProfileDetail,
+
+    -- ** ProfileDetailResponse
+    ProfileDetailResponse (ProfileDetailResponse'),
+    newProfileDetailResponse,
+
+    -- ** ScalarCrlRequest
+    ScalarCrlRequest (ScalarCrlRequest'),
+    newScalarCrlRequest,
+
+    -- ** ScalarProfileRequest
+    ScalarProfileRequest (ScalarProfileRequest'),
+    newScalarProfileRequest,
+
+    -- ** ScalarTrustAnchorRequest
+    ScalarTrustAnchorRequest (ScalarTrustAnchorRequest'),
+    newScalarTrustAnchorRequest,
+
+    -- ** Source
+    Source (Source'),
+    newSource,
+
+    -- ** SourceData
+    SourceData (SourceData'),
+    newSourceData,
+
+    -- ** SubjectDetail
+    SubjectDetail (SubjectDetail'),
+    newSubjectDetail,
+
+    -- ** SubjectSummary
+    SubjectSummary (SubjectSummary'),
+    newSubjectSummary,
+
+    -- ** Tag
+    Tag (Tag'),
+    newTag,
+
+    -- ** TrustAnchorDetail
+    TrustAnchorDetail (TrustAnchorDetail'),
+    newTrustAnchorDetail,
+
+    -- ** TrustAnchorDetailResponse
+    TrustAnchorDetailResponse (TrustAnchorDetailResponse'),
+    newTrustAnchorDetailResponse,
+  )
+where
+
+import Amazonka.RolesAnywhere.CreateProfile
+import Amazonka.RolesAnywhere.CreateTrustAnchor
+import Amazonka.RolesAnywhere.DeleteCrl
+import Amazonka.RolesAnywhere.DeleteProfile
+import Amazonka.RolesAnywhere.DeleteTrustAnchor
+import Amazonka.RolesAnywhere.DisableCrl
+import Amazonka.RolesAnywhere.DisableProfile
+import Amazonka.RolesAnywhere.DisableTrustAnchor
+import Amazonka.RolesAnywhere.EnableCrl
+import Amazonka.RolesAnywhere.EnableProfile
+import Amazonka.RolesAnywhere.EnableTrustAnchor
+import Amazonka.RolesAnywhere.GetCrl
+import Amazonka.RolesAnywhere.GetProfile
+import Amazonka.RolesAnywhere.GetSubject
+import Amazonka.RolesAnywhere.GetTrustAnchor
+import Amazonka.RolesAnywhere.ImportCrl
+import Amazonka.RolesAnywhere.Lens
+import Amazonka.RolesAnywhere.ListCrls
+import Amazonka.RolesAnywhere.ListProfiles
+import Amazonka.RolesAnywhere.ListSubjects
+import Amazonka.RolesAnywhere.ListTagsForResource
+import Amazonka.RolesAnywhere.ListTrustAnchors
+import Amazonka.RolesAnywhere.TagResource
+import Amazonka.RolesAnywhere.Types
+import Amazonka.RolesAnywhere.UntagResource
+import Amazonka.RolesAnywhere.UpdateCrl
+import Amazonka.RolesAnywhere.UpdateProfile
+import Amazonka.RolesAnywhere.UpdateTrustAnchor
+import Amazonka.RolesAnywhere.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'RolesAnywhere'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/RolesAnywhere/CreateProfile.hs b/gen/Amazonka/RolesAnywhere/CreateProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/CreateProfile.hs
@@ -0,0 +1,237 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.CreateProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a profile. A profile is configuration resource to list the roles
+-- that RolesAnywhere service is trusted to assume. In addition, by
+-- applying a profile you can intersect permissions with IAM managed
+-- policies.
+--
+-- __Required permissions:__ @rolesanywhere:CreateProfile@.
+module Amazonka.RolesAnywhere.CreateProfile
+  ( -- * Creating a Request
+    CreateProfile (..),
+    newCreateProfile,
+
+    -- * Request Lenses
+    createProfile_durationSeconds,
+    createProfile_enabled,
+    createProfile_managedPolicyArns,
+    createProfile_requireInstanceProperties,
+    createProfile_sessionPolicy,
+    createProfile_tags,
+    createProfile_name,
+    createProfile_roleArns,
+
+    -- * Destructuring the Response
+    ProfileDetailResponse (..),
+    newProfileDetailResponse,
+
+    -- * Response Lenses
+    profileDetailResponse_profile,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newCreateProfile' smart constructor.
+data CreateProfile = CreateProfile'
+  { -- | The number of seconds the vended session credentials are valid for.
+    durationSeconds :: Prelude.Maybe Prelude.Natural,
+    -- | Specifies whether the profile is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | A list of managed policy ARNs that apply to the vended session
+    -- credentials.
+    managedPolicyArns :: Prelude.Maybe [Prelude.Text],
+    -- | Specifies whether instance properties are required in
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- requests with this profile.
+    requireInstanceProperties :: Prelude.Maybe Prelude.Bool,
+    -- | A session policy that applies to the trust boundary of the vended
+    -- session credentials.
+    sessionPolicy :: Prelude.Maybe Prelude.Text,
+    -- | The tags to attach to the profile.
+    tags :: Prelude.Maybe [Tag],
+    -- | The name of the profile.
+    name :: Prelude.Text,
+    -- | A list of IAM roles that this profile can assume in a
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation.
+    roleArns :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'durationSeconds', 'createProfile_durationSeconds' - The number of seconds the vended session credentials are valid for.
+--
+-- 'enabled', 'createProfile_enabled' - Specifies whether the profile is enabled.
+--
+-- 'managedPolicyArns', 'createProfile_managedPolicyArns' - A list of managed policy ARNs that apply to the vended session
+-- credentials.
+--
+-- 'requireInstanceProperties', 'createProfile_requireInstanceProperties' - Specifies whether instance properties are required in
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- requests with this profile.
+--
+-- 'sessionPolicy', 'createProfile_sessionPolicy' - A session policy that applies to the trust boundary of the vended
+-- session credentials.
+--
+-- 'tags', 'createProfile_tags' - The tags to attach to the profile.
+--
+-- 'name', 'createProfile_name' - The name of the profile.
+--
+-- 'roleArns', 'createProfile_roleArns' - A list of IAM roles that this profile can assume in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+newCreateProfile ::
+  -- | 'name'
+  Prelude.Text ->
+  CreateProfile
+newCreateProfile pName_ =
+  CreateProfile'
+    { durationSeconds = Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      managedPolicyArns = Prelude.Nothing,
+      requireInstanceProperties = Prelude.Nothing,
+      sessionPolicy = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      name = pName_,
+      roleArns = Prelude.mempty
+    }
+
+-- | The number of seconds the vended session credentials are valid for.
+createProfile_durationSeconds :: Lens.Lens' CreateProfile (Prelude.Maybe Prelude.Natural)
+createProfile_durationSeconds = Lens.lens (\CreateProfile' {durationSeconds} -> durationSeconds) (\s@CreateProfile' {} a -> s {durationSeconds = a} :: CreateProfile)
+
+-- | Specifies whether the profile is enabled.
+createProfile_enabled :: Lens.Lens' CreateProfile (Prelude.Maybe Prelude.Bool)
+createProfile_enabled = Lens.lens (\CreateProfile' {enabled} -> enabled) (\s@CreateProfile' {} a -> s {enabled = a} :: CreateProfile)
+
+-- | A list of managed policy ARNs that apply to the vended session
+-- credentials.
+createProfile_managedPolicyArns :: Lens.Lens' CreateProfile (Prelude.Maybe [Prelude.Text])
+createProfile_managedPolicyArns = Lens.lens (\CreateProfile' {managedPolicyArns} -> managedPolicyArns) (\s@CreateProfile' {} a -> s {managedPolicyArns = a} :: CreateProfile) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies whether instance properties are required in
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- requests with this profile.
+createProfile_requireInstanceProperties :: Lens.Lens' CreateProfile (Prelude.Maybe Prelude.Bool)
+createProfile_requireInstanceProperties = Lens.lens (\CreateProfile' {requireInstanceProperties} -> requireInstanceProperties) (\s@CreateProfile' {} a -> s {requireInstanceProperties = a} :: CreateProfile)
+
+-- | A session policy that applies to the trust boundary of the vended
+-- session credentials.
+createProfile_sessionPolicy :: Lens.Lens' CreateProfile (Prelude.Maybe Prelude.Text)
+createProfile_sessionPolicy = Lens.lens (\CreateProfile' {sessionPolicy} -> sessionPolicy) (\s@CreateProfile' {} a -> s {sessionPolicy = a} :: CreateProfile)
+
+-- | The tags to attach to the profile.
+createProfile_tags :: Lens.Lens' CreateProfile (Prelude.Maybe [Tag])
+createProfile_tags = Lens.lens (\CreateProfile' {tags} -> tags) (\s@CreateProfile' {} a -> s {tags = a} :: CreateProfile) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the profile.
+createProfile_name :: Lens.Lens' CreateProfile Prelude.Text
+createProfile_name = Lens.lens (\CreateProfile' {name} -> name) (\s@CreateProfile' {} a -> s {name = a} :: CreateProfile)
+
+-- | A list of IAM roles that this profile can assume in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+createProfile_roleArns :: Lens.Lens' CreateProfile [Prelude.Text]
+createProfile_roleArns = Lens.lens (\CreateProfile' {roleArns} -> roleArns) (\s@CreateProfile' {} a -> s {roleArns = a} :: CreateProfile) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateProfile where
+  type
+    AWSResponse CreateProfile =
+      ProfileDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable CreateProfile where
+  hashWithSalt _salt CreateProfile' {..} =
+    _salt
+      `Prelude.hashWithSalt` durationSeconds
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` managedPolicyArns
+      `Prelude.hashWithSalt` requireInstanceProperties
+      `Prelude.hashWithSalt` sessionPolicy
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` roleArns
+
+instance Prelude.NFData CreateProfile where
+  rnf CreateProfile' {..} =
+    Prelude.rnf durationSeconds
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf managedPolicyArns
+      `Prelude.seq` Prelude.rnf requireInstanceProperties
+      `Prelude.seq` Prelude.rnf sessionPolicy
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf roleArns
+
+instance Data.ToHeaders CreateProfile where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateProfile where
+  toJSON CreateProfile' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("durationSeconds" Data..=)
+              Prelude.<$> durationSeconds,
+            ("enabled" Data..=) Prelude.<$> enabled,
+            ("managedPolicyArns" Data..=)
+              Prelude.<$> managedPolicyArns,
+            ("requireInstanceProperties" Data..=)
+              Prelude.<$> requireInstanceProperties,
+            ("sessionPolicy" Data..=) Prelude.<$> sessionPolicy,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("name" Data..= name),
+            Prelude.Just ("roleArns" Data..= roleArns)
+          ]
+      )
+
+instance Data.ToPath CreateProfile where
+  toPath = Prelude.const "/profiles"
+
+instance Data.ToQuery CreateProfile where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/CreateTrustAnchor.hs b/gen/Amazonka/RolesAnywhere/CreateTrustAnchor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/CreateTrustAnchor.hs
@@ -0,0 +1,170 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.CreateTrustAnchor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a trust anchor. You establish trust between IAM Roles Anywhere
+-- and your certificate authority (CA) by configuring a trust anchor. A
+-- Trust Anchor is defined either as a reference to a AWS Certificate
+-- Manager Private Certificate Authority (ACM PCA), or by uploading a
+-- Certificate Authority (CA) certificate. Your AWS workloads can
+-- authenticate with the trust anchor using certificates issued by the
+-- trusted Certificate Authority (CA) in exchange for temporary AWS
+-- credentials.
+--
+-- __Required permissions:__ @rolesanywhere:CreateTrustAnchor@.
+module Amazonka.RolesAnywhere.CreateTrustAnchor
+  ( -- * Creating a Request
+    CreateTrustAnchor (..),
+    newCreateTrustAnchor,
+
+    -- * Request Lenses
+    createTrustAnchor_enabled,
+    createTrustAnchor_tags,
+    createTrustAnchor_name,
+    createTrustAnchor_source,
+
+    -- * Destructuring the Response
+    TrustAnchorDetailResponse (..),
+    newTrustAnchorDetailResponse,
+
+    -- * Response Lenses
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newCreateTrustAnchor' smart constructor.
+data CreateTrustAnchor = CreateTrustAnchor'
+  { -- | Specifies whether the trust anchor is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The tags to attach to the trust anchor.
+    tags :: Prelude.Maybe [Tag],
+    -- | The name of the trust anchor.
+    name :: Prelude.Text,
+    -- | The trust anchor type and its related certificate data.
+    source :: Source
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateTrustAnchor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'createTrustAnchor_enabled' - Specifies whether the trust anchor is enabled.
+--
+-- 'tags', 'createTrustAnchor_tags' - The tags to attach to the trust anchor.
+--
+-- 'name', 'createTrustAnchor_name' - The name of the trust anchor.
+--
+-- 'source', 'createTrustAnchor_source' - The trust anchor type and its related certificate data.
+newCreateTrustAnchor ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'source'
+  Source ->
+  CreateTrustAnchor
+newCreateTrustAnchor pName_ pSource_ =
+  CreateTrustAnchor'
+    { enabled = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      name = pName_,
+      source = pSource_
+    }
+
+-- | Specifies whether the trust anchor is enabled.
+createTrustAnchor_enabled :: Lens.Lens' CreateTrustAnchor (Prelude.Maybe Prelude.Bool)
+createTrustAnchor_enabled = Lens.lens (\CreateTrustAnchor' {enabled} -> enabled) (\s@CreateTrustAnchor' {} a -> s {enabled = a} :: CreateTrustAnchor)
+
+-- | The tags to attach to the trust anchor.
+createTrustAnchor_tags :: Lens.Lens' CreateTrustAnchor (Prelude.Maybe [Tag])
+createTrustAnchor_tags = Lens.lens (\CreateTrustAnchor' {tags} -> tags) (\s@CreateTrustAnchor' {} a -> s {tags = a} :: CreateTrustAnchor) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the trust anchor.
+createTrustAnchor_name :: Lens.Lens' CreateTrustAnchor Prelude.Text
+createTrustAnchor_name = Lens.lens (\CreateTrustAnchor' {name} -> name) (\s@CreateTrustAnchor' {} a -> s {name = a} :: CreateTrustAnchor)
+
+-- | The trust anchor type and its related certificate data.
+createTrustAnchor_source :: Lens.Lens' CreateTrustAnchor Source
+createTrustAnchor_source = Lens.lens (\CreateTrustAnchor' {source} -> source) (\s@CreateTrustAnchor' {} a -> s {source = a} :: CreateTrustAnchor)
+
+instance Core.AWSRequest CreateTrustAnchor where
+  type
+    AWSResponse CreateTrustAnchor =
+      TrustAnchorDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable CreateTrustAnchor where
+  hashWithSalt _salt CreateTrustAnchor' {..} =
+    _salt
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` source
+
+instance Prelude.NFData CreateTrustAnchor where
+  rnf CreateTrustAnchor' {..} =
+    Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf source
+
+instance Data.ToHeaders CreateTrustAnchor where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateTrustAnchor where
+  toJSON CreateTrustAnchor' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("enabled" Data..=) Prelude.<$> enabled,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("name" Data..= name),
+            Prelude.Just ("source" Data..= source)
+          ]
+      )
+
+instance Data.ToPath CreateTrustAnchor where
+  toPath = Prelude.const "/trustanchors"
+
+instance Data.ToQuery CreateTrustAnchor where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/DeleteCrl.hs b/gen/Amazonka/RolesAnywhere/DeleteCrl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/DeleteCrl.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.DeleteCrl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a certificate revocation list (CRL).
+--
+-- __Required permissions:__ @rolesanywhere:DeleteCrl@.
+module Amazonka.RolesAnywhere.DeleteCrl
+  ( -- * Creating a Request
+    DeleteCrl (..),
+    newDeleteCrl,
+
+    -- * Request Lenses
+    deleteCrl_crlId,
+
+    -- * Destructuring the Response
+    CrlDetailResponse (..),
+    newCrlDetailResponse,
+
+    -- * Response Lenses
+    crlDetailResponse_crl,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newDeleteCrl' smart constructor.
+data DeleteCrl = DeleteCrl'
+  { -- | The unique identifier of the certificate revocation list (CRL).
+    crlId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteCrl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crlId', 'deleteCrl_crlId' - The unique identifier of the certificate revocation list (CRL).
+newDeleteCrl ::
+  -- | 'crlId'
+  Prelude.Text ->
+  DeleteCrl
+newDeleteCrl pCrlId_ = DeleteCrl' {crlId = pCrlId_}
+
+-- | The unique identifier of the certificate revocation list (CRL).
+deleteCrl_crlId :: Lens.Lens' DeleteCrl Prelude.Text
+deleteCrl_crlId = Lens.lens (\DeleteCrl' {crlId} -> crlId) (\s@DeleteCrl' {} a -> s {crlId = a} :: DeleteCrl)
+
+instance Core.AWSRequest DeleteCrl where
+  type AWSResponse DeleteCrl = CrlDetailResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable DeleteCrl where
+  hashWithSalt _salt DeleteCrl' {..} =
+    _salt `Prelude.hashWithSalt` crlId
+
+instance Prelude.NFData DeleteCrl where
+  rnf DeleteCrl' {..} = Prelude.rnf crlId
+
+instance Data.ToHeaders DeleteCrl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteCrl where
+  toPath DeleteCrl' {..} =
+    Prelude.mconcat ["/crl/", Data.toBS crlId]
+
+instance Data.ToQuery DeleteCrl where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/DeleteProfile.hs b/gen/Amazonka/RolesAnywhere/DeleteProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/DeleteProfile.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.DeleteProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a profile.
+--
+-- __Required permissions:__ @rolesanywhere:DeleteProfile@.
+module Amazonka.RolesAnywhere.DeleteProfile
+  ( -- * Creating a Request
+    DeleteProfile (..),
+    newDeleteProfile,
+
+    -- * Request Lenses
+    deleteProfile_profileId,
+
+    -- * Destructuring the Response
+    ProfileDetailResponse (..),
+    newProfileDetailResponse,
+
+    -- * Response Lenses
+    profileDetailResponse_profile,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newDeleteProfile' smart constructor.
+data DeleteProfile = DeleteProfile'
+  { -- | The unique identifier of the profile.
+    profileId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'profileId', 'deleteProfile_profileId' - The unique identifier of the profile.
+newDeleteProfile ::
+  -- | 'profileId'
+  Prelude.Text ->
+  DeleteProfile
+newDeleteProfile pProfileId_ =
+  DeleteProfile' {profileId = pProfileId_}
+
+-- | The unique identifier of the profile.
+deleteProfile_profileId :: Lens.Lens' DeleteProfile Prelude.Text
+deleteProfile_profileId = Lens.lens (\DeleteProfile' {profileId} -> profileId) (\s@DeleteProfile' {} a -> s {profileId = a} :: DeleteProfile)
+
+instance Core.AWSRequest DeleteProfile where
+  type
+    AWSResponse DeleteProfile =
+      ProfileDetailResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable DeleteProfile where
+  hashWithSalt _salt DeleteProfile' {..} =
+    _salt `Prelude.hashWithSalt` profileId
+
+instance Prelude.NFData DeleteProfile where
+  rnf DeleteProfile' {..} = Prelude.rnf profileId
+
+instance Data.ToHeaders DeleteProfile where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteProfile where
+  toPath DeleteProfile' {..} =
+    Prelude.mconcat ["/profile/", Data.toBS profileId]
+
+instance Data.ToQuery DeleteProfile where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/DeleteTrustAnchor.hs b/gen/Amazonka/RolesAnywhere/DeleteTrustAnchor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/DeleteTrustAnchor.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.DeleteTrustAnchor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a trust anchor.
+--
+-- __Required permissions:__ @rolesanywhere:DeleteTrustAnchor@.
+module Amazonka.RolesAnywhere.DeleteTrustAnchor
+  ( -- * Creating a Request
+    DeleteTrustAnchor (..),
+    newDeleteTrustAnchor,
+
+    -- * Request Lenses
+    deleteTrustAnchor_trustAnchorId,
+
+    -- * Destructuring the Response
+    TrustAnchorDetailResponse (..),
+    newTrustAnchorDetailResponse,
+
+    -- * Response Lenses
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newDeleteTrustAnchor' smart constructor.
+data DeleteTrustAnchor = DeleteTrustAnchor'
+  { -- | The unique identifier of the trust anchor.
+    trustAnchorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteTrustAnchor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trustAnchorId', 'deleteTrustAnchor_trustAnchorId' - The unique identifier of the trust anchor.
+newDeleteTrustAnchor ::
+  -- | 'trustAnchorId'
+  Prelude.Text ->
+  DeleteTrustAnchor
+newDeleteTrustAnchor pTrustAnchorId_ =
+  DeleteTrustAnchor' {trustAnchorId = pTrustAnchorId_}
+
+-- | The unique identifier of the trust anchor.
+deleteTrustAnchor_trustAnchorId :: Lens.Lens' DeleteTrustAnchor Prelude.Text
+deleteTrustAnchor_trustAnchorId = Lens.lens (\DeleteTrustAnchor' {trustAnchorId} -> trustAnchorId) (\s@DeleteTrustAnchor' {} a -> s {trustAnchorId = a} :: DeleteTrustAnchor)
+
+instance Core.AWSRequest DeleteTrustAnchor where
+  type
+    AWSResponse DeleteTrustAnchor =
+      TrustAnchorDetailResponse
+  request overrides =
+    Request.delete (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable DeleteTrustAnchor where
+  hashWithSalt _salt DeleteTrustAnchor' {..} =
+    _salt `Prelude.hashWithSalt` trustAnchorId
+
+instance Prelude.NFData DeleteTrustAnchor where
+  rnf DeleteTrustAnchor' {..} =
+    Prelude.rnf trustAnchorId
+
+instance Data.ToHeaders DeleteTrustAnchor where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath DeleteTrustAnchor where
+  toPath DeleteTrustAnchor' {..} =
+    Prelude.mconcat
+      ["/trustanchor/", Data.toBS trustAnchorId]
+
+instance Data.ToQuery DeleteTrustAnchor where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/DisableCrl.hs b/gen/Amazonka/RolesAnywhere/DisableCrl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/DisableCrl.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.DisableCrl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables a certificate revocation list (CRL).
+--
+-- __Required permissions:__ @rolesanywhere:DisableCrl@.
+module Amazonka.RolesAnywhere.DisableCrl
+  ( -- * Creating a Request
+    DisableCrl (..),
+    newDisableCrl,
+
+    -- * Request Lenses
+    disableCrl_crlId,
+
+    -- * Destructuring the Response
+    CrlDetailResponse (..),
+    newCrlDetailResponse,
+
+    -- * Response Lenses
+    crlDetailResponse_crl,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newDisableCrl' smart constructor.
+data DisableCrl = DisableCrl'
+  { -- | The unique identifier of the certificate revocation list (CRL).
+    crlId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableCrl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crlId', 'disableCrl_crlId' - The unique identifier of the certificate revocation list (CRL).
+newDisableCrl ::
+  -- | 'crlId'
+  Prelude.Text ->
+  DisableCrl
+newDisableCrl pCrlId_ = DisableCrl' {crlId = pCrlId_}
+
+-- | The unique identifier of the certificate revocation list (CRL).
+disableCrl_crlId :: Lens.Lens' DisableCrl Prelude.Text
+disableCrl_crlId = Lens.lens (\DisableCrl' {crlId} -> crlId) (\s@DisableCrl' {} a -> s {crlId = a} :: DisableCrl)
+
+instance Core.AWSRequest DisableCrl where
+  type AWSResponse DisableCrl = CrlDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable DisableCrl where
+  hashWithSalt _salt DisableCrl' {..} =
+    _salt `Prelude.hashWithSalt` crlId
+
+instance Prelude.NFData DisableCrl where
+  rnf DisableCrl' {..} = Prelude.rnf crlId
+
+instance Data.ToHeaders DisableCrl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisableCrl where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DisableCrl where
+  toPath DisableCrl' {..} =
+    Prelude.mconcat
+      ["/crl/", Data.toBS crlId, "/disable"]
+
+instance Data.ToQuery DisableCrl where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/DisableProfile.hs b/gen/Amazonka/RolesAnywhere/DisableProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/DisableProfile.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.DisableProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables a profile. When disabled,
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- requests with this profile fail.
+--
+-- __Required permissions:__ @rolesanywhere:DisableProfile@.
+module Amazonka.RolesAnywhere.DisableProfile
+  ( -- * Creating a Request
+    DisableProfile (..),
+    newDisableProfile,
+
+    -- * Request Lenses
+    disableProfile_profileId,
+
+    -- * Destructuring the Response
+    ProfileDetailResponse (..),
+    newProfileDetailResponse,
+
+    -- * Response Lenses
+    profileDetailResponse_profile,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newDisableProfile' smart constructor.
+data DisableProfile = DisableProfile'
+  { -- | The unique identifier of the profile.
+    profileId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'profileId', 'disableProfile_profileId' - The unique identifier of the profile.
+newDisableProfile ::
+  -- | 'profileId'
+  Prelude.Text ->
+  DisableProfile
+newDisableProfile pProfileId_ =
+  DisableProfile' {profileId = pProfileId_}
+
+-- | The unique identifier of the profile.
+disableProfile_profileId :: Lens.Lens' DisableProfile Prelude.Text
+disableProfile_profileId = Lens.lens (\DisableProfile' {profileId} -> profileId) (\s@DisableProfile' {} a -> s {profileId = a} :: DisableProfile)
+
+instance Core.AWSRequest DisableProfile where
+  type
+    AWSResponse DisableProfile =
+      ProfileDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable DisableProfile where
+  hashWithSalt _salt DisableProfile' {..} =
+    _salt `Prelude.hashWithSalt` profileId
+
+instance Prelude.NFData DisableProfile where
+  rnf DisableProfile' {..} = Prelude.rnf profileId
+
+instance Data.ToHeaders DisableProfile where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisableProfile where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DisableProfile where
+  toPath DisableProfile' {..} =
+    Prelude.mconcat
+      ["/profile/", Data.toBS profileId, "/disable"]
+
+instance Data.ToQuery DisableProfile where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/DisableTrustAnchor.hs b/gen/Amazonka/RolesAnywhere/DisableTrustAnchor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/DisableTrustAnchor.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.DisableTrustAnchor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables a trust anchor. When disabled,
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- requests specifying this trust anchor are unauthorized.
+--
+-- __Required permissions:__ @rolesanywhere:DisableTrustAnchor@.
+module Amazonka.RolesAnywhere.DisableTrustAnchor
+  ( -- * Creating a Request
+    DisableTrustAnchor (..),
+    newDisableTrustAnchor,
+
+    -- * Request Lenses
+    disableTrustAnchor_trustAnchorId,
+
+    -- * Destructuring the Response
+    TrustAnchorDetailResponse (..),
+    newTrustAnchorDetailResponse,
+
+    -- * Response Lenses
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newDisableTrustAnchor' smart constructor.
+data DisableTrustAnchor = DisableTrustAnchor'
+  { -- | The unique identifier of the trust anchor.
+    trustAnchorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableTrustAnchor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trustAnchorId', 'disableTrustAnchor_trustAnchorId' - The unique identifier of the trust anchor.
+newDisableTrustAnchor ::
+  -- | 'trustAnchorId'
+  Prelude.Text ->
+  DisableTrustAnchor
+newDisableTrustAnchor pTrustAnchorId_ =
+  DisableTrustAnchor'
+    { trustAnchorId =
+        pTrustAnchorId_
+    }
+
+-- | The unique identifier of the trust anchor.
+disableTrustAnchor_trustAnchorId :: Lens.Lens' DisableTrustAnchor Prelude.Text
+disableTrustAnchor_trustAnchorId = Lens.lens (\DisableTrustAnchor' {trustAnchorId} -> trustAnchorId) (\s@DisableTrustAnchor' {} a -> s {trustAnchorId = a} :: DisableTrustAnchor)
+
+instance Core.AWSRequest DisableTrustAnchor where
+  type
+    AWSResponse DisableTrustAnchor =
+      TrustAnchorDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable DisableTrustAnchor where
+  hashWithSalt _salt DisableTrustAnchor' {..} =
+    _salt `Prelude.hashWithSalt` trustAnchorId
+
+instance Prelude.NFData DisableTrustAnchor where
+  rnf DisableTrustAnchor' {..} =
+    Prelude.rnf trustAnchorId
+
+instance Data.ToHeaders DisableTrustAnchor where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisableTrustAnchor where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DisableTrustAnchor where
+  toPath DisableTrustAnchor' {..} =
+    Prelude.mconcat
+      [ "/trustanchor/",
+        Data.toBS trustAnchorId,
+        "/disable"
+      ]
+
+instance Data.ToQuery DisableTrustAnchor where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/EnableCrl.hs b/gen/Amazonka/RolesAnywhere/EnableCrl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/EnableCrl.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.EnableCrl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables a certificate revocation list (CRL). When enabled, certificates
+-- stored in the CRL are unauthorized to receive session credentials.
+--
+-- __Required permissions:__ @rolesanywhere:EnableCrl@.
+module Amazonka.RolesAnywhere.EnableCrl
+  ( -- * Creating a Request
+    EnableCrl (..),
+    newEnableCrl,
+
+    -- * Request Lenses
+    enableCrl_crlId,
+
+    -- * Destructuring the Response
+    CrlDetailResponse (..),
+    newCrlDetailResponse,
+
+    -- * Response Lenses
+    crlDetailResponse_crl,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newEnableCrl' smart constructor.
+data EnableCrl = EnableCrl'
+  { -- | The unique identifier of the certificate revocation list (CRL).
+    crlId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableCrl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crlId', 'enableCrl_crlId' - The unique identifier of the certificate revocation list (CRL).
+newEnableCrl ::
+  -- | 'crlId'
+  Prelude.Text ->
+  EnableCrl
+newEnableCrl pCrlId_ = EnableCrl' {crlId = pCrlId_}
+
+-- | The unique identifier of the certificate revocation list (CRL).
+enableCrl_crlId :: Lens.Lens' EnableCrl Prelude.Text
+enableCrl_crlId = Lens.lens (\EnableCrl' {crlId} -> crlId) (\s@EnableCrl' {} a -> s {crlId = a} :: EnableCrl)
+
+instance Core.AWSRequest EnableCrl where
+  type AWSResponse EnableCrl = CrlDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable EnableCrl where
+  hashWithSalt _salt EnableCrl' {..} =
+    _salt `Prelude.hashWithSalt` crlId
+
+instance Prelude.NFData EnableCrl where
+  rnf EnableCrl' {..} = Prelude.rnf crlId
+
+instance Data.ToHeaders EnableCrl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableCrl where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath EnableCrl where
+  toPath EnableCrl' {..} =
+    Prelude.mconcat
+      ["/crl/", Data.toBS crlId, "/enable"]
+
+instance Data.ToQuery EnableCrl where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/EnableProfile.hs b/gen/Amazonka/RolesAnywhere/EnableProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/EnableProfile.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.EnableProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables the roles in a profile to receive session credentials in
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>.
+--
+-- __Required permissions:__ @rolesanywhere:EnableProfile@.
+module Amazonka.RolesAnywhere.EnableProfile
+  ( -- * Creating a Request
+    EnableProfile (..),
+    newEnableProfile,
+
+    -- * Request Lenses
+    enableProfile_profileId,
+
+    -- * Destructuring the Response
+    ProfileDetailResponse (..),
+    newProfileDetailResponse,
+
+    -- * Response Lenses
+    profileDetailResponse_profile,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newEnableProfile' smart constructor.
+data EnableProfile = EnableProfile'
+  { -- | The unique identifier of the profile.
+    profileId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'profileId', 'enableProfile_profileId' - The unique identifier of the profile.
+newEnableProfile ::
+  -- | 'profileId'
+  Prelude.Text ->
+  EnableProfile
+newEnableProfile pProfileId_ =
+  EnableProfile' {profileId = pProfileId_}
+
+-- | The unique identifier of the profile.
+enableProfile_profileId :: Lens.Lens' EnableProfile Prelude.Text
+enableProfile_profileId = Lens.lens (\EnableProfile' {profileId} -> profileId) (\s@EnableProfile' {} a -> s {profileId = a} :: EnableProfile)
+
+instance Core.AWSRequest EnableProfile where
+  type
+    AWSResponse EnableProfile =
+      ProfileDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable EnableProfile where
+  hashWithSalt _salt EnableProfile' {..} =
+    _salt `Prelude.hashWithSalt` profileId
+
+instance Prelude.NFData EnableProfile where
+  rnf EnableProfile' {..} = Prelude.rnf profileId
+
+instance Data.ToHeaders EnableProfile where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableProfile where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath EnableProfile where
+  toPath EnableProfile' {..} =
+    Prelude.mconcat
+      ["/profile/", Data.toBS profileId, "/enable"]
+
+instance Data.ToQuery EnableProfile where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/EnableTrustAnchor.hs b/gen/Amazonka/RolesAnywhere/EnableTrustAnchor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/EnableTrustAnchor.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.EnableTrustAnchor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables a trust anchor. When enabled, certificates in the trust anchor
+-- chain are authorized for trust validation.
+--
+-- __Required permissions:__ @rolesanywhere:EnableTrustAnchor@.
+module Amazonka.RolesAnywhere.EnableTrustAnchor
+  ( -- * Creating a Request
+    EnableTrustAnchor (..),
+    newEnableTrustAnchor,
+
+    -- * Request Lenses
+    enableTrustAnchor_trustAnchorId,
+
+    -- * Destructuring the Response
+    TrustAnchorDetailResponse (..),
+    newTrustAnchorDetailResponse,
+
+    -- * Response Lenses
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newEnableTrustAnchor' smart constructor.
+data EnableTrustAnchor = EnableTrustAnchor'
+  { -- | The unique identifier of the trust anchor.
+    trustAnchorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableTrustAnchor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trustAnchorId', 'enableTrustAnchor_trustAnchorId' - The unique identifier of the trust anchor.
+newEnableTrustAnchor ::
+  -- | 'trustAnchorId'
+  Prelude.Text ->
+  EnableTrustAnchor
+newEnableTrustAnchor pTrustAnchorId_ =
+  EnableTrustAnchor' {trustAnchorId = pTrustAnchorId_}
+
+-- | The unique identifier of the trust anchor.
+enableTrustAnchor_trustAnchorId :: Lens.Lens' EnableTrustAnchor Prelude.Text
+enableTrustAnchor_trustAnchorId = Lens.lens (\EnableTrustAnchor' {trustAnchorId} -> trustAnchorId) (\s@EnableTrustAnchor' {} a -> s {trustAnchorId = a} :: EnableTrustAnchor)
+
+instance Core.AWSRequest EnableTrustAnchor where
+  type
+    AWSResponse EnableTrustAnchor =
+      TrustAnchorDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable EnableTrustAnchor where
+  hashWithSalt _salt EnableTrustAnchor' {..} =
+    _salt `Prelude.hashWithSalt` trustAnchorId
+
+instance Prelude.NFData EnableTrustAnchor where
+  rnf EnableTrustAnchor' {..} =
+    Prelude.rnf trustAnchorId
+
+instance Data.ToHeaders EnableTrustAnchor where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableTrustAnchor where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath EnableTrustAnchor where
+  toPath EnableTrustAnchor' {..} =
+    Prelude.mconcat
+      ["/trustanchor/", Data.toBS trustAnchorId, "/enable"]
+
+instance Data.ToQuery EnableTrustAnchor where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/GetCrl.hs b/gen/Amazonka/RolesAnywhere/GetCrl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/GetCrl.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.GetCrl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets a certificate revocation list (CRL).
+--
+-- __Required permissions:__ @rolesanywhere:GetCrl@.
+module Amazonka.RolesAnywhere.GetCrl
+  ( -- * Creating a Request
+    GetCrl (..),
+    newGetCrl,
+
+    -- * Request Lenses
+    getCrl_crlId,
+
+    -- * Destructuring the Response
+    CrlDetailResponse (..),
+    newCrlDetailResponse,
+
+    -- * Response Lenses
+    crlDetailResponse_crl,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newGetCrl' smart constructor.
+data GetCrl = GetCrl'
+  { -- | The unique identifier of the certificate revocation list (CRL).
+    crlId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetCrl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crlId', 'getCrl_crlId' - The unique identifier of the certificate revocation list (CRL).
+newGetCrl ::
+  -- | 'crlId'
+  Prelude.Text ->
+  GetCrl
+newGetCrl pCrlId_ = GetCrl' {crlId = pCrlId_}
+
+-- | The unique identifier of the certificate revocation list (CRL).
+getCrl_crlId :: Lens.Lens' GetCrl Prelude.Text
+getCrl_crlId = Lens.lens (\GetCrl' {crlId} -> crlId) (\s@GetCrl' {} a -> s {crlId = a} :: GetCrl)
+
+instance Core.AWSRequest GetCrl where
+  type AWSResponse GetCrl = CrlDetailResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable GetCrl where
+  hashWithSalt _salt GetCrl' {..} =
+    _salt `Prelude.hashWithSalt` crlId
+
+instance Prelude.NFData GetCrl where
+  rnf GetCrl' {..} = Prelude.rnf crlId
+
+instance Data.ToHeaders GetCrl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetCrl where
+  toPath GetCrl' {..} =
+    Prelude.mconcat ["/crl/", Data.toBS crlId]
+
+instance Data.ToQuery GetCrl where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/GetProfile.hs b/gen/Amazonka/RolesAnywhere/GetProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/GetProfile.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.GetProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets a profile.
+--
+-- __Required permissions:__ @rolesanywhere:GetProfile@.
+module Amazonka.RolesAnywhere.GetProfile
+  ( -- * Creating a Request
+    GetProfile (..),
+    newGetProfile,
+
+    -- * Request Lenses
+    getProfile_profileId,
+
+    -- * Destructuring the Response
+    ProfileDetailResponse (..),
+    newProfileDetailResponse,
+
+    -- * Response Lenses
+    profileDetailResponse_profile,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newGetProfile' smart constructor.
+data GetProfile = GetProfile'
+  { -- | The unique identifier of the profile.
+    profileId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'profileId', 'getProfile_profileId' - The unique identifier of the profile.
+newGetProfile ::
+  -- | 'profileId'
+  Prelude.Text ->
+  GetProfile
+newGetProfile pProfileId_ =
+  GetProfile' {profileId = pProfileId_}
+
+-- | The unique identifier of the profile.
+getProfile_profileId :: Lens.Lens' GetProfile Prelude.Text
+getProfile_profileId = Lens.lens (\GetProfile' {profileId} -> profileId) (\s@GetProfile' {} a -> s {profileId = a} :: GetProfile)
+
+instance Core.AWSRequest GetProfile where
+  type AWSResponse GetProfile = ProfileDetailResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable GetProfile where
+  hashWithSalt _salt GetProfile' {..} =
+    _salt `Prelude.hashWithSalt` profileId
+
+instance Prelude.NFData GetProfile where
+  rnf GetProfile' {..} = Prelude.rnf profileId
+
+instance Data.ToHeaders GetProfile where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetProfile where
+  toPath GetProfile' {..} =
+    Prelude.mconcat ["/profile/", Data.toBS profileId]
+
+instance Data.ToQuery GetProfile where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/GetSubject.hs b/gen/Amazonka/RolesAnywhere/GetSubject.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/GetSubject.hs
@@ -0,0 +1,161 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.GetSubject
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets a Subject. A Subject associates a certificate identity with
+-- authentication attempts by CreateSession. The Subject resources stores
+-- audit information such as status of the last authentication attempt, the
+-- certificate data used in the attempt, and the last time the associated
+-- identity attempted authentication.
+--
+-- __Required permissions:__ @rolesanywhere:GetSubject@.
+module Amazonka.RolesAnywhere.GetSubject
+  ( -- * Creating a Request
+    GetSubject (..),
+    newGetSubject,
+
+    -- * Request Lenses
+    getSubject_subjectId,
+
+    -- * Destructuring the Response
+    GetSubjectResponse (..),
+    newGetSubjectResponse,
+
+    -- * Response Lenses
+    getSubjectResponse_subject,
+    getSubjectResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newGetSubject' smart constructor.
+data GetSubject = GetSubject'
+  { -- | The unique identifier of the subject.
+    subjectId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetSubject' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'subjectId', 'getSubject_subjectId' - The unique identifier of the subject.
+newGetSubject ::
+  -- | 'subjectId'
+  Prelude.Text ->
+  GetSubject
+newGetSubject pSubjectId_ =
+  GetSubject' {subjectId = pSubjectId_}
+
+-- | The unique identifier of the subject.
+getSubject_subjectId :: Lens.Lens' GetSubject Prelude.Text
+getSubject_subjectId = Lens.lens (\GetSubject' {subjectId} -> subjectId) (\s@GetSubject' {} a -> s {subjectId = a} :: GetSubject)
+
+instance Core.AWSRequest GetSubject where
+  type AWSResponse GetSubject = GetSubjectResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetSubjectResponse'
+            Prelude.<$> (x Data..?> "subject")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetSubject where
+  hashWithSalt _salt GetSubject' {..} =
+    _salt `Prelude.hashWithSalt` subjectId
+
+instance Prelude.NFData GetSubject where
+  rnf GetSubject' {..} = Prelude.rnf subjectId
+
+instance Data.ToHeaders GetSubject where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetSubject where
+  toPath GetSubject' {..} =
+    Prelude.mconcat ["/subject/", Data.toBS subjectId]
+
+instance Data.ToQuery GetSubject where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetSubjectResponse' smart constructor.
+data GetSubjectResponse = GetSubjectResponse'
+  { -- | The state of the subject after a read or write operation.
+    subject :: Prelude.Maybe SubjectDetail,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetSubjectResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'subject', 'getSubjectResponse_subject' - The state of the subject after a read or write operation.
+--
+-- 'httpStatus', 'getSubjectResponse_httpStatus' - The response's http status code.
+newGetSubjectResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetSubjectResponse
+newGetSubjectResponse pHttpStatus_ =
+  GetSubjectResponse'
+    { subject = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The state of the subject after a read or write operation.
+getSubjectResponse_subject :: Lens.Lens' GetSubjectResponse (Prelude.Maybe SubjectDetail)
+getSubjectResponse_subject = Lens.lens (\GetSubjectResponse' {subject} -> subject) (\s@GetSubjectResponse' {} a -> s {subject = a} :: GetSubjectResponse)
+
+-- | The response's http status code.
+getSubjectResponse_httpStatus :: Lens.Lens' GetSubjectResponse Prelude.Int
+getSubjectResponse_httpStatus = Lens.lens (\GetSubjectResponse' {httpStatus} -> httpStatus) (\s@GetSubjectResponse' {} a -> s {httpStatus = a} :: GetSubjectResponse)
+
+instance Prelude.NFData GetSubjectResponse where
+  rnf GetSubjectResponse' {..} =
+    Prelude.rnf subject
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/GetTrustAnchor.hs b/gen/Amazonka/RolesAnywhere/GetTrustAnchor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/GetTrustAnchor.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.GetTrustAnchor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets a trust anchor.
+--
+-- __Required permissions:__ @rolesanywhere:GetTrustAnchor@.
+module Amazonka.RolesAnywhere.GetTrustAnchor
+  ( -- * Creating a Request
+    GetTrustAnchor (..),
+    newGetTrustAnchor,
+
+    -- * Request Lenses
+    getTrustAnchor_trustAnchorId,
+
+    -- * Destructuring the Response
+    TrustAnchorDetailResponse (..),
+    newTrustAnchorDetailResponse,
+
+    -- * Response Lenses
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newGetTrustAnchor' smart constructor.
+data GetTrustAnchor = GetTrustAnchor'
+  { -- | The unique identifier of the trust anchor.
+    trustAnchorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetTrustAnchor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trustAnchorId', 'getTrustAnchor_trustAnchorId' - The unique identifier of the trust anchor.
+newGetTrustAnchor ::
+  -- | 'trustAnchorId'
+  Prelude.Text ->
+  GetTrustAnchor
+newGetTrustAnchor pTrustAnchorId_ =
+  GetTrustAnchor' {trustAnchorId = pTrustAnchorId_}
+
+-- | The unique identifier of the trust anchor.
+getTrustAnchor_trustAnchorId :: Lens.Lens' GetTrustAnchor Prelude.Text
+getTrustAnchor_trustAnchorId = Lens.lens (\GetTrustAnchor' {trustAnchorId} -> trustAnchorId) (\s@GetTrustAnchor' {} a -> s {trustAnchorId = a} :: GetTrustAnchor)
+
+instance Core.AWSRequest GetTrustAnchor where
+  type
+    AWSResponse GetTrustAnchor =
+      TrustAnchorDetailResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable GetTrustAnchor where
+  hashWithSalt _salt GetTrustAnchor' {..} =
+    _salt `Prelude.hashWithSalt` trustAnchorId
+
+instance Prelude.NFData GetTrustAnchor where
+  rnf GetTrustAnchor' {..} = Prelude.rnf trustAnchorId
+
+instance Data.ToHeaders GetTrustAnchor where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath GetTrustAnchor where
+  toPath GetTrustAnchor' {..} =
+    Prelude.mconcat
+      ["/trustanchor/", Data.toBS trustAnchorId]
+
+instance Data.ToQuery GetTrustAnchor where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/ImportCrl.hs b/gen/Amazonka/RolesAnywhere/ImportCrl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/ImportCrl.hs
@@ -0,0 +1,191 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.ImportCrl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Imports the certificate revocation list (CRL). CRl is a list of
+-- certificates that have been revoked by the issuing certificate Authority
+-- (CA). IAM Roles Anywhere validates against the crl list before issuing
+-- credentials.
+--
+-- __Required permissions:__ @rolesanywhere:ImportCrl@.
+module Amazonka.RolesAnywhere.ImportCrl
+  ( -- * Creating a Request
+    ImportCrl (..),
+    newImportCrl,
+
+    -- * Request Lenses
+    importCrl_enabled,
+    importCrl_tags,
+    importCrl_crlData,
+    importCrl_name,
+    importCrl_trustAnchorArn,
+
+    -- * Destructuring the Response
+    CrlDetailResponse (..),
+    newCrlDetailResponse,
+
+    -- * Response Lenses
+    crlDetailResponse_crl,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newImportCrl' smart constructor.
+data ImportCrl = ImportCrl'
+  { -- | Specifies whether the certificate revocation list (CRL) is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | A list of tags to attach to the certificate revocation list (CRL).
+    tags :: Prelude.Maybe [Tag],
+    -- | The x509 v3 specified certificate revocation list
+    crlData :: Data.Base64,
+    -- | The name of the certificate revocation list (CRL).
+    name :: Prelude.Text,
+    -- | The ARN of the TrustAnchor the certificate revocation list (CRL) will
+    -- provide revocation for.
+    trustAnchorArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ImportCrl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'importCrl_enabled' - Specifies whether the certificate revocation list (CRL) is enabled.
+--
+-- 'tags', 'importCrl_tags' - A list of tags to attach to the certificate revocation list (CRL).
+--
+-- 'crlData', 'importCrl_crlData' - The x509 v3 specified certificate revocation list--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+--
+-- 'name', 'importCrl_name' - The name of the certificate revocation list (CRL).
+--
+-- 'trustAnchorArn', 'importCrl_trustAnchorArn' - The ARN of the TrustAnchor the certificate revocation list (CRL) will
+-- provide revocation for.
+newImportCrl ::
+  -- | 'crlData'
+  Prelude.ByteString ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'trustAnchorArn'
+  Prelude.Text ->
+  ImportCrl
+newImportCrl pCrlData_ pName_ pTrustAnchorArn_ =
+  ImportCrl'
+    { enabled = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      crlData = Data._Base64 Lens.# pCrlData_,
+      name = pName_,
+      trustAnchorArn = pTrustAnchorArn_
+    }
+
+-- | Specifies whether the certificate revocation list (CRL) is enabled.
+importCrl_enabled :: Lens.Lens' ImportCrl (Prelude.Maybe Prelude.Bool)
+importCrl_enabled = Lens.lens (\ImportCrl' {enabled} -> enabled) (\s@ImportCrl' {} a -> s {enabled = a} :: ImportCrl)
+
+-- | A list of tags to attach to the certificate revocation list (CRL).
+importCrl_tags :: Lens.Lens' ImportCrl (Prelude.Maybe [Tag])
+importCrl_tags = Lens.lens (\ImportCrl' {tags} -> tags) (\s@ImportCrl' {} a -> s {tags = a} :: ImportCrl) Prelude.. Lens.mapping Lens.coerced
+
+-- | The x509 v3 specified certificate revocation list--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+importCrl_crlData :: Lens.Lens' ImportCrl Prelude.ByteString
+importCrl_crlData = Lens.lens (\ImportCrl' {crlData} -> crlData) (\s@ImportCrl' {} a -> s {crlData = a} :: ImportCrl) Prelude.. Data._Base64
+
+-- | The name of the certificate revocation list (CRL).
+importCrl_name :: Lens.Lens' ImportCrl Prelude.Text
+importCrl_name = Lens.lens (\ImportCrl' {name} -> name) (\s@ImportCrl' {} a -> s {name = a} :: ImportCrl)
+
+-- | The ARN of the TrustAnchor the certificate revocation list (CRL) will
+-- provide revocation for.
+importCrl_trustAnchorArn :: Lens.Lens' ImportCrl Prelude.Text
+importCrl_trustAnchorArn = Lens.lens (\ImportCrl' {trustAnchorArn} -> trustAnchorArn) (\s@ImportCrl' {} a -> s {trustAnchorArn = a} :: ImportCrl)
+
+instance Core.AWSRequest ImportCrl where
+  type AWSResponse ImportCrl = CrlDetailResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable ImportCrl where
+  hashWithSalt _salt ImportCrl' {..} =
+    _salt
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` crlData
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` trustAnchorArn
+
+instance Prelude.NFData ImportCrl where
+  rnf ImportCrl' {..} =
+    Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf crlData
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf trustAnchorArn
+
+instance Data.ToHeaders ImportCrl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ImportCrl where
+  toJSON ImportCrl' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("enabled" Data..=) Prelude.<$> enabled,
+            ("tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("crlData" Data..= crlData),
+            Prelude.Just ("name" Data..= name),
+            Prelude.Just
+              ("trustAnchorArn" Data..= trustAnchorArn)
+          ]
+      )
+
+instance Data.ToPath ImportCrl where
+  toPath = Prelude.const "/crls"
+
+instance Data.ToQuery ImportCrl where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/Lens.hs b/gen/Amazonka/RolesAnywhere/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Lens.hs
@@ -0,0 +1,306 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Lens
+  ( -- * Operations
+
+    -- ** CreateProfile
+    createProfile_durationSeconds,
+    createProfile_enabled,
+    createProfile_managedPolicyArns,
+    createProfile_requireInstanceProperties,
+    createProfile_sessionPolicy,
+    createProfile_tags,
+    createProfile_name,
+    createProfile_roleArns,
+    profileDetailResponse_profile,
+
+    -- ** CreateTrustAnchor
+    createTrustAnchor_enabled,
+    createTrustAnchor_tags,
+    createTrustAnchor_name,
+    createTrustAnchor_source,
+    trustAnchorDetailResponse_trustAnchor,
+
+    -- ** DeleteCrl
+    deleteCrl_crlId,
+    crlDetailResponse_crl,
+
+    -- ** DeleteProfile
+    deleteProfile_profileId,
+    profileDetailResponse_profile,
+
+    -- ** DeleteTrustAnchor
+    deleteTrustAnchor_trustAnchorId,
+    trustAnchorDetailResponse_trustAnchor,
+
+    -- ** DisableCrl
+    disableCrl_crlId,
+    crlDetailResponse_crl,
+
+    -- ** DisableProfile
+    disableProfile_profileId,
+    profileDetailResponse_profile,
+
+    -- ** DisableTrustAnchor
+    disableTrustAnchor_trustAnchorId,
+    trustAnchorDetailResponse_trustAnchor,
+
+    -- ** EnableCrl
+    enableCrl_crlId,
+    crlDetailResponse_crl,
+
+    -- ** EnableProfile
+    enableProfile_profileId,
+    profileDetailResponse_profile,
+
+    -- ** EnableTrustAnchor
+    enableTrustAnchor_trustAnchorId,
+    trustAnchorDetailResponse_trustAnchor,
+
+    -- ** GetCrl
+    getCrl_crlId,
+    crlDetailResponse_crl,
+
+    -- ** GetProfile
+    getProfile_profileId,
+    profileDetailResponse_profile,
+
+    -- ** GetSubject
+    getSubject_subjectId,
+    getSubjectResponse_subject,
+    getSubjectResponse_httpStatus,
+
+    -- ** GetTrustAnchor
+    getTrustAnchor_trustAnchorId,
+    trustAnchorDetailResponse_trustAnchor,
+
+    -- ** ImportCrl
+    importCrl_enabled,
+    importCrl_tags,
+    importCrl_crlData,
+    importCrl_name,
+    importCrl_trustAnchorArn,
+    crlDetailResponse_crl,
+
+    -- ** ListCrls
+    listCrls_nextToken,
+    listCrls_pageSize,
+    listCrlsResponse_crls,
+    listCrlsResponse_nextToken,
+    listCrlsResponse_httpStatus,
+
+    -- ** ListProfiles
+    listProfiles_nextToken,
+    listProfiles_pageSize,
+    listProfilesResponse_nextToken,
+    listProfilesResponse_profiles,
+    listProfilesResponse_httpStatus,
+
+    -- ** ListSubjects
+    listSubjects_nextToken,
+    listSubjects_pageSize,
+    listSubjectsResponse_nextToken,
+    listSubjectsResponse_subjects,
+    listSubjectsResponse_httpStatus,
+
+    -- ** ListTagsForResource
+    listTagsForResource_resourceArn,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** ListTrustAnchors
+    listTrustAnchors_nextToken,
+    listTrustAnchors_pageSize,
+    listTrustAnchorsResponse_nextToken,
+    listTrustAnchorsResponse_trustAnchors,
+    listTrustAnchorsResponse_httpStatus,
+
+    -- ** TagResource
+    tagResource_resourceArn,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateCrl
+    updateCrl_crlData,
+    updateCrl_name,
+    updateCrl_crlId,
+    crlDetailResponse_crl,
+
+    -- ** UpdateProfile
+    updateProfile_durationSeconds,
+    updateProfile_managedPolicyArns,
+    updateProfile_name,
+    updateProfile_roleArns,
+    updateProfile_sessionPolicy,
+    updateProfile_profileId,
+    profileDetailResponse_profile,
+
+    -- ** UpdateTrustAnchor
+    updateTrustAnchor_name,
+    updateTrustAnchor_source,
+    updateTrustAnchor_trustAnchorId,
+    trustAnchorDetailResponse_trustAnchor,
+
+    -- * Types
+
+    -- ** CredentialSummary
+    credentialSummary_enabled,
+    credentialSummary_failed,
+    credentialSummary_issuer,
+    credentialSummary_seenAt,
+    credentialSummary_serialNumber,
+    credentialSummary_x509CertificateData,
+
+    -- ** CrlDetail
+    crlDetail_createdAt,
+    crlDetail_crlArn,
+    crlDetail_crlData,
+    crlDetail_crlId,
+    crlDetail_enabled,
+    crlDetail_name,
+    crlDetail_trustAnchorArn,
+    crlDetail_updatedAt,
+
+    -- ** CrlDetailResponse
+    crlDetailResponse_crl,
+
+    -- ** InstanceProperty
+    instanceProperty_failed,
+    instanceProperty_properties,
+    instanceProperty_seenAt,
+
+    -- ** ListRequest
+    listRequest_nextToken,
+    listRequest_pageSize,
+
+    -- ** ProfileDetail
+    profileDetail_createdAt,
+    profileDetail_createdBy,
+    profileDetail_durationSeconds,
+    profileDetail_enabled,
+    profileDetail_managedPolicyArns,
+    profileDetail_name,
+    profileDetail_profileArn,
+    profileDetail_profileId,
+    profileDetail_requireInstanceProperties,
+    profileDetail_roleArns,
+    profileDetail_sessionPolicy,
+    profileDetail_updatedAt,
+
+    -- ** ProfileDetailResponse
+    profileDetailResponse_profile,
+
+    -- ** ScalarCrlRequest
+    scalarCrlRequest_crlId,
+
+    -- ** ScalarProfileRequest
+    scalarProfileRequest_profileId,
+
+    -- ** ScalarTrustAnchorRequest
+    scalarTrustAnchorRequest_trustAnchorId,
+
+    -- ** Source
+    source_sourceData,
+    source_sourceType,
+
+    -- ** SourceData
+    sourceData_acmPcaArn,
+    sourceData_x509CertificateData,
+
+    -- ** SubjectDetail
+    subjectDetail_createdAt,
+    subjectDetail_credentials,
+    subjectDetail_enabled,
+    subjectDetail_instanceProperties,
+    subjectDetail_lastSeenAt,
+    subjectDetail_subjectArn,
+    subjectDetail_subjectId,
+    subjectDetail_updatedAt,
+    subjectDetail_x509Subject,
+
+    -- ** SubjectSummary
+    subjectSummary_createdAt,
+    subjectSummary_enabled,
+    subjectSummary_lastSeenAt,
+    subjectSummary_subjectArn,
+    subjectSummary_subjectId,
+    subjectSummary_updatedAt,
+    subjectSummary_x509Subject,
+
+    -- ** Tag
+    tag_key,
+    tag_value,
+
+    -- ** TrustAnchorDetail
+    trustAnchorDetail_createdAt,
+    trustAnchorDetail_enabled,
+    trustAnchorDetail_name,
+    trustAnchorDetail_source,
+    trustAnchorDetail_trustAnchorArn,
+    trustAnchorDetail_trustAnchorId,
+    trustAnchorDetail_updatedAt,
+
+    -- ** TrustAnchorDetailResponse
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import Amazonka.RolesAnywhere.CreateProfile
+import Amazonka.RolesAnywhere.CreateTrustAnchor
+import Amazonka.RolesAnywhere.DeleteCrl
+import Amazonka.RolesAnywhere.DeleteProfile
+import Amazonka.RolesAnywhere.DeleteTrustAnchor
+import Amazonka.RolesAnywhere.DisableCrl
+import Amazonka.RolesAnywhere.DisableProfile
+import Amazonka.RolesAnywhere.DisableTrustAnchor
+import Amazonka.RolesAnywhere.EnableCrl
+import Amazonka.RolesAnywhere.EnableProfile
+import Amazonka.RolesAnywhere.EnableTrustAnchor
+import Amazonka.RolesAnywhere.GetCrl
+import Amazonka.RolesAnywhere.GetProfile
+import Amazonka.RolesAnywhere.GetSubject
+import Amazonka.RolesAnywhere.GetTrustAnchor
+import Amazonka.RolesAnywhere.ImportCrl
+import Amazonka.RolesAnywhere.ListCrls
+import Amazonka.RolesAnywhere.ListProfiles
+import Amazonka.RolesAnywhere.ListSubjects
+import Amazonka.RolesAnywhere.ListTagsForResource
+import Amazonka.RolesAnywhere.ListTrustAnchors
+import Amazonka.RolesAnywhere.TagResource
+import Amazonka.RolesAnywhere.Types.CredentialSummary
+import Amazonka.RolesAnywhere.Types.CrlDetail
+import Amazonka.RolesAnywhere.Types.CrlDetailResponse
+import Amazonka.RolesAnywhere.Types.InstanceProperty
+import Amazonka.RolesAnywhere.Types.ListRequest
+import Amazonka.RolesAnywhere.Types.ProfileDetail
+import Amazonka.RolesAnywhere.Types.ProfileDetailResponse
+import Amazonka.RolesAnywhere.Types.ScalarCrlRequest
+import Amazonka.RolesAnywhere.Types.ScalarProfileRequest
+import Amazonka.RolesAnywhere.Types.ScalarTrustAnchorRequest
+import Amazonka.RolesAnywhere.Types.Source
+import Amazonka.RolesAnywhere.Types.SourceData
+import Amazonka.RolesAnywhere.Types.SubjectDetail
+import Amazonka.RolesAnywhere.Types.SubjectSummary
+import Amazonka.RolesAnywhere.Types.Tag
+import Amazonka.RolesAnywhere.Types.TrustAnchorDetail
+import Amazonka.RolesAnywhere.Types.TrustAnchorDetailResponse
+import Amazonka.RolesAnywhere.UntagResource
+import Amazonka.RolesAnywhere.UpdateCrl
+import Amazonka.RolesAnywhere.UpdateProfile
+import Amazonka.RolesAnywhere.UpdateTrustAnchor
diff --git a/gen/Amazonka/RolesAnywhere/ListCrls.hs b/gen/Amazonka/RolesAnywhere/ListCrls.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/ListCrls.hs
@@ -0,0 +1,223 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.ListCrls
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all Crls in the authenticated account and Amazon Web Services
+-- Region.
+--
+-- __Required permissions:__ @rolesanywhere:ListCrls@.
+--
+-- This operation returns paginated results.
+module Amazonka.RolesAnywhere.ListCrls
+  ( -- * Creating a Request
+    ListCrls (..),
+    newListCrls,
+
+    -- * Request Lenses
+    listCrls_nextToken,
+    listCrls_pageSize,
+
+    -- * Destructuring the Response
+    ListCrlsResponse (..),
+    newListCrlsResponse,
+
+    -- * Response Lenses
+    listCrlsResponse_crls,
+    listCrlsResponse_nextToken,
+    listCrlsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newListCrls' smart constructor.
+data ListCrls = ListCrls'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The number of resources in the paginated list.
+    pageSize :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListCrls' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listCrls_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'pageSize', 'listCrls_pageSize' - The number of resources in the paginated list.
+newListCrls ::
+  ListCrls
+newListCrls =
+  ListCrls'
+    { nextToken = Prelude.Nothing,
+      pageSize = Prelude.Nothing
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listCrls_nextToken :: Lens.Lens' ListCrls (Prelude.Maybe Prelude.Text)
+listCrls_nextToken = Lens.lens (\ListCrls' {nextToken} -> nextToken) (\s@ListCrls' {} a -> s {nextToken = a} :: ListCrls)
+
+-- | The number of resources in the paginated list.
+listCrls_pageSize :: Lens.Lens' ListCrls (Prelude.Maybe Prelude.Int)
+listCrls_pageSize = Lens.lens (\ListCrls' {pageSize} -> pageSize) (\s@ListCrls' {} a -> s {pageSize = a} :: ListCrls)
+
+instance Core.AWSPager ListCrls where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listCrlsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listCrlsResponse_crls
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listCrls_nextToken
+          Lens..~ rs
+          Lens.^? listCrlsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListCrls where
+  type AWSResponse ListCrls = ListCrlsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListCrlsResponse'
+            Prelude.<$> (x Data..?> "crls" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListCrls where
+  hashWithSalt _salt ListCrls' {..} =
+    _salt
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` pageSize
+
+instance Prelude.NFData ListCrls where
+  rnf ListCrls' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf pageSize
+
+instance Data.ToHeaders ListCrls where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListCrls where
+  toPath = Prelude.const "/crls"
+
+instance Data.ToQuery ListCrls where
+  toQuery ListCrls' {..} =
+    Prelude.mconcat
+      [ "nextToken" Data.=: nextToken,
+        "pageSize" Data.=: pageSize
+      ]
+
+-- | /See:/ 'newListCrlsResponse' smart constructor.
+data ListCrlsResponse = ListCrlsResponse'
+  { -- | A list of certificate revocation lists (CRL).
+    crls :: Prelude.Maybe [CrlDetail],
+    -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListCrlsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crls', 'listCrlsResponse_crls' - A list of certificate revocation lists (CRL).
+--
+-- 'nextToken', 'listCrlsResponse_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'httpStatus', 'listCrlsResponse_httpStatus' - The response's http status code.
+newListCrlsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListCrlsResponse
+newListCrlsResponse pHttpStatus_ =
+  ListCrlsResponse'
+    { crls = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of certificate revocation lists (CRL).
+listCrlsResponse_crls :: Lens.Lens' ListCrlsResponse (Prelude.Maybe [CrlDetail])
+listCrlsResponse_crls = Lens.lens (\ListCrlsResponse' {crls} -> crls) (\s@ListCrlsResponse' {} a -> s {crls = a} :: ListCrlsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listCrlsResponse_nextToken :: Lens.Lens' ListCrlsResponse (Prelude.Maybe Prelude.Text)
+listCrlsResponse_nextToken = Lens.lens (\ListCrlsResponse' {nextToken} -> nextToken) (\s@ListCrlsResponse' {} a -> s {nextToken = a} :: ListCrlsResponse)
+
+-- | The response's http status code.
+listCrlsResponse_httpStatus :: Lens.Lens' ListCrlsResponse Prelude.Int
+listCrlsResponse_httpStatus = Lens.lens (\ListCrlsResponse' {httpStatus} -> httpStatus) (\s@ListCrlsResponse' {} a -> s {httpStatus = a} :: ListCrlsResponse)
+
+instance Prelude.NFData ListCrlsResponse where
+  rnf ListCrlsResponse' {..} =
+    Prelude.rnf crls
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/ListProfiles.hs b/gen/Amazonka/RolesAnywhere/ListProfiles.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/ListProfiles.hs
@@ -0,0 +1,223 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.ListProfiles
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all profiles in the authenticated account and Amazon Web Services
+-- Region.
+--
+-- __Required permissions:__ @rolesanywhere:ListProfiles@.
+--
+-- This operation returns paginated results.
+module Amazonka.RolesAnywhere.ListProfiles
+  ( -- * Creating a Request
+    ListProfiles (..),
+    newListProfiles,
+
+    -- * Request Lenses
+    listProfiles_nextToken,
+    listProfiles_pageSize,
+
+    -- * Destructuring the Response
+    ListProfilesResponse (..),
+    newListProfilesResponse,
+
+    -- * Response Lenses
+    listProfilesResponse_nextToken,
+    listProfilesResponse_profiles,
+    listProfilesResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newListProfiles' smart constructor.
+data ListProfiles = ListProfiles'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The number of resources in the paginated list.
+    pageSize :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListProfiles' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listProfiles_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'pageSize', 'listProfiles_pageSize' - The number of resources in the paginated list.
+newListProfiles ::
+  ListProfiles
+newListProfiles =
+  ListProfiles'
+    { nextToken = Prelude.Nothing,
+      pageSize = Prelude.Nothing
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listProfiles_nextToken :: Lens.Lens' ListProfiles (Prelude.Maybe Prelude.Text)
+listProfiles_nextToken = Lens.lens (\ListProfiles' {nextToken} -> nextToken) (\s@ListProfiles' {} a -> s {nextToken = a} :: ListProfiles)
+
+-- | The number of resources in the paginated list.
+listProfiles_pageSize :: Lens.Lens' ListProfiles (Prelude.Maybe Prelude.Int)
+listProfiles_pageSize = Lens.lens (\ListProfiles' {pageSize} -> pageSize) (\s@ListProfiles' {} a -> s {pageSize = a} :: ListProfiles)
+
+instance Core.AWSPager ListProfiles where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listProfilesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listProfilesResponse_profiles
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listProfiles_nextToken
+          Lens..~ rs
+          Lens.^? listProfilesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListProfiles where
+  type AWSResponse ListProfiles = ListProfilesResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListProfilesResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (x Data..?> "profiles" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListProfiles where
+  hashWithSalt _salt ListProfiles' {..} =
+    _salt
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` pageSize
+
+instance Prelude.NFData ListProfiles where
+  rnf ListProfiles' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf pageSize
+
+instance Data.ToHeaders ListProfiles where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListProfiles where
+  toPath = Prelude.const "/profiles"
+
+instance Data.ToQuery ListProfiles where
+  toQuery ListProfiles' {..} =
+    Prelude.mconcat
+      [ "nextToken" Data.=: nextToken,
+        "pageSize" Data.=: pageSize
+      ]
+
+-- | /See:/ 'newListProfilesResponse' smart constructor.
+data ListProfilesResponse = ListProfilesResponse'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A list of profiles.
+    profiles :: Prelude.Maybe [ProfileDetail],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListProfilesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listProfilesResponse_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'profiles', 'listProfilesResponse_profiles' - A list of profiles.
+--
+-- 'httpStatus', 'listProfilesResponse_httpStatus' - The response's http status code.
+newListProfilesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListProfilesResponse
+newListProfilesResponse pHttpStatus_ =
+  ListProfilesResponse'
+    { nextToken = Prelude.Nothing,
+      profiles = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listProfilesResponse_nextToken :: Lens.Lens' ListProfilesResponse (Prelude.Maybe Prelude.Text)
+listProfilesResponse_nextToken = Lens.lens (\ListProfilesResponse' {nextToken} -> nextToken) (\s@ListProfilesResponse' {} a -> s {nextToken = a} :: ListProfilesResponse)
+
+-- | A list of profiles.
+listProfilesResponse_profiles :: Lens.Lens' ListProfilesResponse (Prelude.Maybe [ProfileDetail])
+listProfilesResponse_profiles = Lens.lens (\ListProfilesResponse' {profiles} -> profiles) (\s@ListProfilesResponse' {} a -> s {profiles = a} :: ListProfilesResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listProfilesResponse_httpStatus :: Lens.Lens' ListProfilesResponse Prelude.Int
+listProfilesResponse_httpStatus = Lens.lens (\ListProfilesResponse' {httpStatus} -> httpStatus) (\s@ListProfilesResponse' {} a -> s {httpStatus = a} :: ListProfilesResponse)
+
+instance Prelude.NFData ListProfilesResponse where
+  rnf ListProfilesResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf profiles
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/ListSubjects.hs b/gen/Amazonka/RolesAnywhere/ListSubjects.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/ListSubjects.hs
@@ -0,0 +1,223 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.ListSubjects
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the subjects in the authenticated account and Amazon Web Services
+-- Region.
+--
+-- __Required permissions:__ @rolesanywhere:ListSubjects@.
+--
+-- This operation returns paginated results.
+module Amazonka.RolesAnywhere.ListSubjects
+  ( -- * Creating a Request
+    ListSubjects (..),
+    newListSubjects,
+
+    -- * Request Lenses
+    listSubjects_nextToken,
+    listSubjects_pageSize,
+
+    -- * Destructuring the Response
+    ListSubjectsResponse (..),
+    newListSubjectsResponse,
+
+    -- * Response Lenses
+    listSubjectsResponse_nextToken,
+    listSubjectsResponse_subjects,
+    listSubjectsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newListSubjects' smart constructor.
+data ListSubjects = ListSubjects'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The number of resources in the paginated list.
+    pageSize :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListSubjects' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listSubjects_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'pageSize', 'listSubjects_pageSize' - The number of resources in the paginated list.
+newListSubjects ::
+  ListSubjects
+newListSubjects =
+  ListSubjects'
+    { nextToken = Prelude.Nothing,
+      pageSize = Prelude.Nothing
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listSubjects_nextToken :: Lens.Lens' ListSubjects (Prelude.Maybe Prelude.Text)
+listSubjects_nextToken = Lens.lens (\ListSubjects' {nextToken} -> nextToken) (\s@ListSubjects' {} a -> s {nextToken = a} :: ListSubjects)
+
+-- | The number of resources in the paginated list.
+listSubjects_pageSize :: Lens.Lens' ListSubjects (Prelude.Maybe Prelude.Int)
+listSubjects_pageSize = Lens.lens (\ListSubjects' {pageSize} -> pageSize) (\s@ListSubjects' {} a -> s {pageSize = a} :: ListSubjects)
+
+instance Core.AWSPager ListSubjects where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listSubjectsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listSubjectsResponse_subjects
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listSubjects_nextToken
+          Lens..~ rs
+          Lens.^? listSubjectsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListSubjects where
+  type AWSResponse ListSubjects = ListSubjectsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListSubjectsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (x Data..?> "subjects" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListSubjects where
+  hashWithSalt _salt ListSubjects' {..} =
+    _salt
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` pageSize
+
+instance Prelude.NFData ListSubjects where
+  rnf ListSubjects' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf pageSize
+
+instance Data.ToHeaders ListSubjects where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListSubjects where
+  toPath = Prelude.const "/subjects"
+
+instance Data.ToQuery ListSubjects where
+  toQuery ListSubjects' {..} =
+    Prelude.mconcat
+      [ "nextToken" Data.=: nextToken,
+        "pageSize" Data.=: pageSize
+      ]
+
+-- | /See:/ 'newListSubjectsResponse' smart constructor.
+data ListSubjectsResponse = ListSubjectsResponse'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A list of subjects.
+    subjects :: Prelude.Maybe [SubjectSummary],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListSubjectsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listSubjectsResponse_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'subjects', 'listSubjectsResponse_subjects' - A list of subjects.
+--
+-- 'httpStatus', 'listSubjectsResponse_httpStatus' - The response's http status code.
+newListSubjectsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListSubjectsResponse
+newListSubjectsResponse pHttpStatus_ =
+  ListSubjectsResponse'
+    { nextToken = Prelude.Nothing,
+      subjects = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listSubjectsResponse_nextToken :: Lens.Lens' ListSubjectsResponse (Prelude.Maybe Prelude.Text)
+listSubjectsResponse_nextToken = Lens.lens (\ListSubjectsResponse' {nextToken} -> nextToken) (\s@ListSubjectsResponse' {} a -> s {nextToken = a} :: ListSubjectsResponse)
+
+-- | A list of subjects.
+listSubjectsResponse_subjects :: Lens.Lens' ListSubjectsResponse (Prelude.Maybe [SubjectSummary])
+listSubjectsResponse_subjects = Lens.lens (\ListSubjectsResponse' {subjects} -> subjects) (\s@ListSubjectsResponse' {} a -> s {subjects = a} :: ListSubjectsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listSubjectsResponse_httpStatus :: Lens.Lens' ListSubjectsResponse Prelude.Int
+listSubjectsResponse_httpStatus = Lens.lens (\ListSubjectsResponse' {httpStatus} -> httpStatus) (\s@ListSubjectsResponse' {} a -> s {httpStatus = a} :: ListSubjectsResponse)
+
+instance Prelude.NFData ListSubjectsResponse where
+  rnf ListSubjectsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf subjects
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/ListTagsForResource.hs b/gen/Amazonka/RolesAnywhere/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/ListTagsForResource.hs
@@ -0,0 +1,161 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the tags attached to the resource.
+--
+-- __Required permissions:__ @rolesanywhere:ListTagsForResource@.
+module Amazonka.RolesAnywhere.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_resourceArn,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The ARN of the resource.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'listTagsForResource_resourceArn' - The ARN of the resource.
+newListTagsForResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceArn_ =
+  ListTagsForResource' {resourceArn = pResourceArn_}
+
+-- | The ARN of the resource.
+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath = Prelude.const "/ListTagsForResource"
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery ListTagsForResource' {..} =
+    Prelude.mconcat ["resourceArn" Data.=: resourceArn]
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | A list of tags attached to the resource.
+    tags :: Prelude.Maybe [Tag],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - A list of tags attached to the resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { tags =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of tags attached to the resource.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe [Tag])
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/ListTrustAnchors.hs b/gen/Amazonka/RolesAnywhere/ListTrustAnchors.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/ListTrustAnchors.hs
@@ -0,0 +1,226 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.ListTrustAnchors
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the trust anchors in the authenticated account and Amazon Web
+-- Services Region.
+--
+-- __Required permissions:__ @rolesanywhere:ListTrustAnchors@.
+--
+-- This operation returns paginated results.
+module Amazonka.RolesAnywhere.ListTrustAnchors
+  ( -- * Creating a Request
+    ListTrustAnchors (..),
+    newListTrustAnchors,
+
+    -- * Request Lenses
+    listTrustAnchors_nextToken,
+    listTrustAnchors_pageSize,
+
+    -- * Destructuring the Response
+    ListTrustAnchorsResponse (..),
+    newListTrustAnchorsResponse,
+
+    -- * Response Lenses
+    listTrustAnchorsResponse_nextToken,
+    listTrustAnchorsResponse_trustAnchors,
+    listTrustAnchorsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newListTrustAnchors' smart constructor.
+data ListTrustAnchors = ListTrustAnchors'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The number of resources in the paginated list.
+    pageSize :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTrustAnchors' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listTrustAnchors_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'pageSize', 'listTrustAnchors_pageSize' - The number of resources in the paginated list.
+newListTrustAnchors ::
+  ListTrustAnchors
+newListTrustAnchors =
+  ListTrustAnchors'
+    { nextToken = Prelude.Nothing,
+      pageSize = Prelude.Nothing
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listTrustAnchors_nextToken :: Lens.Lens' ListTrustAnchors (Prelude.Maybe Prelude.Text)
+listTrustAnchors_nextToken = Lens.lens (\ListTrustAnchors' {nextToken} -> nextToken) (\s@ListTrustAnchors' {} a -> s {nextToken = a} :: ListTrustAnchors)
+
+-- | The number of resources in the paginated list.
+listTrustAnchors_pageSize :: Lens.Lens' ListTrustAnchors (Prelude.Maybe Prelude.Int)
+listTrustAnchors_pageSize = Lens.lens (\ListTrustAnchors' {pageSize} -> pageSize) (\s@ListTrustAnchors' {} a -> s {pageSize = a} :: ListTrustAnchors)
+
+instance Core.AWSPager ListTrustAnchors where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listTrustAnchorsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listTrustAnchorsResponse_trustAnchors
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listTrustAnchors_nextToken
+          Lens..~ rs
+          Lens.^? listTrustAnchorsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListTrustAnchors where
+  type
+    AWSResponse ListTrustAnchors =
+      ListTrustAnchorsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTrustAnchorsResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (x Data..?> "trustAnchors" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTrustAnchors where
+  hashWithSalt _salt ListTrustAnchors' {..} =
+    _salt
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` pageSize
+
+instance Prelude.NFData ListTrustAnchors where
+  rnf ListTrustAnchors' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf pageSize
+
+instance Data.ToHeaders ListTrustAnchors where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToPath ListTrustAnchors where
+  toPath = Prelude.const "/trustanchors"
+
+instance Data.ToQuery ListTrustAnchors where
+  toQuery ListTrustAnchors' {..} =
+    Prelude.mconcat
+      [ "nextToken" Data.=: nextToken,
+        "pageSize" Data.=: pageSize
+      ]
+
+-- | /See:/ 'newListTrustAnchorsResponse' smart constructor.
+data ListTrustAnchorsResponse = ListTrustAnchorsResponse'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A list of trust anchors.
+    trustAnchors :: Prelude.Maybe [TrustAnchorDetail],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTrustAnchorsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listTrustAnchorsResponse_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'trustAnchors', 'listTrustAnchorsResponse_trustAnchors' - A list of trust anchors.
+--
+-- 'httpStatus', 'listTrustAnchorsResponse_httpStatus' - The response's http status code.
+newListTrustAnchorsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTrustAnchorsResponse
+newListTrustAnchorsResponse pHttpStatus_ =
+  ListTrustAnchorsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      trustAnchors = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listTrustAnchorsResponse_nextToken :: Lens.Lens' ListTrustAnchorsResponse (Prelude.Maybe Prelude.Text)
+listTrustAnchorsResponse_nextToken = Lens.lens (\ListTrustAnchorsResponse' {nextToken} -> nextToken) (\s@ListTrustAnchorsResponse' {} a -> s {nextToken = a} :: ListTrustAnchorsResponse)
+
+-- | A list of trust anchors.
+listTrustAnchorsResponse_trustAnchors :: Lens.Lens' ListTrustAnchorsResponse (Prelude.Maybe [TrustAnchorDetail])
+listTrustAnchorsResponse_trustAnchors = Lens.lens (\ListTrustAnchorsResponse' {trustAnchors} -> trustAnchors) (\s@ListTrustAnchorsResponse' {} a -> s {trustAnchors = a} :: ListTrustAnchorsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTrustAnchorsResponse_httpStatus :: Lens.Lens' ListTrustAnchorsResponse Prelude.Int
+listTrustAnchorsResponse_httpStatus = Lens.lens (\ListTrustAnchorsResponse' {httpStatus} -> httpStatus) (\s@ListTrustAnchorsResponse' {} a -> s {httpStatus = a} :: ListTrustAnchorsResponse)
+
+instance Prelude.NFData ListTrustAnchorsResponse where
+  rnf ListTrustAnchorsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf trustAnchors
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/TagResource.hs b/gen/Amazonka/RolesAnywhere/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/TagResource.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Attaches tags to a resource.
+--
+-- __Required permissions:__ @rolesanywhere:TagResource@.
+module Amazonka.RolesAnywhere.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceArn,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The ARN of the resource.
+    resourceArn :: Prelude.Text,
+    -- | The tags to attach to the resource.
+    tags :: [Tag]
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'tagResource_resourceArn' - The ARN of the resource.
+--
+-- 'tags', 'tagResource_tags' - The tags to attach to the resource.
+newTagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  TagResource
+newTagResource pResourceArn_ =
+  TagResource'
+    { resourceArn = pResourceArn_,
+      tags = Prelude.mempty
+    }
+
+-- | The ARN of the resource.
+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)
+
+-- | The tags to attach to the resource.
+tagResource_tags :: Lens.Lens' TagResource [Tag]
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("resourceArn" Data..= resourceArn),
+            Prelude.Just ("tags" Data..= tags)
+          ]
+      )
+
+instance Data.ToPath TagResource where
+  toPath = Prelude.const "/TagResource"
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/Types.hs b/gen/Amazonka/RolesAnywhere/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types.hs
@@ -0,0 +1,288 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _ResourceNotFoundException,
+    _TooManyTagsException,
+    _ValidationException,
+
+    -- * TrustAnchorType
+    TrustAnchorType (..),
+
+    -- * CredentialSummary
+    CredentialSummary (..),
+    newCredentialSummary,
+    credentialSummary_enabled,
+    credentialSummary_failed,
+    credentialSummary_issuer,
+    credentialSummary_seenAt,
+    credentialSummary_serialNumber,
+    credentialSummary_x509CertificateData,
+
+    -- * CrlDetail
+    CrlDetail (..),
+    newCrlDetail,
+    crlDetail_createdAt,
+    crlDetail_crlArn,
+    crlDetail_crlData,
+    crlDetail_crlId,
+    crlDetail_enabled,
+    crlDetail_name,
+    crlDetail_trustAnchorArn,
+    crlDetail_updatedAt,
+
+    -- * CrlDetailResponse
+    CrlDetailResponse (..),
+    newCrlDetailResponse,
+    crlDetailResponse_crl,
+
+    -- * InstanceProperty
+    InstanceProperty (..),
+    newInstanceProperty,
+    instanceProperty_failed,
+    instanceProperty_properties,
+    instanceProperty_seenAt,
+
+    -- * ListRequest
+    ListRequest (..),
+    newListRequest,
+    listRequest_nextToken,
+    listRequest_pageSize,
+
+    -- * ProfileDetail
+    ProfileDetail (..),
+    newProfileDetail,
+    profileDetail_createdAt,
+    profileDetail_createdBy,
+    profileDetail_durationSeconds,
+    profileDetail_enabled,
+    profileDetail_managedPolicyArns,
+    profileDetail_name,
+    profileDetail_profileArn,
+    profileDetail_profileId,
+    profileDetail_requireInstanceProperties,
+    profileDetail_roleArns,
+    profileDetail_sessionPolicy,
+    profileDetail_updatedAt,
+
+    -- * ProfileDetailResponse
+    ProfileDetailResponse (..),
+    newProfileDetailResponse,
+    profileDetailResponse_profile,
+
+    -- * ScalarCrlRequest
+    ScalarCrlRequest (..),
+    newScalarCrlRequest,
+    scalarCrlRequest_crlId,
+
+    -- * ScalarProfileRequest
+    ScalarProfileRequest (..),
+    newScalarProfileRequest,
+    scalarProfileRequest_profileId,
+
+    -- * ScalarTrustAnchorRequest
+    ScalarTrustAnchorRequest (..),
+    newScalarTrustAnchorRequest,
+    scalarTrustAnchorRequest_trustAnchorId,
+
+    -- * Source
+    Source (..),
+    newSource,
+    source_sourceData,
+    source_sourceType,
+
+    -- * SourceData
+    SourceData (..),
+    newSourceData,
+    sourceData_acmPcaArn,
+    sourceData_x509CertificateData,
+
+    -- * SubjectDetail
+    SubjectDetail (..),
+    newSubjectDetail,
+    subjectDetail_createdAt,
+    subjectDetail_credentials,
+    subjectDetail_enabled,
+    subjectDetail_instanceProperties,
+    subjectDetail_lastSeenAt,
+    subjectDetail_subjectArn,
+    subjectDetail_subjectId,
+    subjectDetail_updatedAt,
+    subjectDetail_x509Subject,
+
+    -- * SubjectSummary
+    SubjectSummary (..),
+    newSubjectSummary,
+    subjectSummary_createdAt,
+    subjectSummary_enabled,
+    subjectSummary_lastSeenAt,
+    subjectSummary_subjectArn,
+    subjectSummary_subjectId,
+    subjectSummary_updatedAt,
+    subjectSummary_x509Subject,
+
+    -- * Tag
+    Tag (..),
+    newTag,
+    tag_key,
+    tag_value,
+
+    -- * TrustAnchorDetail
+    TrustAnchorDetail (..),
+    newTrustAnchorDetail,
+    trustAnchorDetail_createdAt,
+    trustAnchorDetail_enabled,
+    trustAnchorDetail_name,
+    trustAnchorDetail_source,
+    trustAnchorDetail_trustAnchorArn,
+    trustAnchorDetail_trustAnchorId,
+    trustAnchorDetail_updatedAt,
+
+    -- * TrustAnchorDetailResponse
+    TrustAnchorDetailResponse (..),
+    newTrustAnchorDetailResponse,
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Types.CredentialSummary
+import Amazonka.RolesAnywhere.Types.CrlDetail
+import Amazonka.RolesAnywhere.Types.CrlDetailResponse
+import Amazonka.RolesAnywhere.Types.InstanceProperty
+import Amazonka.RolesAnywhere.Types.ListRequest
+import Amazonka.RolesAnywhere.Types.ProfileDetail
+import Amazonka.RolesAnywhere.Types.ProfileDetailResponse
+import Amazonka.RolesAnywhere.Types.ScalarCrlRequest
+import Amazonka.RolesAnywhere.Types.ScalarProfileRequest
+import Amazonka.RolesAnywhere.Types.ScalarTrustAnchorRequest
+import Amazonka.RolesAnywhere.Types.Source
+import Amazonka.RolesAnywhere.Types.SourceData
+import Amazonka.RolesAnywhere.Types.SubjectDetail
+import Amazonka.RolesAnywhere.Types.SubjectSummary
+import Amazonka.RolesAnywhere.Types.Tag
+import Amazonka.RolesAnywhere.Types.TrustAnchorDetail
+import Amazonka.RolesAnywhere.Types.TrustAnchorDetailResponse
+import Amazonka.RolesAnywhere.Types.TrustAnchorType
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2018-05-10@ of the Amazon IAM Roles Anywhere SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "RolesAnywhere",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "rolesanywhere",
+      Core.signingName = "rolesanywhere",
+      Core.version = "2018-05-10",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "RolesAnywhere",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | You do not have sufficient access to perform this action.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+    Prelude.. Core.hasStatus 403
+
+-- | The resource could not be found.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
+    Prelude.. Core.hasStatus 404
+
+-- | Too many tags.
+_TooManyTagsException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_TooManyTagsException =
+  Core._MatchServiceError
+    defaultService
+    "TooManyTagsException"
+    Prelude.. Core.hasStatus 400
+
+-- | Validation exception error.
+_ValidationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ValidationException =
+  Core._MatchServiceError
+    defaultService
+    "ValidationException"
+    Prelude.. Core.hasStatus 400
diff --git a/gen/Amazonka/RolesAnywhere/Types/CredentialSummary.hs b/gen/Amazonka/RolesAnywhere/Types/CredentialSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/CredentialSummary.hs
@@ -0,0 +1,148 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.CredentialSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.CredentialSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A record of a presented X509 credential to
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>.
+--
+-- /See:/ 'newCredentialSummary' smart constructor.
+data CredentialSummary = CredentialSummary'
+  { -- | Indicates whether the credential is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | Indicates whether the
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation was successful.
+    failed :: Prelude.Maybe Prelude.Bool,
+    -- | The fully qualified domain name of the issuing certificate for the
+    -- presented end-entity certificate.
+    issuer :: Prelude.Maybe Prelude.Text,
+    -- | The ISO-8601 time stamp of when the certificate was last used in a
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation.
+    seenAt :: Prelude.Maybe Data.ISO8601,
+    -- | The serial number of the certificate.
+    serialNumber :: Prelude.Maybe Prelude.Text,
+    -- | The PEM-encoded data of the certificate.
+    x509CertificateData :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CredentialSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'enabled', 'credentialSummary_enabled' - Indicates whether the credential is enabled.
+--
+-- 'failed', 'credentialSummary_failed' - Indicates whether the
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation was successful.
+--
+-- 'issuer', 'credentialSummary_issuer' - The fully qualified domain name of the issuing certificate for the
+-- presented end-entity certificate.
+--
+-- 'seenAt', 'credentialSummary_seenAt' - The ISO-8601 time stamp of when the certificate was last used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+--
+-- 'serialNumber', 'credentialSummary_serialNumber' - The serial number of the certificate.
+--
+-- 'x509CertificateData', 'credentialSummary_x509CertificateData' - The PEM-encoded data of the certificate.
+newCredentialSummary ::
+  CredentialSummary
+newCredentialSummary =
+  CredentialSummary'
+    { enabled = Prelude.Nothing,
+      failed = Prelude.Nothing,
+      issuer = Prelude.Nothing,
+      seenAt = Prelude.Nothing,
+      serialNumber = Prelude.Nothing,
+      x509CertificateData = Prelude.Nothing
+    }
+
+-- | Indicates whether the credential is enabled.
+credentialSummary_enabled :: Lens.Lens' CredentialSummary (Prelude.Maybe Prelude.Bool)
+credentialSummary_enabled = Lens.lens (\CredentialSummary' {enabled} -> enabled) (\s@CredentialSummary' {} a -> s {enabled = a} :: CredentialSummary)
+
+-- | Indicates whether the
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation was successful.
+credentialSummary_failed :: Lens.Lens' CredentialSummary (Prelude.Maybe Prelude.Bool)
+credentialSummary_failed = Lens.lens (\CredentialSummary' {failed} -> failed) (\s@CredentialSummary' {} a -> s {failed = a} :: CredentialSummary)
+
+-- | The fully qualified domain name of the issuing certificate for the
+-- presented end-entity certificate.
+credentialSummary_issuer :: Lens.Lens' CredentialSummary (Prelude.Maybe Prelude.Text)
+credentialSummary_issuer = Lens.lens (\CredentialSummary' {issuer} -> issuer) (\s@CredentialSummary' {} a -> s {issuer = a} :: CredentialSummary)
+
+-- | The ISO-8601 time stamp of when the certificate was last used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+credentialSummary_seenAt :: Lens.Lens' CredentialSummary (Prelude.Maybe Prelude.UTCTime)
+credentialSummary_seenAt = Lens.lens (\CredentialSummary' {seenAt} -> seenAt) (\s@CredentialSummary' {} a -> s {seenAt = a} :: CredentialSummary) Prelude.. Lens.mapping Data._Time
+
+-- | The serial number of the certificate.
+credentialSummary_serialNumber :: Lens.Lens' CredentialSummary (Prelude.Maybe Prelude.Text)
+credentialSummary_serialNumber = Lens.lens (\CredentialSummary' {serialNumber} -> serialNumber) (\s@CredentialSummary' {} a -> s {serialNumber = a} :: CredentialSummary)
+
+-- | The PEM-encoded data of the certificate.
+credentialSummary_x509CertificateData :: Lens.Lens' CredentialSummary (Prelude.Maybe Prelude.Text)
+credentialSummary_x509CertificateData = Lens.lens (\CredentialSummary' {x509CertificateData} -> x509CertificateData) (\s@CredentialSummary' {} a -> s {x509CertificateData = a} :: CredentialSummary)
+
+instance Data.FromJSON CredentialSummary where
+  parseJSON =
+    Data.withObject
+      "CredentialSummary"
+      ( \x ->
+          CredentialSummary'
+            Prelude.<$> (x Data..:? "enabled")
+            Prelude.<*> (x Data..:? "failed")
+            Prelude.<*> (x Data..:? "issuer")
+            Prelude.<*> (x Data..:? "seenAt")
+            Prelude.<*> (x Data..:? "serialNumber")
+            Prelude.<*> (x Data..:? "x509CertificateData")
+      )
+
+instance Prelude.Hashable CredentialSummary where
+  hashWithSalt _salt CredentialSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` failed
+      `Prelude.hashWithSalt` issuer
+      `Prelude.hashWithSalt` seenAt
+      `Prelude.hashWithSalt` serialNumber
+      `Prelude.hashWithSalt` x509CertificateData
+
+instance Prelude.NFData CredentialSummary where
+  rnf CredentialSummary' {..} =
+    Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf failed
+      `Prelude.seq` Prelude.rnf issuer
+      `Prelude.seq` Prelude.rnf seenAt
+      `Prelude.seq` Prelude.rnf serialNumber
+      `Prelude.seq` Prelude.rnf x509CertificateData
diff --git a/gen/Amazonka/RolesAnywhere/Types/CrlDetail.hs b/gen/Amazonka/RolesAnywhere/Types/CrlDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/CrlDetail.hs
@@ -0,0 +1,177 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.CrlDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.CrlDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The state of the certificate revocation list (CRL) after a read or write
+-- operation.
+--
+-- /See:/ 'newCrlDetail' smart constructor.
+data CrlDetail = CrlDetail'
+  { -- | The ISO-8601 timestamp when the certificate revocation list (CRL) was
+    -- created.
+    createdAt :: Prelude.Maybe Data.ISO8601,
+    -- | The ARN of the certificate revocation list (CRL).
+    crlArn :: Prelude.Maybe Prelude.Text,
+    -- | The state of the certificate revocation list (CRL) after a read or write
+    -- operation.
+    crlData :: Prelude.Maybe Data.Base64,
+    -- | The unique identifier of the certificate revocation list (CRL).
+    crlId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the certificate revocation list (CRL) is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the certificate revocation list (CRL).
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the TrustAnchor the certificate revocation list (CRL) will
+    -- provide revocation for.
+    trustAnchorArn :: Prelude.Maybe Prelude.Text,
+    -- | The ISO-8601 timestamp when the certificate revocation list (CRL) was
+    -- last updated.
+    updatedAt :: Prelude.Maybe Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CrlDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdAt', 'crlDetail_createdAt' - The ISO-8601 timestamp when the certificate revocation list (CRL) was
+-- created.
+--
+-- 'crlArn', 'crlDetail_crlArn' - The ARN of the certificate revocation list (CRL).
+--
+-- 'crlData', 'crlDetail_crlData' - The state of the certificate revocation list (CRL) after a read or write
+-- operation.--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+--
+-- 'crlId', 'crlDetail_crlId' - The unique identifier of the certificate revocation list (CRL).
+--
+-- 'enabled', 'crlDetail_enabled' - Indicates whether the certificate revocation list (CRL) is enabled.
+--
+-- 'name', 'crlDetail_name' - The name of the certificate revocation list (CRL).
+--
+-- 'trustAnchorArn', 'crlDetail_trustAnchorArn' - The ARN of the TrustAnchor the certificate revocation list (CRL) will
+-- provide revocation for.
+--
+-- 'updatedAt', 'crlDetail_updatedAt' - The ISO-8601 timestamp when the certificate revocation list (CRL) was
+-- last updated.
+newCrlDetail ::
+  CrlDetail
+newCrlDetail =
+  CrlDetail'
+    { createdAt = Prelude.Nothing,
+      crlArn = Prelude.Nothing,
+      crlData = Prelude.Nothing,
+      crlId = Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      name = Prelude.Nothing,
+      trustAnchorArn = Prelude.Nothing,
+      updatedAt = Prelude.Nothing
+    }
+
+-- | The ISO-8601 timestamp when the certificate revocation list (CRL) was
+-- created.
+crlDetail_createdAt :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.UTCTime)
+crlDetail_createdAt = Lens.lens (\CrlDetail' {createdAt} -> createdAt) (\s@CrlDetail' {} a -> s {createdAt = a} :: CrlDetail) Prelude.. Lens.mapping Data._Time
+
+-- | The ARN of the certificate revocation list (CRL).
+crlDetail_crlArn :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.Text)
+crlDetail_crlArn = Lens.lens (\CrlDetail' {crlArn} -> crlArn) (\s@CrlDetail' {} a -> s {crlArn = a} :: CrlDetail)
+
+-- | The state of the certificate revocation list (CRL) after a read or write
+-- operation.--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+crlDetail_crlData :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.ByteString)
+crlDetail_crlData = Lens.lens (\CrlDetail' {crlData} -> crlData) (\s@CrlDetail' {} a -> s {crlData = a} :: CrlDetail) Prelude.. Lens.mapping Data._Base64
+
+-- | The unique identifier of the certificate revocation list (CRL).
+crlDetail_crlId :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.Text)
+crlDetail_crlId = Lens.lens (\CrlDetail' {crlId} -> crlId) (\s@CrlDetail' {} a -> s {crlId = a} :: CrlDetail)
+
+-- | Indicates whether the certificate revocation list (CRL) is enabled.
+crlDetail_enabled :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.Bool)
+crlDetail_enabled = Lens.lens (\CrlDetail' {enabled} -> enabled) (\s@CrlDetail' {} a -> s {enabled = a} :: CrlDetail)
+
+-- | The name of the certificate revocation list (CRL).
+crlDetail_name :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.Text)
+crlDetail_name = Lens.lens (\CrlDetail' {name} -> name) (\s@CrlDetail' {} a -> s {name = a} :: CrlDetail)
+
+-- | The ARN of the TrustAnchor the certificate revocation list (CRL) will
+-- provide revocation for.
+crlDetail_trustAnchorArn :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.Text)
+crlDetail_trustAnchorArn = Lens.lens (\CrlDetail' {trustAnchorArn} -> trustAnchorArn) (\s@CrlDetail' {} a -> s {trustAnchorArn = a} :: CrlDetail)
+
+-- | The ISO-8601 timestamp when the certificate revocation list (CRL) was
+-- last updated.
+crlDetail_updatedAt :: Lens.Lens' CrlDetail (Prelude.Maybe Prelude.UTCTime)
+crlDetail_updatedAt = Lens.lens (\CrlDetail' {updatedAt} -> updatedAt) (\s@CrlDetail' {} a -> s {updatedAt = a} :: CrlDetail) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON CrlDetail where
+  parseJSON =
+    Data.withObject
+      "CrlDetail"
+      ( \x ->
+          CrlDetail'
+            Prelude.<$> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "crlArn")
+            Prelude.<*> (x Data..:? "crlData")
+            Prelude.<*> (x Data..:? "crlId")
+            Prelude.<*> (x Data..:? "enabled")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "trustAnchorArn")
+            Prelude.<*> (x Data..:? "updatedAt")
+      )
+
+instance Prelude.Hashable CrlDetail where
+  hashWithSalt _salt CrlDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` crlArn
+      `Prelude.hashWithSalt` crlData
+      `Prelude.hashWithSalt` crlId
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` trustAnchorArn
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData CrlDetail where
+  rnf CrlDetail' {..} =
+    Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf crlArn
+      `Prelude.seq` Prelude.rnf crlData
+      `Prelude.seq` Prelude.rnf crlId
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf trustAnchorArn
+      `Prelude.seq` Prelude.rnf updatedAt
diff --git a/gen/Amazonka/RolesAnywhere/Types/CrlDetailResponse.hs b/gen/Amazonka/RolesAnywhere/Types/CrlDetailResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/CrlDetailResponse.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.CrlDetailResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.CrlDetailResponse where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Types.CrlDetail
+
+-- | /See:/ 'newCrlDetailResponse' smart constructor.
+data CrlDetailResponse = CrlDetailResponse'
+  { -- | The state of the certificate revocation list (CRL) after a read or write
+    -- operation.
+    crl :: CrlDetail
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CrlDetailResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crl', 'crlDetailResponse_crl' - The state of the certificate revocation list (CRL) after a read or write
+-- operation.
+newCrlDetailResponse ::
+  -- | 'crl'
+  CrlDetail ->
+  CrlDetailResponse
+newCrlDetailResponse pCrl_ =
+  CrlDetailResponse' {crl = pCrl_}
+
+-- | The state of the certificate revocation list (CRL) after a read or write
+-- operation.
+crlDetailResponse_crl :: Lens.Lens' CrlDetailResponse CrlDetail
+crlDetailResponse_crl = Lens.lens (\CrlDetailResponse' {crl} -> crl) (\s@CrlDetailResponse' {} a -> s {crl = a} :: CrlDetailResponse)
+
+instance Data.FromJSON CrlDetailResponse where
+  parseJSON =
+    Data.withObject
+      "CrlDetailResponse"
+      ( \x ->
+          CrlDetailResponse' Prelude.<$> (x Data..: "crl")
+      )
+
+instance Prelude.Hashable CrlDetailResponse where
+  hashWithSalt _salt CrlDetailResponse' {..} =
+    _salt `Prelude.hashWithSalt` crl
+
+instance Prelude.NFData CrlDetailResponse where
+  rnf CrlDetailResponse' {..} = Prelude.rnf crl
diff --git a/gen/Amazonka/RolesAnywhere/Types/InstanceProperty.hs b/gen/Amazonka/RolesAnywhere/Types/InstanceProperty.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/InstanceProperty.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.InstanceProperty
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.InstanceProperty where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A key-value pair you set that identifies a property of the
+-- authenticating instance.
+--
+-- /See:/ 'newInstanceProperty' smart constructor.
+data InstanceProperty = InstanceProperty'
+  { -- | Indicates whether the
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation was successful.
+    failed :: Prelude.Maybe Prelude.Bool,
+    -- | A list of instanceProperty objects.
+    properties :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
+    -- | The ISO-8601 time stamp of when the certificate was last used in a
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation.
+    seenAt :: Prelude.Maybe Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InstanceProperty' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'failed', 'instanceProperty_failed' - Indicates whether the
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation was successful.
+--
+-- 'properties', 'instanceProperty_properties' - A list of instanceProperty objects.
+--
+-- 'seenAt', 'instanceProperty_seenAt' - The ISO-8601 time stamp of when the certificate was last used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+newInstanceProperty ::
+  InstanceProperty
+newInstanceProperty =
+  InstanceProperty'
+    { failed = Prelude.Nothing,
+      properties = Prelude.Nothing,
+      seenAt = Prelude.Nothing
+    }
+
+-- | Indicates whether the
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation was successful.
+instanceProperty_failed :: Lens.Lens' InstanceProperty (Prelude.Maybe Prelude.Bool)
+instanceProperty_failed = Lens.lens (\InstanceProperty' {failed} -> failed) (\s@InstanceProperty' {} a -> s {failed = a} :: InstanceProperty)
+
+-- | A list of instanceProperty objects.
+instanceProperty_properties :: Lens.Lens' InstanceProperty (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
+instanceProperty_properties = Lens.lens (\InstanceProperty' {properties} -> properties) (\s@InstanceProperty' {} a -> s {properties = a} :: InstanceProperty) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ISO-8601 time stamp of when the certificate was last used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+instanceProperty_seenAt :: Lens.Lens' InstanceProperty (Prelude.Maybe Prelude.UTCTime)
+instanceProperty_seenAt = Lens.lens (\InstanceProperty' {seenAt} -> seenAt) (\s@InstanceProperty' {} a -> s {seenAt = a} :: InstanceProperty) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON InstanceProperty where
+  parseJSON =
+    Data.withObject
+      "InstanceProperty"
+      ( \x ->
+          InstanceProperty'
+            Prelude.<$> (x Data..:? "failed")
+            Prelude.<*> (x Data..:? "properties" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "seenAt")
+      )
+
+instance Prelude.Hashable InstanceProperty where
+  hashWithSalt _salt InstanceProperty' {..} =
+    _salt
+      `Prelude.hashWithSalt` failed
+      `Prelude.hashWithSalt` properties
+      `Prelude.hashWithSalt` seenAt
+
+instance Prelude.NFData InstanceProperty where
+  rnf InstanceProperty' {..} =
+    Prelude.rnf failed
+      `Prelude.seq` Prelude.rnf properties
+      `Prelude.seq` Prelude.rnf seenAt
diff --git a/gen/Amazonka/RolesAnywhere/Types/ListRequest.hs b/gen/Amazonka/RolesAnywhere/Types/ListRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/ListRequest.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.ListRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.ListRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | /See:/ 'newListRequest' smart constructor.
+data ListRequest = ListRequest'
+  { -- | A token that indicates where the output should continue from, if a
+    -- previous operation did not show all results. To get the next results,
+    -- call the operation again with this value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The number of resources in the paginated list.
+    pageSize :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listRequest_nextToken' - A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+--
+-- 'pageSize', 'listRequest_pageSize' - The number of resources in the paginated list.
+newListRequest ::
+  ListRequest
+newListRequest =
+  ListRequest'
+    { nextToken = Prelude.Nothing,
+      pageSize = Prelude.Nothing
+    }
+
+-- | A token that indicates where the output should continue from, if a
+-- previous operation did not show all results. To get the next results,
+-- call the operation again with this value.
+listRequest_nextToken :: Lens.Lens' ListRequest (Prelude.Maybe Prelude.Text)
+listRequest_nextToken = Lens.lens (\ListRequest' {nextToken} -> nextToken) (\s@ListRequest' {} a -> s {nextToken = a} :: ListRequest)
+
+-- | The number of resources in the paginated list.
+listRequest_pageSize :: Lens.Lens' ListRequest (Prelude.Maybe Prelude.Int)
+listRequest_pageSize = Lens.lens (\ListRequest' {pageSize} -> pageSize) (\s@ListRequest' {} a -> s {pageSize = a} :: ListRequest)
+
+instance Prelude.Hashable ListRequest where
+  hashWithSalt _salt ListRequest' {..} =
+    _salt
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` pageSize
+
+instance Prelude.NFData ListRequest where
+  rnf ListRequest' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf pageSize
+
+instance Data.ToJSON ListRequest where
+  toJSON ListRequest' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("nextToken" Data..=) Prelude.<$> nextToken,
+            ("pageSize" Data..=) Prelude.<$> pageSize
+          ]
+      )
diff --git a/gen/Amazonka/RolesAnywhere/Types/ProfileDetail.hs b/gen/Amazonka/RolesAnywhere/Types/ProfileDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/ProfileDetail.hs
@@ -0,0 +1,225 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.ProfileDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.ProfileDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The state of the profile after a read or write operation.
+--
+-- /See:/ 'newProfileDetail' smart constructor.
+data ProfileDetail = ProfileDetail'
+  { -- | The ISO-8601 timestamp when the profile was created.
+    createdAt :: Prelude.Maybe Data.ISO8601,
+    -- | The Amazon Web Services account that created the profile.
+    createdBy :: Prelude.Maybe Prelude.Text,
+    -- | The number of seconds the vended session credentials are valid for.
+    durationSeconds :: Prelude.Maybe Prelude.Int,
+    -- | Indicates whether the profile is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | A list of managed policy ARNs that apply to the vended session
+    -- credentials.
+    managedPolicyArns :: Prelude.Maybe [Prelude.Text],
+    -- | The name of the profile.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the profile.
+    profileArn :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the profile.
+    profileId :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether instance properties are required in
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- requests with this profile.
+    requireInstanceProperties :: Prelude.Maybe Prelude.Bool,
+    -- | A list of IAM roles that this profile can assume in a
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation.
+    roleArns :: Prelude.Maybe [Prelude.Text],
+    -- | A session policy that applies to the trust boundary of the vended
+    -- session credentials.
+    sessionPolicy :: Prelude.Maybe Prelude.Text,
+    -- | The ISO-8601 timestamp when the profile was last updated.
+    updatedAt :: Prelude.Maybe Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProfileDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdAt', 'profileDetail_createdAt' - The ISO-8601 timestamp when the profile was created.
+--
+-- 'createdBy', 'profileDetail_createdBy' - The Amazon Web Services account that created the profile.
+--
+-- 'durationSeconds', 'profileDetail_durationSeconds' - The number of seconds the vended session credentials are valid for.
+--
+-- 'enabled', 'profileDetail_enabled' - Indicates whether the profile is enabled.
+--
+-- 'managedPolicyArns', 'profileDetail_managedPolicyArns' - A list of managed policy ARNs that apply to the vended session
+-- credentials.
+--
+-- 'name', 'profileDetail_name' - The name of the profile.
+--
+-- 'profileArn', 'profileDetail_profileArn' - The ARN of the profile.
+--
+-- 'profileId', 'profileDetail_profileId' - The unique identifier of the profile.
+--
+-- 'requireInstanceProperties', 'profileDetail_requireInstanceProperties' - Specifies whether instance properties are required in
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- requests with this profile.
+--
+-- 'roleArns', 'profileDetail_roleArns' - A list of IAM roles that this profile can assume in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+--
+-- 'sessionPolicy', 'profileDetail_sessionPolicy' - A session policy that applies to the trust boundary of the vended
+-- session credentials.
+--
+-- 'updatedAt', 'profileDetail_updatedAt' - The ISO-8601 timestamp when the profile was last updated.
+newProfileDetail ::
+  ProfileDetail
+newProfileDetail =
+  ProfileDetail'
+    { createdAt = Prelude.Nothing,
+      createdBy = Prelude.Nothing,
+      durationSeconds = Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      managedPolicyArns = Prelude.Nothing,
+      name = Prelude.Nothing,
+      profileArn = Prelude.Nothing,
+      profileId = Prelude.Nothing,
+      requireInstanceProperties = Prelude.Nothing,
+      roleArns = Prelude.Nothing,
+      sessionPolicy = Prelude.Nothing,
+      updatedAt = Prelude.Nothing
+    }
+
+-- | The ISO-8601 timestamp when the profile was created.
+profileDetail_createdAt :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.UTCTime)
+profileDetail_createdAt = Lens.lens (\ProfileDetail' {createdAt} -> createdAt) (\s@ProfileDetail' {} a -> s {createdAt = a} :: ProfileDetail) Prelude.. Lens.mapping Data._Time
+
+-- | The Amazon Web Services account that created the profile.
+profileDetail_createdBy :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Text)
+profileDetail_createdBy = Lens.lens (\ProfileDetail' {createdBy} -> createdBy) (\s@ProfileDetail' {} a -> s {createdBy = a} :: ProfileDetail)
+
+-- | The number of seconds the vended session credentials are valid for.
+profileDetail_durationSeconds :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Int)
+profileDetail_durationSeconds = Lens.lens (\ProfileDetail' {durationSeconds} -> durationSeconds) (\s@ProfileDetail' {} a -> s {durationSeconds = a} :: ProfileDetail)
+
+-- | Indicates whether the profile is enabled.
+profileDetail_enabled :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Bool)
+profileDetail_enabled = Lens.lens (\ProfileDetail' {enabled} -> enabled) (\s@ProfileDetail' {} a -> s {enabled = a} :: ProfileDetail)
+
+-- | A list of managed policy ARNs that apply to the vended session
+-- credentials.
+profileDetail_managedPolicyArns :: Lens.Lens' ProfileDetail (Prelude.Maybe [Prelude.Text])
+profileDetail_managedPolicyArns = Lens.lens (\ProfileDetail' {managedPolicyArns} -> managedPolicyArns) (\s@ProfileDetail' {} a -> s {managedPolicyArns = a} :: ProfileDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the profile.
+profileDetail_name :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Text)
+profileDetail_name = Lens.lens (\ProfileDetail' {name} -> name) (\s@ProfileDetail' {} a -> s {name = a} :: ProfileDetail)
+
+-- | The ARN of the profile.
+profileDetail_profileArn :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Text)
+profileDetail_profileArn = Lens.lens (\ProfileDetail' {profileArn} -> profileArn) (\s@ProfileDetail' {} a -> s {profileArn = a} :: ProfileDetail)
+
+-- | The unique identifier of the profile.
+profileDetail_profileId :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Text)
+profileDetail_profileId = Lens.lens (\ProfileDetail' {profileId} -> profileId) (\s@ProfileDetail' {} a -> s {profileId = a} :: ProfileDetail)
+
+-- | Specifies whether instance properties are required in
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- requests with this profile.
+profileDetail_requireInstanceProperties :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Bool)
+profileDetail_requireInstanceProperties = Lens.lens (\ProfileDetail' {requireInstanceProperties} -> requireInstanceProperties) (\s@ProfileDetail' {} a -> s {requireInstanceProperties = a} :: ProfileDetail)
+
+-- | A list of IAM roles that this profile can assume in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+profileDetail_roleArns :: Lens.Lens' ProfileDetail (Prelude.Maybe [Prelude.Text])
+profileDetail_roleArns = Lens.lens (\ProfileDetail' {roleArns} -> roleArns) (\s@ProfileDetail' {} a -> s {roleArns = a} :: ProfileDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | A session policy that applies to the trust boundary of the vended
+-- session credentials.
+profileDetail_sessionPolicy :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.Text)
+profileDetail_sessionPolicy = Lens.lens (\ProfileDetail' {sessionPolicy} -> sessionPolicy) (\s@ProfileDetail' {} a -> s {sessionPolicy = a} :: ProfileDetail)
+
+-- | The ISO-8601 timestamp when the profile was last updated.
+profileDetail_updatedAt :: Lens.Lens' ProfileDetail (Prelude.Maybe Prelude.UTCTime)
+profileDetail_updatedAt = Lens.lens (\ProfileDetail' {updatedAt} -> updatedAt) (\s@ProfileDetail' {} a -> s {updatedAt = a} :: ProfileDetail) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON ProfileDetail where
+  parseJSON =
+    Data.withObject
+      "ProfileDetail"
+      ( \x ->
+          ProfileDetail'
+            Prelude.<$> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "createdBy")
+            Prelude.<*> (x Data..:? "durationSeconds")
+            Prelude.<*> (x Data..:? "enabled")
+            Prelude.<*> ( x
+                            Data..:? "managedPolicyArns"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "profileArn")
+            Prelude.<*> (x Data..:? "profileId")
+            Prelude.<*> (x Data..:? "requireInstanceProperties")
+            Prelude.<*> (x Data..:? "roleArns" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "sessionPolicy")
+            Prelude.<*> (x Data..:? "updatedAt")
+      )
+
+instance Prelude.Hashable ProfileDetail where
+  hashWithSalt _salt ProfileDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` createdBy
+      `Prelude.hashWithSalt` durationSeconds
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` managedPolicyArns
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` profileArn
+      `Prelude.hashWithSalt` profileId
+      `Prelude.hashWithSalt` requireInstanceProperties
+      `Prelude.hashWithSalt` roleArns
+      `Prelude.hashWithSalt` sessionPolicy
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData ProfileDetail where
+  rnf ProfileDetail' {..} =
+    Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf createdBy
+      `Prelude.seq` Prelude.rnf durationSeconds
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf managedPolicyArns
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf profileArn
+      `Prelude.seq` Prelude.rnf profileId
+      `Prelude.seq` Prelude.rnf requireInstanceProperties
+      `Prelude.seq` Prelude.rnf roleArns
+      `Prelude.seq` Prelude.rnf sessionPolicy
+      `Prelude.seq` Prelude.rnf updatedAt
diff --git a/gen/Amazonka/RolesAnywhere/Types/ProfileDetailResponse.hs b/gen/Amazonka/RolesAnywhere/Types/ProfileDetailResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/ProfileDetailResponse.hs
@@ -0,0 +1,67 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.ProfileDetailResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.ProfileDetailResponse where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Types.ProfileDetail
+
+-- | /See:/ 'newProfileDetailResponse' smart constructor.
+data ProfileDetailResponse = ProfileDetailResponse'
+  { -- | The state of the profile after a read or write operation.
+    profile :: Prelude.Maybe ProfileDetail
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProfileDetailResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'profile', 'profileDetailResponse_profile' - The state of the profile after a read or write operation.
+newProfileDetailResponse ::
+  ProfileDetailResponse
+newProfileDetailResponse =
+  ProfileDetailResponse' {profile = Prelude.Nothing}
+
+-- | The state of the profile after a read or write operation.
+profileDetailResponse_profile :: Lens.Lens' ProfileDetailResponse (Prelude.Maybe ProfileDetail)
+profileDetailResponse_profile = Lens.lens (\ProfileDetailResponse' {profile} -> profile) (\s@ProfileDetailResponse' {} a -> s {profile = a} :: ProfileDetailResponse)
+
+instance Data.FromJSON ProfileDetailResponse where
+  parseJSON =
+    Data.withObject
+      "ProfileDetailResponse"
+      ( \x ->
+          ProfileDetailResponse'
+            Prelude.<$> (x Data..:? "profile")
+      )
+
+instance Prelude.Hashable ProfileDetailResponse where
+  hashWithSalt _salt ProfileDetailResponse' {..} =
+    _salt `Prelude.hashWithSalt` profile
+
+instance Prelude.NFData ProfileDetailResponse where
+  rnf ProfileDetailResponse' {..} = Prelude.rnf profile
diff --git a/gen/Amazonka/RolesAnywhere/Types/ScalarCrlRequest.hs b/gen/Amazonka/RolesAnywhere/Types/ScalarCrlRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/ScalarCrlRequest.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.ScalarCrlRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.ScalarCrlRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | /See:/ 'newScalarCrlRequest' smart constructor.
+data ScalarCrlRequest = ScalarCrlRequest'
+  { -- | The unique identifier of the certificate revocation list (CRL).
+    crlId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScalarCrlRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crlId', 'scalarCrlRequest_crlId' - The unique identifier of the certificate revocation list (CRL).
+newScalarCrlRequest ::
+  -- | 'crlId'
+  Prelude.Text ->
+  ScalarCrlRequest
+newScalarCrlRequest pCrlId_ =
+  ScalarCrlRequest' {crlId = pCrlId_}
+
+-- | The unique identifier of the certificate revocation list (CRL).
+scalarCrlRequest_crlId :: Lens.Lens' ScalarCrlRequest Prelude.Text
+scalarCrlRequest_crlId = Lens.lens (\ScalarCrlRequest' {crlId} -> crlId) (\s@ScalarCrlRequest' {} a -> s {crlId = a} :: ScalarCrlRequest)
+
+instance Prelude.Hashable ScalarCrlRequest where
+  hashWithSalt _salt ScalarCrlRequest' {..} =
+    _salt `Prelude.hashWithSalt` crlId
+
+instance Prelude.NFData ScalarCrlRequest where
+  rnf ScalarCrlRequest' {..} = Prelude.rnf crlId
+
+instance Data.ToJSON ScalarCrlRequest where
+  toJSON ScalarCrlRequest' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("crlId" Data..= crlId)]
+      )
diff --git a/gen/Amazonka/RolesAnywhere/Types/ScalarProfileRequest.hs b/gen/Amazonka/RolesAnywhere/Types/ScalarProfileRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/ScalarProfileRequest.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.ScalarProfileRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.ScalarProfileRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | /See:/ 'newScalarProfileRequest' smart constructor.
+data ScalarProfileRequest = ScalarProfileRequest'
+  { -- | The unique identifier of the profile.
+    profileId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScalarProfileRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'profileId', 'scalarProfileRequest_profileId' - The unique identifier of the profile.
+newScalarProfileRequest ::
+  -- | 'profileId'
+  Prelude.Text ->
+  ScalarProfileRequest
+newScalarProfileRequest pProfileId_ =
+  ScalarProfileRequest' {profileId = pProfileId_}
+
+-- | The unique identifier of the profile.
+scalarProfileRequest_profileId :: Lens.Lens' ScalarProfileRequest Prelude.Text
+scalarProfileRequest_profileId = Lens.lens (\ScalarProfileRequest' {profileId} -> profileId) (\s@ScalarProfileRequest' {} a -> s {profileId = a} :: ScalarProfileRequest)
+
+instance Prelude.Hashable ScalarProfileRequest where
+  hashWithSalt _salt ScalarProfileRequest' {..} =
+    _salt `Prelude.hashWithSalt` profileId
+
+instance Prelude.NFData ScalarProfileRequest where
+  rnf ScalarProfileRequest' {..} = Prelude.rnf profileId
+
+instance Data.ToJSON ScalarProfileRequest where
+  toJSON ScalarProfileRequest' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("profileId" Data..= profileId)]
+      )
diff --git a/gen/Amazonka/RolesAnywhere/Types/ScalarTrustAnchorRequest.hs b/gen/Amazonka/RolesAnywhere/Types/ScalarTrustAnchorRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/ScalarTrustAnchorRequest.hs
@@ -0,0 +1,72 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.ScalarTrustAnchorRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.ScalarTrustAnchorRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | /See:/ 'newScalarTrustAnchorRequest' smart constructor.
+data ScalarTrustAnchorRequest = ScalarTrustAnchorRequest'
+  { -- | The unique identifier of the trust anchor.
+    trustAnchorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ScalarTrustAnchorRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trustAnchorId', 'scalarTrustAnchorRequest_trustAnchorId' - The unique identifier of the trust anchor.
+newScalarTrustAnchorRequest ::
+  -- | 'trustAnchorId'
+  Prelude.Text ->
+  ScalarTrustAnchorRequest
+newScalarTrustAnchorRequest pTrustAnchorId_ =
+  ScalarTrustAnchorRequest'
+    { trustAnchorId =
+        pTrustAnchorId_
+    }
+
+-- | The unique identifier of the trust anchor.
+scalarTrustAnchorRequest_trustAnchorId :: Lens.Lens' ScalarTrustAnchorRequest Prelude.Text
+scalarTrustAnchorRequest_trustAnchorId = Lens.lens (\ScalarTrustAnchorRequest' {trustAnchorId} -> trustAnchorId) (\s@ScalarTrustAnchorRequest' {} a -> s {trustAnchorId = a} :: ScalarTrustAnchorRequest)
+
+instance Prelude.Hashable ScalarTrustAnchorRequest where
+  hashWithSalt _salt ScalarTrustAnchorRequest' {..} =
+    _salt `Prelude.hashWithSalt` trustAnchorId
+
+instance Prelude.NFData ScalarTrustAnchorRequest where
+  rnf ScalarTrustAnchorRequest' {..} =
+    Prelude.rnf trustAnchorId
+
+instance Data.ToJSON ScalarTrustAnchorRequest where
+  toJSON ScalarTrustAnchorRequest' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("trustAnchorId" Data..= trustAnchorId)
+          ]
+      )
diff --git a/gen/Amazonka/RolesAnywhere/Types/Source.hs b/gen/Amazonka/RolesAnywhere/Types/Source.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/Source.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.Source
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.Source where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Types.SourceData
+import Amazonka.RolesAnywhere.Types.TrustAnchorType
+
+-- | The trust anchor type and its related certificate data.
+--
+-- /See:/ 'newSource' smart constructor.
+data Source = Source'
+  { -- | The data field of the trust anchor depending on its type.
+    sourceData :: Prelude.Maybe SourceData,
+    -- | The type of the trust anchor.
+    sourceType :: Prelude.Maybe TrustAnchorType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Source' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'sourceData', 'source_sourceData' - The data field of the trust anchor depending on its type.
+--
+-- 'sourceType', 'source_sourceType' - The type of the trust anchor.
+newSource ::
+  Source
+newSource =
+  Source'
+    { sourceData = Prelude.Nothing,
+      sourceType = Prelude.Nothing
+    }
+
+-- | The data field of the trust anchor depending on its type.
+source_sourceData :: Lens.Lens' Source (Prelude.Maybe SourceData)
+source_sourceData = Lens.lens (\Source' {sourceData} -> sourceData) (\s@Source' {} a -> s {sourceData = a} :: Source)
+
+-- | The type of the trust anchor.
+source_sourceType :: Lens.Lens' Source (Prelude.Maybe TrustAnchorType)
+source_sourceType = Lens.lens (\Source' {sourceType} -> sourceType) (\s@Source' {} a -> s {sourceType = a} :: Source)
+
+instance Data.FromJSON Source where
+  parseJSON =
+    Data.withObject
+      "Source"
+      ( \x ->
+          Source'
+            Prelude.<$> (x Data..:? "sourceData")
+            Prelude.<*> (x Data..:? "sourceType")
+      )
+
+instance Prelude.Hashable Source where
+  hashWithSalt _salt Source' {..} =
+    _salt
+      `Prelude.hashWithSalt` sourceData
+      `Prelude.hashWithSalt` sourceType
+
+instance Prelude.NFData Source where
+  rnf Source' {..} =
+    Prelude.rnf sourceData
+      `Prelude.seq` Prelude.rnf sourceType
+
+instance Data.ToJSON Source where
+  toJSON Source' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("sourceData" Data..=) Prelude.<$> sourceData,
+            ("sourceType" Data..=) Prelude.<$> sourceType
+          ]
+      )
diff --git a/gen/Amazonka/RolesAnywhere/Types/SourceData.hs b/gen/Amazonka/RolesAnywhere/Types/SourceData.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/SourceData.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.SourceData
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.SourceData where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The data field of the trust anchor depending on its type.
+--
+-- /See:/ 'newSourceData' smart constructor.
+data SourceData = SourceData'
+  { -- | The root certificate of the Certificate Manager Private Certificate
+    -- Authority specified by this ARN is used in trust validation for
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operations. Included for trust anchors of type @AWS_ACM_PCA@.
+    acmPcaArn :: Prelude.Maybe Prelude.Text,
+    -- | The PEM-encoded data for the certificate anchor. Included for trust
+    -- anchors of type @CERTIFICATE_BUNDLE@.
+    x509CertificateData :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SourceData' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'acmPcaArn', 'sourceData_acmPcaArn' - The root certificate of the Certificate Manager Private Certificate
+-- Authority specified by this ARN is used in trust validation for
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operations. Included for trust anchors of type @AWS_ACM_PCA@.
+--
+-- 'x509CertificateData', 'sourceData_x509CertificateData' - The PEM-encoded data for the certificate anchor. Included for trust
+-- anchors of type @CERTIFICATE_BUNDLE@.
+newSourceData ::
+  SourceData
+newSourceData =
+  SourceData'
+    { acmPcaArn = Prelude.Nothing,
+      x509CertificateData = Prelude.Nothing
+    }
+
+-- | The root certificate of the Certificate Manager Private Certificate
+-- Authority specified by this ARN is used in trust validation for
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operations. Included for trust anchors of type @AWS_ACM_PCA@.
+sourceData_acmPcaArn :: Lens.Lens' SourceData (Prelude.Maybe Prelude.Text)
+sourceData_acmPcaArn = Lens.lens (\SourceData' {acmPcaArn} -> acmPcaArn) (\s@SourceData' {} a -> s {acmPcaArn = a} :: SourceData)
+
+-- | The PEM-encoded data for the certificate anchor. Included for trust
+-- anchors of type @CERTIFICATE_BUNDLE@.
+sourceData_x509CertificateData :: Lens.Lens' SourceData (Prelude.Maybe Prelude.Text)
+sourceData_x509CertificateData = Lens.lens (\SourceData' {x509CertificateData} -> x509CertificateData) (\s@SourceData' {} a -> s {x509CertificateData = a} :: SourceData)
+
+instance Data.FromJSON SourceData where
+  parseJSON =
+    Data.withObject
+      "SourceData"
+      ( \x ->
+          SourceData'
+            Prelude.<$> (x Data..:? "acmPcaArn")
+            Prelude.<*> (x Data..:? "x509CertificateData")
+      )
+
+instance Prelude.Hashable SourceData where
+  hashWithSalt _salt SourceData' {..} =
+    _salt
+      `Prelude.hashWithSalt` acmPcaArn
+      `Prelude.hashWithSalt` x509CertificateData
+
+instance Prelude.NFData SourceData where
+  rnf SourceData' {..} =
+    Prelude.rnf acmPcaArn
+      `Prelude.seq` Prelude.rnf x509CertificateData
+
+instance Data.ToJSON SourceData where
+  toJSON SourceData' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("acmPcaArn" Data..=) Prelude.<$> acmPcaArn,
+            ("x509CertificateData" Data..=)
+              Prelude.<$> x509CertificateData
+          ]
+      )
diff --git a/gen/Amazonka/RolesAnywhere/Types/SubjectDetail.hs b/gen/Amazonka/RolesAnywhere/Types/SubjectDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/SubjectDetail.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.SubjectDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.SubjectDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Types.CredentialSummary
+import Amazonka.RolesAnywhere.Types.InstanceProperty
+
+-- | The state of the subject after a read or write operation.
+--
+-- /See:/ 'newSubjectDetail' smart constructor.
+data SubjectDetail = SubjectDetail'
+  { -- | The ISO-8601 timestamp when the subject was created.
+    createdAt :: Prelude.Maybe Data.ISO8601,
+    -- | The temporary session credentials vended at the last authenticating call
+    -- with this Subject.
+    credentials :: Prelude.Maybe [CredentialSummary],
+    -- | The enabled status of the subject.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The specified instance properties associated with the request.
+    instanceProperties :: Prelude.Maybe [InstanceProperty],
+    -- | The ISO-8601 timestamp of the last time this Subject requested temporary
+    -- session credentials.
+    lastSeenAt :: Prelude.Maybe Data.ISO8601,
+    -- | The ARN of the resource.
+    subjectArn :: Prelude.Maybe Prelude.Text,
+    -- | The id of the resource
+    subjectId :: Prelude.Maybe Prelude.Text,
+    -- | The ISO-8601 timestamp when the subject was last updated.
+    updatedAt :: Prelude.Maybe Data.ISO8601,
+    -- | The x509 principal identifier of the authenticating certificate.
+    x509Subject :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SubjectDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdAt', 'subjectDetail_createdAt' - The ISO-8601 timestamp when the subject was created.
+--
+-- 'credentials', 'subjectDetail_credentials' - The temporary session credentials vended at the last authenticating call
+-- with this Subject.
+--
+-- 'enabled', 'subjectDetail_enabled' - The enabled status of the subject.
+--
+-- 'instanceProperties', 'subjectDetail_instanceProperties' - The specified instance properties associated with the request.
+--
+-- 'lastSeenAt', 'subjectDetail_lastSeenAt' - The ISO-8601 timestamp of the last time this Subject requested temporary
+-- session credentials.
+--
+-- 'subjectArn', 'subjectDetail_subjectArn' - The ARN of the resource.
+--
+-- 'subjectId', 'subjectDetail_subjectId' - The id of the resource
+--
+-- 'updatedAt', 'subjectDetail_updatedAt' - The ISO-8601 timestamp when the subject was last updated.
+--
+-- 'x509Subject', 'subjectDetail_x509Subject' - The x509 principal identifier of the authenticating certificate.
+newSubjectDetail ::
+  SubjectDetail
+newSubjectDetail =
+  SubjectDetail'
+    { createdAt = Prelude.Nothing,
+      credentials = Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      instanceProperties = Prelude.Nothing,
+      lastSeenAt = Prelude.Nothing,
+      subjectArn = Prelude.Nothing,
+      subjectId = Prelude.Nothing,
+      updatedAt = Prelude.Nothing,
+      x509Subject = Prelude.Nothing
+    }
+
+-- | The ISO-8601 timestamp when the subject was created.
+subjectDetail_createdAt :: Lens.Lens' SubjectDetail (Prelude.Maybe Prelude.UTCTime)
+subjectDetail_createdAt = Lens.lens (\SubjectDetail' {createdAt} -> createdAt) (\s@SubjectDetail' {} a -> s {createdAt = a} :: SubjectDetail) Prelude.. Lens.mapping Data._Time
+
+-- | The temporary session credentials vended at the last authenticating call
+-- with this Subject.
+subjectDetail_credentials :: Lens.Lens' SubjectDetail (Prelude.Maybe [CredentialSummary])
+subjectDetail_credentials = Lens.lens (\SubjectDetail' {credentials} -> credentials) (\s@SubjectDetail' {} a -> s {credentials = a} :: SubjectDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | The enabled status of the subject.
+subjectDetail_enabled :: Lens.Lens' SubjectDetail (Prelude.Maybe Prelude.Bool)
+subjectDetail_enabled = Lens.lens (\SubjectDetail' {enabled} -> enabled) (\s@SubjectDetail' {} a -> s {enabled = a} :: SubjectDetail)
+
+-- | The specified instance properties associated with the request.
+subjectDetail_instanceProperties :: Lens.Lens' SubjectDetail (Prelude.Maybe [InstanceProperty])
+subjectDetail_instanceProperties = Lens.lens (\SubjectDetail' {instanceProperties} -> instanceProperties) (\s@SubjectDetail' {} a -> s {instanceProperties = a} :: SubjectDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ISO-8601 timestamp of the last time this Subject requested temporary
+-- session credentials.
+subjectDetail_lastSeenAt :: Lens.Lens' SubjectDetail (Prelude.Maybe Prelude.UTCTime)
+subjectDetail_lastSeenAt = Lens.lens (\SubjectDetail' {lastSeenAt} -> lastSeenAt) (\s@SubjectDetail' {} a -> s {lastSeenAt = a} :: SubjectDetail) Prelude.. Lens.mapping Data._Time
+
+-- | The ARN of the resource.
+subjectDetail_subjectArn :: Lens.Lens' SubjectDetail (Prelude.Maybe Prelude.Text)
+subjectDetail_subjectArn = Lens.lens (\SubjectDetail' {subjectArn} -> subjectArn) (\s@SubjectDetail' {} a -> s {subjectArn = a} :: SubjectDetail)
+
+-- | The id of the resource
+subjectDetail_subjectId :: Lens.Lens' SubjectDetail (Prelude.Maybe Prelude.Text)
+subjectDetail_subjectId = Lens.lens (\SubjectDetail' {subjectId} -> subjectId) (\s@SubjectDetail' {} a -> s {subjectId = a} :: SubjectDetail)
+
+-- | The ISO-8601 timestamp when the subject was last updated.
+subjectDetail_updatedAt :: Lens.Lens' SubjectDetail (Prelude.Maybe Prelude.UTCTime)
+subjectDetail_updatedAt = Lens.lens (\SubjectDetail' {updatedAt} -> updatedAt) (\s@SubjectDetail' {} a -> s {updatedAt = a} :: SubjectDetail) Prelude.. Lens.mapping Data._Time
+
+-- | The x509 principal identifier of the authenticating certificate.
+subjectDetail_x509Subject :: Lens.Lens' SubjectDetail (Prelude.Maybe Prelude.Text)
+subjectDetail_x509Subject = Lens.lens (\SubjectDetail' {x509Subject} -> x509Subject) (\s@SubjectDetail' {} a -> s {x509Subject = a} :: SubjectDetail)
+
+instance Data.FromJSON SubjectDetail where
+  parseJSON =
+    Data.withObject
+      "SubjectDetail"
+      ( \x ->
+          SubjectDetail'
+            Prelude.<$> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "credentials" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "enabled")
+            Prelude.<*> ( x
+                            Data..:? "instanceProperties"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "lastSeenAt")
+            Prelude.<*> (x Data..:? "subjectArn")
+            Prelude.<*> (x Data..:? "subjectId")
+            Prelude.<*> (x Data..:? "updatedAt")
+            Prelude.<*> (x Data..:? "x509Subject")
+      )
+
+instance Prelude.Hashable SubjectDetail where
+  hashWithSalt _salt SubjectDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` credentials
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` instanceProperties
+      `Prelude.hashWithSalt` lastSeenAt
+      `Prelude.hashWithSalt` subjectArn
+      `Prelude.hashWithSalt` subjectId
+      `Prelude.hashWithSalt` updatedAt
+      `Prelude.hashWithSalt` x509Subject
+
+instance Prelude.NFData SubjectDetail where
+  rnf SubjectDetail' {..} =
+    Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf credentials
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf instanceProperties
+      `Prelude.seq` Prelude.rnf lastSeenAt
+      `Prelude.seq` Prelude.rnf subjectArn
+      `Prelude.seq` Prelude.rnf subjectId
+      `Prelude.seq` Prelude.rnf updatedAt
+      `Prelude.seq` Prelude.rnf x509Subject
diff --git a/gen/Amazonka/RolesAnywhere/Types/SubjectSummary.hs b/gen/Amazonka/RolesAnywhere/Types/SubjectSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/SubjectSummary.hs
@@ -0,0 +1,157 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.SubjectSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.SubjectSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A summary representation of Subject resources returned in read
+-- operations; primarily ListSubjects.
+--
+-- /See:/ 'newSubjectSummary' smart constructor.
+data SubjectSummary = SubjectSummary'
+  { -- | The ISO-8601 time stamp of when the certificate was first used in a
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation.
+    createdAt :: Prelude.Maybe Data.ISO8601,
+    -- | The enabled status of the Subject.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The ISO-8601 time stamp of when the certificate was last used in a
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation.
+    lastSeenAt :: Prelude.Maybe Data.ISO8601,
+    -- | The ARN of the resource.
+    subjectArn :: Prelude.Maybe Prelude.Text,
+    -- | The id of the resource.
+    subjectId :: Prelude.Maybe Prelude.Text,
+    -- | The ISO-8601 timestamp when the subject was last updated.
+    updatedAt :: Prelude.Maybe Data.ISO8601,
+    -- | The x509 principal identifier of the authenticating certificate.
+    x509Subject :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SubjectSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdAt', 'subjectSummary_createdAt' - The ISO-8601 time stamp of when the certificate was first used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+--
+-- 'enabled', 'subjectSummary_enabled' - The enabled status of the Subject.
+--
+-- 'lastSeenAt', 'subjectSummary_lastSeenAt' - The ISO-8601 time stamp of when the certificate was last used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+--
+-- 'subjectArn', 'subjectSummary_subjectArn' - The ARN of the resource.
+--
+-- 'subjectId', 'subjectSummary_subjectId' - The id of the resource.
+--
+-- 'updatedAt', 'subjectSummary_updatedAt' - The ISO-8601 timestamp when the subject was last updated.
+--
+-- 'x509Subject', 'subjectSummary_x509Subject' - The x509 principal identifier of the authenticating certificate.
+newSubjectSummary ::
+  SubjectSummary
+newSubjectSummary =
+  SubjectSummary'
+    { createdAt = Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      lastSeenAt = Prelude.Nothing,
+      subjectArn = Prelude.Nothing,
+      subjectId = Prelude.Nothing,
+      updatedAt = Prelude.Nothing,
+      x509Subject = Prelude.Nothing
+    }
+
+-- | The ISO-8601 time stamp of when the certificate was first used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+subjectSummary_createdAt :: Lens.Lens' SubjectSummary (Prelude.Maybe Prelude.UTCTime)
+subjectSummary_createdAt = Lens.lens (\SubjectSummary' {createdAt} -> createdAt) (\s@SubjectSummary' {} a -> s {createdAt = a} :: SubjectSummary) Prelude.. Lens.mapping Data._Time
+
+-- | The enabled status of the Subject.
+subjectSummary_enabled :: Lens.Lens' SubjectSummary (Prelude.Maybe Prelude.Bool)
+subjectSummary_enabled = Lens.lens (\SubjectSummary' {enabled} -> enabled) (\s@SubjectSummary' {} a -> s {enabled = a} :: SubjectSummary)
+
+-- | The ISO-8601 time stamp of when the certificate was last used in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+subjectSummary_lastSeenAt :: Lens.Lens' SubjectSummary (Prelude.Maybe Prelude.UTCTime)
+subjectSummary_lastSeenAt = Lens.lens (\SubjectSummary' {lastSeenAt} -> lastSeenAt) (\s@SubjectSummary' {} a -> s {lastSeenAt = a} :: SubjectSummary) Prelude.. Lens.mapping Data._Time
+
+-- | The ARN of the resource.
+subjectSummary_subjectArn :: Lens.Lens' SubjectSummary (Prelude.Maybe Prelude.Text)
+subjectSummary_subjectArn = Lens.lens (\SubjectSummary' {subjectArn} -> subjectArn) (\s@SubjectSummary' {} a -> s {subjectArn = a} :: SubjectSummary)
+
+-- | The id of the resource.
+subjectSummary_subjectId :: Lens.Lens' SubjectSummary (Prelude.Maybe Prelude.Text)
+subjectSummary_subjectId = Lens.lens (\SubjectSummary' {subjectId} -> subjectId) (\s@SubjectSummary' {} a -> s {subjectId = a} :: SubjectSummary)
+
+-- | The ISO-8601 timestamp when the subject was last updated.
+subjectSummary_updatedAt :: Lens.Lens' SubjectSummary (Prelude.Maybe Prelude.UTCTime)
+subjectSummary_updatedAt = Lens.lens (\SubjectSummary' {updatedAt} -> updatedAt) (\s@SubjectSummary' {} a -> s {updatedAt = a} :: SubjectSummary) Prelude.. Lens.mapping Data._Time
+
+-- | The x509 principal identifier of the authenticating certificate.
+subjectSummary_x509Subject :: Lens.Lens' SubjectSummary (Prelude.Maybe Prelude.Text)
+subjectSummary_x509Subject = Lens.lens (\SubjectSummary' {x509Subject} -> x509Subject) (\s@SubjectSummary' {} a -> s {x509Subject = a} :: SubjectSummary)
+
+instance Data.FromJSON SubjectSummary where
+  parseJSON =
+    Data.withObject
+      "SubjectSummary"
+      ( \x ->
+          SubjectSummary'
+            Prelude.<$> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "enabled")
+            Prelude.<*> (x Data..:? "lastSeenAt")
+            Prelude.<*> (x Data..:? "subjectArn")
+            Prelude.<*> (x Data..:? "subjectId")
+            Prelude.<*> (x Data..:? "updatedAt")
+            Prelude.<*> (x Data..:? "x509Subject")
+      )
+
+instance Prelude.Hashable SubjectSummary where
+  hashWithSalt _salt SubjectSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` lastSeenAt
+      `Prelude.hashWithSalt` subjectArn
+      `Prelude.hashWithSalt` subjectId
+      `Prelude.hashWithSalt` updatedAt
+      `Prelude.hashWithSalt` x509Subject
+
+instance Prelude.NFData SubjectSummary where
+  rnf SubjectSummary' {..} =
+    Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf lastSeenAt
+      `Prelude.seq` Prelude.rnf subjectArn
+      `Prelude.seq` Prelude.rnf subjectId
+      `Prelude.seq` Prelude.rnf updatedAt
+      `Prelude.seq` Prelude.rnf x509Subject
diff --git a/gen/Amazonka/RolesAnywhere/Types/Tag.hs b/gen/Amazonka/RolesAnywhere/Types/Tag.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/Tag.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.Tag
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.Tag where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A label that consists of a key and value you define.
+--
+-- /See:/ 'newTag' smart constructor.
+data Tag = Tag'
+  { -- | The tag key.
+    key :: Data.Sensitive Prelude.Text,
+    -- | The tag value.
+    value :: Data.Sensitive Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Tag' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'tag_key' - The tag key.
+--
+-- 'value', 'tag_value' - The tag value.
+newTag ::
+  -- | 'key'
+  Prelude.Text ->
+  -- | 'value'
+  Prelude.Text ->
+  Tag
+newTag pKey_ pValue_ =
+  Tag'
+    { key = Data._Sensitive Lens.# pKey_,
+      value = Data._Sensitive Lens.# pValue_
+    }
+
+-- | The tag key.
+tag_key :: Lens.Lens' Tag Prelude.Text
+tag_key = Lens.lens (\Tag' {key} -> key) (\s@Tag' {} a -> s {key = a} :: Tag) Prelude.. Data._Sensitive
+
+-- | The tag value.
+tag_value :: Lens.Lens' Tag Prelude.Text
+tag_value = Lens.lens (\Tag' {value} -> value) (\s@Tag' {} a -> s {value = a} :: Tag) Prelude.. Data._Sensitive
+
+instance Data.FromJSON Tag where
+  parseJSON =
+    Data.withObject
+      "Tag"
+      ( \x ->
+          Tag'
+            Prelude.<$> (x Data..: "key")
+            Prelude.<*> (x Data..: "value")
+      )
+
+instance Prelude.Hashable Tag where
+  hashWithSalt _salt Tag' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData Tag where
+  rnf Tag' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON Tag where
+  toJSON Tag' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("key" Data..= key),
+            Prelude.Just ("value" Data..= value)
+          ]
+      )
diff --git a/gen/Amazonka/RolesAnywhere/Types/TrustAnchorDetail.hs b/gen/Amazonka/RolesAnywhere/Types/TrustAnchorDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/TrustAnchorDetail.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.TrustAnchorDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.TrustAnchorDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Types.Source
+
+-- | The state of the trust anchor after a read or write operation.
+--
+-- /See:/ 'newTrustAnchorDetail' smart constructor.
+data TrustAnchorDetail = TrustAnchorDetail'
+  { -- | The ISO-8601 timestamp when the trust anchor was created.
+    createdAt :: Prelude.Maybe Data.ISO8601,
+    -- | Indicates whether the trust anchor is enabled.
+    enabled :: Prelude.Maybe Prelude.Bool,
+    -- | The name of the trust anchor.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The trust anchor type and its related certificate data.
+    source :: Prelude.Maybe Source,
+    -- | The ARN of the trust anchor.
+    trustAnchorArn :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the trust anchor.
+    trustAnchorId :: Prelude.Maybe Prelude.Text,
+    -- | The ISO-8601 timestamp when the trust anchor was last updated.
+    updatedAt :: Prelude.Maybe Data.ISO8601
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TrustAnchorDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdAt', 'trustAnchorDetail_createdAt' - The ISO-8601 timestamp when the trust anchor was created.
+--
+-- 'enabled', 'trustAnchorDetail_enabled' - Indicates whether the trust anchor is enabled.
+--
+-- 'name', 'trustAnchorDetail_name' - The name of the trust anchor.
+--
+-- 'source', 'trustAnchorDetail_source' - The trust anchor type and its related certificate data.
+--
+-- 'trustAnchorArn', 'trustAnchorDetail_trustAnchorArn' - The ARN of the trust anchor.
+--
+-- 'trustAnchorId', 'trustAnchorDetail_trustAnchorId' - The unique identifier of the trust anchor.
+--
+-- 'updatedAt', 'trustAnchorDetail_updatedAt' - The ISO-8601 timestamp when the trust anchor was last updated.
+newTrustAnchorDetail ::
+  TrustAnchorDetail
+newTrustAnchorDetail =
+  TrustAnchorDetail'
+    { createdAt = Prelude.Nothing,
+      enabled = Prelude.Nothing,
+      name = Prelude.Nothing,
+      source = Prelude.Nothing,
+      trustAnchorArn = Prelude.Nothing,
+      trustAnchorId = Prelude.Nothing,
+      updatedAt = Prelude.Nothing
+    }
+
+-- | The ISO-8601 timestamp when the trust anchor was created.
+trustAnchorDetail_createdAt :: Lens.Lens' TrustAnchorDetail (Prelude.Maybe Prelude.UTCTime)
+trustAnchorDetail_createdAt = Lens.lens (\TrustAnchorDetail' {createdAt} -> createdAt) (\s@TrustAnchorDetail' {} a -> s {createdAt = a} :: TrustAnchorDetail) Prelude.. Lens.mapping Data._Time
+
+-- | Indicates whether the trust anchor is enabled.
+trustAnchorDetail_enabled :: Lens.Lens' TrustAnchorDetail (Prelude.Maybe Prelude.Bool)
+trustAnchorDetail_enabled = Lens.lens (\TrustAnchorDetail' {enabled} -> enabled) (\s@TrustAnchorDetail' {} a -> s {enabled = a} :: TrustAnchorDetail)
+
+-- | The name of the trust anchor.
+trustAnchorDetail_name :: Lens.Lens' TrustAnchorDetail (Prelude.Maybe Prelude.Text)
+trustAnchorDetail_name = Lens.lens (\TrustAnchorDetail' {name} -> name) (\s@TrustAnchorDetail' {} a -> s {name = a} :: TrustAnchorDetail)
+
+-- | The trust anchor type and its related certificate data.
+trustAnchorDetail_source :: Lens.Lens' TrustAnchorDetail (Prelude.Maybe Source)
+trustAnchorDetail_source = Lens.lens (\TrustAnchorDetail' {source} -> source) (\s@TrustAnchorDetail' {} a -> s {source = a} :: TrustAnchorDetail)
+
+-- | The ARN of the trust anchor.
+trustAnchorDetail_trustAnchorArn :: Lens.Lens' TrustAnchorDetail (Prelude.Maybe Prelude.Text)
+trustAnchorDetail_trustAnchorArn = Lens.lens (\TrustAnchorDetail' {trustAnchorArn} -> trustAnchorArn) (\s@TrustAnchorDetail' {} a -> s {trustAnchorArn = a} :: TrustAnchorDetail)
+
+-- | The unique identifier of the trust anchor.
+trustAnchorDetail_trustAnchorId :: Lens.Lens' TrustAnchorDetail (Prelude.Maybe Prelude.Text)
+trustAnchorDetail_trustAnchorId = Lens.lens (\TrustAnchorDetail' {trustAnchorId} -> trustAnchorId) (\s@TrustAnchorDetail' {} a -> s {trustAnchorId = a} :: TrustAnchorDetail)
+
+-- | The ISO-8601 timestamp when the trust anchor was last updated.
+trustAnchorDetail_updatedAt :: Lens.Lens' TrustAnchorDetail (Prelude.Maybe Prelude.UTCTime)
+trustAnchorDetail_updatedAt = Lens.lens (\TrustAnchorDetail' {updatedAt} -> updatedAt) (\s@TrustAnchorDetail' {} a -> s {updatedAt = a} :: TrustAnchorDetail) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON TrustAnchorDetail where
+  parseJSON =
+    Data.withObject
+      "TrustAnchorDetail"
+      ( \x ->
+          TrustAnchorDetail'
+            Prelude.<$> (x Data..:? "createdAt")
+            Prelude.<*> (x Data..:? "enabled")
+            Prelude.<*> (x Data..:? "name")
+            Prelude.<*> (x Data..:? "source")
+            Prelude.<*> (x Data..:? "trustAnchorArn")
+            Prelude.<*> (x Data..:? "trustAnchorId")
+            Prelude.<*> (x Data..:? "updatedAt")
+      )
+
+instance Prelude.Hashable TrustAnchorDetail where
+  hashWithSalt _salt TrustAnchorDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` createdAt
+      `Prelude.hashWithSalt` enabled
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` source
+      `Prelude.hashWithSalt` trustAnchorArn
+      `Prelude.hashWithSalt` trustAnchorId
+      `Prelude.hashWithSalt` updatedAt
+
+instance Prelude.NFData TrustAnchorDetail where
+  rnf TrustAnchorDetail' {..} =
+    Prelude.rnf createdAt
+      `Prelude.seq` Prelude.rnf enabled
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf source
+      `Prelude.seq` Prelude.rnf trustAnchorArn
+      `Prelude.seq` Prelude.rnf trustAnchorId
+      `Prelude.seq` Prelude.rnf updatedAt
diff --git a/gen/Amazonka/RolesAnywhere/Types/TrustAnchorDetailResponse.hs b/gen/Amazonka/RolesAnywhere/Types/TrustAnchorDetailResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/TrustAnchorDetailResponse.hs
@@ -0,0 +1,73 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.TrustAnchorDetailResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.TrustAnchorDetailResponse where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Types.TrustAnchorDetail
+
+-- | /See:/ 'newTrustAnchorDetailResponse' smart constructor.
+data TrustAnchorDetailResponse = TrustAnchorDetailResponse'
+  { -- | The state of the trust anchor after a read or write operation.
+    trustAnchor :: TrustAnchorDetail
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TrustAnchorDetailResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'trustAnchor', 'trustAnchorDetailResponse_trustAnchor' - The state of the trust anchor after a read or write operation.
+newTrustAnchorDetailResponse ::
+  -- | 'trustAnchor'
+  TrustAnchorDetail ->
+  TrustAnchorDetailResponse
+newTrustAnchorDetailResponse pTrustAnchor_ =
+  TrustAnchorDetailResponse'
+    { trustAnchor =
+        pTrustAnchor_
+    }
+
+-- | The state of the trust anchor after a read or write operation.
+trustAnchorDetailResponse_trustAnchor :: Lens.Lens' TrustAnchorDetailResponse TrustAnchorDetail
+trustAnchorDetailResponse_trustAnchor = Lens.lens (\TrustAnchorDetailResponse' {trustAnchor} -> trustAnchor) (\s@TrustAnchorDetailResponse' {} a -> s {trustAnchor = a} :: TrustAnchorDetailResponse)
+
+instance Data.FromJSON TrustAnchorDetailResponse where
+  parseJSON =
+    Data.withObject
+      "TrustAnchorDetailResponse"
+      ( \x ->
+          TrustAnchorDetailResponse'
+            Prelude.<$> (x Data..: "trustAnchor")
+      )
+
+instance Prelude.Hashable TrustAnchorDetailResponse where
+  hashWithSalt _salt TrustAnchorDetailResponse' {..} =
+    _salt `Prelude.hashWithSalt` trustAnchor
+
+instance Prelude.NFData TrustAnchorDetailResponse where
+  rnf TrustAnchorDetailResponse' {..} =
+    Prelude.rnf trustAnchor
diff --git a/gen/Amazonka/RolesAnywhere/Types/TrustAnchorType.hs b/gen/Amazonka/RolesAnywhere/Types/TrustAnchorType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Types/TrustAnchorType.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Types.TrustAnchorType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Types.TrustAnchorType
+  ( TrustAnchorType
+      ( ..,
+        TrustAnchorType_AWS_ACM_PCA,
+        TrustAnchorType_CERTIFICATE_BUNDLE,
+        TrustAnchorType_SELF_SIGNED_REPOSITORY
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype TrustAnchorType = TrustAnchorType'
+  { fromTrustAnchorType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern TrustAnchorType_AWS_ACM_PCA :: TrustAnchorType
+pattern TrustAnchorType_AWS_ACM_PCA = TrustAnchorType' "AWS_ACM_PCA"
+
+pattern TrustAnchorType_CERTIFICATE_BUNDLE :: TrustAnchorType
+pattern TrustAnchorType_CERTIFICATE_BUNDLE = TrustAnchorType' "CERTIFICATE_BUNDLE"
+
+pattern TrustAnchorType_SELF_SIGNED_REPOSITORY :: TrustAnchorType
+pattern TrustAnchorType_SELF_SIGNED_REPOSITORY = TrustAnchorType' "SELF_SIGNED_REPOSITORY"
+
+{-# COMPLETE
+  TrustAnchorType_AWS_ACM_PCA,
+  TrustAnchorType_CERTIFICATE_BUNDLE,
+  TrustAnchorType_SELF_SIGNED_REPOSITORY,
+  TrustAnchorType'
+  #-}
diff --git a/gen/Amazonka/RolesAnywhere/UntagResource.hs b/gen/Amazonka/RolesAnywhere/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/UntagResource.hs
@@ -0,0 +1,169 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes tags from the resource.
+--
+-- __Required permissions:__ @rolesanywhere:UntagResource@.
+module Amazonka.RolesAnywhere.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The ARN of the resource.
+    resourceArn :: Prelude.Text,
+    -- | A list of keys. Tag keys are the unique identifiers of tags.
+    tagKeys :: [Data.Sensitive Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'untagResource_resourceArn' - The ARN of the resource.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - A list of keys. Tag keys are the unique identifiers of tags.
+newUntagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  UntagResource
+newUntagResource pResourceArn_ =
+  UntagResource'
+    { resourceArn = pResourceArn_,
+      tagKeys = Prelude.mempty
+    }
+
+-- | The ARN of the resource.
+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)
+
+-- | A list of keys. Tag keys are the unique identifiers of tags.
+untagResource_tagKeys :: Lens.Lens' UntagResource [Prelude.Text]
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UntagResource where
+  toJSON UntagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("resourceArn" Data..= resourceArn),
+            Prelude.Just ("tagKeys" Data..= tagKeys)
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath = Prelude.const "/UntagResource"
+
+instance Data.ToQuery UntagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/RolesAnywhere/UpdateCrl.hs b/gen/Amazonka/RolesAnywhere/UpdateCrl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/UpdateCrl.hs
@@ -0,0 +1,157 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.UpdateCrl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the certificate revocation list (CRL). CRl is a list of
+-- certificates that have been revoked by the issuing certificate Authority
+-- (CA). IAM Roles Anywhere validates against the crl list before issuing
+-- credentials.
+--
+-- __Required permissions:__ @rolesanywhere:UpdateCrl@.
+module Amazonka.RolesAnywhere.UpdateCrl
+  ( -- * Creating a Request
+    UpdateCrl (..),
+    newUpdateCrl,
+
+    -- * Request Lenses
+    updateCrl_crlData,
+    updateCrl_name,
+    updateCrl_crlId,
+
+    -- * Destructuring the Response
+    CrlDetailResponse (..),
+    newCrlDetailResponse,
+
+    -- * Response Lenses
+    crlDetailResponse_crl,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newUpdateCrl' smart constructor.
+data UpdateCrl = UpdateCrl'
+  { -- | The x509 v3 specified certificate revocation list
+    crlData :: Prelude.Maybe Data.Base64,
+    -- | The name of the Crl.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the certificate revocation list (CRL).
+    crlId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateCrl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'crlData', 'updateCrl_crlData' - The x509 v3 specified certificate revocation list--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+--
+-- 'name', 'updateCrl_name' - The name of the Crl.
+--
+-- 'crlId', 'updateCrl_crlId' - The unique identifier of the certificate revocation list (CRL).
+newUpdateCrl ::
+  -- | 'crlId'
+  Prelude.Text ->
+  UpdateCrl
+newUpdateCrl pCrlId_ =
+  UpdateCrl'
+    { crlData = Prelude.Nothing,
+      name = Prelude.Nothing,
+      crlId = pCrlId_
+    }
+
+-- | The x509 v3 specified certificate revocation list--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+updateCrl_crlData :: Lens.Lens' UpdateCrl (Prelude.Maybe Prelude.ByteString)
+updateCrl_crlData = Lens.lens (\UpdateCrl' {crlData} -> crlData) (\s@UpdateCrl' {} a -> s {crlData = a} :: UpdateCrl) Prelude.. Lens.mapping Data._Base64
+
+-- | The name of the Crl.
+updateCrl_name :: Lens.Lens' UpdateCrl (Prelude.Maybe Prelude.Text)
+updateCrl_name = Lens.lens (\UpdateCrl' {name} -> name) (\s@UpdateCrl' {} a -> s {name = a} :: UpdateCrl)
+
+-- | The unique identifier of the certificate revocation list (CRL).
+updateCrl_crlId :: Lens.Lens' UpdateCrl Prelude.Text
+updateCrl_crlId = Lens.lens (\UpdateCrl' {crlId} -> crlId) (\s@UpdateCrl' {} a -> s {crlId = a} :: UpdateCrl)
+
+instance Core.AWSRequest UpdateCrl where
+  type AWSResponse UpdateCrl = CrlDetailResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable UpdateCrl where
+  hashWithSalt _salt UpdateCrl' {..} =
+    _salt
+      `Prelude.hashWithSalt` crlData
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` crlId
+
+instance Prelude.NFData UpdateCrl where
+  rnf UpdateCrl' {..} =
+    Prelude.rnf crlData
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf crlId
+
+instance Data.ToHeaders UpdateCrl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateCrl where
+  toJSON UpdateCrl' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("crlData" Data..=) Prelude.<$> crlData,
+            ("name" Data..=) Prelude.<$> name
+          ]
+      )
+
+instance Data.ToPath UpdateCrl where
+  toPath UpdateCrl' {..} =
+    Prelude.mconcat ["/crl/", Data.toBS crlId]
+
+instance Data.ToQuery UpdateCrl where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/UpdateProfile.hs b/gen/Amazonka/RolesAnywhere/UpdateProfile.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/UpdateProfile.hs
@@ -0,0 +1,204 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.UpdateProfile
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the profile. A profile is configuration resource to list the
+-- roles that RolesAnywhere service is trusted to assume. In addition, by
+-- applying a profile you can scope-down permissions with IAM managed
+-- policies.
+--
+-- __Required permissions:__ @rolesanywhere:UpdateProfile@.
+module Amazonka.RolesAnywhere.UpdateProfile
+  ( -- * Creating a Request
+    UpdateProfile (..),
+    newUpdateProfile,
+
+    -- * Request Lenses
+    updateProfile_durationSeconds,
+    updateProfile_managedPolicyArns,
+    updateProfile_name,
+    updateProfile_roleArns,
+    updateProfile_sessionPolicy,
+    updateProfile_profileId,
+
+    -- * Destructuring the Response
+    ProfileDetailResponse (..),
+    newProfileDetailResponse,
+
+    -- * Response Lenses
+    profileDetailResponse_profile,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newUpdateProfile' smart constructor.
+data UpdateProfile = UpdateProfile'
+  { -- | The number of seconds the vended session credentials are valid for.
+    durationSeconds :: Prelude.Maybe Prelude.Natural,
+    -- | A list of managed policy ARNs that apply to the vended session
+    -- credentials.
+    managedPolicyArns :: Prelude.Maybe [Prelude.Text],
+    -- | The name of the profile.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | A list of IAM roles that this profile can assume in a
+    -- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+    -- operation.
+    roleArns :: Prelude.Maybe [Prelude.Text],
+    -- | A session policy that applies to the trust boundary of the vended
+    -- session credentials.
+    sessionPolicy :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the profile.
+    profileId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateProfile' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'durationSeconds', 'updateProfile_durationSeconds' - The number of seconds the vended session credentials are valid for.
+--
+-- 'managedPolicyArns', 'updateProfile_managedPolicyArns' - A list of managed policy ARNs that apply to the vended session
+-- credentials.
+--
+-- 'name', 'updateProfile_name' - The name of the profile.
+--
+-- 'roleArns', 'updateProfile_roleArns' - A list of IAM roles that this profile can assume in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+--
+-- 'sessionPolicy', 'updateProfile_sessionPolicy' - A session policy that applies to the trust boundary of the vended
+-- session credentials.
+--
+-- 'profileId', 'updateProfile_profileId' - The unique identifier of the profile.
+newUpdateProfile ::
+  -- | 'profileId'
+  Prelude.Text ->
+  UpdateProfile
+newUpdateProfile pProfileId_ =
+  UpdateProfile'
+    { durationSeconds = Prelude.Nothing,
+      managedPolicyArns = Prelude.Nothing,
+      name = Prelude.Nothing,
+      roleArns = Prelude.Nothing,
+      sessionPolicy = Prelude.Nothing,
+      profileId = pProfileId_
+    }
+
+-- | The number of seconds the vended session credentials are valid for.
+updateProfile_durationSeconds :: Lens.Lens' UpdateProfile (Prelude.Maybe Prelude.Natural)
+updateProfile_durationSeconds = Lens.lens (\UpdateProfile' {durationSeconds} -> durationSeconds) (\s@UpdateProfile' {} a -> s {durationSeconds = a} :: UpdateProfile)
+
+-- | A list of managed policy ARNs that apply to the vended session
+-- credentials.
+updateProfile_managedPolicyArns :: Lens.Lens' UpdateProfile (Prelude.Maybe [Prelude.Text])
+updateProfile_managedPolicyArns = Lens.lens (\UpdateProfile' {managedPolicyArns} -> managedPolicyArns) (\s@UpdateProfile' {} a -> s {managedPolicyArns = a} :: UpdateProfile) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the profile.
+updateProfile_name :: Lens.Lens' UpdateProfile (Prelude.Maybe Prelude.Text)
+updateProfile_name = Lens.lens (\UpdateProfile' {name} -> name) (\s@UpdateProfile' {} a -> s {name = a} :: UpdateProfile)
+
+-- | A list of IAM roles that this profile can assume in a
+-- <https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html CreateSession>
+-- operation.
+updateProfile_roleArns :: Lens.Lens' UpdateProfile (Prelude.Maybe [Prelude.Text])
+updateProfile_roleArns = Lens.lens (\UpdateProfile' {roleArns} -> roleArns) (\s@UpdateProfile' {} a -> s {roleArns = a} :: UpdateProfile) Prelude.. Lens.mapping Lens.coerced
+
+-- | A session policy that applies to the trust boundary of the vended
+-- session credentials.
+updateProfile_sessionPolicy :: Lens.Lens' UpdateProfile (Prelude.Maybe Prelude.Text)
+updateProfile_sessionPolicy = Lens.lens (\UpdateProfile' {sessionPolicy} -> sessionPolicy) (\s@UpdateProfile' {} a -> s {sessionPolicy = a} :: UpdateProfile)
+
+-- | The unique identifier of the profile.
+updateProfile_profileId :: Lens.Lens' UpdateProfile Prelude.Text
+updateProfile_profileId = Lens.lens (\UpdateProfile' {profileId} -> profileId) (\s@UpdateProfile' {} a -> s {profileId = a} :: UpdateProfile)
+
+instance Core.AWSRequest UpdateProfile where
+  type
+    AWSResponse UpdateProfile =
+      ProfileDetailResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable UpdateProfile where
+  hashWithSalt _salt UpdateProfile' {..} =
+    _salt
+      `Prelude.hashWithSalt` durationSeconds
+      `Prelude.hashWithSalt` managedPolicyArns
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` roleArns
+      `Prelude.hashWithSalt` sessionPolicy
+      `Prelude.hashWithSalt` profileId
+
+instance Prelude.NFData UpdateProfile where
+  rnf UpdateProfile' {..} =
+    Prelude.rnf durationSeconds
+      `Prelude.seq` Prelude.rnf managedPolicyArns
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf roleArns
+      `Prelude.seq` Prelude.rnf sessionPolicy
+      `Prelude.seq` Prelude.rnf profileId
+
+instance Data.ToHeaders UpdateProfile where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateProfile where
+  toJSON UpdateProfile' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("durationSeconds" Data..=)
+              Prelude.<$> durationSeconds,
+            ("managedPolicyArns" Data..=)
+              Prelude.<$> managedPolicyArns,
+            ("name" Data..=) Prelude.<$> name,
+            ("roleArns" Data..=) Prelude.<$> roleArns,
+            ("sessionPolicy" Data..=) Prelude.<$> sessionPolicy
+          ]
+      )
+
+instance Data.ToPath UpdateProfile where
+  toPath UpdateProfile' {..} =
+    Prelude.mconcat ["/profile/", Data.toBS profileId]
+
+instance Data.ToQuery UpdateProfile where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/UpdateTrustAnchor.hs b/gen/Amazonka/RolesAnywhere/UpdateTrustAnchor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/UpdateTrustAnchor.hs
@@ -0,0 +1,156 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.UpdateTrustAnchor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the trust anchor.You establish trust between IAM Roles Anywhere
+-- and your certificate authority (CA) by configuring a trust anchor. A
+-- Trust Anchor is defined either as a reference to a AWS Certificate
+-- Manager Private Certificate Authority (ACM PCA), or by uploading a
+-- Certificate Authority (CA) certificate. Your AWS workloads can
+-- authenticate with the trust anchor using certificates issued by the
+-- trusted Certificate Authority (CA) in exchange for temporary AWS
+-- credentials.
+--
+-- __Required permissions:__ @rolesanywhere:UpdateTrustAnchor@.
+module Amazonka.RolesAnywhere.UpdateTrustAnchor
+  ( -- * Creating a Request
+    UpdateTrustAnchor (..),
+    newUpdateTrustAnchor,
+
+    -- * Request Lenses
+    updateTrustAnchor_name,
+    updateTrustAnchor_source,
+    updateTrustAnchor_trustAnchorId,
+
+    -- * Destructuring the Response
+    TrustAnchorDetailResponse (..),
+    newTrustAnchorDetailResponse,
+
+    -- * Response Lenses
+    trustAnchorDetailResponse_trustAnchor,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.RolesAnywhere.Types
+
+-- | /See:/ 'newUpdateTrustAnchor' smart constructor.
+data UpdateTrustAnchor = UpdateTrustAnchor'
+  { -- | The name of the trust anchor.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The trust anchor type and its related certificate data.
+    source :: Prelude.Maybe Source,
+    -- | The unique identifier of the trust anchor.
+    trustAnchorId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateTrustAnchor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'updateTrustAnchor_name' - The name of the trust anchor.
+--
+-- 'source', 'updateTrustAnchor_source' - The trust anchor type and its related certificate data.
+--
+-- 'trustAnchorId', 'updateTrustAnchor_trustAnchorId' - The unique identifier of the trust anchor.
+newUpdateTrustAnchor ::
+  -- | 'trustAnchorId'
+  Prelude.Text ->
+  UpdateTrustAnchor
+newUpdateTrustAnchor pTrustAnchorId_ =
+  UpdateTrustAnchor'
+    { name = Prelude.Nothing,
+      source = Prelude.Nothing,
+      trustAnchorId = pTrustAnchorId_
+    }
+
+-- | The name of the trust anchor.
+updateTrustAnchor_name :: Lens.Lens' UpdateTrustAnchor (Prelude.Maybe Prelude.Text)
+updateTrustAnchor_name = Lens.lens (\UpdateTrustAnchor' {name} -> name) (\s@UpdateTrustAnchor' {} a -> s {name = a} :: UpdateTrustAnchor)
+
+-- | The trust anchor type and its related certificate data.
+updateTrustAnchor_source :: Lens.Lens' UpdateTrustAnchor (Prelude.Maybe Source)
+updateTrustAnchor_source = Lens.lens (\UpdateTrustAnchor' {source} -> source) (\s@UpdateTrustAnchor' {} a -> s {source = a} :: UpdateTrustAnchor)
+
+-- | The unique identifier of the trust anchor.
+updateTrustAnchor_trustAnchorId :: Lens.Lens' UpdateTrustAnchor Prelude.Text
+updateTrustAnchor_trustAnchorId = Lens.lens (\UpdateTrustAnchor' {trustAnchorId} -> trustAnchorId) (\s@UpdateTrustAnchor' {} a -> s {trustAnchorId = a} :: UpdateTrustAnchor)
+
+instance Core.AWSRequest UpdateTrustAnchor where
+  type
+    AWSResponse UpdateTrustAnchor =
+      TrustAnchorDetailResponse
+  request overrides =
+    Request.patchJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      (\s h x -> Data.eitherParseJSON x)
+
+instance Prelude.Hashable UpdateTrustAnchor where
+  hashWithSalt _salt UpdateTrustAnchor' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` source
+      `Prelude.hashWithSalt` trustAnchorId
+
+instance Prelude.NFData UpdateTrustAnchor where
+  rnf UpdateTrustAnchor' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf source
+      `Prelude.seq` Prelude.rnf trustAnchorId
+
+instance Data.ToHeaders UpdateTrustAnchor where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateTrustAnchor where
+  toJSON UpdateTrustAnchor' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("name" Data..=) Prelude.<$> name,
+            ("source" Data..=) Prelude.<$> source
+          ]
+      )
+
+instance Data.ToPath UpdateTrustAnchor where
+  toPath UpdateTrustAnchor' {..} =
+    Prelude.mconcat
+      ["/trustanchor/", Data.toBS trustAnchorId]
+
+instance Data.ToQuery UpdateTrustAnchor where
+  toQuery = Prelude.const Prelude.mempty
diff --git a/gen/Amazonka/RolesAnywhere/Waiters.hs b/gen/Amazonka/RolesAnywhere/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/RolesAnywhere/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.RolesAnywhere.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.RolesAnywhere.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.RolesAnywhere.Lens
+import Amazonka.RolesAnywhere.Types
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.RolesAnywhere
+import Test.Amazonka.RolesAnywhere.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "RolesAnywhere"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/RolesAnywhere.hs b/test/Test/Amazonka/Gen/RolesAnywhere.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/RolesAnywhere.hs
@@ -0,0 +1,558 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.RolesAnywhere
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.RolesAnywhere where
+
+import Amazonka.RolesAnywhere
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.RolesAnywhere.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestCreateProfile $
+--             newCreateProfile
+--
+--         , requestCreateTrustAnchor $
+--             newCreateTrustAnchor
+--
+--         , requestDeleteCrl $
+--             newDeleteCrl
+--
+--         , requestDeleteProfile $
+--             newDeleteProfile
+--
+--         , requestDeleteTrustAnchor $
+--             newDeleteTrustAnchor
+--
+--         , requestDisableCrl $
+--             newDisableCrl
+--
+--         , requestDisableProfile $
+--             newDisableProfile
+--
+--         , requestDisableTrustAnchor $
+--             newDisableTrustAnchor
+--
+--         , requestEnableCrl $
+--             newEnableCrl
+--
+--         , requestEnableProfile $
+--             newEnableProfile
+--
+--         , requestEnableTrustAnchor $
+--             newEnableTrustAnchor
+--
+--         , requestGetCrl $
+--             newGetCrl
+--
+--         , requestGetProfile $
+--             newGetProfile
+--
+--         , requestGetSubject $
+--             newGetSubject
+--
+--         , requestGetTrustAnchor $
+--             newGetTrustAnchor
+--
+--         , requestImportCrl $
+--             newImportCrl
+--
+--         , requestListCrls $
+--             newListCrls
+--
+--         , requestListProfiles $
+--             newListProfiles
+--
+--         , requestListSubjects $
+--             newListSubjects
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestListTrustAnchors $
+--             newListTrustAnchors
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateCrl $
+--             newUpdateCrl
+--
+--         , requestUpdateProfile $
+--             newUpdateProfile
+--
+--         , requestUpdateTrustAnchor $
+--             newUpdateTrustAnchor
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseCreateProfile $
+--             newProfileDetailResponse
+--
+--         , responseCreateTrustAnchor $
+--             newTrustAnchorDetailResponse
+--
+--         , responseDeleteCrl $
+--             newCrlDetailResponse
+--
+--         , responseDeleteProfile $
+--             newProfileDetailResponse
+--
+--         , responseDeleteTrustAnchor $
+--             newTrustAnchorDetailResponse
+--
+--         , responseDisableCrl $
+--             newCrlDetailResponse
+--
+--         , responseDisableProfile $
+--             newProfileDetailResponse
+--
+--         , responseDisableTrustAnchor $
+--             newTrustAnchorDetailResponse
+--
+--         , responseEnableCrl $
+--             newCrlDetailResponse
+--
+--         , responseEnableProfile $
+--             newProfileDetailResponse
+--
+--         , responseEnableTrustAnchor $
+--             newTrustAnchorDetailResponse
+--
+--         , responseGetCrl $
+--             newCrlDetailResponse
+--
+--         , responseGetProfile $
+--             newProfileDetailResponse
+--
+--         , responseGetSubject $
+--             newGetSubjectResponse
+--
+--         , responseGetTrustAnchor $
+--             newTrustAnchorDetailResponse
+--
+--         , responseImportCrl $
+--             newCrlDetailResponse
+--
+--         , responseListCrls $
+--             newListCrlsResponse
+--
+--         , responseListProfiles $
+--             newListProfilesResponse
+--
+--         , responseListSubjects $
+--             newListSubjectsResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseListTrustAnchors $
+--             newListTrustAnchorsResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateCrl $
+--             newCrlDetailResponse
+--
+--         , responseUpdateProfile $
+--             newProfileDetailResponse
+--
+--         , responseUpdateTrustAnchor $
+--             newTrustAnchorDetailResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestCreateProfile :: CreateProfile -> TestTree
+requestCreateProfile =
+  req
+    "CreateProfile"
+    "fixture/CreateProfile.yaml"
+
+requestCreateTrustAnchor :: CreateTrustAnchor -> TestTree
+requestCreateTrustAnchor =
+  req
+    "CreateTrustAnchor"
+    "fixture/CreateTrustAnchor.yaml"
+
+requestDeleteCrl :: DeleteCrl -> TestTree
+requestDeleteCrl =
+  req
+    "DeleteCrl"
+    "fixture/DeleteCrl.yaml"
+
+requestDeleteProfile :: DeleteProfile -> TestTree
+requestDeleteProfile =
+  req
+    "DeleteProfile"
+    "fixture/DeleteProfile.yaml"
+
+requestDeleteTrustAnchor :: DeleteTrustAnchor -> TestTree
+requestDeleteTrustAnchor =
+  req
+    "DeleteTrustAnchor"
+    "fixture/DeleteTrustAnchor.yaml"
+
+requestDisableCrl :: DisableCrl -> TestTree
+requestDisableCrl =
+  req
+    "DisableCrl"
+    "fixture/DisableCrl.yaml"
+
+requestDisableProfile :: DisableProfile -> TestTree
+requestDisableProfile =
+  req
+    "DisableProfile"
+    "fixture/DisableProfile.yaml"
+
+requestDisableTrustAnchor :: DisableTrustAnchor -> TestTree
+requestDisableTrustAnchor =
+  req
+    "DisableTrustAnchor"
+    "fixture/DisableTrustAnchor.yaml"
+
+requestEnableCrl :: EnableCrl -> TestTree
+requestEnableCrl =
+  req
+    "EnableCrl"
+    "fixture/EnableCrl.yaml"
+
+requestEnableProfile :: EnableProfile -> TestTree
+requestEnableProfile =
+  req
+    "EnableProfile"
+    "fixture/EnableProfile.yaml"
+
+requestEnableTrustAnchor :: EnableTrustAnchor -> TestTree
+requestEnableTrustAnchor =
+  req
+    "EnableTrustAnchor"
+    "fixture/EnableTrustAnchor.yaml"
+
+requestGetCrl :: GetCrl -> TestTree
+requestGetCrl =
+  req
+    "GetCrl"
+    "fixture/GetCrl.yaml"
+
+requestGetProfile :: GetProfile -> TestTree
+requestGetProfile =
+  req
+    "GetProfile"
+    "fixture/GetProfile.yaml"
+
+requestGetSubject :: GetSubject -> TestTree
+requestGetSubject =
+  req
+    "GetSubject"
+    "fixture/GetSubject.yaml"
+
+requestGetTrustAnchor :: GetTrustAnchor -> TestTree
+requestGetTrustAnchor =
+  req
+    "GetTrustAnchor"
+    "fixture/GetTrustAnchor.yaml"
+
+requestImportCrl :: ImportCrl -> TestTree
+requestImportCrl =
+  req
+    "ImportCrl"
+    "fixture/ImportCrl.yaml"
+
+requestListCrls :: ListCrls -> TestTree
+requestListCrls =
+  req
+    "ListCrls"
+    "fixture/ListCrls.yaml"
+
+requestListProfiles :: ListProfiles -> TestTree
+requestListProfiles =
+  req
+    "ListProfiles"
+    "fixture/ListProfiles.yaml"
+
+requestListSubjects :: ListSubjects -> TestTree
+requestListSubjects =
+  req
+    "ListSubjects"
+    "fixture/ListSubjects.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestListTrustAnchors :: ListTrustAnchors -> TestTree
+requestListTrustAnchors =
+  req
+    "ListTrustAnchors"
+    "fixture/ListTrustAnchors.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateCrl :: UpdateCrl -> TestTree
+requestUpdateCrl =
+  req
+    "UpdateCrl"
+    "fixture/UpdateCrl.yaml"
+
+requestUpdateProfile :: UpdateProfile -> TestTree
+requestUpdateProfile =
+  req
+    "UpdateProfile"
+    "fixture/UpdateProfile.yaml"
+
+requestUpdateTrustAnchor :: UpdateTrustAnchor -> TestTree
+requestUpdateTrustAnchor =
+  req
+    "UpdateTrustAnchor"
+    "fixture/UpdateTrustAnchor.yaml"
+
+-- Responses
+
+responseCreateProfile :: ProfileDetailResponse -> TestTree
+responseCreateProfile =
+  res
+    "CreateProfileResponse"
+    "fixture/CreateProfileResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateProfile)
+
+responseCreateTrustAnchor :: TrustAnchorDetailResponse -> TestTree
+responseCreateTrustAnchor =
+  res
+    "CreateTrustAnchorResponse"
+    "fixture/CreateTrustAnchorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateTrustAnchor)
+
+responseDeleteCrl :: CrlDetailResponse -> TestTree
+responseDeleteCrl =
+  res
+    "DeleteCrlResponse"
+    "fixture/DeleteCrlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteCrl)
+
+responseDeleteProfile :: ProfileDetailResponse -> TestTree
+responseDeleteProfile =
+  res
+    "DeleteProfileResponse"
+    "fixture/DeleteProfileResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteProfile)
+
+responseDeleteTrustAnchor :: TrustAnchorDetailResponse -> TestTree
+responseDeleteTrustAnchor =
+  res
+    "DeleteTrustAnchorResponse"
+    "fixture/DeleteTrustAnchorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteTrustAnchor)
+
+responseDisableCrl :: CrlDetailResponse -> TestTree
+responseDisableCrl =
+  res
+    "DisableCrlResponse"
+    "fixture/DisableCrlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableCrl)
+
+responseDisableProfile :: ProfileDetailResponse -> TestTree
+responseDisableProfile =
+  res
+    "DisableProfileResponse"
+    "fixture/DisableProfileResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableProfile)
+
+responseDisableTrustAnchor :: TrustAnchorDetailResponse -> TestTree
+responseDisableTrustAnchor =
+  res
+    "DisableTrustAnchorResponse"
+    "fixture/DisableTrustAnchorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableTrustAnchor)
+
+responseEnableCrl :: CrlDetailResponse -> TestTree
+responseEnableCrl =
+  res
+    "EnableCrlResponse"
+    "fixture/EnableCrlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableCrl)
+
+responseEnableProfile :: ProfileDetailResponse -> TestTree
+responseEnableProfile =
+  res
+    "EnableProfileResponse"
+    "fixture/EnableProfileResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableProfile)
+
+responseEnableTrustAnchor :: TrustAnchorDetailResponse -> TestTree
+responseEnableTrustAnchor =
+  res
+    "EnableTrustAnchorResponse"
+    "fixture/EnableTrustAnchorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableTrustAnchor)
+
+responseGetCrl :: CrlDetailResponse -> TestTree
+responseGetCrl =
+  res
+    "GetCrlResponse"
+    "fixture/GetCrlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetCrl)
+
+responseGetProfile :: ProfileDetailResponse -> TestTree
+responseGetProfile =
+  res
+    "GetProfileResponse"
+    "fixture/GetProfileResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetProfile)
+
+responseGetSubject :: GetSubjectResponse -> TestTree
+responseGetSubject =
+  res
+    "GetSubjectResponse"
+    "fixture/GetSubjectResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetSubject)
+
+responseGetTrustAnchor :: TrustAnchorDetailResponse -> TestTree
+responseGetTrustAnchor =
+  res
+    "GetTrustAnchorResponse"
+    "fixture/GetTrustAnchorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetTrustAnchor)
+
+responseImportCrl :: CrlDetailResponse -> TestTree
+responseImportCrl =
+  res
+    "ImportCrlResponse"
+    "fixture/ImportCrlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ImportCrl)
+
+responseListCrls :: ListCrlsResponse -> TestTree
+responseListCrls =
+  res
+    "ListCrlsResponse"
+    "fixture/ListCrlsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListCrls)
+
+responseListProfiles :: ListProfilesResponse -> TestTree
+responseListProfiles =
+  res
+    "ListProfilesResponse"
+    "fixture/ListProfilesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListProfiles)
+
+responseListSubjects :: ListSubjectsResponse -> TestTree
+responseListSubjects =
+  res
+    "ListSubjectsResponse"
+    "fixture/ListSubjectsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListSubjects)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseListTrustAnchors :: ListTrustAnchorsResponse -> TestTree
+responseListTrustAnchors =
+  res
+    "ListTrustAnchorsResponse"
+    "fixture/ListTrustAnchorsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTrustAnchors)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateCrl :: CrlDetailResponse -> TestTree
+responseUpdateCrl =
+  res
+    "UpdateCrlResponse"
+    "fixture/UpdateCrlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateCrl)
+
+responseUpdateProfile :: ProfileDetailResponse -> TestTree
+responseUpdateProfile =
+  res
+    "UpdateProfileResponse"
+    "fixture/UpdateProfileResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateProfile)
+
+responseUpdateTrustAnchor :: TrustAnchorDetailResponse -> TestTree
+responseUpdateTrustAnchor =
+  res
+    "UpdateTrustAnchorResponse"
+    "fixture/UpdateTrustAnchorResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateTrustAnchor)
diff --git a/test/Test/Amazonka/RolesAnywhere.hs b/test/Test/Amazonka/RolesAnywhere.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/RolesAnywhere.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.RolesAnywhere
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.RolesAnywhere
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/RolesAnywhere/Internal.hs b/test/Test/Amazonka/RolesAnywhere/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/RolesAnywhere/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.RolesAnywhere.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.RolesAnywhere.Internal where
