diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon Single Sign-On Admin SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2020-07-20@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-sso-admin)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.SSOAdmin](http://hackage.haskell.org/package/amazonka-sso-admin/docs/Amazonka-SSOAdmin.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-sso-admin` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-sso-admin.cabal b/amazonka-sso-admin.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-sso-admin.cabal
@@ -0,0 +1,141 @@
+cabal-version:      2.2
+name:               amazonka-sso-admin
+version:            2.0
+synopsis:           Amazon Single Sign-On Admin SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2020-07-20@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.SSOAdmin.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.SSOAdmin" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-sso-admin
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.SSOAdmin
+    Amazonka.SSOAdmin.AttachCustomerManagedPolicyReferenceToPermissionSet
+    Amazonka.SSOAdmin.AttachManagedPolicyToPermissionSet
+    Amazonka.SSOAdmin.CreateAccountAssignment
+    Amazonka.SSOAdmin.CreateInstanceAccessControlAttributeConfiguration
+    Amazonka.SSOAdmin.CreatePermissionSet
+    Amazonka.SSOAdmin.DeleteAccountAssignment
+    Amazonka.SSOAdmin.DeleteInlinePolicyFromPermissionSet
+    Amazonka.SSOAdmin.DeleteInstanceAccessControlAttributeConfiguration
+    Amazonka.SSOAdmin.DeletePermissionsBoundaryFromPermissionSet
+    Amazonka.SSOAdmin.DeletePermissionSet
+    Amazonka.SSOAdmin.DescribeAccountAssignmentCreationStatus
+    Amazonka.SSOAdmin.DescribeAccountAssignmentDeletionStatus
+    Amazonka.SSOAdmin.DescribeInstanceAccessControlAttributeConfiguration
+    Amazonka.SSOAdmin.DescribePermissionSet
+    Amazonka.SSOAdmin.DescribePermissionSetProvisioningStatus
+    Amazonka.SSOAdmin.DetachCustomerManagedPolicyReferenceFromPermissionSet
+    Amazonka.SSOAdmin.DetachManagedPolicyFromPermissionSet
+    Amazonka.SSOAdmin.GetInlinePolicyForPermissionSet
+    Amazonka.SSOAdmin.GetPermissionsBoundaryForPermissionSet
+    Amazonka.SSOAdmin.Lens
+    Amazonka.SSOAdmin.ListAccountAssignmentCreationStatus
+    Amazonka.SSOAdmin.ListAccountAssignmentDeletionStatus
+    Amazonka.SSOAdmin.ListAccountAssignments
+    Amazonka.SSOAdmin.ListAccountsForProvisionedPermissionSet
+    Amazonka.SSOAdmin.ListCustomerManagedPolicyReferencesInPermissionSet
+    Amazonka.SSOAdmin.ListInstances
+    Amazonka.SSOAdmin.ListManagedPoliciesInPermissionSet
+    Amazonka.SSOAdmin.ListPermissionSetProvisioningStatus
+    Amazonka.SSOAdmin.ListPermissionSets
+    Amazonka.SSOAdmin.ListPermissionSetsProvisionedToAccount
+    Amazonka.SSOAdmin.ListTagsForResource
+    Amazonka.SSOAdmin.ProvisionPermissionSet
+    Amazonka.SSOAdmin.PutInlinePolicyToPermissionSet
+    Amazonka.SSOAdmin.PutPermissionsBoundaryToPermissionSet
+    Amazonka.SSOAdmin.TagResource
+    Amazonka.SSOAdmin.Types
+    Amazonka.SSOAdmin.Types.AccessControlAttribute
+    Amazonka.SSOAdmin.Types.AccessControlAttributeValue
+    Amazonka.SSOAdmin.Types.AccountAssignment
+    Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatus
+    Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatusMetadata
+    Amazonka.SSOAdmin.Types.AttachedManagedPolicy
+    Amazonka.SSOAdmin.Types.CustomerManagedPolicyReference
+    Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfiguration
+    Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfigurationStatus
+    Amazonka.SSOAdmin.Types.InstanceMetadata
+    Amazonka.SSOAdmin.Types.OperationStatusFilter
+    Amazonka.SSOAdmin.Types.PermissionsBoundary
+    Amazonka.SSOAdmin.Types.PermissionSet
+    Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatus
+    Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatusMetadata
+    Amazonka.SSOAdmin.Types.PrincipalType
+    Amazonka.SSOAdmin.Types.ProvisioningStatus
+    Amazonka.SSOAdmin.Types.ProvisionTargetType
+    Amazonka.SSOAdmin.Types.StatusValues
+    Amazonka.SSOAdmin.Types.Tag
+    Amazonka.SSOAdmin.Types.TargetType
+    Amazonka.SSOAdmin.UntagResource
+    Amazonka.SSOAdmin.UpdateInstanceAccessControlAttributeConfiguration
+    Amazonka.SSOAdmin.UpdatePermissionSet
+    Amazonka.SSOAdmin.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-sso-admin-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.SSOAdmin
+    Test.Amazonka.SSOAdmin
+    Test.Amazonka.SSOAdmin.Internal
+
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-sso-admin
+    , amazonka-test         >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/AttachCustomerManagedPolicyReferenceToPermissionSet.yaml b/fixture/AttachCustomerManagedPolicyReferenceToPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AttachCustomerManagedPolicyReferenceToPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AttachCustomerManagedPolicyReferenceToPermissionSetResponse.proto b/fixture/AttachCustomerManagedPolicyReferenceToPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AttachCustomerManagedPolicyReferenceToPermissionSetResponse.proto
diff --git a/fixture/AttachManagedPolicyToPermissionSet.yaml b/fixture/AttachManagedPolicyToPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AttachManagedPolicyToPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AttachManagedPolicyToPermissionSetResponse.proto b/fixture/AttachManagedPolicyToPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AttachManagedPolicyToPermissionSetResponse.proto
diff --git a/fixture/CreateAccountAssignment.yaml b/fixture/CreateAccountAssignment.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateAccountAssignment.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateAccountAssignmentResponse.proto b/fixture/CreateAccountAssignmentResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateAccountAssignmentResponse.proto
diff --git a/fixture/CreateInstanceAccessControlAttributeConfiguration.yaml b/fixture/CreateInstanceAccessControlAttributeConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateInstanceAccessControlAttributeConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateInstanceAccessControlAttributeConfigurationResponse.proto b/fixture/CreateInstanceAccessControlAttributeConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateInstanceAccessControlAttributeConfigurationResponse.proto
diff --git a/fixture/CreatePermissionSet.yaml b/fixture/CreatePermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreatePermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreatePermissionSetResponse.proto b/fixture/CreatePermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreatePermissionSetResponse.proto
diff --git a/fixture/DeleteAccountAssignment.yaml b/fixture/DeleteAccountAssignment.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteAccountAssignment.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteAccountAssignmentResponse.proto b/fixture/DeleteAccountAssignmentResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteAccountAssignmentResponse.proto
diff --git a/fixture/DeleteInlinePolicyFromPermissionSet.yaml b/fixture/DeleteInlinePolicyFromPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInlinePolicyFromPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteInlinePolicyFromPermissionSetResponse.proto b/fixture/DeleteInlinePolicyFromPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInlinePolicyFromPermissionSetResponse.proto
diff --git a/fixture/DeleteInstanceAccessControlAttributeConfiguration.yaml b/fixture/DeleteInstanceAccessControlAttributeConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInstanceAccessControlAttributeConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteInstanceAccessControlAttributeConfigurationResponse.proto b/fixture/DeleteInstanceAccessControlAttributeConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteInstanceAccessControlAttributeConfigurationResponse.proto
diff --git a/fixture/DeletePermissionSet.yaml b/fixture/DeletePermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeletePermissionSetResponse.proto b/fixture/DeletePermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePermissionSetResponse.proto
diff --git a/fixture/DeletePermissionsBoundaryFromPermissionSet.yaml b/fixture/DeletePermissionsBoundaryFromPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePermissionsBoundaryFromPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeletePermissionsBoundaryFromPermissionSetResponse.proto b/fixture/DeletePermissionsBoundaryFromPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePermissionsBoundaryFromPermissionSetResponse.proto
diff --git a/fixture/DescribeAccountAssignmentCreationStatus.yaml b/fixture/DescribeAccountAssignmentCreationStatus.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeAccountAssignmentCreationStatus.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeAccountAssignmentCreationStatusResponse.proto b/fixture/DescribeAccountAssignmentCreationStatusResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeAccountAssignmentCreationStatusResponse.proto
diff --git a/fixture/DescribeAccountAssignmentDeletionStatus.yaml b/fixture/DescribeAccountAssignmentDeletionStatus.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeAccountAssignmentDeletionStatus.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeAccountAssignmentDeletionStatusResponse.proto b/fixture/DescribeAccountAssignmentDeletionStatusResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeAccountAssignmentDeletionStatusResponse.proto
diff --git a/fixture/DescribeInstanceAccessControlAttributeConfiguration.yaml b/fixture/DescribeInstanceAccessControlAttributeConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeInstanceAccessControlAttributeConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeInstanceAccessControlAttributeConfigurationResponse.proto b/fixture/DescribeInstanceAccessControlAttributeConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeInstanceAccessControlAttributeConfigurationResponse.proto
diff --git a/fixture/DescribePermissionSet.yaml b/fixture/DescribePermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribePermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribePermissionSetProvisioningStatus.yaml b/fixture/DescribePermissionSetProvisioningStatus.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribePermissionSetProvisioningStatus.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribePermissionSetProvisioningStatusResponse.proto b/fixture/DescribePermissionSetProvisioningStatusResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribePermissionSetProvisioningStatusResponse.proto
diff --git a/fixture/DescribePermissionSetResponse.proto b/fixture/DescribePermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribePermissionSetResponse.proto
diff --git a/fixture/DetachCustomerManagedPolicyReferenceFromPermissionSet.yaml b/fixture/DetachCustomerManagedPolicyReferenceFromPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DetachCustomerManagedPolicyReferenceFromPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse.proto b/fixture/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse.proto
diff --git a/fixture/DetachManagedPolicyFromPermissionSet.yaml b/fixture/DetachManagedPolicyFromPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DetachManagedPolicyFromPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DetachManagedPolicyFromPermissionSetResponse.proto b/fixture/DetachManagedPolicyFromPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DetachManagedPolicyFromPermissionSetResponse.proto
diff --git a/fixture/GetInlinePolicyForPermissionSet.yaml b/fixture/GetInlinePolicyForPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetInlinePolicyForPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetInlinePolicyForPermissionSetResponse.proto b/fixture/GetInlinePolicyForPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetInlinePolicyForPermissionSetResponse.proto
diff --git a/fixture/GetPermissionsBoundaryForPermissionSet.yaml b/fixture/GetPermissionsBoundaryForPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetPermissionsBoundaryForPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetPermissionsBoundaryForPermissionSetResponse.proto b/fixture/GetPermissionsBoundaryForPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetPermissionsBoundaryForPermissionSetResponse.proto
diff --git a/fixture/ListAccountAssignmentCreationStatus.yaml b/fixture/ListAccountAssignmentCreationStatus.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountAssignmentCreationStatus.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccountAssignmentCreationStatusResponse.proto b/fixture/ListAccountAssignmentCreationStatusResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountAssignmentCreationStatusResponse.proto
diff --git a/fixture/ListAccountAssignmentDeletionStatus.yaml b/fixture/ListAccountAssignmentDeletionStatus.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountAssignmentDeletionStatus.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccountAssignmentDeletionStatusResponse.proto b/fixture/ListAccountAssignmentDeletionStatusResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountAssignmentDeletionStatusResponse.proto
diff --git a/fixture/ListAccountAssignments.yaml b/fixture/ListAccountAssignments.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountAssignments.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccountAssignmentsResponse.proto b/fixture/ListAccountAssignmentsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountAssignmentsResponse.proto
diff --git a/fixture/ListAccountsForProvisionedPermissionSet.yaml b/fixture/ListAccountsForProvisionedPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountsForProvisionedPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccountsForProvisionedPermissionSetResponse.proto b/fixture/ListAccountsForProvisionedPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountsForProvisionedPermissionSetResponse.proto
diff --git a/fixture/ListCustomerManagedPolicyReferencesInPermissionSet.yaml b/fixture/ListCustomerManagedPolicyReferencesInPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListCustomerManagedPolicyReferencesInPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListCustomerManagedPolicyReferencesInPermissionSetResponse.proto b/fixture/ListCustomerManagedPolicyReferencesInPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListCustomerManagedPolicyReferencesInPermissionSetResponse.proto
diff --git a/fixture/ListInstances.yaml b/fixture/ListInstances.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListInstances.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListInstancesResponse.proto b/fixture/ListInstancesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListInstancesResponse.proto
diff --git a/fixture/ListManagedPoliciesInPermissionSet.yaml b/fixture/ListManagedPoliciesInPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListManagedPoliciesInPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListManagedPoliciesInPermissionSetResponse.proto b/fixture/ListManagedPoliciesInPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListManagedPoliciesInPermissionSetResponse.proto
diff --git a/fixture/ListPermissionSetProvisioningStatus.yaml b/fixture/ListPermissionSetProvisioningStatus.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissionSetProvisioningStatus.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListPermissionSetProvisioningStatusResponse.proto b/fixture/ListPermissionSetProvisioningStatusResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissionSetProvisioningStatusResponse.proto
diff --git a/fixture/ListPermissionSets.yaml b/fixture/ListPermissionSets.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissionSets.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListPermissionSetsProvisionedToAccount.yaml b/fixture/ListPermissionSetsProvisionedToAccount.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissionSetsProvisionedToAccount.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListPermissionSetsProvisionedToAccountResponse.proto b/fixture/ListPermissionSetsProvisionedToAccountResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissionSetsProvisionedToAccountResponse.proto
diff --git a/fixture/ListPermissionSetsResponse.proto b/fixture/ListPermissionSetsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListPermissionSetsResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/ProvisionPermissionSet.yaml b/fixture/ProvisionPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ProvisionPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ProvisionPermissionSetResponse.proto b/fixture/ProvisionPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ProvisionPermissionSetResponse.proto
diff --git a/fixture/PutInlinePolicyToPermissionSet.yaml b/fixture/PutInlinePolicyToPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutInlinePolicyToPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutInlinePolicyToPermissionSetResponse.proto b/fixture/PutInlinePolicyToPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutInlinePolicyToPermissionSetResponse.proto
diff --git a/fixture/PutPermissionsBoundaryToPermissionSet.yaml b/fixture/PutPermissionsBoundaryToPermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutPermissionsBoundaryToPermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutPermissionsBoundaryToPermissionSetResponse.proto b/fixture/PutPermissionsBoundaryToPermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutPermissionsBoundaryToPermissionSetResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateInstanceAccessControlAttributeConfiguration.yaml b/fixture/UpdateInstanceAccessControlAttributeConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateInstanceAccessControlAttributeConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateInstanceAccessControlAttributeConfigurationResponse.proto b/fixture/UpdateInstanceAccessControlAttributeConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateInstanceAccessControlAttributeConfigurationResponse.proto
diff --git a/fixture/UpdatePermissionSet.yaml b/fixture/UpdatePermissionSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdatePermissionSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdatePermissionSetResponse.proto b/fixture/UpdatePermissionSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdatePermissionSetResponse.proto
diff --git a/gen/Amazonka/SSOAdmin.hs b/gen/Amazonka/SSOAdmin.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin.hs
@@ -0,0 +1,445 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.SSOAdmin
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2020-07-20@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- AWS IAM Identity Center (successor to AWS Single Sign-On) helps you
+-- securely create, or connect, your workforce identities and manage their
+-- access centrally across AWS accounts and applications. IAM Identity
+-- Center is the recommended approach for workforce authentication and
+-- authorization in AWS, for organizations of any size and type.
+--
+-- Although AWS Single Sign-On was renamed, the @sso@ and @identitystore@
+-- API namespaces will continue to retain their original name for backward
+-- compatibility purposes. For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed IAM Identity Center rename>.
+--
+-- This reference guide provides information on single sign-on operations
+-- which could be used for access management of AWS accounts. For
+-- information about IAM Identity Center features, see the
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html IAM Identity Center User Guide>.
+--
+-- Many operations in the IAM Identity Center APIs rely on identifiers for
+-- users and groups, known as principals. For more information about how to
+-- work with principals and principal IDs in IAM Identity Center, see the
+-- <https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/welcome.html Identity Store API Reference>.
+--
+-- AWS provides SDKs that consist of libraries and sample code for various
+-- programming languages and platforms (Java, Ruby, .Net, iOS, Android, and
+-- more). The SDKs provide a convenient way to create programmatic access
+-- to IAM Identity Center and other AWS services. For more information
+-- about the AWS SDKs, including how to download and install them, see
+-- <http://aws.amazon.com/tools/ Tools for Amazon Web Services>.
+module Amazonka.SSOAdmin
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** ConflictException
+    _ConflictException,
+
+    -- ** InternalServerException
+    _InternalServerException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- ** ServiceQuotaExceededException
+    _ServiceQuotaExceededException,
+
+    -- ** ThrottlingException
+    _ThrottlingException,
+
+    -- ** ValidationException
+    _ValidationException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** AttachCustomerManagedPolicyReferenceToPermissionSet
+    AttachCustomerManagedPolicyReferenceToPermissionSet (AttachCustomerManagedPolicyReferenceToPermissionSet'),
+    newAttachCustomerManagedPolicyReferenceToPermissionSet,
+    AttachCustomerManagedPolicyReferenceToPermissionSetResponse (AttachCustomerManagedPolicyReferenceToPermissionSetResponse'),
+    newAttachCustomerManagedPolicyReferenceToPermissionSetResponse,
+
+    -- ** AttachManagedPolicyToPermissionSet
+    AttachManagedPolicyToPermissionSet (AttachManagedPolicyToPermissionSet'),
+    newAttachManagedPolicyToPermissionSet,
+    AttachManagedPolicyToPermissionSetResponse (AttachManagedPolicyToPermissionSetResponse'),
+    newAttachManagedPolicyToPermissionSetResponse,
+
+    -- ** CreateAccountAssignment
+    CreateAccountAssignment (CreateAccountAssignment'),
+    newCreateAccountAssignment,
+    CreateAccountAssignmentResponse (CreateAccountAssignmentResponse'),
+    newCreateAccountAssignmentResponse,
+
+    -- ** CreateInstanceAccessControlAttributeConfiguration
+    CreateInstanceAccessControlAttributeConfiguration (CreateInstanceAccessControlAttributeConfiguration'),
+    newCreateInstanceAccessControlAttributeConfiguration,
+    CreateInstanceAccessControlAttributeConfigurationResponse (CreateInstanceAccessControlAttributeConfigurationResponse'),
+    newCreateInstanceAccessControlAttributeConfigurationResponse,
+
+    -- ** CreatePermissionSet
+    CreatePermissionSet (CreatePermissionSet'),
+    newCreatePermissionSet,
+    CreatePermissionSetResponse (CreatePermissionSetResponse'),
+    newCreatePermissionSetResponse,
+
+    -- ** DeleteAccountAssignment
+    DeleteAccountAssignment (DeleteAccountAssignment'),
+    newDeleteAccountAssignment,
+    DeleteAccountAssignmentResponse (DeleteAccountAssignmentResponse'),
+    newDeleteAccountAssignmentResponse,
+
+    -- ** DeleteInlinePolicyFromPermissionSet
+    DeleteInlinePolicyFromPermissionSet (DeleteInlinePolicyFromPermissionSet'),
+    newDeleteInlinePolicyFromPermissionSet,
+    DeleteInlinePolicyFromPermissionSetResponse (DeleteInlinePolicyFromPermissionSetResponse'),
+    newDeleteInlinePolicyFromPermissionSetResponse,
+
+    -- ** DeleteInstanceAccessControlAttributeConfiguration
+    DeleteInstanceAccessControlAttributeConfiguration (DeleteInstanceAccessControlAttributeConfiguration'),
+    newDeleteInstanceAccessControlAttributeConfiguration,
+    DeleteInstanceAccessControlAttributeConfigurationResponse (DeleteInstanceAccessControlAttributeConfigurationResponse'),
+    newDeleteInstanceAccessControlAttributeConfigurationResponse,
+
+    -- ** DeletePermissionSet
+    DeletePermissionSet (DeletePermissionSet'),
+    newDeletePermissionSet,
+    DeletePermissionSetResponse (DeletePermissionSetResponse'),
+    newDeletePermissionSetResponse,
+
+    -- ** DeletePermissionsBoundaryFromPermissionSet
+    DeletePermissionsBoundaryFromPermissionSet (DeletePermissionsBoundaryFromPermissionSet'),
+    newDeletePermissionsBoundaryFromPermissionSet,
+    DeletePermissionsBoundaryFromPermissionSetResponse (DeletePermissionsBoundaryFromPermissionSetResponse'),
+    newDeletePermissionsBoundaryFromPermissionSetResponse,
+
+    -- ** DescribeAccountAssignmentCreationStatus
+    DescribeAccountAssignmentCreationStatus (DescribeAccountAssignmentCreationStatus'),
+    newDescribeAccountAssignmentCreationStatus,
+    DescribeAccountAssignmentCreationStatusResponse (DescribeAccountAssignmentCreationStatusResponse'),
+    newDescribeAccountAssignmentCreationStatusResponse,
+
+    -- ** DescribeAccountAssignmentDeletionStatus
+    DescribeAccountAssignmentDeletionStatus (DescribeAccountAssignmentDeletionStatus'),
+    newDescribeAccountAssignmentDeletionStatus,
+    DescribeAccountAssignmentDeletionStatusResponse (DescribeAccountAssignmentDeletionStatusResponse'),
+    newDescribeAccountAssignmentDeletionStatusResponse,
+
+    -- ** DescribeInstanceAccessControlAttributeConfiguration
+    DescribeInstanceAccessControlAttributeConfiguration (DescribeInstanceAccessControlAttributeConfiguration'),
+    newDescribeInstanceAccessControlAttributeConfiguration,
+    DescribeInstanceAccessControlAttributeConfigurationResponse (DescribeInstanceAccessControlAttributeConfigurationResponse'),
+    newDescribeInstanceAccessControlAttributeConfigurationResponse,
+
+    -- ** DescribePermissionSet
+    DescribePermissionSet (DescribePermissionSet'),
+    newDescribePermissionSet,
+    DescribePermissionSetResponse (DescribePermissionSetResponse'),
+    newDescribePermissionSetResponse,
+
+    -- ** DescribePermissionSetProvisioningStatus
+    DescribePermissionSetProvisioningStatus (DescribePermissionSetProvisioningStatus'),
+    newDescribePermissionSetProvisioningStatus,
+    DescribePermissionSetProvisioningStatusResponse (DescribePermissionSetProvisioningStatusResponse'),
+    newDescribePermissionSetProvisioningStatusResponse,
+
+    -- ** DetachCustomerManagedPolicyReferenceFromPermissionSet
+    DetachCustomerManagedPolicyReferenceFromPermissionSet (DetachCustomerManagedPolicyReferenceFromPermissionSet'),
+    newDetachCustomerManagedPolicyReferenceFromPermissionSet,
+    DetachCustomerManagedPolicyReferenceFromPermissionSetResponse (DetachCustomerManagedPolicyReferenceFromPermissionSetResponse'),
+    newDetachCustomerManagedPolicyReferenceFromPermissionSetResponse,
+
+    -- ** DetachManagedPolicyFromPermissionSet
+    DetachManagedPolicyFromPermissionSet (DetachManagedPolicyFromPermissionSet'),
+    newDetachManagedPolicyFromPermissionSet,
+    DetachManagedPolicyFromPermissionSetResponse (DetachManagedPolicyFromPermissionSetResponse'),
+    newDetachManagedPolicyFromPermissionSetResponse,
+
+    -- ** GetInlinePolicyForPermissionSet
+    GetInlinePolicyForPermissionSet (GetInlinePolicyForPermissionSet'),
+    newGetInlinePolicyForPermissionSet,
+    GetInlinePolicyForPermissionSetResponse (GetInlinePolicyForPermissionSetResponse'),
+    newGetInlinePolicyForPermissionSetResponse,
+
+    -- ** GetPermissionsBoundaryForPermissionSet
+    GetPermissionsBoundaryForPermissionSet (GetPermissionsBoundaryForPermissionSet'),
+    newGetPermissionsBoundaryForPermissionSet,
+    GetPermissionsBoundaryForPermissionSetResponse (GetPermissionsBoundaryForPermissionSetResponse'),
+    newGetPermissionsBoundaryForPermissionSetResponse,
+
+    -- ** ListAccountAssignmentCreationStatus (Paginated)
+    ListAccountAssignmentCreationStatus (ListAccountAssignmentCreationStatus'),
+    newListAccountAssignmentCreationStatus,
+    ListAccountAssignmentCreationStatusResponse (ListAccountAssignmentCreationStatusResponse'),
+    newListAccountAssignmentCreationStatusResponse,
+
+    -- ** ListAccountAssignmentDeletionStatus (Paginated)
+    ListAccountAssignmentDeletionStatus (ListAccountAssignmentDeletionStatus'),
+    newListAccountAssignmentDeletionStatus,
+    ListAccountAssignmentDeletionStatusResponse (ListAccountAssignmentDeletionStatusResponse'),
+    newListAccountAssignmentDeletionStatusResponse,
+
+    -- ** ListAccountAssignments (Paginated)
+    ListAccountAssignments (ListAccountAssignments'),
+    newListAccountAssignments,
+    ListAccountAssignmentsResponse (ListAccountAssignmentsResponse'),
+    newListAccountAssignmentsResponse,
+
+    -- ** ListAccountsForProvisionedPermissionSet (Paginated)
+    ListAccountsForProvisionedPermissionSet (ListAccountsForProvisionedPermissionSet'),
+    newListAccountsForProvisionedPermissionSet,
+    ListAccountsForProvisionedPermissionSetResponse (ListAccountsForProvisionedPermissionSetResponse'),
+    newListAccountsForProvisionedPermissionSetResponse,
+
+    -- ** ListCustomerManagedPolicyReferencesInPermissionSet (Paginated)
+    ListCustomerManagedPolicyReferencesInPermissionSet (ListCustomerManagedPolicyReferencesInPermissionSet'),
+    newListCustomerManagedPolicyReferencesInPermissionSet,
+    ListCustomerManagedPolicyReferencesInPermissionSetResponse (ListCustomerManagedPolicyReferencesInPermissionSetResponse'),
+    newListCustomerManagedPolicyReferencesInPermissionSetResponse,
+
+    -- ** ListInstances (Paginated)
+    ListInstances (ListInstances'),
+    newListInstances,
+    ListInstancesResponse (ListInstancesResponse'),
+    newListInstancesResponse,
+
+    -- ** ListManagedPoliciesInPermissionSet (Paginated)
+    ListManagedPoliciesInPermissionSet (ListManagedPoliciesInPermissionSet'),
+    newListManagedPoliciesInPermissionSet,
+    ListManagedPoliciesInPermissionSetResponse (ListManagedPoliciesInPermissionSetResponse'),
+    newListManagedPoliciesInPermissionSetResponse,
+
+    -- ** ListPermissionSetProvisioningStatus (Paginated)
+    ListPermissionSetProvisioningStatus (ListPermissionSetProvisioningStatus'),
+    newListPermissionSetProvisioningStatus,
+    ListPermissionSetProvisioningStatusResponse (ListPermissionSetProvisioningStatusResponse'),
+    newListPermissionSetProvisioningStatusResponse,
+
+    -- ** ListPermissionSets (Paginated)
+    ListPermissionSets (ListPermissionSets'),
+    newListPermissionSets,
+    ListPermissionSetsResponse (ListPermissionSetsResponse'),
+    newListPermissionSetsResponse,
+
+    -- ** ListPermissionSetsProvisionedToAccount (Paginated)
+    ListPermissionSetsProvisionedToAccount (ListPermissionSetsProvisionedToAccount'),
+    newListPermissionSetsProvisionedToAccount,
+    ListPermissionSetsProvisionedToAccountResponse (ListPermissionSetsProvisionedToAccountResponse'),
+    newListPermissionSetsProvisionedToAccountResponse,
+
+    -- ** ListTagsForResource (Paginated)
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** ProvisionPermissionSet
+    ProvisionPermissionSet (ProvisionPermissionSet'),
+    newProvisionPermissionSet,
+    ProvisionPermissionSetResponse (ProvisionPermissionSetResponse'),
+    newProvisionPermissionSetResponse,
+
+    -- ** PutInlinePolicyToPermissionSet
+    PutInlinePolicyToPermissionSet (PutInlinePolicyToPermissionSet'),
+    newPutInlinePolicyToPermissionSet,
+    PutInlinePolicyToPermissionSetResponse (PutInlinePolicyToPermissionSetResponse'),
+    newPutInlinePolicyToPermissionSetResponse,
+
+    -- ** PutPermissionsBoundaryToPermissionSet
+    PutPermissionsBoundaryToPermissionSet (PutPermissionsBoundaryToPermissionSet'),
+    newPutPermissionsBoundaryToPermissionSet,
+    PutPermissionsBoundaryToPermissionSetResponse (PutPermissionsBoundaryToPermissionSetResponse'),
+    newPutPermissionsBoundaryToPermissionSetResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateInstanceAccessControlAttributeConfiguration
+    UpdateInstanceAccessControlAttributeConfiguration (UpdateInstanceAccessControlAttributeConfiguration'),
+    newUpdateInstanceAccessControlAttributeConfiguration,
+    UpdateInstanceAccessControlAttributeConfigurationResponse (UpdateInstanceAccessControlAttributeConfigurationResponse'),
+    newUpdateInstanceAccessControlAttributeConfigurationResponse,
+
+    -- ** UpdatePermissionSet
+    UpdatePermissionSet (UpdatePermissionSet'),
+    newUpdatePermissionSet,
+    UpdatePermissionSetResponse (UpdatePermissionSetResponse'),
+    newUpdatePermissionSetResponse,
+
+    -- * Types
+
+    -- ** InstanceAccessControlAttributeConfigurationStatus
+    InstanceAccessControlAttributeConfigurationStatus (..),
+
+    -- ** PrincipalType
+    PrincipalType (..),
+
+    -- ** ProvisionTargetType
+    ProvisionTargetType (..),
+
+    -- ** ProvisioningStatus
+    ProvisioningStatus (..),
+
+    -- ** StatusValues
+    StatusValues (..),
+
+    -- ** TargetType
+    TargetType (..),
+
+    -- ** AccessControlAttribute
+    AccessControlAttribute (AccessControlAttribute'),
+    newAccessControlAttribute,
+
+    -- ** AccessControlAttributeValue
+    AccessControlAttributeValue (AccessControlAttributeValue'),
+    newAccessControlAttributeValue,
+
+    -- ** AccountAssignment
+    AccountAssignment (AccountAssignment'),
+    newAccountAssignment,
+
+    -- ** AccountAssignmentOperationStatus
+    AccountAssignmentOperationStatus (AccountAssignmentOperationStatus'),
+    newAccountAssignmentOperationStatus,
+
+    -- ** AccountAssignmentOperationStatusMetadata
+    AccountAssignmentOperationStatusMetadata (AccountAssignmentOperationStatusMetadata'),
+    newAccountAssignmentOperationStatusMetadata,
+
+    -- ** AttachedManagedPolicy
+    AttachedManagedPolicy (AttachedManagedPolicy'),
+    newAttachedManagedPolicy,
+
+    -- ** CustomerManagedPolicyReference
+    CustomerManagedPolicyReference (CustomerManagedPolicyReference'),
+    newCustomerManagedPolicyReference,
+
+    -- ** InstanceAccessControlAttributeConfiguration
+    InstanceAccessControlAttributeConfiguration (InstanceAccessControlAttributeConfiguration'),
+    newInstanceAccessControlAttributeConfiguration,
+
+    -- ** InstanceMetadata
+    InstanceMetadata (InstanceMetadata'),
+    newInstanceMetadata,
+
+    -- ** OperationStatusFilter
+    OperationStatusFilter (OperationStatusFilter'),
+    newOperationStatusFilter,
+
+    -- ** PermissionSet
+    PermissionSet (PermissionSet'),
+    newPermissionSet,
+
+    -- ** PermissionSetProvisioningStatus
+    PermissionSetProvisioningStatus (PermissionSetProvisioningStatus'),
+    newPermissionSetProvisioningStatus,
+
+    -- ** PermissionSetProvisioningStatusMetadata
+    PermissionSetProvisioningStatusMetadata (PermissionSetProvisioningStatusMetadata'),
+    newPermissionSetProvisioningStatusMetadata,
+
+    -- ** PermissionsBoundary
+    PermissionsBoundary (PermissionsBoundary'),
+    newPermissionsBoundary,
+
+    -- ** Tag
+    Tag (Tag'),
+    newTag,
+  )
+where
+
+import Amazonka.SSOAdmin.AttachCustomerManagedPolicyReferenceToPermissionSet
+import Amazonka.SSOAdmin.AttachManagedPolicyToPermissionSet
+import Amazonka.SSOAdmin.CreateAccountAssignment
+import Amazonka.SSOAdmin.CreateInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.CreatePermissionSet
+import Amazonka.SSOAdmin.DeleteAccountAssignment
+import Amazonka.SSOAdmin.DeleteInlinePolicyFromPermissionSet
+import Amazonka.SSOAdmin.DeleteInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.DeletePermissionSet
+import Amazonka.SSOAdmin.DeletePermissionsBoundaryFromPermissionSet
+import Amazonka.SSOAdmin.DescribeAccountAssignmentCreationStatus
+import Amazonka.SSOAdmin.DescribeAccountAssignmentDeletionStatus
+import Amazonka.SSOAdmin.DescribeInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.DescribePermissionSet
+import Amazonka.SSOAdmin.DescribePermissionSetProvisioningStatus
+import Amazonka.SSOAdmin.DetachCustomerManagedPolicyReferenceFromPermissionSet
+import Amazonka.SSOAdmin.DetachManagedPolicyFromPermissionSet
+import Amazonka.SSOAdmin.GetInlinePolicyForPermissionSet
+import Amazonka.SSOAdmin.GetPermissionsBoundaryForPermissionSet
+import Amazonka.SSOAdmin.Lens
+import Amazonka.SSOAdmin.ListAccountAssignmentCreationStatus
+import Amazonka.SSOAdmin.ListAccountAssignmentDeletionStatus
+import Amazonka.SSOAdmin.ListAccountAssignments
+import Amazonka.SSOAdmin.ListAccountsForProvisionedPermissionSet
+import Amazonka.SSOAdmin.ListCustomerManagedPolicyReferencesInPermissionSet
+import Amazonka.SSOAdmin.ListInstances
+import Amazonka.SSOAdmin.ListManagedPoliciesInPermissionSet
+import Amazonka.SSOAdmin.ListPermissionSetProvisioningStatus
+import Amazonka.SSOAdmin.ListPermissionSets
+import Amazonka.SSOAdmin.ListPermissionSetsProvisionedToAccount
+import Amazonka.SSOAdmin.ListTagsForResource
+import Amazonka.SSOAdmin.ProvisionPermissionSet
+import Amazonka.SSOAdmin.PutInlinePolicyToPermissionSet
+import Amazonka.SSOAdmin.PutPermissionsBoundaryToPermissionSet
+import Amazonka.SSOAdmin.TagResource
+import Amazonka.SSOAdmin.Types
+import Amazonka.SSOAdmin.UntagResource
+import Amazonka.SSOAdmin.UpdateInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.UpdatePermissionSet
+import Amazonka.SSOAdmin.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'SSOAdmin'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/SSOAdmin/AttachCustomerManagedPolicyReferenceToPermissionSet.hs b/gen/Amazonka/SSOAdmin/AttachCustomerManagedPolicyReferenceToPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/AttachCustomerManagedPolicyReferenceToPermissionSet.hs
@@ -0,0 +1,242 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.AttachCustomerManagedPolicyReferenceToPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Attaches the specified customer managed policy to the specified
+-- PermissionSet.
+module Amazonka.SSOAdmin.AttachCustomerManagedPolicyReferenceToPermissionSet
+  ( -- * Creating a Request
+    AttachCustomerManagedPolicyReferenceToPermissionSet (..),
+    newAttachCustomerManagedPolicyReferenceToPermissionSet,
+
+    -- * Request Lenses
+    attachCustomerManagedPolicyReferenceToPermissionSet_instanceArn,
+    attachCustomerManagedPolicyReferenceToPermissionSet_permissionSetArn,
+    attachCustomerManagedPolicyReferenceToPermissionSet_customerManagedPolicyReference,
+
+    -- * Destructuring the Response
+    AttachCustomerManagedPolicyReferenceToPermissionSetResponse (..),
+    newAttachCustomerManagedPolicyReferenceToPermissionSetResponse,
+
+    -- * Response Lenses
+    attachCustomerManagedPolicyReferenceToPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newAttachCustomerManagedPolicyReferenceToPermissionSet' smart constructor.
+data AttachCustomerManagedPolicyReferenceToPermissionSet = AttachCustomerManagedPolicyReferenceToPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the @PermissionSet@.
+    permissionSetArn :: Prelude.Text,
+    -- | Specifies the name and path of a customer managed policy. You must have
+    -- an IAM policy that matches the name and path in each AWS account where
+    -- you want to deploy your permission set.
+    customerManagedPolicyReference :: CustomerManagedPolicyReference
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttachCustomerManagedPolicyReferenceToPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'attachCustomerManagedPolicyReferenceToPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'permissionSetArn', 'attachCustomerManagedPolicyReferenceToPermissionSet_permissionSetArn' - The ARN of the @PermissionSet@.
+--
+-- 'customerManagedPolicyReference', 'attachCustomerManagedPolicyReferenceToPermissionSet_customerManagedPolicyReference' - Specifies the name and path of a customer managed policy. You must have
+-- an IAM policy that matches the name and path in each AWS account where
+-- you want to deploy your permission set.
+newAttachCustomerManagedPolicyReferenceToPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'customerManagedPolicyReference'
+  CustomerManagedPolicyReference ->
+  AttachCustomerManagedPolicyReferenceToPermissionSet
+newAttachCustomerManagedPolicyReferenceToPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_
+  pCustomerManagedPolicyReference_ =
+    AttachCustomerManagedPolicyReferenceToPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn =
+          pPermissionSetArn_,
+        customerManagedPolicyReference =
+          pCustomerManagedPolicyReference_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+attachCustomerManagedPolicyReferenceToPermissionSet_instanceArn :: Lens.Lens' AttachCustomerManagedPolicyReferenceToPermissionSet Prelude.Text
+attachCustomerManagedPolicyReferenceToPermissionSet_instanceArn = Lens.lens (\AttachCustomerManagedPolicyReferenceToPermissionSet' {instanceArn} -> instanceArn) (\s@AttachCustomerManagedPolicyReferenceToPermissionSet' {} a -> s {instanceArn = a} :: AttachCustomerManagedPolicyReferenceToPermissionSet)
+
+-- | The ARN of the @PermissionSet@.
+attachCustomerManagedPolicyReferenceToPermissionSet_permissionSetArn :: Lens.Lens' AttachCustomerManagedPolicyReferenceToPermissionSet Prelude.Text
+attachCustomerManagedPolicyReferenceToPermissionSet_permissionSetArn = Lens.lens (\AttachCustomerManagedPolicyReferenceToPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@AttachCustomerManagedPolicyReferenceToPermissionSet' {} a -> s {permissionSetArn = a} :: AttachCustomerManagedPolicyReferenceToPermissionSet)
+
+-- | Specifies the name and path of a customer managed policy. You must have
+-- an IAM policy that matches the name and path in each AWS account where
+-- you want to deploy your permission set.
+attachCustomerManagedPolicyReferenceToPermissionSet_customerManagedPolicyReference :: Lens.Lens' AttachCustomerManagedPolicyReferenceToPermissionSet CustomerManagedPolicyReference
+attachCustomerManagedPolicyReferenceToPermissionSet_customerManagedPolicyReference = Lens.lens (\AttachCustomerManagedPolicyReferenceToPermissionSet' {customerManagedPolicyReference} -> customerManagedPolicyReference) (\s@AttachCustomerManagedPolicyReferenceToPermissionSet' {} a -> s {customerManagedPolicyReference = a} :: AttachCustomerManagedPolicyReferenceToPermissionSet)
+
+instance
+  Core.AWSRequest
+    AttachCustomerManagedPolicyReferenceToPermissionSet
+  where
+  type
+    AWSResponse
+      AttachCustomerManagedPolicyReferenceToPermissionSet =
+      AttachCustomerManagedPolicyReferenceToPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AttachCustomerManagedPolicyReferenceToPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    AttachCustomerManagedPolicyReferenceToPermissionSet
+  where
+  hashWithSalt
+    _salt
+    AttachCustomerManagedPolicyReferenceToPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` customerManagedPolicyReference
+
+instance
+  Prelude.NFData
+    AttachCustomerManagedPolicyReferenceToPermissionSet
+  where
+  rnf
+    AttachCustomerManagedPolicyReferenceToPermissionSet' {..} =
+      Prelude.rnf instanceArn
+        `Prelude.seq` Prelude.rnf permissionSetArn
+        `Prelude.seq` Prelude.rnf customerManagedPolicyReference
+
+instance
+  Data.ToHeaders
+    AttachCustomerManagedPolicyReferenceToPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.AttachCustomerManagedPolicyReferenceToPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    AttachCustomerManagedPolicyReferenceToPermissionSet
+  where
+  toJSON
+    AttachCustomerManagedPolicyReferenceToPermissionSet' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+              Prelude.Just
+                ("PermissionSetArn" Data..= permissionSetArn),
+              Prelude.Just
+                ( "CustomerManagedPolicyReference"
+                    Data..= customerManagedPolicyReference
+                )
+            ]
+        )
+
+instance
+  Data.ToPath
+    AttachCustomerManagedPolicyReferenceToPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    AttachCustomerManagedPolicyReferenceToPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAttachCustomerManagedPolicyReferenceToPermissionSetResponse' smart constructor.
+data AttachCustomerManagedPolicyReferenceToPermissionSetResponse = AttachCustomerManagedPolicyReferenceToPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttachCustomerManagedPolicyReferenceToPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'attachCustomerManagedPolicyReferenceToPermissionSetResponse_httpStatus' - The response's http status code.
+newAttachCustomerManagedPolicyReferenceToPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AttachCustomerManagedPolicyReferenceToPermissionSetResponse
+newAttachCustomerManagedPolicyReferenceToPermissionSetResponse
+  pHttpStatus_ =
+    AttachCustomerManagedPolicyReferenceToPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+attachCustomerManagedPolicyReferenceToPermissionSetResponse_httpStatus :: Lens.Lens' AttachCustomerManagedPolicyReferenceToPermissionSetResponse Prelude.Int
+attachCustomerManagedPolicyReferenceToPermissionSetResponse_httpStatus = Lens.lens (\AttachCustomerManagedPolicyReferenceToPermissionSetResponse' {httpStatus} -> httpStatus) (\s@AttachCustomerManagedPolicyReferenceToPermissionSetResponse' {} a -> s {httpStatus = a} :: AttachCustomerManagedPolicyReferenceToPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    AttachCustomerManagedPolicyReferenceToPermissionSetResponse
+  where
+  rnf
+    AttachCustomerManagedPolicyReferenceToPermissionSetResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/AttachManagedPolicyToPermissionSet.hs b/gen/Amazonka/SSOAdmin/AttachManagedPolicyToPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/AttachManagedPolicyToPermissionSet.hs
@@ -0,0 +1,241 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.AttachManagedPolicyToPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Attaches an AWS managed policy ARN to a permission set.
+--
+-- If the permission set is already referenced by one or more account
+-- assignments, you will need to call @ @@ProvisionPermissionSet@@ @ after
+-- this operation. Calling @ProvisionPermissionSet@ applies the
+-- corresponding IAM policy updates to all assigned accounts.
+module Amazonka.SSOAdmin.AttachManagedPolicyToPermissionSet
+  ( -- * Creating a Request
+    AttachManagedPolicyToPermissionSet (..),
+    newAttachManagedPolicyToPermissionSet,
+
+    -- * Request Lenses
+    attachManagedPolicyToPermissionSet_instanceArn,
+    attachManagedPolicyToPermissionSet_permissionSetArn,
+    attachManagedPolicyToPermissionSet_managedPolicyArn,
+
+    -- * Destructuring the Response
+    AttachManagedPolicyToPermissionSetResponse (..),
+    newAttachManagedPolicyToPermissionSetResponse,
+
+    -- * Response Lenses
+    attachManagedPolicyToPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newAttachManagedPolicyToPermissionSet' smart constructor.
+data AttachManagedPolicyToPermissionSet = AttachManagedPolicyToPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the PermissionSet that the managed policy should be attached
+    -- to.
+    permissionSetArn :: Prelude.Text,
+    -- | The AWS managed policy ARN to be attached to a permission set.
+    managedPolicyArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttachManagedPolicyToPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'attachManagedPolicyToPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'attachManagedPolicyToPermissionSet_permissionSetArn' - The ARN of the PermissionSet that the managed policy should be attached
+-- to.
+--
+-- 'managedPolicyArn', 'attachManagedPolicyToPermissionSet_managedPolicyArn' - The AWS managed policy ARN to be attached to a permission set.
+newAttachManagedPolicyToPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'managedPolicyArn'
+  Prelude.Text ->
+  AttachManagedPolicyToPermissionSet
+newAttachManagedPolicyToPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_
+  pManagedPolicyArn_ =
+    AttachManagedPolicyToPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_,
+        managedPolicyArn = pManagedPolicyArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+attachManagedPolicyToPermissionSet_instanceArn :: Lens.Lens' AttachManagedPolicyToPermissionSet Prelude.Text
+attachManagedPolicyToPermissionSet_instanceArn = Lens.lens (\AttachManagedPolicyToPermissionSet' {instanceArn} -> instanceArn) (\s@AttachManagedPolicyToPermissionSet' {} a -> s {instanceArn = a} :: AttachManagedPolicyToPermissionSet)
+
+-- | The ARN of the PermissionSet that the managed policy should be attached
+-- to.
+attachManagedPolicyToPermissionSet_permissionSetArn :: Lens.Lens' AttachManagedPolicyToPermissionSet Prelude.Text
+attachManagedPolicyToPermissionSet_permissionSetArn = Lens.lens (\AttachManagedPolicyToPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@AttachManagedPolicyToPermissionSet' {} a -> s {permissionSetArn = a} :: AttachManagedPolicyToPermissionSet)
+
+-- | The AWS managed policy ARN to be attached to a permission set.
+attachManagedPolicyToPermissionSet_managedPolicyArn :: Lens.Lens' AttachManagedPolicyToPermissionSet Prelude.Text
+attachManagedPolicyToPermissionSet_managedPolicyArn = Lens.lens (\AttachManagedPolicyToPermissionSet' {managedPolicyArn} -> managedPolicyArn) (\s@AttachManagedPolicyToPermissionSet' {} a -> s {managedPolicyArn = a} :: AttachManagedPolicyToPermissionSet)
+
+instance
+  Core.AWSRequest
+    AttachManagedPolicyToPermissionSet
+  where
+  type
+    AWSResponse AttachManagedPolicyToPermissionSet =
+      AttachManagedPolicyToPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AttachManagedPolicyToPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    AttachManagedPolicyToPermissionSet
+  where
+  hashWithSalt
+    _salt
+    AttachManagedPolicyToPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` managedPolicyArn
+
+instance
+  Prelude.NFData
+    AttachManagedPolicyToPermissionSet
+  where
+  rnf AttachManagedPolicyToPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf managedPolicyArn
+
+instance
+  Data.ToHeaders
+    AttachManagedPolicyToPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.AttachManagedPolicyToPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    AttachManagedPolicyToPermissionSet
+  where
+  toJSON AttachManagedPolicyToPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn),
+            Prelude.Just
+              ("ManagedPolicyArn" Data..= managedPolicyArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    AttachManagedPolicyToPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    AttachManagedPolicyToPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAttachManagedPolicyToPermissionSetResponse' smart constructor.
+data AttachManagedPolicyToPermissionSetResponse = AttachManagedPolicyToPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttachManagedPolicyToPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'attachManagedPolicyToPermissionSetResponse_httpStatus' - The response's http status code.
+newAttachManagedPolicyToPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AttachManagedPolicyToPermissionSetResponse
+newAttachManagedPolicyToPermissionSetResponse
+  pHttpStatus_ =
+    AttachManagedPolicyToPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+attachManagedPolicyToPermissionSetResponse_httpStatus :: Lens.Lens' AttachManagedPolicyToPermissionSetResponse Prelude.Int
+attachManagedPolicyToPermissionSetResponse_httpStatus = Lens.lens (\AttachManagedPolicyToPermissionSetResponse' {httpStatus} -> httpStatus) (\s@AttachManagedPolicyToPermissionSetResponse' {} a -> s {httpStatus = a} :: AttachManagedPolicyToPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    AttachManagedPolicyToPermissionSetResponse
+  where
+  rnf AttachManagedPolicyToPermissionSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/CreateAccountAssignment.hs b/gen/Amazonka/SSOAdmin/CreateAccountAssignment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/CreateAccountAssignment.hs
@@ -0,0 +1,302 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.CreateAccountAssignment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Assigns access to a principal for a specified AWS account using a
+-- specified permission set.
+--
+-- The term /principal/ here refers to a user or group that is defined in
+-- IAM Identity Center.
+--
+-- As part of a successful @CreateAccountAssignment@ call, the specified
+-- permission set will automatically be provisioned to the account in the
+-- form of an IAM policy. That policy is attached to the IAM role created
+-- in IAM Identity Center. If the permission set is subsequently updated,
+-- the corresponding IAM policies attached to roles in your accounts will
+-- not be updated automatically. In this case, you must call
+-- @ @@ProvisionPermissionSet@@ @ to make these updates.
+--
+-- After a successful response, call
+-- @DescribeAccountAssignmentCreationStatus@ to describe the status of an
+-- assignment creation request.
+module Amazonka.SSOAdmin.CreateAccountAssignment
+  ( -- * Creating a Request
+    CreateAccountAssignment (..),
+    newCreateAccountAssignment,
+
+    -- * Request Lenses
+    createAccountAssignment_instanceArn,
+    createAccountAssignment_targetId,
+    createAccountAssignment_targetType,
+    createAccountAssignment_permissionSetArn,
+    createAccountAssignment_principalType,
+    createAccountAssignment_principalId,
+
+    -- * Destructuring the Response
+    CreateAccountAssignmentResponse (..),
+    newCreateAccountAssignmentResponse,
+
+    -- * Response Lenses
+    createAccountAssignmentResponse_accountAssignmentCreationStatus,
+    createAccountAssignmentResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newCreateAccountAssignment' smart constructor.
+data CreateAccountAssignment = CreateAccountAssignment'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | TargetID is an AWS account identifier, typically a 10-12 digit string
+    -- (For example, 123456789012).
+    targetId :: Prelude.Text,
+    -- | The entity type for which the assignment will be created.
+    targetType :: TargetType,
+    -- | The ARN of the permission set that the admin wants to grant the
+    -- principal access to.
+    permissionSetArn :: Prelude.Text,
+    -- | The entity type for which the assignment will be created.
+    principalType :: PrincipalType,
+    -- | An identifier for an object in IAM Identity Center, such as a user or
+    -- group. PrincipalIds are GUIDs (For example,
+    -- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    -- PrincipalIds in IAM Identity Center, see the
+    -- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+    principalId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateAccountAssignment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'createAccountAssignment_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'targetId', 'createAccountAssignment_targetId' - TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+--
+-- 'targetType', 'createAccountAssignment_targetType' - The entity type for which the assignment will be created.
+--
+-- 'permissionSetArn', 'createAccountAssignment_permissionSetArn' - The ARN of the permission set that the admin wants to grant the
+-- principal access to.
+--
+-- 'principalType', 'createAccountAssignment_principalType' - The entity type for which the assignment will be created.
+--
+-- 'principalId', 'createAccountAssignment_principalId' - An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+newCreateAccountAssignment ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'targetId'
+  Prelude.Text ->
+  -- | 'targetType'
+  TargetType ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'principalType'
+  PrincipalType ->
+  -- | 'principalId'
+  Prelude.Text ->
+  CreateAccountAssignment
+newCreateAccountAssignment
+  pInstanceArn_
+  pTargetId_
+  pTargetType_
+  pPermissionSetArn_
+  pPrincipalType_
+  pPrincipalId_ =
+    CreateAccountAssignment'
+      { instanceArn =
+          pInstanceArn_,
+        targetId = pTargetId_,
+        targetType = pTargetType_,
+        permissionSetArn = pPermissionSetArn_,
+        principalType = pPrincipalType_,
+        principalId = pPrincipalId_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+createAccountAssignment_instanceArn :: Lens.Lens' CreateAccountAssignment Prelude.Text
+createAccountAssignment_instanceArn = Lens.lens (\CreateAccountAssignment' {instanceArn} -> instanceArn) (\s@CreateAccountAssignment' {} a -> s {instanceArn = a} :: CreateAccountAssignment)
+
+-- | TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+createAccountAssignment_targetId :: Lens.Lens' CreateAccountAssignment Prelude.Text
+createAccountAssignment_targetId = Lens.lens (\CreateAccountAssignment' {targetId} -> targetId) (\s@CreateAccountAssignment' {} a -> s {targetId = a} :: CreateAccountAssignment)
+
+-- | The entity type for which the assignment will be created.
+createAccountAssignment_targetType :: Lens.Lens' CreateAccountAssignment TargetType
+createAccountAssignment_targetType = Lens.lens (\CreateAccountAssignment' {targetType} -> targetType) (\s@CreateAccountAssignment' {} a -> s {targetType = a} :: CreateAccountAssignment)
+
+-- | The ARN of the permission set that the admin wants to grant the
+-- principal access to.
+createAccountAssignment_permissionSetArn :: Lens.Lens' CreateAccountAssignment Prelude.Text
+createAccountAssignment_permissionSetArn = Lens.lens (\CreateAccountAssignment' {permissionSetArn} -> permissionSetArn) (\s@CreateAccountAssignment' {} a -> s {permissionSetArn = a} :: CreateAccountAssignment)
+
+-- | The entity type for which the assignment will be created.
+createAccountAssignment_principalType :: Lens.Lens' CreateAccountAssignment PrincipalType
+createAccountAssignment_principalType = Lens.lens (\CreateAccountAssignment' {principalType} -> principalType) (\s@CreateAccountAssignment' {} a -> s {principalType = a} :: CreateAccountAssignment)
+
+-- | An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+createAccountAssignment_principalId :: Lens.Lens' CreateAccountAssignment Prelude.Text
+createAccountAssignment_principalId = Lens.lens (\CreateAccountAssignment' {principalId} -> principalId) (\s@CreateAccountAssignment' {} a -> s {principalId = a} :: CreateAccountAssignment)
+
+instance Core.AWSRequest CreateAccountAssignment where
+  type
+    AWSResponse CreateAccountAssignment =
+      CreateAccountAssignmentResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateAccountAssignmentResponse'
+            Prelude.<$> (x Data..?> "AccountAssignmentCreationStatus")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateAccountAssignment where
+  hashWithSalt _salt CreateAccountAssignment' {..} =
+    _salt
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` targetId
+      `Prelude.hashWithSalt` targetType
+      `Prelude.hashWithSalt` permissionSetArn
+      `Prelude.hashWithSalt` principalType
+      `Prelude.hashWithSalt` principalId
+
+instance Prelude.NFData CreateAccountAssignment where
+  rnf CreateAccountAssignment' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf targetId
+      `Prelude.seq` Prelude.rnf targetType
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf principalType
+      `Prelude.seq` Prelude.rnf principalId
+
+instance Data.ToHeaders CreateAccountAssignment where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.CreateAccountAssignment" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateAccountAssignment where
+  toJSON CreateAccountAssignment' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just ("TargetId" Data..= targetId),
+            Prelude.Just ("TargetType" Data..= targetType),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn),
+            Prelude.Just ("PrincipalType" Data..= principalType),
+            Prelude.Just ("PrincipalId" Data..= principalId)
+          ]
+      )
+
+instance Data.ToPath CreateAccountAssignment where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateAccountAssignment where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateAccountAssignmentResponse' smart constructor.
+data CreateAccountAssignmentResponse = CreateAccountAssignmentResponse'
+  { -- | The status object for the account assignment creation operation.
+    accountAssignmentCreationStatus :: Prelude.Maybe AccountAssignmentOperationStatus,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateAccountAssignmentResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAssignmentCreationStatus', 'createAccountAssignmentResponse_accountAssignmentCreationStatus' - The status object for the account assignment creation operation.
+--
+-- 'httpStatus', 'createAccountAssignmentResponse_httpStatus' - The response's http status code.
+newCreateAccountAssignmentResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateAccountAssignmentResponse
+newCreateAccountAssignmentResponse pHttpStatus_ =
+  CreateAccountAssignmentResponse'
+    { accountAssignmentCreationStatus =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The status object for the account assignment creation operation.
+createAccountAssignmentResponse_accountAssignmentCreationStatus :: Lens.Lens' CreateAccountAssignmentResponse (Prelude.Maybe AccountAssignmentOperationStatus)
+createAccountAssignmentResponse_accountAssignmentCreationStatus = Lens.lens (\CreateAccountAssignmentResponse' {accountAssignmentCreationStatus} -> accountAssignmentCreationStatus) (\s@CreateAccountAssignmentResponse' {} a -> s {accountAssignmentCreationStatus = a} :: CreateAccountAssignmentResponse)
+
+-- | The response's http status code.
+createAccountAssignmentResponse_httpStatus :: Lens.Lens' CreateAccountAssignmentResponse Prelude.Int
+createAccountAssignmentResponse_httpStatus = Lens.lens (\CreateAccountAssignmentResponse' {httpStatus} -> httpStatus) (\s@CreateAccountAssignmentResponse' {} a -> s {httpStatus = a} :: CreateAccountAssignmentResponse)
+
+instance
+  Prelude.NFData
+    CreateAccountAssignmentResponse
+  where
+  rnf CreateAccountAssignmentResponse' {..} =
+    Prelude.rnf accountAssignmentCreationStatus
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/CreateInstanceAccessControlAttributeConfiguration.hs b/gen/Amazonka/SSOAdmin/CreateInstanceAccessControlAttributeConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/CreateInstanceAccessControlAttributeConfiguration.hs
@@ -0,0 +1,245 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.CreateInstanceAccessControlAttributeConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables the attributes-based access control (ABAC) feature for the
+-- specified IAM Identity Center instance. You can also specify new
+-- attributes to add to your ABAC configuration during the enabling
+-- process. For more information about ABAC, see
+-- </singlesignon/latest/userguide/abac.html Attribute-Based Access Control>
+-- in the /IAM Identity Center User Guide/.
+--
+-- After a successful response, call
+-- @DescribeInstanceAccessControlAttributeConfiguration@ to validate that
+-- @InstanceAccessControlAttributeConfiguration@ was created.
+module Amazonka.SSOAdmin.CreateInstanceAccessControlAttributeConfiguration
+  ( -- * Creating a Request
+    CreateInstanceAccessControlAttributeConfiguration (..),
+    newCreateInstanceAccessControlAttributeConfiguration,
+
+    -- * Request Lenses
+    createInstanceAccessControlAttributeConfiguration_instanceArn,
+    createInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration,
+
+    -- * Destructuring the Response
+    CreateInstanceAccessControlAttributeConfigurationResponse (..),
+    newCreateInstanceAccessControlAttributeConfigurationResponse,
+
+    -- * Response Lenses
+    createInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newCreateInstanceAccessControlAttributeConfiguration' smart constructor.
+data CreateInstanceAccessControlAttributeConfiguration = CreateInstanceAccessControlAttributeConfiguration'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | Specifies the IAM Identity Center identity store attributes to add to
+    -- your ABAC configuration. When using an external identity provider as an
+    -- identity source, you can pass attributes through the SAML assertion.
+    -- Doing so provides an alternative to configuring attributes from the IAM
+    -- Identity Center identity store. If a SAML assertion passes any of these
+    -- attributes, IAM Identity Center will replace the attribute value with
+    -- the value from the IAM Identity Center identity store.
+    instanceAccessControlAttributeConfiguration :: InstanceAccessControlAttributeConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateInstanceAccessControlAttributeConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'createInstanceAccessControlAttributeConfiguration_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'instanceAccessControlAttributeConfiguration', 'createInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration' - Specifies the IAM Identity Center identity store attributes to add to
+-- your ABAC configuration. When using an external identity provider as an
+-- identity source, you can pass attributes through the SAML assertion.
+-- Doing so provides an alternative to configuring attributes from the IAM
+-- Identity Center identity store. If a SAML assertion passes any of these
+-- attributes, IAM Identity Center will replace the attribute value with
+-- the value from the IAM Identity Center identity store.
+newCreateInstanceAccessControlAttributeConfiguration ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'instanceAccessControlAttributeConfiguration'
+  InstanceAccessControlAttributeConfiguration ->
+  CreateInstanceAccessControlAttributeConfiguration
+newCreateInstanceAccessControlAttributeConfiguration
+  pInstanceArn_
+  pInstanceAccessControlAttributeConfiguration_ =
+    CreateInstanceAccessControlAttributeConfiguration'
+      { instanceArn =
+          pInstanceArn_,
+        instanceAccessControlAttributeConfiguration =
+          pInstanceAccessControlAttributeConfiguration_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+createInstanceAccessControlAttributeConfiguration_instanceArn :: Lens.Lens' CreateInstanceAccessControlAttributeConfiguration Prelude.Text
+createInstanceAccessControlAttributeConfiguration_instanceArn = Lens.lens (\CreateInstanceAccessControlAttributeConfiguration' {instanceArn} -> instanceArn) (\s@CreateInstanceAccessControlAttributeConfiguration' {} a -> s {instanceArn = a} :: CreateInstanceAccessControlAttributeConfiguration)
+
+-- | Specifies the IAM Identity Center identity store attributes to add to
+-- your ABAC configuration. When using an external identity provider as an
+-- identity source, you can pass attributes through the SAML assertion.
+-- Doing so provides an alternative to configuring attributes from the IAM
+-- Identity Center identity store. If a SAML assertion passes any of these
+-- attributes, IAM Identity Center will replace the attribute value with
+-- the value from the IAM Identity Center identity store.
+createInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration :: Lens.Lens' CreateInstanceAccessControlAttributeConfiguration InstanceAccessControlAttributeConfiguration
+createInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration = Lens.lens (\CreateInstanceAccessControlAttributeConfiguration' {instanceAccessControlAttributeConfiguration} -> instanceAccessControlAttributeConfiguration) (\s@CreateInstanceAccessControlAttributeConfiguration' {} a -> s {instanceAccessControlAttributeConfiguration = a} :: CreateInstanceAccessControlAttributeConfiguration)
+
+instance
+  Core.AWSRequest
+    CreateInstanceAccessControlAttributeConfiguration
+  where
+  type
+    AWSResponse
+      CreateInstanceAccessControlAttributeConfiguration =
+      CreateInstanceAccessControlAttributeConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          CreateInstanceAccessControlAttributeConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    CreateInstanceAccessControlAttributeConfiguration
+  where
+  hashWithSalt
+    _salt
+    CreateInstanceAccessControlAttributeConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` instanceAccessControlAttributeConfiguration
+
+instance
+  Prelude.NFData
+    CreateInstanceAccessControlAttributeConfiguration
+  where
+  rnf
+    CreateInstanceAccessControlAttributeConfiguration' {..} =
+      Prelude.rnf instanceArn
+        `Prelude.seq` Prelude.rnf
+          instanceAccessControlAttributeConfiguration
+
+instance
+  Data.ToHeaders
+    CreateInstanceAccessControlAttributeConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.CreateInstanceAccessControlAttributeConfiguration" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    CreateInstanceAccessControlAttributeConfiguration
+  where
+  toJSON
+    CreateInstanceAccessControlAttributeConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+              Prelude.Just
+                ( "InstanceAccessControlAttributeConfiguration"
+                    Data..= instanceAccessControlAttributeConfiguration
+                )
+            ]
+        )
+
+instance
+  Data.ToPath
+    CreateInstanceAccessControlAttributeConfiguration
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    CreateInstanceAccessControlAttributeConfiguration
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateInstanceAccessControlAttributeConfigurationResponse' smart constructor.
+data CreateInstanceAccessControlAttributeConfigurationResponse = CreateInstanceAccessControlAttributeConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateInstanceAccessControlAttributeConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createInstanceAccessControlAttributeConfigurationResponse_httpStatus' - The response's http status code.
+newCreateInstanceAccessControlAttributeConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateInstanceAccessControlAttributeConfigurationResponse
+newCreateInstanceAccessControlAttributeConfigurationResponse
+  pHttpStatus_ =
+    CreateInstanceAccessControlAttributeConfigurationResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+createInstanceAccessControlAttributeConfigurationResponse_httpStatus :: Lens.Lens' CreateInstanceAccessControlAttributeConfigurationResponse Prelude.Int
+createInstanceAccessControlAttributeConfigurationResponse_httpStatus = Lens.lens (\CreateInstanceAccessControlAttributeConfigurationResponse' {httpStatus} -> httpStatus) (\s@CreateInstanceAccessControlAttributeConfigurationResponse' {} a -> s {httpStatus = a} :: CreateInstanceAccessControlAttributeConfigurationResponse)
+
+instance
+  Prelude.NFData
+    CreateInstanceAccessControlAttributeConfigurationResponse
+  where
+  rnf
+    CreateInstanceAccessControlAttributeConfigurationResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/CreatePermissionSet.hs b/gen/Amazonka/SSOAdmin/CreatePermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/CreatePermissionSet.hs
@@ -0,0 +1,260 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.CreatePermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a permission set within a specified IAM Identity Center
+-- instance.
+--
+-- To grant users and groups access to AWS account resources, use
+-- @ @@CreateAccountAssignment@@ @.
+module Amazonka.SSOAdmin.CreatePermissionSet
+  ( -- * Creating a Request
+    CreatePermissionSet (..),
+    newCreatePermissionSet,
+
+    -- * Request Lenses
+    createPermissionSet_description,
+    createPermissionSet_relayState,
+    createPermissionSet_sessionDuration,
+    createPermissionSet_tags,
+    createPermissionSet_name,
+    createPermissionSet_instanceArn,
+
+    -- * Destructuring the Response
+    CreatePermissionSetResponse (..),
+    newCreatePermissionSetResponse,
+
+    -- * Response Lenses
+    createPermissionSetResponse_permissionSet,
+    createPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newCreatePermissionSet' smart constructor.
+data CreatePermissionSet = CreatePermissionSet'
+  { -- | The description of the PermissionSet.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Used to redirect users within the application during the federation
+    -- authentication process.
+    relayState :: Prelude.Maybe Prelude.Text,
+    -- | The length of time that the application user sessions are valid in the
+    -- ISO-8601 standard.
+    sessionDuration :: Prelude.Maybe Prelude.Text,
+    -- | The tags to attach to the new PermissionSet.
+    tags :: Prelude.Maybe [Tag],
+    -- | The name of the PermissionSet.
+    name :: Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreatePermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'createPermissionSet_description' - The description of the PermissionSet.
+--
+-- 'relayState', 'createPermissionSet_relayState' - Used to redirect users within the application during the federation
+-- authentication process.
+--
+-- 'sessionDuration', 'createPermissionSet_sessionDuration' - The length of time that the application user sessions are valid in the
+-- ISO-8601 standard.
+--
+-- 'tags', 'createPermissionSet_tags' - The tags to attach to the new PermissionSet.
+--
+-- 'name', 'createPermissionSet_name' - The name of the PermissionSet.
+--
+-- 'instanceArn', 'createPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+newCreatePermissionSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'instanceArn'
+  Prelude.Text ->
+  CreatePermissionSet
+newCreatePermissionSet pName_ pInstanceArn_ =
+  CreatePermissionSet'
+    { description = Prelude.Nothing,
+      relayState = Prelude.Nothing,
+      sessionDuration = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      name = pName_,
+      instanceArn = pInstanceArn_
+    }
+
+-- | The description of the PermissionSet.
+createPermissionSet_description :: Lens.Lens' CreatePermissionSet (Prelude.Maybe Prelude.Text)
+createPermissionSet_description = Lens.lens (\CreatePermissionSet' {description} -> description) (\s@CreatePermissionSet' {} a -> s {description = a} :: CreatePermissionSet)
+
+-- | Used to redirect users within the application during the federation
+-- authentication process.
+createPermissionSet_relayState :: Lens.Lens' CreatePermissionSet (Prelude.Maybe Prelude.Text)
+createPermissionSet_relayState = Lens.lens (\CreatePermissionSet' {relayState} -> relayState) (\s@CreatePermissionSet' {} a -> s {relayState = a} :: CreatePermissionSet)
+
+-- | The length of time that the application user sessions are valid in the
+-- ISO-8601 standard.
+createPermissionSet_sessionDuration :: Lens.Lens' CreatePermissionSet (Prelude.Maybe Prelude.Text)
+createPermissionSet_sessionDuration = Lens.lens (\CreatePermissionSet' {sessionDuration} -> sessionDuration) (\s@CreatePermissionSet' {} a -> s {sessionDuration = a} :: CreatePermissionSet)
+
+-- | The tags to attach to the new PermissionSet.
+createPermissionSet_tags :: Lens.Lens' CreatePermissionSet (Prelude.Maybe [Tag])
+createPermissionSet_tags = Lens.lens (\CreatePermissionSet' {tags} -> tags) (\s@CreatePermissionSet' {} a -> s {tags = a} :: CreatePermissionSet) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the PermissionSet.
+createPermissionSet_name :: Lens.Lens' CreatePermissionSet Prelude.Text
+createPermissionSet_name = Lens.lens (\CreatePermissionSet' {name} -> name) (\s@CreatePermissionSet' {} a -> s {name = a} :: CreatePermissionSet)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+createPermissionSet_instanceArn :: Lens.Lens' CreatePermissionSet Prelude.Text
+createPermissionSet_instanceArn = Lens.lens (\CreatePermissionSet' {instanceArn} -> instanceArn) (\s@CreatePermissionSet' {} a -> s {instanceArn = a} :: CreatePermissionSet)
+
+instance Core.AWSRequest CreatePermissionSet where
+  type
+    AWSResponse CreatePermissionSet =
+      CreatePermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreatePermissionSetResponse'
+            Prelude.<$> (x Data..?> "PermissionSet")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreatePermissionSet where
+  hashWithSalt _salt CreatePermissionSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` relayState
+      `Prelude.hashWithSalt` sessionDuration
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` instanceArn
+
+instance Prelude.NFData CreatePermissionSet where
+  rnf CreatePermissionSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf relayState
+      `Prelude.seq` Prelude.rnf sessionDuration
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf instanceArn
+
+instance Data.ToHeaders CreatePermissionSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.CreatePermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreatePermissionSet where
+  toJSON CreatePermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            ("RelayState" Data..=) Prelude.<$> relayState,
+            ("SessionDuration" Data..=)
+              Prelude.<$> sessionDuration,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("InstanceArn" Data..= instanceArn)
+          ]
+      )
+
+instance Data.ToPath CreatePermissionSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreatePermissionSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreatePermissionSetResponse' smart constructor.
+data CreatePermissionSetResponse = CreatePermissionSetResponse'
+  { -- | Defines the level of access on an AWS account.
+    permissionSet :: Prelude.Maybe PermissionSet,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreatePermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'permissionSet', 'createPermissionSetResponse_permissionSet' - Defines the level of access on an AWS account.
+--
+-- 'httpStatus', 'createPermissionSetResponse_httpStatus' - The response's http status code.
+newCreatePermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreatePermissionSetResponse
+newCreatePermissionSetResponse pHttpStatus_ =
+  CreatePermissionSetResponse'
+    { permissionSet =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Defines the level of access on an AWS account.
+createPermissionSetResponse_permissionSet :: Lens.Lens' CreatePermissionSetResponse (Prelude.Maybe PermissionSet)
+createPermissionSetResponse_permissionSet = Lens.lens (\CreatePermissionSetResponse' {permissionSet} -> permissionSet) (\s@CreatePermissionSetResponse' {} a -> s {permissionSet = a} :: CreatePermissionSetResponse)
+
+-- | The response's http status code.
+createPermissionSetResponse_httpStatus :: Lens.Lens' CreatePermissionSetResponse Prelude.Int
+createPermissionSetResponse_httpStatus = Lens.lens (\CreatePermissionSetResponse' {httpStatus} -> httpStatus) (\s@CreatePermissionSetResponse' {} a -> s {httpStatus = a} :: CreatePermissionSetResponse)
+
+instance Prelude.NFData CreatePermissionSetResponse where
+  rnf CreatePermissionSetResponse' {..} =
+    Prelude.rnf permissionSet
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DeleteAccountAssignment.hs b/gen/Amazonka/SSOAdmin/DeleteAccountAssignment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DeleteAccountAssignment.hs
@@ -0,0 +1,288 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DeleteAccountAssignment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a principal\'s access from a specified AWS account using a
+-- specified permission set.
+--
+-- After a successful response, call
+-- @DescribeAccountAssignmentCreationStatus@ to describe the status of an
+-- assignment deletion request.
+module Amazonka.SSOAdmin.DeleteAccountAssignment
+  ( -- * Creating a Request
+    DeleteAccountAssignment (..),
+    newDeleteAccountAssignment,
+
+    -- * Request Lenses
+    deleteAccountAssignment_instanceArn,
+    deleteAccountAssignment_targetId,
+    deleteAccountAssignment_targetType,
+    deleteAccountAssignment_permissionSetArn,
+    deleteAccountAssignment_principalType,
+    deleteAccountAssignment_principalId,
+
+    -- * Destructuring the Response
+    DeleteAccountAssignmentResponse (..),
+    newDeleteAccountAssignmentResponse,
+
+    -- * Response Lenses
+    deleteAccountAssignmentResponse_accountAssignmentDeletionStatus,
+    deleteAccountAssignmentResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDeleteAccountAssignment' smart constructor.
+data DeleteAccountAssignment = DeleteAccountAssignment'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | TargetID is an AWS account identifier, typically a 10-12 digit string
+    -- (For example, 123456789012).
+    targetId :: Prelude.Text,
+    -- | The entity type for which the assignment will be deleted.
+    targetType :: TargetType,
+    -- | The ARN of the permission set that will be used to remove access.
+    permissionSetArn :: Prelude.Text,
+    -- | The entity type for which the assignment will be deleted.
+    principalType :: PrincipalType,
+    -- | An identifier for an object in IAM Identity Center, such as a user or
+    -- group. PrincipalIds are GUIDs (For example,
+    -- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    -- PrincipalIds in IAM Identity Center, see the
+    -- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+    principalId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteAccountAssignment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'deleteAccountAssignment_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'targetId', 'deleteAccountAssignment_targetId' - TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+--
+-- 'targetType', 'deleteAccountAssignment_targetType' - The entity type for which the assignment will be deleted.
+--
+-- 'permissionSetArn', 'deleteAccountAssignment_permissionSetArn' - The ARN of the permission set that will be used to remove access.
+--
+-- 'principalType', 'deleteAccountAssignment_principalType' - The entity type for which the assignment will be deleted.
+--
+-- 'principalId', 'deleteAccountAssignment_principalId' - An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+newDeleteAccountAssignment ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'targetId'
+  Prelude.Text ->
+  -- | 'targetType'
+  TargetType ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'principalType'
+  PrincipalType ->
+  -- | 'principalId'
+  Prelude.Text ->
+  DeleteAccountAssignment
+newDeleteAccountAssignment
+  pInstanceArn_
+  pTargetId_
+  pTargetType_
+  pPermissionSetArn_
+  pPrincipalType_
+  pPrincipalId_ =
+    DeleteAccountAssignment'
+      { instanceArn =
+          pInstanceArn_,
+        targetId = pTargetId_,
+        targetType = pTargetType_,
+        permissionSetArn = pPermissionSetArn_,
+        principalType = pPrincipalType_,
+        principalId = pPrincipalId_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+deleteAccountAssignment_instanceArn :: Lens.Lens' DeleteAccountAssignment Prelude.Text
+deleteAccountAssignment_instanceArn = Lens.lens (\DeleteAccountAssignment' {instanceArn} -> instanceArn) (\s@DeleteAccountAssignment' {} a -> s {instanceArn = a} :: DeleteAccountAssignment)
+
+-- | TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+deleteAccountAssignment_targetId :: Lens.Lens' DeleteAccountAssignment Prelude.Text
+deleteAccountAssignment_targetId = Lens.lens (\DeleteAccountAssignment' {targetId} -> targetId) (\s@DeleteAccountAssignment' {} a -> s {targetId = a} :: DeleteAccountAssignment)
+
+-- | The entity type for which the assignment will be deleted.
+deleteAccountAssignment_targetType :: Lens.Lens' DeleteAccountAssignment TargetType
+deleteAccountAssignment_targetType = Lens.lens (\DeleteAccountAssignment' {targetType} -> targetType) (\s@DeleteAccountAssignment' {} a -> s {targetType = a} :: DeleteAccountAssignment)
+
+-- | The ARN of the permission set that will be used to remove access.
+deleteAccountAssignment_permissionSetArn :: Lens.Lens' DeleteAccountAssignment Prelude.Text
+deleteAccountAssignment_permissionSetArn = Lens.lens (\DeleteAccountAssignment' {permissionSetArn} -> permissionSetArn) (\s@DeleteAccountAssignment' {} a -> s {permissionSetArn = a} :: DeleteAccountAssignment)
+
+-- | The entity type for which the assignment will be deleted.
+deleteAccountAssignment_principalType :: Lens.Lens' DeleteAccountAssignment PrincipalType
+deleteAccountAssignment_principalType = Lens.lens (\DeleteAccountAssignment' {principalType} -> principalType) (\s@DeleteAccountAssignment' {} a -> s {principalType = a} :: DeleteAccountAssignment)
+
+-- | An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+deleteAccountAssignment_principalId :: Lens.Lens' DeleteAccountAssignment Prelude.Text
+deleteAccountAssignment_principalId = Lens.lens (\DeleteAccountAssignment' {principalId} -> principalId) (\s@DeleteAccountAssignment' {} a -> s {principalId = a} :: DeleteAccountAssignment)
+
+instance Core.AWSRequest DeleteAccountAssignment where
+  type
+    AWSResponse DeleteAccountAssignment =
+      DeleteAccountAssignmentResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteAccountAssignmentResponse'
+            Prelude.<$> (x Data..?> "AccountAssignmentDeletionStatus")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteAccountAssignment where
+  hashWithSalt _salt DeleteAccountAssignment' {..} =
+    _salt
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` targetId
+      `Prelude.hashWithSalt` targetType
+      `Prelude.hashWithSalt` permissionSetArn
+      `Prelude.hashWithSalt` principalType
+      `Prelude.hashWithSalt` principalId
+
+instance Prelude.NFData DeleteAccountAssignment where
+  rnf DeleteAccountAssignment' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf targetId
+      `Prelude.seq` Prelude.rnf targetType
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf principalType
+      `Prelude.seq` Prelude.rnf principalId
+
+instance Data.ToHeaders DeleteAccountAssignment where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DeleteAccountAssignment" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteAccountAssignment where
+  toJSON DeleteAccountAssignment' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just ("TargetId" Data..= targetId),
+            Prelude.Just ("TargetType" Data..= targetType),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn),
+            Prelude.Just ("PrincipalType" Data..= principalType),
+            Prelude.Just ("PrincipalId" Data..= principalId)
+          ]
+      )
+
+instance Data.ToPath DeleteAccountAssignment where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteAccountAssignment where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteAccountAssignmentResponse' smart constructor.
+data DeleteAccountAssignmentResponse = DeleteAccountAssignmentResponse'
+  { -- | The status object for the account assignment deletion operation.
+    accountAssignmentDeletionStatus :: Prelude.Maybe AccountAssignmentOperationStatus,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteAccountAssignmentResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAssignmentDeletionStatus', 'deleteAccountAssignmentResponse_accountAssignmentDeletionStatus' - The status object for the account assignment deletion operation.
+--
+-- 'httpStatus', 'deleteAccountAssignmentResponse_httpStatus' - The response's http status code.
+newDeleteAccountAssignmentResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteAccountAssignmentResponse
+newDeleteAccountAssignmentResponse pHttpStatus_ =
+  DeleteAccountAssignmentResponse'
+    { accountAssignmentDeletionStatus =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The status object for the account assignment deletion operation.
+deleteAccountAssignmentResponse_accountAssignmentDeletionStatus :: Lens.Lens' DeleteAccountAssignmentResponse (Prelude.Maybe AccountAssignmentOperationStatus)
+deleteAccountAssignmentResponse_accountAssignmentDeletionStatus = Lens.lens (\DeleteAccountAssignmentResponse' {accountAssignmentDeletionStatus} -> accountAssignmentDeletionStatus) (\s@DeleteAccountAssignmentResponse' {} a -> s {accountAssignmentDeletionStatus = a} :: DeleteAccountAssignmentResponse)
+
+-- | The response's http status code.
+deleteAccountAssignmentResponse_httpStatus :: Lens.Lens' DeleteAccountAssignmentResponse Prelude.Int
+deleteAccountAssignmentResponse_httpStatus = Lens.lens (\DeleteAccountAssignmentResponse' {httpStatus} -> httpStatus) (\s@DeleteAccountAssignmentResponse' {} a -> s {httpStatus = a} :: DeleteAccountAssignmentResponse)
+
+instance
+  Prelude.NFData
+    DeleteAccountAssignmentResponse
+  where
+  rnf DeleteAccountAssignmentResponse' {..} =
+    Prelude.rnf accountAssignmentDeletionStatus
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DeleteInlinePolicyFromPermissionSet.hs b/gen/Amazonka/SSOAdmin/DeleteInlinePolicyFromPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DeleteInlinePolicyFromPermissionSet.hs
@@ -0,0 +1,216 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DeleteInlinePolicyFromPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the inline policy from a specified permission set.
+module Amazonka.SSOAdmin.DeleteInlinePolicyFromPermissionSet
+  ( -- * Creating a Request
+    DeleteInlinePolicyFromPermissionSet (..),
+    newDeleteInlinePolicyFromPermissionSet,
+
+    -- * Request Lenses
+    deleteInlinePolicyFromPermissionSet_instanceArn,
+    deleteInlinePolicyFromPermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    DeleteInlinePolicyFromPermissionSetResponse (..),
+    newDeleteInlinePolicyFromPermissionSetResponse,
+
+    -- * Response Lenses
+    deleteInlinePolicyFromPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDeleteInlinePolicyFromPermissionSet' smart constructor.
+data DeleteInlinePolicyFromPermissionSet = DeleteInlinePolicyFromPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the permission set that will be used to remove access.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInlinePolicyFromPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'deleteInlinePolicyFromPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'deleteInlinePolicyFromPermissionSet_permissionSetArn' - The ARN of the permission set that will be used to remove access.
+newDeleteInlinePolicyFromPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  DeleteInlinePolicyFromPermissionSet
+newDeleteInlinePolicyFromPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    DeleteInlinePolicyFromPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+deleteInlinePolicyFromPermissionSet_instanceArn :: Lens.Lens' DeleteInlinePolicyFromPermissionSet Prelude.Text
+deleteInlinePolicyFromPermissionSet_instanceArn = Lens.lens (\DeleteInlinePolicyFromPermissionSet' {instanceArn} -> instanceArn) (\s@DeleteInlinePolicyFromPermissionSet' {} a -> s {instanceArn = a} :: DeleteInlinePolicyFromPermissionSet)
+
+-- | The ARN of the permission set that will be used to remove access.
+deleteInlinePolicyFromPermissionSet_permissionSetArn :: Lens.Lens' DeleteInlinePolicyFromPermissionSet Prelude.Text
+deleteInlinePolicyFromPermissionSet_permissionSetArn = Lens.lens (\DeleteInlinePolicyFromPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@DeleteInlinePolicyFromPermissionSet' {} a -> s {permissionSetArn = a} :: DeleteInlinePolicyFromPermissionSet)
+
+instance
+  Core.AWSRequest
+    DeleteInlinePolicyFromPermissionSet
+  where
+  type
+    AWSResponse DeleteInlinePolicyFromPermissionSet =
+      DeleteInlinePolicyFromPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteInlinePolicyFromPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DeleteInlinePolicyFromPermissionSet
+  where
+  hashWithSalt
+    _salt
+    DeleteInlinePolicyFromPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+
+instance
+  Prelude.NFData
+    DeleteInlinePolicyFromPermissionSet
+  where
+  rnf DeleteInlinePolicyFromPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance
+  Data.ToHeaders
+    DeleteInlinePolicyFromPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DeleteInlinePolicyFromPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DeleteInlinePolicyFromPermissionSet
+  where
+  toJSON DeleteInlinePolicyFromPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    DeleteInlinePolicyFromPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DeleteInlinePolicyFromPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteInlinePolicyFromPermissionSetResponse' smart constructor.
+data DeleteInlinePolicyFromPermissionSetResponse = DeleteInlinePolicyFromPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInlinePolicyFromPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteInlinePolicyFromPermissionSetResponse_httpStatus' - The response's http status code.
+newDeleteInlinePolicyFromPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteInlinePolicyFromPermissionSetResponse
+newDeleteInlinePolicyFromPermissionSetResponse
+  pHttpStatus_ =
+    DeleteInlinePolicyFromPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+deleteInlinePolicyFromPermissionSetResponse_httpStatus :: Lens.Lens' DeleteInlinePolicyFromPermissionSetResponse Prelude.Int
+deleteInlinePolicyFromPermissionSetResponse_httpStatus = Lens.lens (\DeleteInlinePolicyFromPermissionSetResponse' {httpStatus} -> httpStatus) (\s@DeleteInlinePolicyFromPermissionSetResponse' {} a -> s {httpStatus = a} :: DeleteInlinePolicyFromPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    DeleteInlinePolicyFromPermissionSetResponse
+  where
+  rnf DeleteInlinePolicyFromPermissionSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DeleteInstanceAccessControlAttributeConfiguration.hs b/gen/Amazonka/SSOAdmin/DeleteInstanceAccessControlAttributeConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DeleteInstanceAccessControlAttributeConfiguration.hs
@@ -0,0 +1,202 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DeleteInstanceAccessControlAttributeConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disables the attributes-based access control (ABAC) feature for the
+-- specified IAM Identity Center instance and deletes all of the attribute
+-- mappings that have been configured. Once deleted, any attributes that
+-- are received from an identity source and any custom attributes you have
+-- previously configured will not be passed. For more information about
+-- ABAC, see
+-- </singlesignon/latest/userguide/abac.html Attribute-Based Access Control>
+-- in the /IAM Identity Center User Guide/.
+module Amazonka.SSOAdmin.DeleteInstanceAccessControlAttributeConfiguration
+  ( -- * Creating a Request
+    DeleteInstanceAccessControlAttributeConfiguration (..),
+    newDeleteInstanceAccessControlAttributeConfiguration,
+
+    -- * Request Lenses
+    deleteInstanceAccessControlAttributeConfiguration_instanceArn,
+
+    -- * Destructuring the Response
+    DeleteInstanceAccessControlAttributeConfigurationResponse (..),
+    newDeleteInstanceAccessControlAttributeConfigurationResponse,
+
+    -- * Response Lenses
+    deleteInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDeleteInstanceAccessControlAttributeConfiguration' smart constructor.
+data DeleteInstanceAccessControlAttributeConfiguration = DeleteInstanceAccessControlAttributeConfiguration'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInstanceAccessControlAttributeConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'deleteInstanceAccessControlAttributeConfiguration_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+newDeleteInstanceAccessControlAttributeConfiguration ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  DeleteInstanceAccessControlAttributeConfiguration
+newDeleteInstanceAccessControlAttributeConfiguration
+  pInstanceArn_ =
+    DeleteInstanceAccessControlAttributeConfiguration'
+      { instanceArn =
+          pInstanceArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+deleteInstanceAccessControlAttributeConfiguration_instanceArn :: Lens.Lens' DeleteInstanceAccessControlAttributeConfiguration Prelude.Text
+deleteInstanceAccessControlAttributeConfiguration_instanceArn = Lens.lens (\DeleteInstanceAccessControlAttributeConfiguration' {instanceArn} -> instanceArn) (\s@DeleteInstanceAccessControlAttributeConfiguration' {} a -> s {instanceArn = a} :: DeleteInstanceAccessControlAttributeConfiguration)
+
+instance
+  Core.AWSRequest
+    DeleteInstanceAccessControlAttributeConfiguration
+  where
+  type
+    AWSResponse
+      DeleteInstanceAccessControlAttributeConfiguration =
+      DeleteInstanceAccessControlAttributeConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteInstanceAccessControlAttributeConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DeleteInstanceAccessControlAttributeConfiguration
+  where
+  hashWithSalt
+    _salt
+    DeleteInstanceAccessControlAttributeConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` instanceArn
+
+instance
+  Prelude.NFData
+    DeleteInstanceAccessControlAttributeConfiguration
+  where
+  rnf
+    DeleteInstanceAccessControlAttributeConfiguration' {..} =
+      Prelude.rnf instanceArn
+
+instance
+  Data.ToHeaders
+    DeleteInstanceAccessControlAttributeConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DeleteInstanceAccessControlAttributeConfiguration" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DeleteInstanceAccessControlAttributeConfiguration
+  where
+  toJSON
+    DeleteInstanceAccessControlAttributeConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [Prelude.Just ("InstanceArn" Data..= instanceArn)]
+        )
+
+instance
+  Data.ToPath
+    DeleteInstanceAccessControlAttributeConfiguration
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DeleteInstanceAccessControlAttributeConfiguration
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteInstanceAccessControlAttributeConfigurationResponse' smart constructor.
+data DeleteInstanceAccessControlAttributeConfigurationResponse = DeleteInstanceAccessControlAttributeConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteInstanceAccessControlAttributeConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteInstanceAccessControlAttributeConfigurationResponse_httpStatus' - The response's http status code.
+newDeleteInstanceAccessControlAttributeConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteInstanceAccessControlAttributeConfigurationResponse
+newDeleteInstanceAccessControlAttributeConfigurationResponse
+  pHttpStatus_ =
+    DeleteInstanceAccessControlAttributeConfigurationResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+deleteInstanceAccessControlAttributeConfigurationResponse_httpStatus :: Lens.Lens' DeleteInstanceAccessControlAttributeConfigurationResponse Prelude.Int
+deleteInstanceAccessControlAttributeConfigurationResponse_httpStatus = Lens.lens (\DeleteInstanceAccessControlAttributeConfigurationResponse' {httpStatus} -> httpStatus) (\s@DeleteInstanceAccessControlAttributeConfigurationResponse' {} a -> s {httpStatus = a} :: DeleteInstanceAccessControlAttributeConfigurationResponse)
+
+instance
+  Prelude.NFData
+    DeleteInstanceAccessControlAttributeConfigurationResponse
+  where
+  rnf
+    DeleteInstanceAccessControlAttributeConfigurationResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DeletePermissionSet.hs b/gen/Amazonka/SSOAdmin/DeletePermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DeletePermissionSet.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DeletePermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified permission set.
+module Amazonka.SSOAdmin.DeletePermissionSet
+  ( -- * Creating a Request
+    DeletePermissionSet (..),
+    newDeletePermissionSet,
+
+    -- * Request Lenses
+    deletePermissionSet_instanceArn,
+    deletePermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    DeletePermissionSetResponse (..),
+    newDeletePermissionSetResponse,
+
+    -- * Response Lenses
+    deletePermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDeletePermissionSet' smart constructor.
+data DeletePermissionSet = DeletePermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the permission set that should be deleted.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'deletePermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'deletePermissionSet_permissionSetArn' - The ARN of the permission set that should be deleted.
+newDeletePermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  DeletePermissionSet
+newDeletePermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    DeletePermissionSet'
+      { instanceArn = pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+deletePermissionSet_instanceArn :: Lens.Lens' DeletePermissionSet Prelude.Text
+deletePermissionSet_instanceArn = Lens.lens (\DeletePermissionSet' {instanceArn} -> instanceArn) (\s@DeletePermissionSet' {} a -> s {instanceArn = a} :: DeletePermissionSet)
+
+-- | The ARN of the permission set that should be deleted.
+deletePermissionSet_permissionSetArn :: Lens.Lens' DeletePermissionSet Prelude.Text
+deletePermissionSet_permissionSetArn = Lens.lens (\DeletePermissionSet' {permissionSetArn} -> permissionSetArn) (\s@DeletePermissionSet' {} a -> s {permissionSetArn = a} :: DeletePermissionSet)
+
+instance Core.AWSRequest DeletePermissionSet where
+  type
+    AWSResponse DeletePermissionSet =
+      DeletePermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeletePermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeletePermissionSet where
+  hashWithSalt _salt DeletePermissionSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` permissionSetArn
+
+instance Prelude.NFData DeletePermissionSet where
+  rnf DeletePermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance Data.ToHeaders DeletePermissionSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DeletePermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeletePermissionSet where
+  toJSON DeletePermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance Data.ToPath DeletePermissionSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeletePermissionSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeletePermissionSetResponse' smart constructor.
+data DeletePermissionSetResponse = DeletePermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deletePermissionSetResponse_httpStatus' - The response's http status code.
+newDeletePermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeletePermissionSetResponse
+newDeletePermissionSetResponse pHttpStatus_ =
+  DeletePermissionSetResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deletePermissionSetResponse_httpStatus :: Lens.Lens' DeletePermissionSetResponse Prelude.Int
+deletePermissionSetResponse_httpStatus = Lens.lens (\DeletePermissionSetResponse' {httpStatus} -> httpStatus) (\s@DeletePermissionSetResponse' {} a -> s {httpStatus = a} :: DeletePermissionSetResponse)
+
+instance Prelude.NFData DeletePermissionSetResponse where
+  rnf DeletePermissionSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DeletePermissionsBoundaryFromPermissionSet.hs b/gen/Amazonka/SSOAdmin/DeletePermissionsBoundaryFromPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DeletePermissionsBoundaryFromPermissionSet.hs
@@ -0,0 +1,214 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DeletePermissionsBoundaryFromPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the permissions boundary from a specified PermissionSet.
+module Amazonka.SSOAdmin.DeletePermissionsBoundaryFromPermissionSet
+  ( -- * Creating a Request
+    DeletePermissionsBoundaryFromPermissionSet (..),
+    newDeletePermissionsBoundaryFromPermissionSet,
+
+    -- * Request Lenses
+    deletePermissionsBoundaryFromPermissionSet_instanceArn,
+    deletePermissionsBoundaryFromPermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    DeletePermissionsBoundaryFromPermissionSetResponse (..),
+    newDeletePermissionsBoundaryFromPermissionSetResponse,
+
+    -- * Response Lenses
+    deletePermissionsBoundaryFromPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDeletePermissionsBoundaryFromPermissionSet' smart constructor.
+data DeletePermissionsBoundaryFromPermissionSet = DeletePermissionsBoundaryFromPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the @PermissionSet@.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePermissionsBoundaryFromPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'deletePermissionsBoundaryFromPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'permissionSetArn', 'deletePermissionsBoundaryFromPermissionSet_permissionSetArn' - The ARN of the @PermissionSet@.
+newDeletePermissionsBoundaryFromPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  DeletePermissionsBoundaryFromPermissionSet
+newDeletePermissionsBoundaryFromPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    DeletePermissionsBoundaryFromPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn =
+          pPermissionSetArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+deletePermissionsBoundaryFromPermissionSet_instanceArn :: Lens.Lens' DeletePermissionsBoundaryFromPermissionSet Prelude.Text
+deletePermissionsBoundaryFromPermissionSet_instanceArn = Lens.lens (\DeletePermissionsBoundaryFromPermissionSet' {instanceArn} -> instanceArn) (\s@DeletePermissionsBoundaryFromPermissionSet' {} a -> s {instanceArn = a} :: DeletePermissionsBoundaryFromPermissionSet)
+
+-- | The ARN of the @PermissionSet@.
+deletePermissionsBoundaryFromPermissionSet_permissionSetArn :: Lens.Lens' DeletePermissionsBoundaryFromPermissionSet Prelude.Text
+deletePermissionsBoundaryFromPermissionSet_permissionSetArn = Lens.lens (\DeletePermissionsBoundaryFromPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@DeletePermissionsBoundaryFromPermissionSet' {} a -> s {permissionSetArn = a} :: DeletePermissionsBoundaryFromPermissionSet)
+
+instance
+  Core.AWSRequest
+    DeletePermissionsBoundaryFromPermissionSet
+  where
+  type
+    AWSResponse
+      DeletePermissionsBoundaryFromPermissionSet =
+      DeletePermissionsBoundaryFromPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeletePermissionsBoundaryFromPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DeletePermissionsBoundaryFromPermissionSet
+  where
+  hashWithSalt
+    _salt
+    DeletePermissionsBoundaryFromPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+
+instance
+  Prelude.NFData
+    DeletePermissionsBoundaryFromPermissionSet
+  where
+  rnf DeletePermissionsBoundaryFromPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance
+  Data.ToHeaders
+    DeletePermissionsBoundaryFromPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DeletePermissionsBoundaryFromPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DeletePermissionsBoundaryFromPermissionSet
+  where
+  toJSON
+    DeletePermissionsBoundaryFromPermissionSet' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+              Prelude.Just
+                ("PermissionSetArn" Data..= permissionSetArn)
+            ]
+        )
+
+instance
+  Data.ToPath
+    DeletePermissionsBoundaryFromPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DeletePermissionsBoundaryFromPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeletePermissionsBoundaryFromPermissionSetResponse' smart constructor.
+data DeletePermissionsBoundaryFromPermissionSetResponse = DeletePermissionsBoundaryFromPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePermissionsBoundaryFromPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deletePermissionsBoundaryFromPermissionSetResponse_httpStatus' - The response's http status code.
+newDeletePermissionsBoundaryFromPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeletePermissionsBoundaryFromPermissionSetResponse
+newDeletePermissionsBoundaryFromPermissionSetResponse
+  pHttpStatus_ =
+    DeletePermissionsBoundaryFromPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+deletePermissionsBoundaryFromPermissionSetResponse_httpStatus :: Lens.Lens' DeletePermissionsBoundaryFromPermissionSetResponse Prelude.Int
+deletePermissionsBoundaryFromPermissionSetResponse_httpStatus = Lens.lens (\DeletePermissionsBoundaryFromPermissionSetResponse' {httpStatus} -> httpStatus) (\s@DeletePermissionsBoundaryFromPermissionSetResponse' {} a -> s {httpStatus = a} :: DeletePermissionsBoundaryFromPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    DeletePermissionsBoundaryFromPermissionSetResponse
+  where
+  rnf
+    DeletePermissionsBoundaryFromPermissionSetResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DescribeAccountAssignmentCreationStatus.hs b/gen/Amazonka/SSOAdmin/DescribeAccountAssignmentCreationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DescribeAccountAssignmentCreationStatus.hs
@@ -0,0 +1,233 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DescribeAccountAssignmentCreationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Describes the status of the assignment creation request.
+module Amazonka.SSOAdmin.DescribeAccountAssignmentCreationStatus
+  ( -- * Creating a Request
+    DescribeAccountAssignmentCreationStatus (..),
+    newDescribeAccountAssignmentCreationStatus,
+
+    -- * Request Lenses
+    describeAccountAssignmentCreationStatus_instanceArn,
+    describeAccountAssignmentCreationStatus_accountAssignmentCreationRequestId,
+
+    -- * Destructuring the Response
+    DescribeAccountAssignmentCreationStatusResponse (..),
+    newDescribeAccountAssignmentCreationStatusResponse,
+
+    -- * Response Lenses
+    describeAccountAssignmentCreationStatusResponse_accountAssignmentCreationStatus,
+    describeAccountAssignmentCreationStatusResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDescribeAccountAssignmentCreationStatus' smart constructor.
+data DescribeAccountAssignmentCreationStatus = DescribeAccountAssignmentCreationStatus'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The identifier that is used to track the request operation progress.
+    accountAssignmentCreationRequestId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAccountAssignmentCreationStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'describeAccountAssignmentCreationStatus_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'accountAssignmentCreationRequestId', 'describeAccountAssignmentCreationStatus_accountAssignmentCreationRequestId' - The identifier that is used to track the request operation progress.
+newDescribeAccountAssignmentCreationStatus ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'accountAssignmentCreationRequestId'
+  Prelude.Text ->
+  DescribeAccountAssignmentCreationStatus
+newDescribeAccountAssignmentCreationStatus
+  pInstanceArn_
+  pAccountAssignmentCreationRequestId_ =
+    DescribeAccountAssignmentCreationStatus'
+      { instanceArn =
+          pInstanceArn_,
+        accountAssignmentCreationRequestId =
+          pAccountAssignmentCreationRequestId_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+describeAccountAssignmentCreationStatus_instanceArn :: Lens.Lens' DescribeAccountAssignmentCreationStatus Prelude.Text
+describeAccountAssignmentCreationStatus_instanceArn = Lens.lens (\DescribeAccountAssignmentCreationStatus' {instanceArn} -> instanceArn) (\s@DescribeAccountAssignmentCreationStatus' {} a -> s {instanceArn = a} :: DescribeAccountAssignmentCreationStatus)
+
+-- | The identifier that is used to track the request operation progress.
+describeAccountAssignmentCreationStatus_accountAssignmentCreationRequestId :: Lens.Lens' DescribeAccountAssignmentCreationStatus Prelude.Text
+describeAccountAssignmentCreationStatus_accountAssignmentCreationRequestId = Lens.lens (\DescribeAccountAssignmentCreationStatus' {accountAssignmentCreationRequestId} -> accountAssignmentCreationRequestId) (\s@DescribeAccountAssignmentCreationStatus' {} a -> s {accountAssignmentCreationRequestId = a} :: DescribeAccountAssignmentCreationStatus)
+
+instance
+  Core.AWSRequest
+    DescribeAccountAssignmentCreationStatus
+  where
+  type
+    AWSResponse
+      DescribeAccountAssignmentCreationStatus =
+      DescribeAccountAssignmentCreationStatusResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeAccountAssignmentCreationStatusResponse'
+            Prelude.<$> (x Data..?> "AccountAssignmentCreationStatus")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DescribeAccountAssignmentCreationStatus
+  where
+  hashWithSalt
+    _salt
+    DescribeAccountAssignmentCreationStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` accountAssignmentCreationRequestId
+
+instance
+  Prelude.NFData
+    DescribeAccountAssignmentCreationStatus
+  where
+  rnf DescribeAccountAssignmentCreationStatus' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf accountAssignmentCreationRequestId
+
+instance
+  Data.ToHeaders
+    DescribeAccountAssignmentCreationStatus
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DescribeAccountAssignmentCreationStatus" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DescribeAccountAssignmentCreationStatus
+  where
+  toJSON DescribeAccountAssignmentCreationStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ( "AccountAssignmentCreationRequestId"
+                  Data..= accountAssignmentCreationRequestId
+              )
+          ]
+      )
+
+instance
+  Data.ToPath
+    DescribeAccountAssignmentCreationStatus
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DescribeAccountAssignmentCreationStatus
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeAccountAssignmentCreationStatusResponse' smart constructor.
+data DescribeAccountAssignmentCreationStatusResponse = DescribeAccountAssignmentCreationStatusResponse'
+  { -- | The status object for the account assignment creation operation.
+    accountAssignmentCreationStatus :: Prelude.Maybe AccountAssignmentOperationStatus,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAccountAssignmentCreationStatusResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAssignmentCreationStatus', 'describeAccountAssignmentCreationStatusResponse_accountAssignmentCreationStatus' - The status object for the account assignment creation operation.
+--
+-- 'httpStatus', 'describeAccountAssignmentCreationStatusResponse_httpStatus' - The response's http status code.
+newDescribeAccountAssignmentCreationStatusResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeAccountAssignmentCreationStatusResponse
+newDescribeAccountAssignmentCreationStatusResponse
+  pHttpStatus_ =
+    DescribeAccountAssignmentCreationStatusResponse'
+      { accountAssignmentCreationStatus =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The status object for the account assignment creation operation.
+describeAccountAssignmentCreationStatusResponse_accountAssignmentCreationStatus :: Lens.Lens' DescribeAccountAssignmentCreationStatusResponse (Prelude.Maybe AccountAssignmentOperationStatus)
+describeAccountAssignmentCreationStatusResponse_accountAssignmentCreationStatus = Lens.lens (\DescribeAccountAssignmentCreationStatusResponse' {accountAssignmentCreationStatus} -> accountAssignmentCreationStatus) (\s@DescribeAccountAssignmentCreationStatusResponse' {} a -> s {accountAssignmentCreationStatus = a} :: DescribeAccountAssignmentCreationStatusResponse)
+
+-- | The response's http status code.
+describeAccountAssignmentCreationStatusResponse_httpStatus :: Lens.Lens' DescribeAccountAssignmentCreationStatusResponse Prelude.Int
+describeAccountAssignmentCreationStatusResponse_httpStatus = Lens.lens (\DescribeAccountAssignmentCreationStatusResponse' {httpStatus} -> httpStatus) (\s@DescribeAccountAssignmentCreationStatusResponse' {} a -> s {httpStatus = a} :: DescribeAccountAssignmentCreationStatusResponse)
+
+instance
+  Prelude.NFData
+    DescribeAccountAssignmentCreationStatusResponse
+  where
+  rnf
+    DescribeAccountAssignmentCreationStatusResponse' {..} =
+      Prelude.rnf accountAssignmentCreationStatus
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DescribeAccountAssignmentDeletionStatus.hs b/gen/Amazonka/SSOAdmin/DescribeAccountAssignmentDeletionStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DescribeAccountAssignmentDeletionStatus.hs
@@ -0,0 +1,233 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DescribeAccountAssignmentDeletionStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Describes the status of the assignment deletion request.
+module Amazonka.SSOAdmin.DescribeAccountAssignmentDeletionStatus
+  ( -- * Creating a Request
+    DescribeAccountAssignmentDeletionStatus (..),
+    newDescribeAccountAssignmentDeletionStatus,
+
+    -- * Request Lenses
+    describeAccountAssignmentDeletionStatus_instanceArn,
+    describeAccountAssignmentDeletionStatus_accountAssignmentDeletionRequestId,
+
+    -- * Destructuring the Response
+    DescribeAccountAssignmentDeletionStatusResponse (..),
+    newDescribeAccountAssignmentDeletionStatusResponse,
+
+    -- * Response Lenses
+    describeAccountAssignmentDeletionStatusResponse_accountAssignmentDeletionStatus,
+    describeAccountAssignmentDeletionStatusResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDescribeAccountAssignmentDeletionStatus' smart constructor.
+data DescribeAccountAssignmentDeletionStatus = DescribeAccountAssignmentDeletionStatus'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The identifier that is used to track the request operation progress.
+    accountAssignmentDeletionRequestId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAccountAssignmentDeletionStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'describeAccountAssignmentDeletionStatus_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'accountAssignmentDeletionRequestId', 'describeAccountAssignmentDeletionStatus_accountAssignmentDeletionRequestId' - The identifier that is used to track the request operation progress.
+newDescribeAccountAssignmentDeletionStatus ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'accountAssignmentDeletionRequestId'
+  Prelude.Text ->
+  DescribeAccountAssignmentDeletionStatus
+newDescribeAccountAssignmentDeletionStatus
+  pInstanceArn_
+  pAccountAssignmentDeletionRequestId_ =
+    DescribeAccountAssignmentDeletionStatus'
+      { instanceArn =
+          pInstanceArn_,
+        accountAssignmentDeletionRequestId =
+          pAccountAssignmentDeletionRequestId_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+describeAccountAssignmentDeletionStatus_instanceArn :: Lens.Lens' DescribeAccountAssignmentDeletionStatus Prelude.Text
+describeAccountAssignmentDeletionStatus_instanceArn = Lens.lens (\DescribeAccountAssignmentDeletionStatus' {instanceArn} -> instanceArn) (\s@DescribeAccountAssignmentDeletionStatus' {} a -> s {instanceArn = a} :: DescribeAccountAssignmentDeletionStatus)
+
+-- | The identifier that is used to track the request operation progress.
+describeAccountAssignmentDeletionStatus_accountAssignmentDeletionRequestId :: Lens.Lens' DescribeAccountAssignmentDeletionStatus Prelude.Text
+describeAccountAssignmentDeletionStatus_accountAssignmentDeletionRequestId = Lens.lens (\DescribeAccountAssignmentDeletionStatus' {accountAssignmentDeletionRequestId} -> accountAssignmentDeletionRequestId) (\s@DescribeAccountAssignmentDeletionStatus' {} a -> s {accountAssignmentDeletionRequestId = a} :: DescribeAccountAssignmentDeletionStatus)
+
+instance
+  Core.AWSRequest
+    DescribeAccountAssignmentDeletionStatus
+  where
+  type
+    AWSResponse
+      DescribeAccountAssignmentDeletionStatus =
+      DescribeAccountAssignmentDeletionStatusResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeAccountAssignmentDeletionStatusResponse'
+            Prelude.<$> (x Data..?> "AccountAssignmentDeletionStatus")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DescribeAccountAssignmentDeletionStatus
+  where
+  hashWithSalt
+    _salt
+    DescribeAccountAssignmentDeletionStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` accountAssignmentDeletionRequestId
+
+instance
+  Prelude.NFData
+    DescribeAccountAssignmentDeletionStatus
+  where
+  rnf DescribeAccountAssignmentDeletionStatus' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf accountAssignmentDeletionRequestId
+
+instance
+  Data.ToHeaders
+    DescribeAccountAssignmentDeletionStatus
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DescribeAccountAssignmentDeletionStatus" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DescribeAccountAssignmentDeletionStatus
+  where
+  toJSON DescribeAccountAssignmentDeletionStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ( "AccountAssignmentDeletionRequestId"
+                  Data..= accountAssignmentDeletionRequestId
+              )
+          ]
+      )
+
+instance
+  Data.ToPath
+    DescribeAccountAssignmentDeletionStatus
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DescribeAccountAssignmentDeletionStatus
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeAccountAssignmentDeletionStatusResponse' smart constructor.
+data DescribeAccountAssignmentDeletionStatusResponse = DescribeAccountAssignmentDeletionStatusResponse'
+  { -- | The status object for the account assignment deletion operation.
+    accountAssignmentDeletionStatus :: Prelude.Maybe AccountAssignmentOperationStatus,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAccountAssignmentDeletionStatusResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAssignmentDeletionStatus', 'describeAccountAssignmentDeletionStatusResponse_accountAssignmentDeletionStatus' - The status object for the account assignment deletion operation.
+--
+-- 'httpStatus', 'describeAccountAssignmentDeletionStatusResponse_httpStatus' - The response's http status code.
+newDescribeAccountAssignmentDeletionStatusResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeAccountAssignmentDeletionStatusResponse
+newDescribeAccountAssignmentDeletionStatusResponse
+  pHttpStatus_ =
+    DescribeAccountAssignmentDeletionStatusResponse'
+      { accountAssignmentDeletionStatus =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The status object for the account assignment deletion operation.
+describeAccountAssignmentDeletionStatusResponse_accountAssignmentDeletionStatus :: Lens.Lens' DescribeAccountAssignmentDeletionStatusResponse (Prelude.Maybe AccountAssignmentOperationStatus)
+describeAccountAssignmentDeletionStatusResponse_accountAssignmentDeletionStatus = Lens.lens (\DescribeAccountAssignmentDeletionStatusResponse' {accountAssignmentDeletionStatus} -> accountAssignmentDeletionStatus) (\s@DescribeAccountAssignmentDeletionStatusResponse' {} a -> s {accountAssignmentDeletionStatus = a} :: DescribeAccountAssignmentDeletionStatusResponse)
+
+-- | The response's http status code.
+describeAccountAssignmentDeletionStatusResponse_httpStatus :: Lens.Lens' DescribeAccountAssignmentDeletionStatusResponse Prelude.Int
+describeAccountAssignmentDeletionStatusResponse_httpStatus = Lens.lens (\DescribeAccountAssignmentDeletionStatusResponse' {httpStatus} -> httpStatus) (\s@DescribeAccountAssignmentDeletionStatusResponse' {} a -> s {httpStatus = a} :: DescribeAccountAssignmentDeletionStatusResponse)
+
+instance
+  Prelude.NFData
+    DescribeAccountAssignmentDeletionStatusResponse
+  where
+  rnf
+    DescribeAccountAssignmentDeletionStatusResponse' {..} =
+      Prelude.rnf accountAssignmentDeletionStatus
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DescribeInstanceAccessControlAttributeConfiguration.hs b/gen/Amazonka/SSOAdmin/DescribeInstanceAccessControlAttributeConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DescribeInstanceAccessControlAttributeConfiguration.hs
@@ -0,0 +1,249 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DescribeInstanceAccessControlAttributeConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the list of IAM Identity Center identity store attributes that
+-- have been configured to work with attributes-based access control (ABAC)
+-- for the specified IAM Identity Center instance. This will not return
+-- attributes configured and sent by an external identity provider. For
+-- more information about ABAC, see
+-- </singlesignon/latest/userguide/abac.html Attribute-Based Access Control>
+-- in the /IAM Identity Center User Guide/.
+module Amazonka.SSOAdmin.DescribeInstanceAccessControlAttributeConfiguration
+  ( -- * Creating a Request
+    DescribeInstanceAccessControlAttributeConfiguration (..),
+    newDescribeInstanceAccessControlAttributeConfiguration,
+
+    -- * Request Lenses
+    describeInstanceAccessControlAttributeConfiguration_instanceArn,
+
+    -- * Destructuring the Response
+    DescribeInstanceAccessControlAttributeConfigurationResponse (..),
+    newDescribeInstanceAccessControlAttributeConfigurationResponse,
+
+    -- * Response Lenses
+    describeInstanceAccessControlAttributeConfigurationResponse_instanceAccessControlAttributeConfiguration,
+    describeInstanceAccessControlAttributeConfigurationResponse_status,
+    describeInstanceAccessControlAttributeConfigurationResponse_statusReason,
+    describeInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDescribeInstanceAccessControlAttributeConfiguration' smart constructor.
+data DescribeInstanceAccessControlAttributeConfiguration = DescribeInstanceAccessControlAttributeConfiguration'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeInstanceAccessControlAttributeConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'describeInstanceAccessControlAttributeConfiguration_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+newDescribeInstanceAccessControlAttributeConfiguration ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  DescribeInstanceAccessControlAttributeConfiguration
+newDescribeInstanceAccessControlAttributeConfiguration
+  pInstanceArn_ =
+    DescribeInstanceAccessControlAttributeConfiguration'
+      { instanceArn =
+          pInstanceArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+describeInstanceAccessControlAttributeConfiguration_instanceArn :: Lens.Lens' DescribeInstanceAccessControlAttributeConfiguration Prelude.Text
+describeInstanceAccessControlAttributeConfiguration_instanceArn = Lens.lens (\DescribeInstanceAccessControlAttributeConfiguration' {instanceArn} -> instanceArn) (\s@DescribeInstanceAccessControlAttributeConfiguration' {} a -> s {instanceArn = a} :: DescribeInstanceAccessControlAttributeConfiguration)
+
+instance
+  Core.AWSRequest
+    DescribeInstanceAccessControlAttributeConfiguration
+  where
+  type
+    AWSResponse
+      DescribeInstanceAccessControlAttributeConfiguration =
+      DescribeInstanceAccessControlAttributeConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeInstanceAccessControlAttributeConfigurationResponse'
+            Prelude.<$> ( x
+                            Data..?> "InstanceAccessControlAttributeConfiguration"
+                        )
+            Prelude.<*> (x Data..?> "Status")
+            Prelude.<*> (x Data..?> "StatusReason")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DescribeInstanceAccessControlAttributeConfiguration
+  where
+  hashWithSalt
+    _salt
+    DescribeInstanceAccessControlAttributeConfiguration' {..} =
+      _salt `Prelude.hashWithSalt` instanceArn
+
+instance
+  Prelude.NFData
+    DescribeInstanceAccessControlAttributeConfiguration
+  where
+  rnf
+    DescribeInstanceAccessControlAttributeConfiguration' {..} =
+      Prelude.rnf instanceArn
+
+instance
+  Data.ToHeaders
+    DescribeInstanceAccessControlAttributeConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DescribeInstanceAccessControlAttributeConfiguration" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DescribeInstanceAccessControlAttributeConfiguration
+  where
+  toJSON
+    DescribeInstanceAccessControlAttributeConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [Prelude.Just ("InstanceArn" Data..= instanceArn)]
+        )
+
+instance
+  Data.ToPath
+    DescribeInstanceAccessControlAttributeConfiguration
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DescribeInstanceAccessControlAttributeConfiguration
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeInstanceAccessControlAttributeConfigurationResponse' smart constructor.
+data DescribeInstanceAccessControlAttributeConfigurationResponse = DescribeInstanceAccessControlAttributeConfigurationResponse'
+  { -- | Gets the list of IAM Identity Center identity store attributes that have
+    -- been added to your ABAC configuration.
+    instanceAccessControlAttributeConfiguration :: Prelude.Maybe InstanceAccessControlAttributeConfiguration,
+    -- | The status of the attribute configuration process.
+    status :: Prelude.Maybe InstanceAccessControlAttributeConfigurationStatus,
+    -- | Provides more details about the current status of the specified
+    -- attribute.
+    statusReason :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeInstanceAccessControlAttributeConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceAccessControlAttributeConfiguration', 'describeInstanceAccessControlAttributeConfigurationResponse_instanceAccessControlAttributeConfiguration' - Gets the list of IAM Identity Center identity store attributes that have
+-- been added to your ABAC configuration.
+--
+-- 'status', 'describeInstanceAccessControlAttributeConfigurationResponse_status' - The status of the attribute configuration process.
+--
+-- 'statusReason', 'describeInstanceAccessControlAttributeConfigurationResponse_statusReason' - Provides more details about the current status of the specified
+-- attribute.
+--
+-- 'httpStatus', 'describeInstanceAccessControlAttributeConfigurationResponse_httpStatus' - The response's http status code.
+newDescribeInstanceAccessControlAttributeConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeInstanceAccessControlAttributeConfigurationResponse
+newDescribeInstanceAccessControlAttributeConfigurationResponse
+  pHttpStatus_ =
+    DescribeInstanceAccessControlAttributeConfigurationResponse'
+      { instanceAccessControlAttributeConfiguration =
+          Prelude.Nothing,
+        status =
+          Prelude.Nothing,
+        statusReason =
+          Prelude.Nothing,
+        httpStatus =
+          pHttpStatus_
+      }
+
+-- | Gets the list of IAM Identity Center identity store attributes that have
+-- been added to your ABAC configuration.
+describeInstanceAccessControlAttributeConfigurationResponse_instanceAccessControlAttributeConfiguration :: Lens.Lens' DescribeInstanceAccessControlAttributeConfigurationResponse (Prelude.Maybe InstanceAccessControlAttributeConfiguration)
+describeInstanceAccessControlAttributeConfigurationResponse_instanceAccessControlAttributeConfiguration = Lens.lens (\DescribeInstanceAccessControlAttributeConfigurationResponse' {instanceAccessControlAttributeConfiguration} -> instanceAccessControlAttributeConfiguration) (\s@DescribeInstanceAccessControlAttributeConfigurationResponse' {} a -> s {instanceAccessControlAttributeConfiguration = a} :: DescribeInstanceAccessControlAttributeConfigurationResponse)
+
+-- | The status of the attribute configuration process.
+describeInstanceAccessControlAttributeConfigurationResponse_status :: Lens.Lens' DescribeInstanceAccessControlAttributeConfigurationResponse (Prelude.Maybe InstanceAccessControlAttributeConfigurationStatus)
+describeInstanceAccessControlAttributeConfigurationResponse_status = Lens.lens (\DescribeInstanceAccessControlAttributeConfigurationResponse' {status} -> status) (\s@DescribeInstanceAccessControlAttributeConfigurationResponse' {} a -> s {status = a} :: DescribeInstanceAccessControlAttributeConfigurationResponse)
+
+-- | Provides more details about the current status of the specified
+-- attribute.
+describeInstanceAccessControlAttributeConfigurationResponse_statusReason :: Lens.Lens' DescribeInstanceAccessControlAttributeConfigurationResponse (Prelude.Maybe Prelude.Text)
+describeInstanceAccessControlAttributeConfigurationResponse_statusReason = Lens.lens (\DescribeInstanceAccessControlAttributeConfigurationResponse' {statusReason} -> statusReason) (\s@DescribeInstanceAccessControlAttributeConfigurationResponse' {} a -> s {statusReason = a} :: DescribeInstanceAccessControlAttributeConfigurationResponse)
+
+-- | The response's http status code.
+describeInstanceAccessControlAttributeConfigurationResponse_httpStatus :: Lens.Lens' DescribeInstanceAccessControlAttributeConfigurationResponse Prelude.Int
+describeInstanceAccessControlAttributeConfigurationResponse_httpStatus = Lens.lens (\DescribeInstanceAccessControlAttributeConfigurationResponse' {httpStatus} -> httpStatus) (\s@DescribeInstanceAccessControlAttributeConfigurationResponse' {} a -> s {httpStatus = a} :: DescribeInstanceAccessControlAttributeConfigurationResponse)
+
+instance
+  Prelude.NFData
+    DescribeInstanceAccessControlAttributeConfigurationResponse
+  where
+  rnf
+    DescribeInstanceAccessControlAttributeConfigurationResponse' {..} =
+      Prelude.rnf
+        instanceAccessControlAttributeConfiguration
+        `Prelude.seq` Prelude.rnf status
+        `Prelude.seq` Prelude.rnf statusReason
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DescribePermissionSet.hs b/gen/Amazonka/SSOAdmin/DescribePermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DescribePermissionSet.hs
@@ -0,0 +1,200 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DescribePermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the details of the permission set.
+module Amazonka.SSOAdmin.DescribePermissionSet
+  ( -- * Creating a Request
+    DescribePermissionSet (..),
+    newDescribePermissionSet,
+
+    -- * Request Lenses
+    describePermissionSet_instanceArn,
+    describePermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    DescribePermissionSetResponse (..),
+    newDescribePermissionSetResponse,
+
+    -- * Response Lenses
+    describePermissionSetResponse_permissionSet,
+    describePermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDescribePermissionSet' smart constructor.
+data DescribePermissionSet = DescribePermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the permission set.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribePermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'describePermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'describePermissionSet_permissionSetArn' - The ARN of the permission set.
+newDescribePermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  DescribePermissionSet
+newDescribePermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    DescribePermissionSet'
+      { instanceArn = pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+describePermissionSet_instanceArn :: Lens.Lens' DescribePermissionSet Prelude.Text
+describePermissionSet_instanceArn = Lens.lens (\DescribePermissionSet' {instanceArn} -> instanceArn) (\s@DescribePermissionSet' {} a -> s {instanceArn = a} :: DescribePermissionSet)
+
+-- | The ARN of the permission set.
+describePermissionSet_permissionSetArn :: Lens.Lens' DescribePermissionSet Prelude.Text
+describePermissionSet_permissionSetArn = Lens.lens (\DescribePermissionSet' {permissionSetArn} -> permissionSetArn) (\s@DescribePermissionSet' {} a -> s {permissionSetArn = a} :: DescribePermissionSet)
+
+instance Core.AWSRequest DescribePermissionSet where
+  type
+    AWSResponse DescribePermissionSet =
+      DescribePermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribePermissionSetResponse'
+            Prelude.<$> (x Data..?> "PermissionSet")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribePermissionSet where
+  hashWithSalt _salt DescribePermissionSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` permissionSetArn
+
+instance Prelude.NFData DescribePermissionSet where
+  rnf DescribePermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance Data.ToHeaders DescribePermissionSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DescribePermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribePermissionSet where
+  toJSON DescribePermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance Data.ToPath DescribePermissionSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribePermissionSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribePermissionSetResponse' smart constructor.
+data DescribePermissionSetResponse = DescribePermissionSetResponse'
+  { -- | Describes the level of access on an AWS account.
+    permissionSet :: Prelude.Maybe PermissionSet,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribePermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'permissionSet', 'describePermissionSetResponse_permissionSet' - Describes the level of access on an AWS account.
+--
+-- 'httpStatus', 'describePermissionSetResponse_httpStatus' - The response's http status code.
+newDescribePermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribePermissionSetResponse
+newDescribePermissionSetResponse pHttpStatus_ =
+  DescribePermissionSetResponse'
+    { permissionSet =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Describes the level of access on an AWS account.
+describePermissionSetResponse_permissionSet :: Lens.Lens' DescribePermissionSetResponse (Prelude.Maybe PermissionSet)
+describePermissionSetResponse_permissionSet = Lens.lens (\DescribePermissionSetResponse' {permissionSet} -> permissionSet) (\s@DescribePermissionSetResponse' {} a -> s {permissionSet = a} :: DescribePermissionSetResponse)
+
+-- | The response's http status code.
+describePermissionSetResponse_httpStatus :: Lens.Lens' DescribePermissionSetResponse Prelude.Int
+describePermissionSetResponse_httpStatus = Lens.lens (\DescribePermissionSetResponse' {httpStatus} -> httpStatus) (\s@DescribePermissionSetResponse' {} a -> s {httpStatus = a} :: DescribePermissionSetResponse)
+
+instance Prelude.NFData DescribePermissionSetResponse where
+  rnf DescribePermissionSetResponse' {..} =
+    Prelude.rnf permissionSet
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DescribePermissionSetProvisioningStatus.hs b/gen/Amazonka/SSOAdmin/DescribePermissionSetProvisioningStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DescribePermissionSetProvisioningStatus.hs
@@ -0,0 +1,236 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DescribePermissionSetProvisioningStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Describes the status for the given permission set provisioning request.
+module Amazonka.SSOAdmin.DescribePermissionSetProvisioningStatus
+  ( -- * Creating a Request
+    DescribePermissionSetProvisioningStatus (..),
+    newDescribePermissionSetProvisioningStatus,
+
+    -- * Request Lenses
+    describePermissionSetProvisioningStatus_instanceArn,
+    describePermissionSetProvisioningStatus_provisionPermissionSetRequestId,
+
+    -- * Destructuring the Response
+    DescribePermissionSetProvisioningStatusResponse (..),
+    newDescribePermissionSetProvisioningStatusResponse,
+
+    -- * Response Lenses
+    describePermissionSetProvisioningStatusResponse_permissionSetProvisioningStatus,
+    describePermissionSetProvisioningStatusResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDescribePermissionSetProvisioningStatus' smart constructor.
+data DescribePermissionSetProvisioningStatus = DescribePermissionSetProvisioningStatus'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The identifier that is provided by the ProvisionPermissionSet call to
+    -- retrieve the current status of the provisioning workflow.
+    provisionPermissionSetRequestId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribePermissionSetProvisioningStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'describePermissionSetProvisioningStatus_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'provisionPermissionSetRequestId', 'describePermissionSetProvisioningStatus_provisionPermissionSetRequestId' - The identifier that is provided by the ProvisionPermissionSet call to
+-- retrieve the current status of the provisioning workflow.
+newDescribePermissionSetProvisioningStatus ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'provisionPermissionSetRequestId'
+  Prelude.Text ->
+  DescribePermissionSetProvisioningStatus
+newDescribePermissionSetProvisioningStatus
+  pInstanceArn_
+  pProvisionPermissionSetRequestId_ =
+    DescribePermissionSetProvisioningStatus'
+      { instanceArn =
+          pInstanceArn_,
+        provisionPermissionSetRequestId =
+          pProvisionPermissionSetRequestId_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+describePermissionSetProvisioningStatus_instanceArn :: Lens.Lens' DescribePermissionSetProvisioningStatus Prelude.Text
+describePermissionSetProvisioningStatus_instanceArn = Lens.lens (\DescribePermissionSetProvisioningStatus' {instanceArn} -> instanceArn) (\s@DescribePermissionSetProvisioningStatus' {} a -> s {instanceArn = a} :: DescribePermissionSetProvisioningStatus)
+
+-- | The identifier that is provided by the ProvisionPermissionSet call to
+-- retrieve the current status of the provisioning workflow.
+describePermissionSetProvisioningStatus_provisionPermissionSetRequestId :: Lens.Lens' DescribePermissionSetProvisioningStatus Prelude.Text
+describePermissionSetProvisioningStatus_provisionPermissionSetRequestId = Lens.lens (\DescribePermissionSetProvisioningStatus' {provisionPermissionSetRequestId} -> provisionPermissionSetRequestId) (\s@DescribePermissionSetProvisioningStatus' {} a -> s {provisionPermissionSetRequestId = a} :: DescribePermissionSetProvisioningStatus)
+
+instance
+  Core.AWSRequest
+    DescribePermissionSetProvisioningStatus
+  where
+  type
+    AWSResponse
+      DescribePermissionSetProvisioningStatus =
+      DescribePermissionSetProvisioningStatusResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribePermissionSetProvisioningStatusResponse'
+            Prelude.<$> (x Data..?> "PermissionSetProvisioningStatus")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DescribePermissionSetProvisioningStatus
+  where
+  hashWithSalt
+    _salt
+    DescribePermissionSetProvisioningStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` provisionPermissionSetRequestId
+
+instance
+  Prelude.NFData
+    DescribePermissionSetProvisioningStatus
+  where
+  rnf DescribePermissionSetProvisioningStatus' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf provisionPermissionSetRequestId
+
+instance
+  Data.ToHeaders
+    DescribePermissionSetProvisioningStatus
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DescribePermissionSetProvisioningStatus" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DescribePermissionSetProvisioningStatus
+  where
+  toJSON DescribePermissionSetProvisioningStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ( "ProvisionPermissionSetRequestId"
+                  Data..= provisionPermissionSetRequestId
+              )
+          ]
+      )
+
+instance
+  Data.ToPath
+    DescribePermissionSetProvisioningStatus
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DescribePermissionSetProvisioningStatus
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribePermissionSetProvisioningStatusResponse' smart constructor.
+data DescribePermissionSetProvisioningStatusResponse = DescribePermissionSetProvisioningStatusResponse'
+  { -- | The status object for the permission set provisioning operation.
+    permissionSetProvisioningStatus :: Prelude.Maybe PermissionSetProvisioningStatus,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribePermissionSetProvisioningStatusResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'permissionSetProvisioningStatus', 'describePermissionSetProvisioningStatusResponse_permissionSetProvisioningStatus' - The status object for the permission set provisioning operation.
+--
+-- 'httpStatus', 'describePermissionSetProvisioningStatusResponse_httpStatus' - The response's http status code.
+newDescribePermissionSetProvisioningStatusResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribePermissionSetProvisioningStatusResponse
+newDescribePermissionSetProvisioningStatusResponse
+  pHttpStatus_ =
+    DescribePermissionSetProvisioningStatusResponse'
+      { permissionSetProvisioningStatus =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The status object for the permission set provisioning operation.
+describePermissionSetProvisioningStatusResponse_permissionSetProvisioningStatus :: Lens.Lens' DescribePermissionSetProvisioningStatusResponse (Prelude.Maybe PermissionSetProvisioningStatus)
+describePermissionSetProvisioningStatusResponse_permissionSetProvisioningStatus = Lens.lens (\DescribePermissionSetProvisioningStatusResponse' {permissionSetProvisioningStatus} -> permissionSetProvisioningStatus) (\s@DescribePermissionSetProvisioningStatusResponse' {} a -> s {permissionSetProvisioningStatus = a} :: DescribePermissionSetProvisioningStatusResponse)
+
+-- | The response's http status code.
+describePermissionSetProvisioningStatusResponse_httpStatus :: Lens.Lens' DescribePermissionSetProvisioningStatusResponse Prelude.Int
+describePermissionSetProvisioningStatusResponse_httpStatus = Lens.lens (\DescribePermissionSetProvisioningStatusResponse' {httpStatus} -> httpStatus) (\s@DescribePermissionSetProvisioningStatusResponse' {} a -> s {httpStatus = a} :: DescribePermissionSetProvisioningStatusResponse)
+
+instance
+  Prelude.NFData
+    DescribePermissionSetProvisioningStatusResponse
+  where
+  rnf
+    DescribePermissionSetProvisioningStatusResponse' {..} =
+      Prelude.rnf permissionSetProvisioningStatus
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DetachCustomerManagedPolicyReferenceFromPermissionSet.hs b/gen/Amazonka/SSOAdmin/DetachCustomerManagedPolicyReferenceFromPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DetachCustomerManagedPolicyReferenceFromPermissionSet.hs
@@ -0,0 +1,242 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DetachCustomerManagedPolicyReferenceFromPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Detaches the specified customer managed policy from the specified
+-- PermissionSet.
+module Amazonka.SSOAdmin.DetachCustomerManagedPolicyReferenceFromPermissionSet
+  ( -- * Creating a Request
+    DetachCustomerManagedPolicyReferenceFromPermissionSet (..),
+    newDetachCustomerManagedPolicyReferenceFromPermissionSet,
+
+    -- * Request Lenses
+    detachCustomerManagedPolicyReferenceFromPermissionSet_instanceArn,
+    detachCustomerManagedPolicyReferenceFromPermissionSet_permissionSetArn,
+    detachCustomerManagedPolicyReferenceFromPermissionSet_customerManagedPolicyReference,
+
+    -- * Destructuring the Response
+    DetachCustomerManagedPolicyReferenceFromPermissionSetResponse (..),
+    newDetachCustomerManagedPolicyReferenceFromPermissionSetResponse,
+
+    -- * Response Lenses
+    detachCustomerManagedPolicyReferenceFromPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDetachCustomerManagedPolicyReferenceFromPermissionSet' smart constructor.
+data DetachCustomerManagedPolicyReferenceFromPermissionSet = DetachCustomerManagedPolicyReferenceFromPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the @PermissionSet@.
+    permissionSetArn :: Prelude.Text,
+    -- | Specifies the name and path of a customer managed policy. You must have
+    -- an IAM policy that matches the name and path in each AWS account where
+    -- you want to deploy your permission set.
+    customerManagedPolicyReference :: CustomerManagedPolicyReference
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DetachCustomerManagedPolicyReferenceFromPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'detachCustomerManagedPolicyReferenceFromPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'permissionSetArn', 'detachCustomerManagedPolicyReferenceFromPermissionSet_permissionSetArn' - The ARN of the @PermissionSet@.
+--
+-- 'customerManagedPolicyReference', 'detachCustomerManagedPolicyReferenceFromPermissionSet_customerManagedPolicyReference' - Specifies the name and path of a customer managed policy. You must have
+-- an IAM policy that matches the name and path in each AWS account where
+-- you want to deploy your permission set.
+newDetachCustomerManagedPolicyReferenceFromPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'customerManagedPolicyReference'
+  CustomerManagedPolicyReference ->
+  DetachCustomerManagedPolicyReferenceFromPermissionSet
+newDetachCustomerManagedPolicyReferenceFromPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_
+  pCustomerManagedPolicyReference_ =
+    DetachCustomerManagedPolicyReferenceFromPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn =
+          pPermissionSetArn_,
+        customerManagedPolicyReference =
+          pCustomerManagedPolicyReference_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+detachCustomerManagedPolicyReferenceFromPermissionSet_instanceArn :: Lens.Lens' DetachCustomerManagedPolicyReferenceFromPermissionSet Prelude.Text
+detachCustomerManagedPolicyReferenceFromPermissionSet_instanceArn = Lens.lens (\DetachCustomerManagedPolicyReferenceFromPermissionSet' {instanceArn} -> instanceArn) (\s@DetachCustomerManagedPolicyReferenceFromPermissionSet' {} a -> s {instanceArn = a} :: DetachCustomerManagedPolicyReferenceFromPermissionSet)
+
+-- | The ARN of the @PermissionSet@.
+detachCustomerManagedPolicyReferenceFromPermissionSet_permissionSetArn :: Lens.Lens' DetachCustomerManagedPolicyReferenceFromPermissionSet Prelude.Text
+detachCustomerManagedPolicyReferenceFromPermissionSet_permissionSetArn = Lens.lens (\DetachCustomerManagedPolicyReferenceFromPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@DetachCustomerManagedPolicyReferenceFromPermissionSet' {} a -> s {permissionSetArn = a} :: DetachCustomerManagedPolicyReferenceFromPermissionSet)
+
+-- | Specifies the name and path of a customer managed policy. You must have
+-- an IAM policy that matches the name and path in each AWS account where
+-- you want to deploy your permission set.
+detachCustomerManagedPolicyReferenceFromPermissionSet_customerManagedPolicyReference :: Lens.Lens' DetachCustomerManagedPolicyReferenceFromPermissionSet CustomerManagedPolicyReference
+detachCustomerManagedPolicyReferenceFromPermissionSet_customerManagedPolicyReference = Lens.lens (\DetachCustomerManagedPolicyReferenceFromPermissionSet' {customerManagedPolicyReference} -> customerManagedPolicyReference) (\s@DetachCustomerManagedPolicyReferenceFromPermissionSet' {} a -> s {customerManagedPolicyReference = a} :: DetachCustomerManagedPolicyReferenceFromPermissionSet)
+
+instance
+  Core.AWSRequest
+    DetachCustomerManagedPolicyReferenceFromPermissionSet
+  where
+  type
+    AWSResponse
+      DetachCustomerManagedPolicyReferenceFromPermissionSet =
+      DetachCustomerManagedPolicyReferenceFromPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DetachCustomerManagedPolicyReferenceFromPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DetachCustomerManagedPolicyReferenceFromPermissionSet
+  where
+  hashWithSalt
+    _salt
+    DetachCustomerManagedPolicyReferenceFromPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` customerManagedPolicyReference
+
+instance
+  Prelude.NFData
+    DetachCustomerManagedPolicyReferenceFromPermissionSet
+  where
+  rnf
+    DetachCustomerManagedPolicyReferenceFromPermissionSet' {..} =
+      Prelude.rnf instanceArn
+        `Prelude.seq` Prelude.rnf permissionSetArn
+        `Prelude.seq` Prelude.rnf customerManagedPolicyReference
+
+instance
+  Data.ToHeaders
+    DetachCustomerManagedPolicyReferenceFromPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DetachCustomerManagedPolicyReferenceFromPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DetachCustomerManagedPolicyReferenceFromPermissionSet
+  where
+  toJSON
+    DetachCustomerManagedPolicyReferenceFromPermissionSet' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+              Prelude.Just
+                ("PermissionSetArn" Data..= permissionSetArn),
+              Prelude.Just
+                ( "CustomerManagedPolicyReference"
+                    Data..= customerManagedPolicyReference
+                )
+            ]
+        )
+
+instance
+  Data.ToPath
+    DetachCustomerManagedPolicyReferenceFromPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DetachCustomerManagedPolicyReferenceFromPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDetachCustomerManagedPolicyReferenceFromPermissionSetResponse' smart constructor.
+data DetachCustomerManagedPolicyReferenceFromPermissionSetResponse = DetachCustomerManagedPolicyReferenceFromPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DetachCustomerManagedPolicyReferenceFromPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'detachCustomerManagedPolicyReferenceFromPermissionSetResponse_httpStatus' - The response's http status code.
+newDetachCustomerManagedPolicyReferenceFromPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DetachCustomerManagedPolicyReferenceFromPermissionSetResponse
+newDetachCustomerManagedPolicyReferenceFromPermissionSetResponse
+  pHttpStatus_ =
+    DetachCustomerManagedPolicyReferenceFromPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+detachCustomerManagedPolicyReferenceFromPermissionSetResponse_httpStatus :: Lens.Lens' DetachCustomerManagedPolicyReferenceFromPermissionSetResponse Prelude.Int
+detachCustomerManagedPolicyReferenceFromPermissionSetResponse_httpStatus = Lens.lens (\DetachCustomerManagedPolicyReferenceFromPermissionSetResponse' {httpStatus} -> httpStatus) (\s@DetachCustomerManagedPolicyReferenceFromPermissionSetResponse' {} a -> s {httpStatus = a} :: DetachCustomerManagedPolicyReferenceFromPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    DetachCustomerManagedPolicyReferenceFromPermissionSetResponse
+  where
+  rnf
+    DetachCustomerManagedPolicyReferenceFromPermissionSetResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/DetachManagedPolicyFromPermissionSet.hs b/gen/Amazonka/SSOAdmin/DetachManagedPolicyFromPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/DetachManagedPolicyFromPermissionSet.hs
@@ -0,0 +1,234 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.DetachManagedPolicyFromPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Detaches the attached AWS managed policy ARN from the specified
+-- permission set.
+module Amazonka.SSOAdmin.DetachManagedPolicyFromPermissionSet
+  ( -- * Creating a Request
+    DetachManagedPolicyFromPermissionSet (..),
+    newDetachManagedPolicyFromPermissionSet,
+
+    -- * Request Lenses
+    detachManagedPolicyFromPermissionSet_instanceArn,
+    detachManagedPolicyFromPermissionSet_permissionSetArn,
+    detachManagedPolicyFromPermissionSet_managedPolicyArn,
+
+    -- * Destructuring the Response
+    DetachManagedPolicyFromPermissionSetResponse (..),
+    newDetachManagedPolicyFromPermissionSetResponse,
+
+    -- * Response Lenses
+    detachManagedPolicyFromPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newDetachManagedPolicyFromPermissionSet' smart constructor.
+data DetachManagedPolicyFromPermissionSet = DetachManagedPolicyFromPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the PermissionSet from which the policy should be detached.
+    permissionSetArn :: Prelude.Text,
+    -- | The AWS managed policy ARN to be detached from a permission set.
+    managedPolicyArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DetachManagedPolicyFromPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'detachManagedPolicyFromPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'detachManagedPolicyFromPermissionSet_permissionSetArn' - The ARN of the PermissionSet from which the policy should be detached.
+--
+-- 'managedPolicyArn', 'detachManagedPolicyFromPermissionSet_managedPolicyArn' - The AWS managed policy ARN to be detached from a permission set.
+newDetachManagedPolicyFromPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'managedPolicyArn'
+  Prelude.Text ->
+  DetachManagedPolicyFromPermissionSet
+newDetachManagedPolicyFromPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_
+  pManagedPolicyArn_ =
+    DetachManagedPolicyFromPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_,
+        managedPolicyArn = pManagedPolicyArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+detachManagedPolicyFromPermissionSet_instanceArn :: Lens.Lens' DetachManagedPolicyFromPermissionSet Prelude.Text
+detachManagedPolicyFromPermissionSet_instanceArn = Lens.lens (\DetachManagedPolicyFromPermissionSet' {instanceArn} -> instanceArn) (\s@DetachManagedPolicyFromPermissionSet' {} a -> s {instanceArn = a} :: DetachManagedPolicyFromPermissionSet)
+
+-- | The ARN of the PermissionSet from which the policy should be detached.
+detachManagedPolicyFromPermissionSet_permissionSetArn :: Lens.Lens' DetachManagedPolicyFromPermissionSet Prelude.Text
+detachManagedPolicyFromPermissionSet_permissionSetArn = Lens.lens (\DetachManagedPolicyFromPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@DetachManagedPolicyFromPermissionSet' {} a -> s {permissionSetArn = a} :: DetachManagedPolicyFromPermissionSet)
+
+-- | The AWS managed policy ARN to be detached from a permission set.
+detachManagedPolicyFromPermissionSet_managedPolicyArn :: Lens.Lens' DetachManagedPolicyFromPermissionSet Prelude.Text
+detachManagedPolicyFromPermissionSet_managedPolicyArn = Lens.lens (\DetachManagedPolicyFromPermissionSet' {managedPolicyArn} -> managedPolicyArn) (\s@DetachManagedPolicyFromPermissionSet' {} a -> s {managedPolicyArn = a} :: DetachManagedPolicyFromPermissionSet)
+
+instance
+  Core.AWSRequest
+    DetachManagedPolicyFromPermissionSet
+  where
+  type
+    AWSResponse DetachManagedPolicyFromPermissionSet =
+      DetachManagedPolicyFromPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DetachManagedPolicyFromPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DetachManagedPolicyFromPermissionSet
+  where
+  hashWithSalt
+    _salt
+    DetachManagedPolicyFromPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` managedPolicyArn
+
+instance
+  Prelude.NFData
+    DetachManagedPolicyFromPermissionSet
+  where
+  rnf DetachManagedPolicyFromPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf managedPolicyArn
+
+instance
+  Data.ToHeaders
+    DetachManagedPolicyFromPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.DetachManagedPolicyFromPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DetachManagedPolicyFromPermissionSet
+  where
+  toJSON DetachManagedPolicyFromPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn),
+            Prelude.Just
+              ("ManagedPolicyArn" Data..= managedPolicyArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    DetachManagedPolicyFromPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DetachManagedPolicyFromPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDetachManagedPolicyFromPermissionSetResponse' smart constructor.
+data DetachManagedPolicyFromPermissionSetResponse = DetachManagedPolicyFromPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DetachManagedPolicyFromPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'detachManagedPolicyFromPermissionSetResponse_httpStatus' - The response's http status code.
+newDetachManagedPolicyFromPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DetachManagedPolicyFromPermissionSetResponse
+newDetachManagedPolicyFromPermissionSetResponse
+  pHttpStatus_ =
+    DetachManagedPolicyFromPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+detachManagedPolicyFromPermissionSetResponse_httpStatus :: Lens.Lens' DetachManagedPolicyFromPermissionSetResponse Prelude.Int
+detachManagedPolicyFromPermissionSetResponse_httpStatus = Lens.lens (\DetachManagedPolicyFromPermissionSetResponse' {httpStatus} -> httpStatus) (\s@DetachManagedPolicyFromPermissionSetResponse' {} a -> s {httpStatus = a} :: DetachManagedPolicyFromPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    DetachManagedPolicyFromPermissionSetResponse
+  where
+  rnf DetachManagedPolicyFromPermissionSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/GetInlinePolicyForPermissionSet.hs b/gen/Amazonka/SSOAdmin/GetInlinePolicyForPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/GetInlinePolicyForPermissionSet.hs
@@ -0,0 +1,219 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.GetInlinePolicyForPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Obtains the inline policy assigned to the permission set.
+module Amazonka.SSOAdmin.GetInlinePolicyForPermissionSet
+  ( -- * Creating a Request
+    GetInlinePolicyForPermissionSet (..),
+    newGetInlinePolicyForPermissionSet,
+
+    -- * Request Lenses
+    getInlinePolicyForPermissionSet_instanceArn,
+    getInlinePolicyForPermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    GetInlinePolicyForPermissionSetResponse (..),
+    newGetInlinePolicyForPermissionSetResponse,
+
+    -- * Response Lenses
+    getInlinePolicyForPermissionSetResponse_inlinePolicy,
+    getInlinePolicyForPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newGetInlinePolicyForPermissionSet' smart constructor.
+data GetInlinePolicyForPermissionSet = GetInlinePolicyForPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the permission set.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInlinePolicyForPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'getInlinePolicyForPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'getInlinePolicyForPermissionSet_permissionSetArn' - The ARN of the permission set.
+newGetInlinePolicyForPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  GetInlinePolicyForPermissionSet
+newGetInlinePolicyForPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    GetInlinePolicyForPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+getInlinePolicyForPermissionSet_instanceArn :: Lens.Lens' GetInlinePolicyForPermissionSet Prelude.Text
+getInlinePolicyForPermissionSet_instanceArn = Lens.lens (\GetInlinePolicyForPermissionSet' {instanceArn} -> instanceArn) (\s@GetInlinePolicyForPermissionSet' {} a -> s {instanceArn = a} :: GetInlinePolicyForPermissionSet)
+
+-- | The ARN of the permission set.
+getInlinePolicyForPermissionSet_permissionSetArn :: Lens.Lens' GetInlinePolicyForPermissionSet Prelude.Text
+getInlinePolicyForPermissionSet_permissionSetArn = Lens.lens (\GetInlinePolicyForPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@GetInlinePolicyForPermissionSet' {} a -> s {permissionSetArn = a} :: GetInlinePolicyForPermissionSet)
+
+instance
+  Core.AWSRequest
+    GetInlinePolicyForPermissionSet
+  where
+  type
+    AWSResponse GetInlinePolicyForPermissionSet =
+      GetInlinePolicyForPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetInlinePolicyForPermissionSetResponse'
+            Prelude.<$> (x Data..?> "InlinePolicy")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    GetInlinePolicyForPermissionSet
+  where
+  hashWithSalt
+    _salt
+    GetInlinePolicyForPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+
+instance
+  Prelude.NFData
+    GetInlinePolicyForPermissionSet
+  where
+  rnf GetInlinePolicyForPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance
+  Data.ToHeaders
+    GetInlinePolicyForPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.GetInlinePolicyForPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetInlinePolicyForPermissionSet where
+  toJSON GetInlinePolicyForPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance Data.ToPath GetInlinePolicyForPermissionSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetInlinePolicyForPermissionSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetInlinePolicyForPermissionSetResponse' smart constructor.
+data GetInlinePolicyForPermissionSetResponse = GetInlinePolicyForPermissionSetResponse'
+  { -- | The inline policy that is attached to the permission set.
+    inlinePolicy :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetInlinePolicyForPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'inlinePolicy', 'getInlinePolicyForPermissionSetResponse_inlinePolicy' - The inline policy that is attached to the permission set.
+--
+-- 'httpStatus', 'getInlinePolicyForPermissionSetResponse_httpStatus' - The response's http status code.
+newGetInlinePolicyForPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetInlinePolicyForPermissionSetResponse
+newGetInlinePolicyForPermissionSetResponse
+  pHttpStatus_ =
+    GetInlinePolicyForPermissionSetResponse'
+      { inlinePolicy =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The inline policy that is attached to the permission set.
+getInlinePolicyForPermissionSetResponse_inlinePolicy :: Lens.Lens' GetInlinePolicyForPermissionSetResponse (Prelude.Maybe Prelude.Text)
+getInlinePolicyForPermissionSetResponse_inlinePolicy = Lens.lens (\GetInlinePolicyForPermissionSetResponse' {inlinePolicy} -> inlinePolicy) (\s@GetInlinePolicyForPermissionSetResponse' {} a -> s {inlinePolicy = a} :: GetInlinePolicyForPermissionSetResponse)
+
+-- | The response's http status code.
+getInlinePolicyForPermissionSetResponse_httpStatus :: Lens.Lens' GetInlinePolicyForPermissionSetResponse Prelude.Int
+getInlinePolicyForPermissionSetResponse_httpStatus = Lens.lens (\GetInlinePolicyForPermissionSetResponse' {httpStatus} -> httpStatus) (\s@GetInlinePolicyForPermissionSetResponse' {} a -> s {httpStatus = a} :: GetInlinePolicyForPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    GetInlinePolicyForPermissionSetResponse
+  where
+  rnf GetInlinePolicyForPermissionSetResponse' {..} =
+    Prelude.rnf inlinePolicy
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/GetPermissionsBoundaryForPermissionSet.hs b/gen/Amazonka/SSOAdmin/GetPermissionsBoundaryForPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/GetPermissionsBoundaryForPermissionSet.hs
@@ -0,0 +1,225 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.GetPermissionsBoundaryForPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Obtains the permissions boundary for a specified PermissionSet.
+module Amazonka.SSOAdmin.GetPermissionsBoundaryForPermissionSet
+  ( -- * Creating a Request
+    GetPermissionsBoundaryForPermissionSet (..),
+    newGetPermissionsBoundaryForPermissionSet,
+
+    -- * Request Lenses
+    getPermissionsBoundaryForPermissionSet_instanceArn,
+    getPermissionsBoundaryForPermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    GetPermissionsBoundaryForPermissionSetResponse (..),
+    newGetPermissionsBoundaryForPermissionSetResponse,
+
+    -- * Response Lenses
+    getPermissionsBoundaryForPermissionSetResponse_permissionsBoundary,
+    getPermissionsBoundaryForPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newGetPermissionsBoundaryForPermissionSet' smart constructor.
+data GetPermissionsBoundaryForPermissionSet = GetPermissionsBoundaryForPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the @PermissionSet@.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetPermissionsBoundaryForPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'getPermissionsBoundaryForPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'permissionSetArn', 'getPermissionsBoundaryForPermissionSet_permissionSetArn' - The ARN of the @PermissionSet@.
+newGetPermissionsBoundaryForPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  GetPermissionsBoundaryForPermissionSet
+newGetPermissionsBoundaryForPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    GetPermissionsBoundaryForPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn =
+          pPermissionSetArn_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+getPermissionsBoundaryForPermissionSet_instanceArn :: Lens.Lens' GetPermissionsBoundaryForPermissionSet Prelude.Text
+getPermissionsBoundaryForPermissionSet_instanceArn = Lens.lens (\GetPermissionsBoundaryForPermissionSet' {instanceArn} -> instanceArn) (\s@GetPermissionsBoundaryForPermissionSet' {} a -> s {instanceArn = a} :: GetPermissionsBoundaryForPermissionSet)
+
+-- | The ARN of the @PermissionSet@.
+getPermissionsBoundaryForPermissionSet_permissionSetArn :: Lens.Lens' GetPermissionsBoundaryForPermissionSet Prelude.Text
+getPermissionsBoundaryForPermissionSet_permissionSetArn = Lens.lens (\GetPermissionsBoundaryForPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@GetPermissionsBoundaryForPermissionSet' {} a -> s {permissionSetArn = a} :: GetPermissionsBoundaryForPermissionSet)
+
+instance
+  Core.AWSRequest
+    GetPermissionsBoundaryForPermissionSet
+  where
+  type
+    AWSResponse
+      GetPermissionsBoundaryForPermissionSet =
+      GetPermissionsBoundaryForPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetPermissionsBoundaryForPermissionSetResponse'
+            Prelude.<$> (x Data..?> "PermissionsBoundary")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    GetPermissionsBoundaryForPermissionSet
+  where
+  hashWithSalt
+    _salt
+    GetPermissionsBoundaryForPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+
+instance
+  Prelude.NFData
+    GetPermissionsBoundaryForPermissionSet
+  where
+  rnf GetPermissionsBoundaryForPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance
+  Data.ToHeaders
+    GetPermissionsBoundaryForPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.GetPermissionsBoundaryForPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    GetPermissionsBoundaryForPermissionSet
+  where
+  toJSON GetPermissionsBoundaryForPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    GetPermissionsBoundaryForPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    GetPermissionsBoundaryForPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetPermissionsBoundaryForPermissionSetResponse' smart constructor.
+data GetPermissionsBoundaryForPermissionSetResponse = GetPermissionsBoundaryForPermissionSetResponse'
+  { -- | The permissions boundary attached to the specified permission set.
+    permissionsBoundary :: Prelude.Maybe PermissionsBoundary,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetPermissionsBoundaryForPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'permissionsBoundary', 'getPermissionsBoundaryForPermissionSetResponse_permissionsBoundary' - The permissions boundary attached to the specified permission set.
+--
+-- 'httpStatus', 'getPermissionsBoundaryForPermissionSetResponse_httpStatus' - The response's http status code.
+newGetPermissionsBoundaryForPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetPermissionsBoundaryForPermissionSetResponse
+newGetPermissionsBoundaryForPermissionSetResponse
+  pHttpStatus_ =
+    GetPermissionsBoundaryForPermissionSetResponse'
+      { permissionsBoundary =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The permissions boundary attached to the specified permission set.
+getPermissionsBoundaryForPermissionSetResponse_permissionsBoundary :: Lens.Lens' GetPermissionsBoundaryForPermissionSetResponse (Prelude.Maybe PermissionsBoundary)
+getPermissionsBoundaryForPermissionSetResponse_permissionsBoundary = Lens.lens (\GetPermissionsBoundaryForPermissionSetResponse' {permissionsBoundary} -> permissionsBoundary) (\s@GetPermissionsBoundaryForPermissionSetResponse' {} a -> s {permissionsBoundary = a} :: GetPermissionsBoundaryForPermissionSetResponse)
+
+-- | The response's http status code.
+getPermissionsBoundaryForPermissionSetResponse_httpStatus :: Lens.Lens' GetPermissionsBoundaryForPermissionSetResponse Prelude.Int
+getPermissionsBoundaryForPermissionSetResponse_httpStatus = Lens.lens (\GetPermissionsBoundaryForPermissionSetResponse' {httpStatus} -> httpStatus) (\s@GetPermissionsBoundaryForPermissionSetResponse' {} a -> s {httpStatus = a} :: GetPermissionsBoundaryForPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    GetPermissionsBoundaryForPermissionSetResponse
+  where
+  rnf
+    GetPermissionsBoundaryForPermissionSetResponse' {..} =
+      Prelude.rnf permissionsBoundary
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/Lens.hs b/gen/Amazonka/SSOAdmin/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Lens.hs
@@ -0,0 +1,412 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Lens
+  ( -- * Operations
+
+    -- ** AttachCustomerManagedPolicyReferenceToPermissionSet
+    attachCustomerManagedPolicyReferenceToPermissionSet_instanceArn,
+    attachCustomerManagedPolicyReferenceToPermissionSet_permissionSetArn,
+    attachCustomerManagedPolicyReferenceToPermissionSet_customerManagedPolicyReference,
+    attachCustomerManagedPolicyReferenceToPermissionSetResponse_httpStatus,
+
+    -- ** AttachManagedPolicyToPermissionSet
+    attachManagedPolicyToPermissionSet_instanceArn,
+    attachManagedPolicyToPermissionSet_permissionSetArn,
+    attachManagedPolicyToPermissionSet_managedPolicyArn,
+    attachManagedPolicyToPermissionSetResponse_httpStatus,
+
+    -- ** CreateAccountAssignment
+    createAccountAssignment_instanceArn,
+    createAccountAssignment_targetId,
+    createAccountAssignment_targetType,
+    createAccountAssignment_permissionSetArn,
+    createAccountAssignment_principalType,
+    createAccountAssignment_principalId,
+    createAccountAssignmentResponse_accountAssignmentCreationStatus,
+    createAccountAssignmentResponse_httpStatus,
+
+    -- ** CreateInstanceAccessControlAttributeConfiguration
+    createInstanceAccessControlAttributeConfiguration_instanceArn,
+    createInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration,
+    createInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+
+    -- ** CreatePermissionSet
+    createPermissionSet_description,
+    createPermissionSet_relayState,
+    createPermissionSet_sessionDuration,
+    createPermissionSet_tags,
+    createPermissionSet_name,
+    createPermissionSet_instanceArn,
+    createPermissionSetResponse_permissionSet,
+    createPermissionSetResponse_httpStatus,
+
+    -- ** DeleteAccountAssignment
+    deleteAccountAssignment_instanceArn,
+    deleteAccountAssignment_targetId,
+    deleteAccountAssignment_targetType,
+    deleteAccountAssignment_permissionSetArn,
+    deleteAccountAssignment_principalType,
+    deleteAccountAssignment_principalId,
+    deleteAccountAssignmentResponse_accountAssignmentDeletionStatus,
+    deleteAccountAssignmentResponse_httpStatus,
+
+    -- ** DeleteInlinePolicyFromPermissionSet
+    deleteInlinePolicyFromPermissionSet_instanceArn,
+    deleteInlinePolicyFromPermissionSet_permissionSetArn,
+    deleteInlinePolicyFromPermissionSetResponse_httpStatus,
+
+    -- ** DeleteInstanceAccessControlAttributeConfiguration
+    deleteInstanceAccessControlAttributeConfiguration_instanceArn,
+    deleteInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+
+    -- ** DeletePermissionSet
+    deletePermissionSet_instanceArn,
+    deletePermissionSet_permissionSetArn,
+    deletePermissionSetResponse_httpStatus,
+
+    -- ** DeletePermissionsBoundaryFromPermissionSet
+    deletePermissionsBoundaryFromPermissionSet_instanceArn,
+    deletePermissionsBoundaryFromPermissionSet_permissionSetArn,
+    deletePermissionsBoundaryFromPermissionSetResponse_httpStatus,
+
+    -- ** DescribeAccountAssignmentCreationStatus
+    describeAccountAssignmentCreationStatus_instanceArn,
+    describeAccountAssignmentCreationStatus_accountAssignmentCreationRequestId,
+    describeAccountAssignmentCreationStatusResponse_accountAssignmentCreationStatus,
+    describeAccountAssignmentCreationStatusResponse_httpStatus,
+
+    -- ** DescribeAccountAssignmentDeletionStatus
+    describeAccountAssignmentDeletionStatus_instanceArn,
+    describeAccountAssignmentDeletionStatus_accountAssignmentDeletionRequestId,
+    describeAccountAssignmentDeletionStatusResponse_accountAssignmentDeletionStatus,
+    describeAccountAssignmentDeletionStatusResponse_httpStatus,
+
+    -- ** DescribeInstanceAccessControlAttributeConfiguration
+    describeInstanceAccessControlAttributeConfiguration_instanceArn,
+    describeInstanceAccessControlAttributeConfigurationResponse_instanceAccessControlAttributeConfiguration,
+    describeInstanceAccessControlAttributeConfigurationResponse_status,
+    describeInstanceAccessControlAttributeConfigurationResponse_statusReason,
+    describeInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+
+    -- ** DescribePermissionSet
+    describePermissionSet_instanceArn,
+    describePermissionSet_permissionSetArn,
+    describePermissionSetResponse_permissionSet,
+    describePermissionSetResponse_httpStatus,
+
+    -- ** DescribePermissionSetProvisioningStatus
+    describePermissionSetProvisioningStatus_instanceArn,
+    describePermissionSetProvisioningStatus_provisionPermissionSetRequestId,
+    describePermissionSetProvisioningStatusResponse_permissionSetProvisioningStatus,
+    describePermissionSetProvisioningStatusResponse_httpStatus,
+
+    -- ** DetachCustomerManagedPolicyReferenceFromPermissionSet
+    detachCustomerManagedPolicyReferenceFromPermissionSet_instanceArn,
+    detachCustomerManagedPolicyReferenceFromPermissionSet_permissionSetArn,
+    detachCustomerManagedPolicyReferenceFromPermissionSet_customerManagedPolicyReference,
+    detachCustomerManagedPolicyReferenceFromPermissionSetResponse_httpStatus,
+
+    -- ** DetachManagedPolicyFromPermissionSet
+    detachManagedPolicyFromPermissionSet_instanceArn,
+    detachManagedPolicyFromPermissionSet_permissionSetArn,
+    detachManagedPolicyFromPermissionSet_managedPolicyArn,
+    detachManagedPolicyFromPermissionSetResponse_httpStatus,
+
+    -- ** GetInlinePolicyForPermissionSet
+    getInlinePolicyForPermissionSet_instanceArn,
+    getInlinePolicyForPermissionSet_permissionSetArn,
+    getInlinePolicyForPermissionSetResponse_inlinePolicy,
+    getInlinePolicyForPermissionSetResponse_httpStatus,
+
+    -- ** GetPermissionsBoundaryForPermissionSet
+    getPermissionsBoundaryForPermissionSet_instanceArn,
+    getPermissionsBoundaryForPermissionSet_permissionSetArn,
+    getPermissionsBoundaryForPermissionSetResponse_permissionsBoundary,
+    getPermissionsBoundaryForPermissionSetResponse_httpStatus,
+
+    -- ** ListAccountAssignmentCreationStatus
+    listAccountAssignmentCreationStatus_filter,
+    listAccountAssignmentCreationStatus_maxResults,
+    listAccountAssignmentCreationStatus_nextToken,
+    listAccountAssignmentCreationStatus_instanceArn,
+    listAccountAssignmentCreationStatusResponse_accountAssignmentsCreationStatus,
+    listAccountAssignmentCreationStatusResponse_nextToken,
+    listAccountAssignmentCreationStatusResponse_httpStatus,
+
+    -- ** ListAccountAssignmentDeletionStatus
+    listAccountAssignmentDeletionStatus_filter,
+    listAccountAssignmentDeletionStatus_maxResults,
+    listAccountAssignmentDeletionStatus_nextToken,
+    listAccountAssignmentDeletionStatus_instanceArn,
+    listAccountAssignmentDeletionStatusResponse_accountAssignmentsDeletionStatus,
+    listAccountAssignmentDeletionStatusResponse_nextToken,
+    listAccountAssignmentDeletionStatusResponse_httpStatus,
+
+    -- ** ListAccountAssignments
+    listAccountAssignments_maxResults,
+    listAccountAssignments_nextToken,
+    listAccountAssignments_instanceArn,
+    listAccountAssignments_accountId,
+    listAccountAssignments_permissionSetArn,
+    listAccountAssignmentsResponse_accountAssignments,
+    listAccountAssignmentsResponse_nextToken,
+    listAccountAssignmentsResponse_httpStatus,
+
+    -- ** ListAccountsForProvisionedPermissionSet
+    listAccountsForProvisionedPermissionSet_maxResults,
+    listAccountsForProvisionedPermissionSet_nextToken,
+    listAccountsForProvisionedPermissionSet_provisioningStatus,
+    listAccountsForProvisionedPermissionSet_instanceArn,
+    listAccountsForProvisionedPermissionSet_permissionSetArn,
+    listAccountsForProvisionedPermissionSetResponse_accountIds,
+    listAccountsForProvisionedPermissionSetResponse_nextToken,
+    listAccountsForProvisionedPermissionSetResponse_httpStatus,
+
+    -- ** ListCustomerManagedPolicyReferencesInPermissionSet
+    listCustomerManagedPolicyReferencesInPermissionSet_maxResults,
+    listCustomerManagedPolicyReferencesInPermissionSet_nextToken,
+    listCustomerManagedPolicyReferencesInPermissionSet_instanceArn,
+    listCustomerManagedPolicyReferencesInPermissionSet_permissionSetArn,
+    listCustomerManagedPolicyReferencesInPermissionSetResponse_customerManagedPolicyReferences,
+    listCustomerManagedPolicyReferencesInPermissionSetResponse_nextToken,
+    listCustomerManagedPolicyReferencesInPermissionSetResponse_httpStatus,
+
+    -- ** ListInstances
+    listInstances_maxResults,
+    listInstances_nextToken,
+    listInstancesResponse_instances,
+    listInstancesResponse_nextToken,
+    listInstancesResponse_httpStatus,
+
+    -- ** ListManagedPoliciesInPermissionSet
+    listManagedPoliciesInPermissionSet_maxResults,
+    listManagedPoliciesInPermissionSet_nextToken,
+    listManagedPoliciesInPermissionSet_instanceArn,
+    listManagedPoliciesInPermissionSet_permissionSetArn,
+    listManagedPoliciesInPermissionSetResponse_attachedManagedPolicies,
+    listManagedPoliciesInPermissionSetResponse_nextToken,
+    listManagedPoliciesInPermissionSetResponse_httpStatus,
+
+    -- ** ListPermissionSetProvisioningStatus
+    listPermissionSetProvisioningStatus_filter,
+    listPermissionSetProvisioningStatus_maxResults,
+    listPermissionSetProvisioningStatus_nextToken,
+    listPermissionSetProvisioningStatus_instanceArn,
+    listPermissionSetProvisioningStatusResponse_nextToken,
+    listPermissionSetProvisioningStatusResponse_permissionSetsProvisioningStatus,
+    listPermissionSetProvisioningStatusResponse_httpStatus,
+
+    -- ** ListPermissionSets
+    listPermissionSets_maxResults,
+    listPermissionSets_nextToken,
+    listPermissionSets_instanceArn,
+    listPermissionSetsResponse_nextToken,
+    listPermissionSetsResponse_permissionSets,
+    listPermissionSetsResponse_httpStatus,
+
+    -- ** ListPermissionSetsProvisionedToAccount
+    listPermissionSetsProvisionedToAccount_maxResults,
+    listPermissionSetsProvisionedToAccount_nextToken,
+    listPermissionSetsProvisionedToAccount_provisioningStatus,
+    listPermissionSetsProvisionedToAccount_instanceArn,
+    listPermissionSetsProvisionedToAccount_accountId,
+    listPermissionSetsProvisionedToAccountResponse_nextToken,
+    listPermissionSetsProvisionedToAccountResponse_permissionSets,
+    listPermissionSetsProvisionedToAccountResponse_httpStatus,
+
+    -- ** ListTagsForResource
+    listTagsForResource_nextToken,
+    listTagsForResource_instanceArn,
+    listTagsForResource_resourceArn,
+    listTagsForResourceResponse_nextToken,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** ProvisionPermissionSet
+    provisionPermissionSet_targetId,
+    provisionPermissionSet_instanceArn,
+    provisionPermissionSet_permissionSetArn,
+    provisionPermissionSet_targetType,
+    provisionPermissionSetResponse_permissionSetProvisioningStatus,
+    provisionPermissionSetResponse_httpStatus,
+
+    -- ** PutInlinePolicyToPermissionSet
+    putInlinePolicyToPermissionSet_instanceArn,
+    putInlinePolicyToPermissionSet_permissionSetArn,
+    putInlinePolicyToPermissionSet_inlinePolicy,
+    putInlinePolicyToPermissionSetResponse_httpStatus,
+
+    -- ** PutPermissionsBoundaryToPermissionSet
+    putPermissionsBoundaryToPermissionSet_instanceArn,
+    putPermissionsBoundaryToPermissionSet_permissionSetArn,
+    putPermissionsBoundaryToPermissionSet_permissionsBoundary,
+    putPermissionsBoundaryToPermissionSetResponse_httpStatus,
+
+    -- ** TagResource
+    tagResource_instanceArn,
+    tagResource_resourceArn,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_instanceArn,
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateInstanceAccessControlAttributeConfiguration
+    updateInstanceAccessControlAttributeConfiguration_instanceArn,
+    updateInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration,
+    updateInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+
+    -- ** UpdatePermissionSet
+    updatePermissionSet_description,
+    updatePermissionSet_relayState,
+    updatePermissionSet_sessionDuration,
+    updatePermissionSet_instanceArn,
+    updatePermissionSet_permissionSetArn,
+    updatePermissionSetResponse_httpStatus,
+
+    -- * Types
+
+    -- ** AccessControlAttribute
+    accessControlAttribute_key,
+    accessControlAttribute_value,
+
+    -- ** AccessControlAttributeValue
+    accessControlAttributeValue_source,
+
+    -- ** AccountAssignment
+    accountAssignment_accountId,
+    accountAssignment_permissionSetArn,
+    accountAssignment_principalId,
+    accountAssignment_principalType,
+
+    -- ** AccountAssignmentOperationStatus
+    accountAssignmentOperationStatus_createdDate,
+    accountAssignmentOperationStatus_failureReason,
+    accountAssignmentOperationStatus_permissionSetArn,
+    accountAssignmentOperationStatus_principalId,
+    accountAssignmentOperationStatus_principalType,
+    accountAssignmentOperationStatus_requestId,
+    accountAssignmentOperationStatus_status,
+    accountAssignmentOperationStatus_targetId,
+    accountAssignmentOperationStatus_targetType,
+
+    -- ** AccountAssignmentOperationStatusMetadata
+    accountAssignmentOperationStatusMetadata_createdDate,
+    accountAssignmentOperationStatusMetadata_requestId,
+    accountAssignmentOperationStatusMetadata_status,
+
+    -- ** AttachedManagedPolicy
+    attachedManagedPolicy_arn,
+    attachedManagedPolicy_name,
+
+    -- ** CustomerManagedPolicyReference
+    customerManagedPolicyReference_path,
+    customerManagedPolicyReference_name,
+
+    -- ** InstanceAccessControlAttributeConfiguration
+    instanceAccessControlAttributeConfiguration_accessControlAttributes,
+
+    -- ** InstanceMetadata
+    instanceMetadata_identityStoreId,
+    instanceMetadata_instanceArn,
+
+    -- ** OperationStatusFilter
+    operationStatusFilter_status,
+
+    -- ** PermissionSet
+    permissionSet_createdDate,
+    permissionSet_description,
+    permissionSet_name,
+    permissionSet_permissionSetArn,
+    permissionSet_relayState,
+    permissionSet_sessionDuration,
+
+    -- ** PermissionSetProvisioningStatus
+    permissionSetProvisioningStatus_accountId,
+    permissionSetProvisioningStatus_createdDate,
+    permissionSetProvisioningStatus_failureReason,
+    permissionSetProvisioningStatus_permissionSetArn,
+    permissionSetProvisioningStatus_requestId,
+    permissionSetProvisioningStatus_status,
+
+    -- ** PermissionSetProvisioningStatusMetadata
+    permissionSetProvisioningStatusMetadata_createdDate,
+    permissionSetProvisioningStatusMetadata_requestId,
+    permissionSetProvisioningStatusMetadata_status,
+
+    -- ** PermissionsBoundary
+    permissionsBoundary_customerManagedPolicyReference,
+    permissionsBoundary_managedPolicyArn,
+
+    -- ** Tag
+    tag_key,
+    tag_value,
+  )
+where
+
+import Amazonka.SSOAdmin.AttachCustomerManagedPolicyReferenceToPermissionSet
+import Amazonka.SSOAdmin.AttachManagedPolicyToPermissionSet
+import Amazonka.SSOAdmin.CreateAccountAssignment
+import Amazonka.SSOAdmin.CreateInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.CreatePermissionSet
+import Amazonka.SSOAdmin.DeleteAccountAssignment
+import Amazonka.SSOAdmin.DeleteInlinePolicyFromPermissionSet
+import Amazonka.SSOAdmin.DeleteInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.DeletePermissionSet
+import Amazonka.SSOAdmin.DeletePermissionsBoundaryFromPermissionSet
+import Amazonka.SSOAdmin.DescribeAccountAssignmentCreationStatus
+import Amazonka.SSOAdmin.DescribeAccountAssignmentDeletionStatus
+import Amazonka.SSOAdmin.DescribeInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.DescribePermissionSet
+import Amazonka.SSOAdmin.DescribePermissionSetProvisioningStatus
+import Amazonka.SSOAdmin.DetachCustomerManagedPolicyReferenceFromPermissionSet
+import Amazonka.SSOAdmin.DetachManagedPolicyFromPermissionSet
+import Amazonka.SSOAdmin.GetInlinePolicyForPermissionSet
+import Amazonka.SSOAdmin.GetPermissionsBoundaryForPermissionSet
+import Amazonka.SSOAdmin.ListAccountAssignmentCreationStatus
+import Amazonka.SSOAdmin.ListAccountAssignmentDeletionStatus
+import Amazonka.SSOAdmin.ListAccountAssignments
+import Amazonka.SSOAdmin.ListAccountsForProvisionedPermissionSet
+import Amazonka.SSOAdmin.ListCustomerManagedPolicyReferencesInPermissionSet
+import Amazonka.SSOAdmin.ListInstances
+import Amazonka.SSOAdmin.ListManagedPoliciesInPermissionSet
+import Amazonka.SSOAdmin.ListPermissionSetProvisioningStatus
+import Amazonka.SSOAdmin.ListPermissionSets
+import Amazonka.SSOAdmin.ListPermissionSetsProvisionedToAccount
+import Amazonka.SSOAdmin.ListTagsForResource
+import Amazonka.SSOAdmin.ProvisionPermissionSet
+import Amazonka.SSOAdmin.PutInlinePolicyToPermissionSet
+import Amazonka.SSOAdmin.PutPermissionsBoundaryToPermissionSet
+import Amazonka.SSOAdmin.TagResource
+import Amazonka.SSOAdmin.Types.AccessControlAttribute
+import Amazonka.SSOAdmin.Types.AccessControlAttributeValue
+import Amazonka.SSOAdmin.Types.AccountAssignment
+import Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatus
+import Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatusMetadata
+import Amazonka.SSOAdmin.Types.AttachedManagedPolicy
+import Amazonka.SSOAdmin.Types.CustomerManagedPolicyReference
+import Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.Types.InstanceMetadata
+import Amazonka.SSOAdmin.Types.OperationStatusFilter
+import Amazonka.SSOAdmin.Types.PermissionSet
+import Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatus
+import Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatusMetadata
+import Amazonka.SSOAdmin.Types.PermissionsBoundary
+import Amazonka.SSOAdmin.Types.Tag
+import Amazonka.SSOAdmin.UntagResource
+import Amazonka.SSOAdmin.UpdateInstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.UpdatePermissionSet
diff --git a/gen/Amazonka/SSOAdmin/ListAccountAssignmentCreationStatus.hs b/gen/Amazonka/SSOAdmin/ListAccountAssignmentCreationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListAccountAssignmentCreationStatus.hs
@@ -0,0 +1,298 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListAccountAssignmentCreationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the status of the AWS account assignment creation requests for a
+-- specified IAM Identity Center instance.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListAccountAssignmentCreationStatus
+  ( -- * Creating a Request
+    ListAccountAssignmentCreationStatus (..),
+    newListAccountAssignmentCreationStatus,
+
+    -- * Request Lenses
+    listAccountAssignmentCreationStatus_filter,
+    listAccountAssignmentCreationStatus_maxResults,
+    listAccountAssignmentCreationStatus_nextToken,
+    listAccountAssignmentCreationStatus_instanceArn,
+
+    -- * Destructuring the Response
+    ListAccountAssignmentCreationStatusResponse (..),
+    newListAccountAssignmentCreationStatusResponse,
+
+    -- * Response Lenses
+    listAccountAssignmentCreationStatusResponse_accountAssignmentsCreationStatus,
+    listAccountAssignmentCreationStatusResponse_nextToken,
+    listAccountAssignmentCreationStatusResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListAccountAssignmentCreationStatus' smart constructor.
+data ListAccountAssignmentCreationStatus = ListAccountAssignmentCreationStatus'
+  { -- | Filters results based on the passed attribute value.
+    filter' :: Prelude.Maybe OperationStatusFilter,
+    -- | The maximum number of results to display for the assignment.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountAssignmentCreationStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filter'', 'listAccountAssignmentCreationStatus_filter' - Filters results based on the passed attribute value.
+--
+-- 'maxResults', 'listAccountAssignmentCreationStatus_maxResults' - The maximum number of results to display for the assignment.
+--
+-- 'nextToken', 'listAccountAssignmentCreationStatus_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listAccountAssignmentCreationStatus_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+newListAccountAssignmentCreationStatus ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  ListAccountAssignmentCreationStatus
+newListAccountAssignmentCreationStatus pInstanceArn_ =
+  ListAccountAssignmentCreationStatus'
+    { filter' =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      instanceArn = pInstanceArn_
+    }
+
+-- | Filters results based on the passed attribute value.
+listAccountAssignmentCreationStatus_filter :: Lens.Lens' ListAccountAssignmentCreationStatus (Prelude.Maybe OperationStatusFilter)
+listAccountAssignmentCreationStatus_filter = Lens.lens (\ListAccountAssignmentCreationStatus' {filter'} -> filter') (\s@ListAccountAssignmentCreationStatus' {} a -> s {filter' = a} :: ListAccountAssignmentCreationStatus)
+
+-- | The maximum number of results to display for the assignment.
+listAccountAssignmentCreationStatus_maxResults :: Lens.Lens' ListAccountAssignmentCreationStatus (Prelude.Maybe Prelude.Natural)
+listAccountAssignmentCreationStatus_maxResults = Lens.lens (\ListAccountAssignmentCreationStatus' {maxResults} -> maxResults) (\s@ListAccountAssignmentCreationStatus' {} a -> s {maxResults = a} :: ListAccountAssignmentCreationStatus)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountAssignmentCreationStatus_nextToken :: Lens.Lens' ListAccountAssignmentCreationStatus (Prelude.Maybe Prelude.Text)
+listAccountAssignmentCreationStatus_nextToken = Lens.lens (\ListAccountAssignmentCreationStatus' {nextToken} -> nextToken) (\s@ListAccountAssignmentCreationStatus' {} a -> s {nextToken = a} :: ListAccountAssignmentCreationStatus)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listAccountAssignmentCreationStatus_instanceArn :: Lens.Lens' ListAccountAssignmentCreationStatus Prelude.Text
+listAccountAssignmentCreationStatus_instanceArn = Lens.lens (\ListAccountAssignmentCreationStatus' {instanceArn} -> instanceArn) (\s@ListAccountAssignmentCreationStatus' {} a -> s {instanceArn = a} :: ListAccountAssignmentCreationStatus)
+
+instance
+  Core.AWSPager
+    ListAccountAssignmentCreationStatus
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccountAssignmentCreationStatusResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listAccountAssignmentCreationStatusResponse_accountAssignmentsCreationStatus
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccountAssignmentCreationStatus_nextToken
+          Lens..~ rs
+          Lens.^? listAccountAssignmentCreationStatusResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListAccountAssignmentCreationStatus
+  where
+  type
+    AWSResponse ListAccountAssignmentCreationStatus =
+      ListAccountAssignmentCreationStatusResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccountAssignmentCreationStatusResponse'
+            Prelude.<$> ( x
+                            Data..?> "AccountAssignmentsCreationStatus"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListAccountAssignmentCreationStatus
+  where
+  hashWithSalt
+    _salt
+    ListAccountAssignmentCreationStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` filter'
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` instanceArn
+
+instance
+  Prelude.NFData
+    ListAccountAssignmentCreationStatus
+  where
+  rnf ListAccountAssignmentCreationStatus' {..} =
+    Prelude.rnf filter'
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf instanceArn
+
+instance
+  Data.ToHeaders
+    ListAccountAssignmentCreationStatus
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListAccountAssignmentCreationStatus" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListAccountAssignmentCreationStatus
+  where
+  toJSON ListAccountAssignmentCreationStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filter" Data..=) Prelude.<$> filter',
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("InstanceArn" Data..= instanceArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListAccountAssignmentCreationStatus
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListAccountAssignmentCreationStatus
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAccountAssignmentCreationStatusResponse' smart constructor.
+data ListAccountAssignmentCreationStatusResponse = ListAccountAssignmentCreationStatusResponse'
+  { -- | The status object for the account assignment creation operation.
+    accountAssignmentsCreationStatus :: Prelude.Maybe [AccountAssignmentOperationStatusMetadata],
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountAssignmentCreationStatusResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAssignmentsCreationStatus', 'listAccountAssignmentCreationStatusResponse_accountAssignmentsCreationStatus' - The status object for the account assignment creation operation.
+--
+-- 'nextToken', 'listAccountAssignmentCreationStatusResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'httpStatus', 'listAccountAssignmentCreationStatusResponse_httpStatus' - The response's http status code.
+newListAccountAssignmentCreationStatusResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccountAssignmentCreationStatusResponse
+newListAccountAssignmentCreationStatusResponse
+  pHttpStatus_ =
+    ListAccountAssignmentCreationStatusResponse'
+      { accountAssignmentsCreationStatus =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The status object for the account assignment creation operation.
+listAccountAssignmentCreationStatusResponse_accountAssignmentsCreationStatus :: Lens.Lens' ListAccountAssignmentCreationStatusResponse (Prelude.Maybe [AccountAssignmentOperationStatusMetadata])
+listAccountAssignmentCreationStatusResponse_accountAssignmentsCreationStatus = Lens.lens (\ListAccountAssignmentCreationStatusResponse' {accountAssignmentsCreationStatus} -> accountAssignmentsCreationStatus) (\s@ListAccountAssignmentCreationStatusResponse' {} a -> s {accountAssignmentsCreationStatus = a} :: ListAccountAssignmentCreationStatusResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountAssignmentCreationStatusResponse_nextToken :: Lens.Lens' ListAccountAssignmentCreationStatusResponse (Prelude.Maybe Prelude.Text)
+listAccountAssignmentCreationStatusResponse_nextToken = Lens.lens (\ListAccountAssignmentCreationStatusResponse' {nextToken} -> nextToken) (\s@ListAccountAssignmentCreationStatusResponse' {} a -> s {nextToken = a} :: ListAccountAssignmentCreationStatusResponse)
+
+-- | The response's http status code.
+listAccountAssignmentCreationStatusResponse_httpStatus :: Lens.Lens' ListAccountAssignmentCreationStatusResponse Prelude.Int
+listAccountAssignmentCreationStatusResponse_httpStatus = Lens.lens (\ListAccountAssignmentCreationStatusResponse' {httpStatus} -> httpStatus) (\s@ListAccountAssignmentCreationStatusResponse' {} a -> s {httpStatus = a} :: ListAccountAssignmentCreationStatusResponse)
+
+instance
+  Prelude.NFData
+    ListAccountAssignmentCreationStatusResponse
+  where
+  rnf ListAccountAssignmentCreationStatusResponse' {..} =
+    Prelude.rnf accountAssignmentsCreationStatus
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListAccountAssignmentDeletionStatus.hs b/gen/Amazonka/SSOAdmin/ListAccountAssignmentDeletionStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListAccountAssignmentDeletionStatus.hs
@@ -0,0 +1,298 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListAccountAssignmentDeletionStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the status of the AWS account assignment deletion requests for a
+-- specified IAM Identity Center instance.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListAccountAssignmentDeletionStatus
+  ( -- * Creating a Request
+    ListAccountAssignmentDeletionStatus (..),
+    newListAccountAssignmentDeletionStatus,
+
+    -- * Request Lenses
+    listAccountAssignmentDeletionStatus_filter,
+    listAccountAssignmentDeletionStatus_maxResults,
+    listAccountAssignmentDeletionStatus_nextToken,
+    listAccountAssignmentDeletionStatus_instanceArn,
+
+    -- * Destructuring the Response
+    ListAccountAssignmentDeletionStatusResponse (..),
+    newListAccountAssignmentDeletionStatusResponse,
+
+    -- * Response Lenses
+    listAccountAssignmentDeletionStatusResponse_accountAssignmentsDeletionStatus,
+    listAccountAssignmentDeletionStatusResponse_nextToken,
+    listAccountAssignmentDeletionStatusResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListAccountAssignmentDeletionStatus' smart constructor.
+data ListAccountAssignmentDeletionStatus = ListAccountAssignmentDeletionStatus'
+  { -- | Filters results based on the passed attribute value.
+    filter' :: Prelude.Maybe OperationStatusFilter,
+    -- | The maximum number of results to display for the assignment.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountAssignmentDeletionStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filter'', 'listAccountAssignmentDeletionStatus_filter' - Filters results based on the passed attribute value.
+--
+-- 'maxResults', 'listAccountAssignmentDeletionStatus_maxResults' - The maximum number of results to display for the assignment.
+--
+-- 'nextToken', 'listAccountAssignmentDeletionStatus_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listAccountAssignmentDeletionStatus_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+newListAccountAssignmentDeletionStatus ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  ListAccountAssignmentDeletionStatus
+newListAccountAssignmentDeletionStatus pInstanceArn_ =
+  ListAccountAssignmentDeletionStatus'
+    { filter' =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      instanceArn = pInstanceArn_
+    }
+
+-- | Filters results based on the passed attribute value.
+listAccountAssignmentDeletionStatus_filter :: Lens.Lens' ListAccountAssignmentDeletionStatus (Prelude.Maybe OperationStatusFilter)
+listAccountAssignmentDeletionStatus_filter = Lens.lens (\ListAccountAssignmentDeletionStatus' {filter'} -> filter') (\s@ListAccountAssignmentDeletionStatus' {} a -> s {filter' = a} :: ListAccountAssignmentDeletionStatus)
+
+-- | The maximum number of results to display for the assignment.
+listAccountAssignmentDeletionStatus_maxResults :: Lens.Lens' ListAccountAssignmentDeletionStatus (Prelude.Maybe Prelude.Natural)
+listAccountAssignmentDeletionStatus_maxResults = Lens.lens (\ListAccountAssignmentDeletionStatus' {maxResults} -> maxResults) (\s@ListAccountAssignmentDeletionStatus' {} a -> s {maxResults = a} :: ListAccountAssignmentDeletionStatus)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountAssignmentDeletionStatus_nextToken :: Lens.Lens' ListAccountAssignmentDeletionStatus (Prelude.Maybe Prelude.Text)
+listAccountAssignmentDeletionStatus_nextToken = Lens.lens (\ListAccountAssignmentDeletionStatus' {nextToken} -> nextToken) (\s@ListAccountAssignmentDeletionStatus' {} a -> s {nextToken = a} :: ListAccountAssignmentDeletionStatus)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listAccountAssignmentDeletionStatus_instanceArn :: Lens.Lens' ListAccountAssignmentDeletionStatus Prelude.Text
+listAccountAssignmentDeletionStatus_instanceArn = Lens.lens (\ListAccountAssignmentDeletionStatus' {instanceArn} -> instanceArn) (\s@ListAccountAssignmentDeletionStatus' {} a -> s {instanceArn = a} :: ListAccountAssignmentDeletionStatus)
+
+instance
+  Core.AWSPager
+    ListAccountAssignmentDeletionStatus
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccountAssignmentDeletionStatusResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listAccountAssignmentDeletionStatusResponse_accountAssignmentsDeletionStatus
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccountAssignmentDeletionStatus_nextToken
+          Lens..~ rs
+          Lens.^? listAccountAssignmentDeletionStatusResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListAccountAssignmentDeletionStatus
+  where
+  type
+    AWSResponse ListAccountAssignmentDeletionStatus =
+      ListAccountAssignmentDeletionStatusResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccountAssignmentDeletionStatusResponse'
+            Prelude.<$> ( x
+                            Data..?> "AccountAssignmentsDeletionStatus"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListAccountAssignmentDeletionStatus
+  where
+  hashWithSalt
+    _salt
+    ListAccountAssignmentDeletionStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` filter'
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` instanceArn
+
+instance
+  Prelude.NFData
+    ListAccountAssignmentDeletionStatus
+  where
+  rnf ListAccountAssignmentDeletionStatus' {..} =
+    Prelude.rnf filter'
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf instanceArn
+
+instance
+  Data.ToHeaders
+    ListAccountAssignmentDeletionStatus
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListAccountAssignmentDeletionStatus" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListAccountAssignmentDeletionStatus
+  where
+  toJSON ListAccountAssignmentDeletionStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filter" Data..=) Prelude.<$> filter',
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("InstanceArn" Data..= instanceArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListAccountAssignmentDeletionStatus
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListAccountAssignmentDeletionStatus
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAccountAssignmentDeletionStatusResponse' smart constructor.
+data ListAccountAssignmentDeletionStatusResponse = ListAccountAssignmentDeletionStatusResponse'
+  { -- | The status object for the account assignment deletion operation.
+    accountAssignmentsDeletionStatus :: Prelude.Maybe [AccountAssignmentOperationStatusMetadata],
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountAssignmentDeletionStatusResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAssignmentsDeletionStatus', 'listAccountAssignmentDeletionStatusResponse_accountAssignmentsDeletionStatus' - The status object for the account assignment deletion operation.
+--
+-- 'nextToken', 'listAccountAssignmentDeletionStatusResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'httpStatus', 'listAccountAssignmentDeletionStatusResponse_httpStatus' - The response's http status code.
+newListAccountAssignmentDeletionStatusResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccountAssignmentDeletionStatusResponse
+newListAccountAssignmentDeletionStatusResponse
+  pHttpStatus_ =
+    ListAccountAssignmentDeletionStatusResponse'
+      { accountAssignmentsDeletionStatus =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The status object for the account assignment deletion operation.
+listAccountAssignmentDeletionStatusResponse_accountAssignmentsDeletionStatus :: Lens.Lens' ListAccountAssignmentDeletionStatusResponse (Prelude.Maybe [AccountAssignmentOperationStatusMetadata])
+listAccountAssignmentDeletionStatusResponse_accountAssignmentsDeletionStatus = Lens.lens (\ListAccountAssignmentDeletionStatusResponse' {accountAssignmentsDeletionStatus} -> accountAssignmentsDeletionStatus) (\s@ListAccountAssignmentDeletionStatusResponse' {} a -> s {accountAssignmentsDeletionStatus = a} :: ListAccountAssignmentDeletionStatusResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountAssignmentDeletionStatusResponse_nextToken :: Lens.Lens' ListAccountAssignmentDeletionStatusResponse (Prelude.Maybe Prelude.Text)
+listAccountAssignmentDeletionStatusResponse_nextToken = Lens.lens (\ListAccountAssignmentDeletionStatusResponse' {nextToken} -> nextToken) (\s@ListAccountAssignmentDeletionStatusResponse' {} a -> s {nextToken = a} :: ListAccountAssignmentDeletionStatusResponse)
+
+-- | The response's http status code.
+listAccountAssignmentDeletionStatusResponse_httpStatus :: Lens.Lens' ListAccountAssignmentDeletionStatusResponse Prelude.Int
+listAccountAssignmentDeletionStatusResponse_httpStatus = Lens.lens (\ListAccountAssignmentDeletionStatusResponse' {httpStatus} -> httpStatus) (\s@ListAccountAssignmentDeletionStatusResponse' {} a -> s {httpStatus = a} :: ListAccountAssignmentDeletionStatusResponse)
+
+instance
+  Prelude.NFData
+    ListAccountAssignmentDeletionStatusResponse
+  where
+  rnf ListAccountAssignmentDeletionStatusResponse' {..} =
+    Prelude.rnf accountAssignmentsDeletionStatus
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListAccountAssignments.hs b/gen/Amazonka/SSOAdmin/ListAccountAssignments.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListAccountAssignments.hs
@@ -0,0 +1,295 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListAccountAssignments
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the assignee of the specified AWS account with the specified
+-- permission set.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListAccountAssignments
+  ( -- * Creating a Request
+    ListAccountAssignments (..),
+    newListAccountAssignments,
+
+    -- * Request Lenses
+    listAccountAssignments_maxResults,
+    listAccountAssignments_nextToken,
+    listAccountAssignments_instanceArn,
+    listAccountAssignments_accountId,
+    listAccountAssignments_permissionSetArn,
+
+    -- * Destructuring the Response
+    ListAccountAssignmentsResponse (..),
+    newListAccountAssignmentsResponse,
+
+    -- * Response Lenses
+    listAccountAssignmentsResponse_accountAssignments,
+    listAccountAssignmentsResponse_nextToken,
+    listAccountAssignmentsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListAccountAssignments' smart constructor.
+data ListAccountAssignments = ListAccountAssignments'
+  { -- | The maximum number of results to display for the assignment.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The identifier of the AWS account from which to list the assignments.
+    accountId :: Prelude.Text,
+    -- | The ARN of the permission set from which to list assignments.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountAssignments' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listAccountAssignments_maxResults' - The maximum number of results to display for the assignment.
+--
+-- 'nextToken', 'listAccountAssignments_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listAccountAssignments_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'accountId', 'listAccountAssignments_accountId' - The identifier of the AWS account from which to list the assignments.
+--
+-- 'permissionSetArn', 'listAccountAssignments_permissionSetArn' - The ARN of the permission set from which to list assignments.
+newListAccountAssignments ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'accountId'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  ListAccountAssignments
+newListAccountAssignments
+  pInstanceArn_
+  pAccountId_
+  pPermissionSetArn_ =
+    ListAccountAssignments'
+      { maxResults =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        instanceArn = pInstanceArn_,
+        accountId = pAccountId_,
+        permissionSetArn = pPermissionSetArn_
+      }
+
+-- | The maximum number of results to display for the assignment.
+listAccountAssignments_maxResults :: Lens.Lens' ListAccountAssignments (Prelude.Maybe Prelude.Natural)
+listAccountAssignments_maxResults = Lens.lens (\ListAccountAssignments' {maxResults} -> maxResults) (\s@ListAccountAssignments' {} a -> s {maxResults = a} :: ListAccountAssignments)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountAssignments_nextToken :: Lens.Lens' ListAccountAssignments (Prelude.Maybe Prelude.Text)
+listAccountAssignments_nextToken = Lens.lens (\ListAccountAssignments' {nextToken} -> nextToken) (\s@ListAccountAssignments' {} a -> s {nextToken = a} :: ListAccountAssignments)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listAccountAssignments_instanceArn :: Lens.Lens' ListAccountAssignments Prelude.Text
+listAccountAssignments_instanceArn = Lens.lens (\ListAccountAssignments' {instanceArn} -> instanceArn) (\s@ListAccountAssignments' {} a -> s {instanceArn = a} :: ListAccountAssignments)
+
+-- | The identifier of the AWS account from which to list the assignments.
+listAccountAssignments_accountId :: Lens.Lens' ListAccountAssignments Prelude.Text
+listAccountAssignments_accountId = Lens.lens (\ListAccountAssignments' {accountId} -> accountId) (\s@ListAccountAssignments' {} a -> s {accountId = a} :: ListAccountAssignments)
+
+-- | The ARN of the permission set from which to list assignments.
+listAccountAssignments_permissionSetArn :: Lens.Lens' ListAccountAssignments Prelude.Text
+listAccountAssignments_permissionSetArn = Lens.lens (\ListAccountAssignments' {permissionSetArn} -> permissionSetArn) (\s@ListAccountAssignments' {} a -> s {permissionSetArn = a} :: ListAccountAssignments)
+
+instance Core.AWSPager ListAccountAssignments where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccountAssignmentsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listAccountAssignmentsResponse_accountAssignments
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccountAssignments_nextToken
+          Lens..~ rs
+          Lens.^? listAccountAssignmentsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAccountAssignments where
+  type
+    AWSResponse ListAccountAssignments =
+      ListAccountAssignmentsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccountAssignmentsResponse'
+            Prelude.<$> ( x
+                            Data..?> "AccountAssignments"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListAccountAssignments where
+  hashWithSalt _salt ListAccountAssignments' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` permissionSetArn
+
+instance Prelude.NFData ListAccountAssignments where
+  rnf ListAccountAssignments' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance Data.ToHeaders ListAccountAssignments where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListAccountAssignments" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListAccountAssignments where
+  toJSON ListAccountAssignments' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just ("AccountId" Data..= accountId),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance Data.ToPath ListAccountAssignments where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListAccountAssignments where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAccountAssignmentsResponse' smart constructor.
+data ListAccountAssignmentsResponse = ListAccountAssignmentsResponse'
+  { -- | The list of assignments that match the input AWS account and permission
+    -- set.
+    accountAssignments :: Prelude.Maybe [AccountAssignment],
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountAssignmentsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountAssignments', 'listAccountAssignmentsResponse_accountAssignments' - The list of assignments that match the input AWS account and permission
+-- set.
+--
+-- 'nextToken', 'listAccountAssignmentsResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'httpStatus', 'listAccountAssignmentsResponse_httpStatus' - The response's http status code.
+newListAccountAssignmentsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccountAssignmentsResponse
+newListAccountAssignmentsResponse pHttpStatus_ =
+  ListAccountAssignmentsResponse'
+    { accountAssignments =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of assignments that match the input AWS account and permission
+-- set.
+listAccountAssignmentsResponse_accountAssignments :: Lens.Lens' ListAccountAssignmentsResponse (Prelude.Maybe [AccountAssignment])
+listAccountAssignmentsResponse_accountAssignments = Lens.lens (\ListAccountAssignmentsResponse' {accountAssignments} -> accountAssignments) (\s@ListAccountAssignmentsResponse' {} a -> s {accountAssignments = a} :: ListAccountAssignmentsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountAssignmentsResponse_nextToken :: Lens.Lens' ListAccountAssignmentsResponse (Prelude.Maybe Prelude.Text)
+listAccountAssignmentsResponse_nextToken = Lens.lens (\ListAccountAssignmentsResponse' {nextToken} -> nextToken) (\s@ListAccountAssignmentsResponse' {} a -> s {nextToken = a} :: ListAccountAssignmentsResponse)
+
+-- | The response's http status code.
+listAccountAssignmentsResponse_httpStatus :: Lens.Lens' ListAccountAssignmentsResponse Prelude.Int
+listAccountAssignmentsResponse_httpStatus = Lens.lens (\ListAccountAssignmentsResponse' {httpStatus} -> httpStatus) (\s@ListAccountAssignmentsResponse' {} a -> s {httpStatus = a} :: ListAccountAssignmentsResponse)
+
+instance
+  Prelude.NFData
+    ListAccountAssignmentsResponse
+  where
+  rnf ListAccountAssignmentsResponse' {..} =
+    Prelude.rnf accountAssignments
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListAccountsForProvisionedPermissionSet.hs b/gen/Amazonka/SSOAdmin/ListAccountsForProvisionedPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListAccountsForProvisionedPermissionSet.hs
@@ -0,0 +1,322 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListAccountsForProvisionedPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all the AWS accounts where the specified permission set is
+-- provisioned.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListAccountsForProvisionedPermissionSet
+  ( -- * Creating a Request
+    ListAccountsForProvisionedPermissionSet (..),
+    newListAccountsForProvisionedPermissionSet,
+
+    -- * Request Lenses
+    listAccountsForProvisionedPermissionSet_maxResults,
+    listAccountsForProvisionedPermissionSet_nextToken,
+    listAccountsForProvisionedPermissionSet_provisioningStatus,
+    listAccountsForProvisionedPermissionSet_instanceArn,
+    listAccountsForProvisionedPermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    ListAccountsForProvisionedPermissionSetResponse (..),
+    newListAccountsForProvisionedPermissionSetResponse,
+
+    -- * Response Lenses
+    listAccountsForProvisionedPermissionSetResponse_accountIds,
+    listAccountsForProvisionedPermissionSetResponse_nextToken,
+    listAccountsForProvisionedPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListAccountsForProvisionedPermissionSet' smart constructor.
+data ListAccountsForProvisionedPermissionSet = ListAccountsForProvisionedPermissionSet'
+  { -- | The maximum number of results to display for the PermissionSet.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The permission set provisioning status for an AWS account.
+    provisioningStatus :: Prelude.Maybe ProvisioningStatus,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the PermissionSet from which the associated AWS accounts will
+    -- be listed.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountsForProvisionedPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listAccountsForProvisionedPermissionSet_maxResults' - The maximum number of results to display for the PermissionSet.
+--
+-- 'nextToken', 'listAccountsForProvisionedPermissionSet_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'provisioningStatus', 'listAccountsForProvisionedPermissionSet_provisioningStatus' - The permission set provisioning status for an AWS account.
+--
+-- 'instanceArn', 'listAccountsForProvisionedPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'listAccountsForProvisionedPermissionSet_permissionSetArn' - The ARN of the PermissionSet from which the associated AWS accounts will
+-- be listed.
+newListAccountsForProvisionedPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  ListAccountsForProvisionedPermissionSet
+newListAccountsForProvisionedPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    ListAccountsForProvisionedPermissionSet'
+      { maxResults =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        provisioningStatus =
+          Prelude.Nothing,
+        instanceArn = pInstanceArn_,
+        permissionSetArn =
+          pPermissionSetArn_
+      }
+
+-- | The maximum number of results to display for the PermissionSet.
+listAccountsForProvisionedPermissionSet_maxResults :: Lens.Lens' ListAccountsForProvisionedPermissionSet (Prelude.Maybe Prelude.Natural)
+listAccountsForProvisionedPermissionSet_maxResults = Lens.lens (\ListAccountsForProvisionedPermissionSet' {maxResults} -> maxResults) (\s@ListAccountsForProvisionedPermissionSet' {} a -> s {maxResults = a} :: ListAccountsForProvisionedPermissionSet)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountsForProvisionedPermissionSet_nextToken :: Lens.Lens' ListAccountsForProvisionedPermissionSet (Prelude.Maybe Prelude.Text)
+listAccountsForProvisionedPermissionSet_nextToken = Lens.lens (\ListAccountsForProvisionedPermissionSet' {nextToken} -> nextToken) (\s@ListAccountsForProvisionedPermissionSet' {} a -> s {nextToken = a} :: ListAccountsForProvisionedPermissionSet)
+
+-- | The permission set provisioning status for an AWS account.
+listAccountsForProvisionedPermissionSet_provisioningStatus :: Lens.Lens' ListAccountsForProvisionedPermissionSet (Prelude.Maybe ProvisioningStatus)
+listAccountsForProvisionedPermissionSet_provisioningStatus = Lens.lens (\ListAccountsForProvisionedPermissionSet' {provisioningStatus} -> provisioningStatus) (\s@ListAccountsForProvisionedPermissionSet' {} a -> s {provisioningStatus = a} :: ListAccountsForProvisionedPermissionSet)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listAccountsForProvisionedPermissionSet_instanceArn :: Lens.Lens' ListAccountsForProvisionedPermissionSet Prelude.Text
+listAccountsForProvisionedPermissionSet_instanceArn = Lens.lens (\ListAccountsForProvisionedPermissionSet' {instanceArn} -> instanceArn) (\s@ListAccountsForProvisionedPermissionSet' {} a -> s {instanceArn = a} :: ListAccountsForProvisionedPermissionSet)
+
+-- | The ARN of the PermissionSet from which the associated AWS accounts will
+-- be listed.
+listAccountsForProvisionedPermissionSet_permissionSetArn :: Lens.Lens' ListAccountsForProvisionedPermissionSet Prelude.Text
+listAccountsForProvisionedPermissionSet_permissionSetArn = Lens.lens (\ListAccountsForProvisionedPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@ListAccountsForProvisionedPermissionSet' {} a -> s {permissionSetArn = a} :: ListAccountsForProvisionedPermissionSet)
+
+instance
+  Core.AWSPager
+    ListAccountsForProvisionedPermissionSet
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccountsForProvisionedPermissionSetResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listAccountsForProvisionedPermissionSetResponse_accountIds
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccountsForProvisionedPermissionSet_nextToken
+          Lens..~ rs
+          Lens.^? listAccountsForProvisionedPermissionSetResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListAccountsForProvisionedPermissionSet
+  where
+  type
+    AWSResponse
+      ListAccountsForProvisionedPermissionSet =
+      ListAccountsForProvisionedPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccountsForProvisionedPermissionSetResponse'
+            Prelude.<$> (x Data..?> "AccountIds" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListAccountsForProvisionedPermissionSet
+  where
+  hashWithSalt
+    _salt
+    ListAccountsForProvisionedPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` provisioningStatus
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+
+instance
+  Prelude.NFData
+    ListAccountsForProvisionedPermissionSet
+  where
+  rnf ListAccountsForProvisionedPermissionSet' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf provisioningStatus
+      `Prelude.seq` Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance
+  Data.ToHeaders
+    ListAccountsForProvisionedPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListAccountsForProvisionedPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListAccountsForProvisionedPermissionSet
+  where
+  toJSON ListAccountsForProvisionedPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("ProvisioningStatus" Data..=)
+              Prelude.<$> provisioningStatus,
+            Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListAccountsForProvisionedPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListAccountsForProvisionedPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAccountsForProvisionedPermissionSetResponse' smart constructor.
+data ListAccountsForProvisionedPermissionSetResponse = ListAccountsForProvisionedPermissionSetResponse'
+  { -- | The list of AWS @AccountIds@.
+    accountIds :: Prelude.Maybe [Prelude.Text],
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountsForProvisionedPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountIds', 'listAccountsForProvisionedPermissionSetResponse_accountIds' - The list of AWS @AccountIds@.
+--
+-- 'nextToken', 'listAccountsForProvisionedPermissionSetResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'httpStatus', 'listAccountsForProvisionedPermissionSetResponse_httpStatus' - The response's http status code.
+newListAccountsForProvisionedPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccountsForProvisionedPermissionSetResponse
+newListAccountsForProvisionedPermissionSetResponse
+  pHttpStatus_ =
+    ListAccountsForProvisionedPermissionSetResponse'
+      { accountIds =
+          Prelude.Nothing,
+        nextToken =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The list of AWS @AccountIds@.
+listAccountsForProvisionedPermissionSetResponse_accountIds :: Lens.Lens' ListAccountsForProvisionedPermissionSetResponse (Prelude.Maybe [Prelude.Text])
+listAccountsForProvisionedPermissionSetResponse_accountIds = Lens.lens (\ListAccountsForProvisionedPermissionSetResponse' {accountIds} -> accountIds) (\s@ListAccountsForProvisionedPermissionSetResponse' {} a -> s {accountIds = a} :: ListAccountsForProvisionedPermissionSetResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listAccountsForProvisionedPermissionSetResponse_nextToken :: Lens.Lens' ListAccountsForProvisionedPermissionSetResponse (Prelude.Maybe Prelude.Text)
+listAccountsForProvisionedPermissionSetResponse_nextToken = Lens.lens (\ListAccountsForProvisionedPermissionSetResponse' {nextToken} -> nextToken) (\s@ListAccountsForProvisionedPermissionSetResponse' {} a -> s {nextToken = a} :: ListAccountsForProvisionedPermissionSetResponse)
+
+-- | The response's http status code.
+listAccountsForProvisionedPermissionSetResponse_httpStatus :: Lens.Lens' ListAccountsForProvisionedPermissionSetResponse Prelude.Int
+listAccountsForProvisionedPermissionSetResponse_httpStatus = Lens.lens (\ListAccountsForProvisionedPermissionSetResponse' {httpStatus} -> httpStatus) (\s@ListAccountsForProvisionedPermissionSetResponse' {} a -> s {httpStatus = a} :: ListAccountsForProvisionedPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    ListAccountsForProvisionedPermissionSetResponse
+  where
+  rnf
+    ListAccountsForProvisionedPermissionSetResponse' {..} =
+      Prelude.rnf accountIds
+        `Prelude.seq` Prelude.rnf nextToken
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListCustomerManagedPolicyReferencesInPermissionSet.hs b/gen/Amazonka/SSOAdmin/ListCustomerManagedPolicyReferencesInPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListCustomerManagedPolicyReferencesInPermissionSet.hs
@@ -0,0 +1,309 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListCustomerManagedPolicyReferencesInPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all customer managed policies attached to a specified
+-- PermissionSet.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListCustomerManagedPolicyReferencesInPermissionSet
+  ( -- * Creating a Request
+    ListCustomerManagedPolicyReferencesInPermissionSet (..),
+    newListCustomerManagedPolicyReferencesInPermissionSet,
+
+    -- * Request Lenses
+    listCustomerManagedPolicyReferencesInPermissionSet_maxResults,
+    listCustomerManagedPolicyReferencesInPermissionSet_nextToken,
+    listCustomerManagedPolicyReferencesInPermissionSet_instanceArn,
+    listCustomerManagedPolicyReferencesInPermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    ListCustomerManagedPolicyReferencesInPermissionSetResponse (..),
+    newListCustomerManagedPolicyReferencesInPermissionSetResponse,
+
+    -- * Response Lenses
+    listCustomerManagedPolicyReferencesInPermissionSetResponse_customerManagedPolicyReferences,
+    listCustomerManagedPolicyReferencesInPermissionSetResponse_nextToken,
+    listCustomerManagedPolicyReferencesInPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListCustomerManagedPolicyReferencesInPermissionSet' smart constructor.
+data ListCustomerManagedPolicyReferencesInPermissionSet = ListCustomerManagedPolicyReferencesInPermissionSet'
+  { -- | The maximum number of results to display for the list call.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the @PermissionSet@.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListCustomerManagedPolicyReferencesInPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listCustomerManagedPolicyReferencesInPermissionSet_maxResults' - The maximum number of results to display for the list call.
+--
+-- 'nextToken', 'listCustomerManagedPolicyReferencesInPermissionSet_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listCustomerManagedPolicyReferencesInPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'permissionSetArn', 'listCustomerManagedPolicyReferencesInPermissionSet_permissionSetArn' - The ARN of the @PermissionSet@.
+newListCustomerManagedPolicyReferencesInPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  ListCustomerManagedPolicyReferencesInPermissionSet
+newListCustomerManagedPolicyReferencesInPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    ListCustomerManagedPolicyReferencesInPermissionSet'
+      { maxResults =
+          Prelude.Nothing,
+        nextToken =
+          Prelude.Nothing,
+        instanceArn =
+          pInstanceArn_,
+        permissionSetArn =
+          pPermissionSetArn_
+      }
+
+-- | The maximum number of results to display for the list call.
+listCustomerManagedPolicyReferencesInPermissionSet_maxResults :: Lens.Lens' ListCustomerManagedPolicyReferencesInPermissionSet (Prelude.Maybe Prelude.Natural)
+listCustomerManagedPolicyReferencesInPermissionSet_maxResults = Lens.lens (\ListCustomerManagedPolicyReferencesInPermissionSet' {maxResults} -> maxResults) (\s@ListCustomerManagedPolicyReferencesInPermissionSet' {} a -> s {maxResults = a} :: ListCustomerManagedPolicyReferencesInPermissionSet)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listCustomerManagedPolicyReferencesInPermissionSet_nextToken :: Lens.Lens' ListCustomerManagedPolicyReferencesInPermissionSet (Prelude.Maybe Prelude.Text)
+listCustomerManagedPolicyReferencesInPermissionSet_nextToken = Lens.lens (\ListCustomerManagedPolicyReferencesInPermissionSet' {nextToken} -> nextToken) (\s@ListCustomerManagedPolicyReferencesInPermissionSet' {} a -> s {nextToken = a} :: ListCustomerManagedPolicyReferencesInPermissionSet)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+listCustomerManagedPolicyReferencesInPermissionSet_instanceArn :: Lens.Lens' ListCustomerManagedPolicyReferencesInPermissionSet Prelude.Text
+listCustomerManagedPolicyReferencesInPermissionSet_instanceArn = Lens.lens (\ListCustomerManagedPolicyReferencesInPermissionSet' {instanceArn} -> instanceArn) (\s@ListCustomerManagedPolicyReferencesInPermissionSet' {} a -> s {instanceArn = a} :: ListCustomerManagedPolicyReferencesInPermissionSet)
+
+-- | The ARN of the @PermissionSet@.
+listCustomerManagedPolicyReferencesInPermissionSet_permissionSetArn :: Lens.Lens' ListCustomerManagedPolicyReferencesInPermissionSet Prelude.Text
+listCustomerManagedPolicyReferencesInPermissionSet_permissionSetArn = Lens.lens (\ListCustomerManagedPolicyReferencesInPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@ListCustomerManagedPolicyReferencesInPermissionSet' {} a -> s {permissionSetArn = a} :: ListCustomerManagedPolicyReferencesInPermissionSet)
+
+instance
+  Core.AWSPager
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listCustomerManagedPolicyReferencesInPermissionSetResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listCustomerManagedPolicyReferencesInPermissionSetResponse_customerManagedPolicyReferences
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listCustomerManagedPolicyReferencesInPermissionSet_nextToken
+          Lens..~ rs
+          Lens.^? listCustomerManagedPolicyReferencesInPermissionSetResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  type
+    AWSResponse
+      ListCustomerManagedPolicyReferencesInPermissionSet =
+      ListCustomerManagedPolicyReferencesInPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListCustomerManagedPolicyReferencesInPermissionSetResponse'
+            Prelude.<$> ( x
+                            Data..?> "CustomerManagedPolicyReferences"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  hashWithSalt
+    _salt
+    ListCustomerManagedPolicyReferencesInPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+
+instance
+  Prelude.NFData
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  rnf
+    ListCustomerManagedPolicyReferencesInPermissionSet' {..} =
+      Prelude.rnf maxResults
+        `Prelude.seq` Prelude.rnf nextToken
+        `Prelude.seq` Prelude.rnf instanceArn
+        `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance
+  Data.ToHeaders
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListCustomerManagedPolicyReferencesInPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  toJSON
+    ListCustomerManagedPolicyReferencesInPermissionSet' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+              ("NextToken" Data..=) Prelude.<$> nextToken,
+              Prelude.Just ("InstanceArn" Data..= instanceArn),
+              Prelude.Just
+                ("PermissionSetArn" Data..= permissionSetArn)
+            ]
+        )
+
+instance
+  Data.ToPath
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListCustomerManagedPolicyReferencesInPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListCustomerManagedPolicyReferencesInPermissionSetResponse' smart constructor.
+data ListCustomerManagedPolicyReferencesInPermissionSetResponse = ListCustomerManagedPolicyReferencesInPermissionSetResponse'
+  { -- | Specifies the names and paths of the customer managed policies that you
+    -- have attached to your permission set.
+    customerManagedPolicyReferences :: Prelude.Maybe [CustomerManagedPolicyReference],
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListCustomerManagedPolicyReferencesInPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customerManagedPolicyReferences', 'listCustomerManagedPolicyReferencesInPermissionSetResponse_customerManagedPolicyReferences' - Specifies the names and paths of the customer managed policies that you
+-- have attached to your permission set.
+--
+-- 'nextToken', 'listCustomerManagedPolicyReferencesInPermissionSetResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'httpStatus', 'listCustomerManagedPolicyReferencesInPermissionSetResponse_httpStatus' - The response's http status code.
+newListCustomerManagedPolicyReferencesInPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListCustomerManagedPolicyReferencesInPermissionSetResponse
+newListCustomerManagedPolicyReferencesInPermissionSetResponse
+  pHttpStatus_ =
+    ListCustomerManagedPolicyReferencesInPermissionSetResponse'
+      { customerManagedPolicyReferences =
+          Prelude.Nothing,
+        nextToken =
+          Prelude.Nothing,
+        httpStatus =
+          pHttpStatus_
+      }
+
+-- | Specifies the names and paths of the customer managed policies that you
+-- have attached to your permission set.
+listCustomerManagedPolicyReferencesInPermissionSetResponse_customerManagedPolicyReferences :: Lens.Lens' ListCustomerManagedPolicyReferencesInPermissionSetResponse (Prelude.Maybe [CustomerManagedPolicyReference])
+listCustomerManagedPolicyReferencesInPermissionSetResponse_customerManagedPolicyReferences = Lens.lens (\ListCustomerManagedPolicyReferencesInPermissionSetResponse' {customerManagedPolicyReferences} -> customerManagedPolicyReferences) (\s@ListCustomerManagedPolicyReferencesInPermissionSetResponse' {} a -> s {customerManagedPolicyReferences = a} :: ListCustomerManagedPolicyReferencesInPermissionSetResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listCustomerManagedPolicyReferencesInPermissionSetResponse_nextToken :: Lens.Lens' ListCustomerManagedPolicyReferencesInPermissionSetResponse (Prelude.Maybe Prelude.Text)
+listCustomerManagedPolicyReferencesInPermissionSetResponse_nextToken = Lens.lens (\ListCustomerManagedPolicyReferencesInPermissionSetResponse' {nextToken} -> nextToken) (\s@ListCustomerManagedPolicyReferencesInPermissionSetResponse' {} a -> s {nextToken = a} :: ListCustomerManagedPolicyReferencesInPermissionSetResponse)
+
+-- | The response's http status code.
+listCustomerManagedPolicyReferencesInPermissionSetResponse_httpStatus :: Lens.Lens' ListCustomerManagedPolicyReferencesInPermissionSetResponse Prelude.Int
+listCustomerManagedPolicyReferencesInPermissionSetResponse_httpStatus = Lens.lens (\ListCustomerManagedPolicyReferencesInPermissionSetResponse' {httpStatus} -> httpStatus) (\s@ListCustomerManagedPolicyReferencesInPermissionSetResponse' {} a -> s {httpStatus = a} :: ListCustomerManagedPolicyReferencesInPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    ListCustomerManagedPolicyReferencesInPermissionSetResponse
+  where
+  rnf
+    ListCustomerManagedPolicyReferencesInPermissionSetResponse' {..} =
+      Prelude.rnf customerManagedPolicyReferences
+        `Prelude.seq` Prelude.rnf nextToken
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListInstances.hs b/gen/Amazonka/SSOAdmin/ListInstances.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListInstances.hs
@@ -0,0 +1,225 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListInstances
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the IAM Identity Center instances that the caller has access to.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListInstances
+  ( -- * Creating a Request
+    ListInstances (..),
+    newListInstances,
+
+    -- * Request Lenses
+    listInstances_maxResults,
+    listInstances_nextToken,
+
+    -- * Destructuring the Response
+    ListInstancesResponse (..),
+    newListInstancesResponse,
+
+    -- * Response Lenses
+    listInstancesResponse_instances,
+    listInstancesResponse_nextToken,
+    listInstancesResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListInstances' smart constructor.
+data ListInstances = ListInstances'
+  { -- | The maximum number of results to display for the instance.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListInstances' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listInstances_maxResults' - The maximum number of results to display for the instance.
+--
+-- 'nextToken', 'listInstances_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+newListInstances ::
+  ListInstances
+newListInstances =
+  ListInstances'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of results to display for the instance.
+listInstances_maxResults :: Lens.Lens' ListInstances (Prelude.Maybe Prelude.Natural)
+listInstances_maxResults = Lens.lens (\ListInstances' {maxResults} -> maxResults) (\s@ListInstances' {} a -> s {maxResults = a} :: ListInstances)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listInstances_nextToken :: Lens.Lens' ListInstances (Prelude.Maybe Prelude.Text)
+listInstances_nextToken = Lens.lens (\ListInstances' {nextToken} -> nextToken) (\s@ListInstances' {} a -> s {nextToken = a} :: ListInstances)
+
+instance Core.AWSPager ListInstances where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listInstancesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listInstancesResponse_instances
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listInstances_nextToken
+          Lens..~ rs
+          Lens.^? listInstancesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListInstances where
+  type
+    AWSResponse ListInstances =
+      ListInstancesResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListInstancesResponse'
+            Prelude.<$> (x Data..?> "Instances" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListInstances where
+  hashWithSalt _salt ListInstances' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListInstances where
+  rnf ListInstances' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListInstances where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListInstances" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListInstances where
+  toJSON ListInstances' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListInstances where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListInstances where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListInstancesResponse' smart constructor.
+data ListInstancesResponse = ListInstancesResponse'
+  { -- | Lists the IAM Identity Center instances that the caller has access to.
+    instances :: Prelude.Maybe [InstanceMetadata],
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListInstancesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instances', 'listInstancesResponse_instances' - Lists the IAM Identity Center instances that the caller has access to.
+--
+-- 'nextToken', 'listInstancesResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'httpStatus', 'listInstancesResponse_httpStatus' - The response's http status code.
+newListInstancesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListInstancesResponse
+newListInstancesResponse pHttpStatus_ =
+  ListInstancesResponse'
+    { instances = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Lists the IAM Identity Center instances that the caller has access to.
+listInstancesResponse_instances :: Lens.Lens' ListInstancesResponse (Prelude.Maybe [InstanceMetadata])
+listInstancesResponse_instances = Lens.lens (\ListInstancesResponse' {instances} -> instances) (\s@ListInstancesResponse' {} a -> s {instances = a} :: ListInstancesResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listInstancesResponse_nextToken :: Lens.Lens' ListInstancesResponse (Prelude.Maybe Prelude.Text)
+listInstancesResponse_nextToken = Lens.lens (\ListInstancesResponse' {nextToken} -> nextToken) (\s@ListInstancesResponse' {} a -> s {nextToken = a} :: ListInstancesResponse)
+
+-- | The response's http status code.
+listInstancesResponse_httpStatus :: Lens.Lens' ListInstancesResponse Prelude.Int
+listInstancesResponse_httpStatus = Lens.lens (\ListInstancesResponse' {httpStatus} -> httpStatus) (\s@ListInstancesResponse' {} a -> s {httpStatus = a} :: ListInstancesResponse)
+
+instance Prelude.NFData ListInstancesResponse where
+  rnf ListInstancesResponse' {..} =
+    Prelude.rnf instances
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListManagedPoliciesInPermissionSet.hs b/gen/Amazonka/SSOAdmin/ListManagedPoliciesInPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListManagedPoliciesInPermissionSet.hs
@@ -0,0 +1,303 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListManagedPoliciesInPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the AWS managed policy that is attached to a specified permission
+-- set.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListManagedPoliciesInPermissionSet
+  ( -- * Creating a Request
+    ListManagedPoliciesInPermissionSet (..),
+    newListManagedPoliciesInPermissionSet,
+
+    -- * Request Lenses
+    listManagedPoliciesInPermissionSet_maxResults,
+    listManagedPoliciesInPermissionSet_nextToken,
+    listManagedPoliciesInPermissionSet_instanceArn,
+    listManagedPoliciesInPermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    ListManagedPoliciesInPermissionSetResponse (..),
+    newListManagedPoliciesInPermissionSetResponse,
+
+    -- * Response Lenses
+    listManagedPoliciesInPermissionSetResponse_attachedManagedPolicies,
+    listManagedPoliciesInPermissionSetResponse_nextToken,
+    listManagedPoliciesInPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListManagedPoliciesInPermissionSet' smart constructor.
+data ListManagedPoliciesInPermissionSet = ListManagedPoliciesInPermissionSet'
+  { -- | The maximum number of results to display for the PermissionSet.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the PermissionSet whose managed policies will be listed.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListManagedPoliciesInPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listManagedPoliciesInPermissionSet_maxResults' - The maximum number of results to display for the PermissionSet.
+--
+-- 'nextToken', 'listManagedPoliciesInPermissionSet_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listManagedPoliciesInPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'listManagedPoliciesInPermissionSet_permissionSetArn' - The ARN of the PermissionSet whose managed policies will be listed.
+newListManagedPoliciesInPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  ListManagedPoliciesInPermissionSet
+newListManagedPoliciesInPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    ListManagedPoliciesInPermissionSet'
+      { maxResults =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        instanceArn = pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_
+      }
+
+-- | The maximum number of results to display for the PermissionSet.
+listManagedPoliciesInPermissionSet_maxResults :: Lens.Lens' ListManagedPoliciesInPermissionSet (Prelude.Maybe Prelude.Natural)
+listManagedPoliciesInPermissionSet_maxResults = Lens.lens (\ListManagedPoliciesInPermissionSet' {maxResults} -> maxResults) (\s@ListManagedPoliciesInPermissionSet' {} a -> s {maxResults = a} :: ListManagedPoliciesInPermissionSet)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listManagedPoliciesInPermissionSet_nextToken :: Lens.Lens' ListManagedPoliciesInPermissionSet (Prelude.Maybe Prelude.Text)
+listManagedPoliciesInPermissionSet_nextToken = Lens.lens (\ListManagedPoliciesInPermissionSet' {nextToken} -> nextToken) (\s@ListManagedPoliciesInPermissionSet' {} a -> s {nextToken = a} :: ListManagedPoliciesInPermissionSet)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listManagedPoliciesInPermissionSet_instanceArn :: Lens.Lens' ListManagedPoliciesInPermissionSet Prelude.Text
+listManagedPoliciesInPermissionSet_instanceArn = Lens.lens (\ListManagedPoliciesInPermissionSet' {instanceArn} -> instanceArn) (\s@ListManagedPoliciesInPermissionSet' {} a -> s {instanceArn = a} :: ListManagedPoliciesInPermissionSet)
+
+-- | The ARN of the PermissionSet whose managed policies will be listed.
+listManagedPoliciesInPermissionSet_permissionSetArn :: Lens.Lens' ListManagedPoliciesInPermissionSet Prelude.Text
+listManagedPoliciesInPermissionSet_permissionSetArn = Lens.lens (\ListManagedPoliciesInPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@ListManagedPoliciesInPermissionSet' {} a -> s {permissionSetArn = a} :: ListManagedPoliciesInPermissionSet)
+
+instance
+  Core.AWSPager
+    ListManagedPoliciesInPermissionSet
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listManagedPoliciesInPermissionSetResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listManagedPoliciesInPermissionSetResponse_attachedManagedPolicies
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listManagedPoliciesInPermissionSet_nextToken
+          Lens..~ rs
+          Lens.^? listManagedPoliciesInPermissionSetResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListManagedPoliciesInPermissionSet
+  where
+  type
+    AWSResponse ListManagedPoliciesInPermissionSet =
+      ListManagedPoliciesInPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListManagedPoliciesInPermissionSetResponse'
+            Prelude.<$> ( x
+                            Data..?> "AttachedManagedPolicies"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListManagedPoliciesInPermissionSet
+  where
+  hashWithSalt
+    _salt
+    ListManagedPoliciesInPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+
+instance
+  Prelude.NFData
+    ListManagedPoliciesInPermissionSet
+  where
+  rnf ListManagedPoliciesInPermissionSet' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance
+  Data.ToHeaders
+    ListManagedPoliciesInPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListManagedPoliciesInPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListManagedPoliciesInPermissionSet
+  where
+  toJSON ListManagedPoliciesInPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListManagedPoliciesInPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListManagedPoliciesInPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListManagedPoliciesInPermissionSetResponse' smart constructor.
+data ListManagedPoliciesInPermissionSetResponse = ListManagedPoliciesInPermissionSetResponse'
+  { -- | An array of the AttachedManagedPolicy data type object.
+    attachedManagedPolicies :: Prelude.Maybe [AttachedManagedPolicy],
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListManagedPoliciesInPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attachedManagedPolicies', 'listManagedPoliciesInPermissionSetResponse_attachedManagedPolicies' - An array of the AttachedManagedPolicy data type object.
+--
+-- 'nextToken', 'listManagedPoliciesInPermissionSetResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'httpStatus', 'listManagedPoliciesInPermissionSetResponse_httpStatus' - The response's http status code.
+newListManagedPoliciesInPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListManagedPoliciesInPermissionSetResponse
+newListManagedPoliciesInPermissionSetResponse
+  pHttpStatus_ =
+    ListManagedPoliciesInPermissionSetResponse'
+      { attachedManagedPolicies =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | An array of the AttachedManagedPolicy data type object.
+listManagedPoliciesInPermissionSetResponse_attachedManagedPolicies :: Lens.Lens' ListManagedPoliciesInPermissionSetResponse (Prelude.Maybe [AttachedManagedPolicy])
+listManagedPoliciesInPermissionSetResponse_attachedManagedPolicies = Lens.lens (\ListManagedPoliciesInPermissionSetResponse' {attachedManagedPolicies} -> attachedManagedPolicies) (\s@ListManagedPoliciesInPermissionSetResponse' {} a -> s {attachedManagedPolicies = a} :: ListManagedPoliciesInPermissionSetResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listManagedPoliciesInPermissionSetResponse_nextToken :: Lens.Lens' ListManagedPoliciesInPermissionSetResponse (Prelude.Maybe Prelude.Text)
+listManagedPoliciesInPermissionSetResponse_nextToken = Lens.lens (\ListManagedPoliciesInPermissionSetResponse' {nextToken} -> nextToken) (\s@ListManagedPoliciesInPermissionSetResponse' {} a -> s {nextToken = a} :: ListManagedPoliciesInPermissionSetResponse)
+
+-- | The response's http status code.
+listManagedPoliciesInPermissionSetResponse_httpStatus :: Lens.Lens' ListManagedPoliciesInPermissionSetResponse Prelude.Int
+listManagedPoliciesInPermissionSetResponse_httpStatus = Lens.lens (\ListManagedPoliciesInPermissionSetResponse' {httpStatus} -> httpStatus) (\s@ListManagedPoliciesInPermissionSetResponse' {} a -> s {httpStatus = a} :: ListManagedPoliciesInPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    ListManagedPoliciesInPermissionSetResponse
+  where
+  rnf ListManagedPoliciesInPermissionSetResponse' {..} =
+    Prelude.rnf attachedManagedPolicies
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListPermissionSetProvisioningStatus.hs b/gen/Amazonka/SSOAdmin/ListPermissionSetProvisioningStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListPermissionSetProvisioningStatus.hs
@@ -0,0 +1,299 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListPermissionSetProvisioningStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the status of the permission set provisioning requests for a
+-- specified IAM Identity Center instance.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListPermissionSetProvisioningStatus
+  ( -- * Creating a Request
+    ListPermissionSetProvisioningStatus (..),
+    newListPermissionSetProvisioningStatus,
+
+    -- * Request Lenses
+    listPermissionSetProvisioningStatus_filter,
+    listPermissionSetProvisioningStatus_maxResults,
+    listPermissionSetProvisioningStatus_nextToken,
+    listPermissionSetProvisioningStatus_instanceArn,
+
+    -- * Destructuring the Response
+    ListPermissionSetProvisioningStatusResponse (..),
+    newListPermissionSetProvisioningStatusResponse,
+
+    -- * Response Lenses
+    listPermissionSetProvisioningStatusResponse_nextToken,
+    listPermissionSetProvisioningStatusResponse_permissionSetsProvisioningStatus,
+    listPermissionSetProvisioningStatusResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListPermissionSetProvisioningStatus' smart constructor.
+data ListPermissionSetProvisioningStatus = ListPermissionSetProvisioningStatus'
+  { -- | Filters results based on the passed attribute value.
+    filter' :: Prelude.Maybe OperationStatusFilter,
+    -- | The maximum number of results to display for the assignment.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissionSetProvisioningStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filter'', 'listPermissionSetProvisioningStatus_filter' - Filters results based on the passed attribute value.
+--
+-- 'maxResults', 'listPermissionSetProvisioningStatus_maxResults' - The maximum number of results to display for the assignment.
+--
+-- 'nextToken', 'listPermissionSetProvisioningStatus_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listPermissionSetProvisioningStatus_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+newListPermissionSetProvisioningStatus ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  ListPermissionSetProvisioningStatus
+newListPermissionSetProvisioningStatus pInstanceArn_ =
+  ListPermissionSetProvisioningStatus'
+    { filter' =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      instanceArn = pInstanceArn_
+    }
+
+-- | Filters results based on the passed attribute value.
+listPermissionSetProvisioningStatus_filter :: Lens.Lens' ListPermissionSetProvisioningStatus (Prelude.Maybe OperationStatusFilter)
+listPermissionSetProvisioningStatus_filter = Lens.lens (\ListPermissionSetProvisioningStatus' {filter'} -> filter') (\s@ListPermissionSetProvisioningStatus' {} a -> s {filter' = a} :: ListPermissionSetProvisioningStatus)
+
+-- | The maximum number of results to display for the assignment.
+listPermissionSetProvisioningStatus_maxResults :: Lens.Lens' ListPermissionSetProvisioningStatus (Prelude.Maybe Prelude.Natural)
+listPermissionSetProvisioningStatus_maxResults = Lens.lens (\ListPermissionSetProvisioningStatus' {maxResults} -> maxResults) (\s@ListPermissionSetProvisioningStatus' {} a -> s {maxResults = a} :: ListPermissionSetProvisioningStatus)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listPermissionSetProvisioningStatus_nextToken :: Lens.Lens' ListPermissionSetProvisioningStatus (Prelude.Maybe Prelude.Text)
+listPermissionSetProvisioningStatus_nextToken = Lens.lens (\ListPermissionSetProvisioningStatus' {nextToken} -> nextToken) (\s@ListPermissionSetProvisioningStatus' {} a -> s {nextToken = a} :: ListPermissionSetProvisioningStatus)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listPermissionSetProvisioningStatus_instanceArn :: Lens.Lens' ListPermissionSetProvisioningStatus Prelude.Text
+listPermissionSetProvisioningStatus_instanceArn = Lens.lens (\ListPermissionSetProvisioningStatus' {instanceArn} -> instanceArn) (\s@ListPermissionSetProvisioningStatus' {} a -> s {instanceArn = a} :: ListPermissionSetProvisioningStatus)
+
+instance
+  Core.AWSPager
+    ListPermissionSetProvisioningStatus
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listPermissionSetProvisioningStatusResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listPermissionSetProvisioningStatusResponse_permissionSetsProvisioningStatus
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listPermissionSetProvisioningStatus_nextToken
+          Lens..~ rs
+          Lens.^? listPermissionSetProvisioningStatusResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListPermissionSetProvisioningStatus
+  where
+  type
+    AWSResponse ListPermissionSetProvisioningStatus =
+      ListPermissionSetProvisioningStatusResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListPermissionSetProvisioningStatusResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "PermissionSetsProvisioningStatus"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListPermissionSetProvisioningStatus
+  where
+  hashWithSalt
+    _salt
+    ListPermissionSetProvisioningStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` filter'
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` instanceArn
+
+instance
+  Prelude.NFData
+    ListPermissionSetProvisioningStatus
+  where
+  rnf ListPermissionSetProvisioningStatus' {..} =
+    Prelude.rnf filter'
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf instanceArn
+
+instance
+  Data.ToHeaders
+    ListPermissionSetProvisioningStatus
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListPermissionSetProvisioningStatus" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListPermissionSetProvisioningStatus
+  where
+  toJSON ListPermissionSetProvisioningStatus' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filter" Data..=) Prelude.<$> filter',
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("InstanceArn" Data..= instanceArn)
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListPermissionSetProvisioningStatus
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListPermissionSetProvisioningStatus
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListPermissionSetProvisioningStatusResponse' smart constructor.
+data ListPermissionSetProvisioningStatusResponse = ListPermissionSetProvisioningStatusResponse'
+  { -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The status object for the permission set provisioning operation.
+    permissionSetsProvisioningStatus :: Prelude.Maybe [PermissionSetProvisioningStatusMetadata],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissionSetProvisioningStatusResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listPermissionSetProvisioningStatusResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'permissionSetsProvisioningStatus', 'listPermissionSetProvisioningStatusResponse_permissionSetsProvisioningStatus' - The status object for the permission set provisioning operation.
+--
+-- 'httpStatus', 'listPermissionSetProvisioningStatusResponse_httpStatus' - The response's http status code.
+newListPermissionSetProvisioningStatusResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListPermissionSetProvisioningStatusResponse
+newListPermissionSetProvisioningStatusResponse
+  pHttpStatus_ =
+    ListPermissionSetProvisioningStatusResponse'
+      { nextToken =
+          Prelude.Nothing,
+        permissionSetsProvisioningStatus =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listPermissionSetProvisioningStatusResponse_nextToken :: Lens.Lens' ListPermissionSetProvisioningStatusResponse (Prelude.Maybe Prelude.Text)
+listPermissionSetProvisioningStatusResponse_nextToken = Lens.lens (\ListPermissionSetProvisioningStatusResponse' {nextToken} -> nextToken) (\s@ListPermissionSetProvisioningStatusResponse' {} a -> s {nextToken = a} :: ListPermissionSetProvisioningStatusResponse)
+
+-- | The status object for the permission set provisioning operation.
+listPermissionSetProvisioningStatusResponse_permissionSetsProvisioningStatus :: Lens.Lens' ListPermissionSetProvisioningStatusResponse (Prelude.Maybe [PermissionSetProvisioningStatusMetadata])
+listPermissionSetProvisioningStatusResponse_permissionSetsProvisioningStatus = Lens.lens (\ListPermissionSetProvisioningStatusResponse' {permissionSetsProvisioningStatus} -> permissionSetsProvisioningStatus) (\s@ListPermissionSetProvisioningStatusResponse' {} a -> s {permissionSetsProvisioningStatus = a} :: ListPermissionSetProvisioningStatusResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listPermissionSetProvisioningStatusResponse_httpStatus :: Lens.Lens' ListPermissionSetProvisioningStatusResponse Prelude.Int
+listPermissionSetProvisioningStatusResponse_httpStatus = Lens.lens (\ListPermissionSetProvisioningStatusResponse' {httpStatus} -> httpStatus) (\s@ListPermissionSetProvisioningStatusResponse' {} a -> s {httpStatus = a} :: ListPermissionSetProvisioningStatusResponse)
+
+instance
+  Prelude.NFData
+    ListPermissionSetProvisioningStatusResponse
+  where
+  rnf ListPermissionSetProvisioningStatusResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf permissionSetsProvisioningStatus
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListPermissionSets.hs b/gen/Amazonka/SSOAdmin/ListPermissionSets.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListPermissionSets.hs
@@ -0,0 +1,250 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListPermissionSets
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the PermissionSets in an IAM Identity Center instance.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListPermissionSets
+  ( -- * Creating a Request
+    ListPermissionSets (..),
+    newListPermissionSets,
+
+    -- * Request Lenses
+    listPermissionSets_maxResults,
+    listPermissionSets_nextToken,
+    listPermissionSets_instanceArn,
+
+    -- * Destructuring the Response
+    ListPermissionSetsResponse (..),
+    newListPermissionSetsResponse,
+
+    -- * Response Lenses
+    listPermissionSetsResponse_nextToken,
+    listPermissionSetsResponse_permissionSets,
+    listPermissionSetsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListPermissionSets' smart constructor.
+data ListPermissionSets = ListPermissionSets'
+  { -- | The maximum number of results to display for the assignment.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissionSets' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listPermissionSets_maxResults' - The maximum number of results to display for the assignment.
+--
+-- 'nextToken', 'listPermissionSets_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listPermissionSets_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+newListPermissionSets ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  ListPermissionSets
+newListPermissionSets pInstanceArn_ =
+  ListPermissionSets'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      instanceArn = pInstanceArn_
+    }
+
+-- | The maximum number of results to display for the assignment.
+listPermissionSets_maxResults :: Lens.Lens' ListPermissionSets (Prelude.Maybe Prelude.Natural)
+listPermissionSets_maxResults = Lens.lens (\ListPermissionSets' {maxResults} -> maxResults) (\s@ListPermissionSets' {} a -> s {maxResults = a} :: ListPermissionSets)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listPermissionSets_nextToken :: Lens.Lens' ListPermissionSets (Prelude.Maybe Prelude.Text)
+listPermissionSets_nextToken = Lens.lens (\ListPermissionSets' {nextToken} -> nextToken) (\s@ListPermissionSets' {} a -> s {nextToken = a} :: ListPermissionSets)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listPermissionSets_instanceArn :: Lens.Lens' ListPermissionSets Prelude.Text
+listPermissionSets_instanceArn = Lens.lens (\ListPermissionSets' {instanceArn} -> instanceArn) (\s@ListPermissionSets' {} a -> s {instanceArn = a} :: ListPermissionSets)
+
+instance Core.AWSPager ListPermissionSets where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listPermissionSetsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listPermissionSetsResponse_permissionSets
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listPermissionSets_nextToken
+          Lens..~ rs
+          Lens.^? listPermissionSetsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListPermissionSets where
+  type
+    AWSResponse ListPermissionSets =
+      ListPermissionSetsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListPermissionSetsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (x Data..?> "PermissionSets" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListPermissionSets where
+  hashWithSalt _salt ListPermissionSets' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` instanceArn
+
+instance Prelude.NFData ListPermissionSets where
+  rnf ListPermissionSets' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf instanceArn
+
+instance Data.ToHeaders ListPermissionSets where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListPermissionSets" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListPermissionSets where
+  toJSON ListPermissionSets' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("InstanceArn" Data..= instanceArn)
+          ]
+      )
+
+instance Data.ToPath ListPermissionSets where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListPermissionSets where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListPermissionSetsResponse' smart constructor.
+data ListPermissionSetsResponse = ListPermissionSetsResponse'
+  { -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | Defines the level of access on an AWS account.
+    permissionSets :: Prelude.Maybe [Prelude.Text],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissionSetsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listPermissionSetsResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'permissionSets', 'listPermissionSetsResponse_permissionSets' - Defines the level of access on an AWS account.
+--
+-- 'httpStatus', 'listPermissionSetsResponse_httpStatus' - The response's http status code.
+newListPermissionSetsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListPermissionSetsResponse
+newListPermissionSetsResponse pHttpStatus_ =
+  ListPermissionSetsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      permissionSets = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listPermissionSetsResponse_nextToken :: Lens.Lens' ListPermissionSetsResponse (Prelude.Maybe Prelude.Text)
+listPermissionSetsResponse_nextToken = Lens.lens (\ListPermissionSetsResponse' {nextToken} -> nextToken) (\s@ListPermissionSetsResponse' {} a -> s {nextToken = a} :: ListPermissionSetsResponse)
+
+-- | Defines the level of access on an AWS account.
+listPermissionSetsResponse_permissionSets :: Lens.Lens' ListPermissionSetsResponse (Prelude.Maybe [Prelude.Text])
+listPermissionSetsResponse_permissionSets = Lens.lens (\ListPermissionSetsResponse' {permissionSets} -> permissionSets) (\s@ListPermissionSetsResponse' {} a -> s {permissionSets = a} :: ListPermissionSetsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listPermissionSetsResponse_httpStatus :: Lens.Lens' ListPermissionSetsResponse Prelude.Int
+listPermissionSetsResponse_httpStatus = Lens.lens (\ListPermissionSetsResponse' {httpStatus} -> httpStatus) (\s@ListPermissionSetsResponse' {} a -> s {httpStatus = a} :: ListPermissionSetsResponse)
+
+instance Prelude.NFData ListPermissionSetsResponse where
+  rnf ListPermissionSetsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf permissionSets
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListPermissionSetsProvisionedToAccount.hs b/gen/Amazonka/SSOAdmin/ListPermissionSetsProvisionedToAccount.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListPermissionSetsProvisionedToAccount.hs
@@ -0,0 +1,317 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListPermissionSetsProvisionedToAccount
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all the permission sets that are provisioned to a specified AWS
+-- account.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListPermissionSetsProvisionedToAccount
+  ( -- * Creating a Request
+    ListPermissionSetsProvisionedToAccount (..),
+    newListPermissionSetsProvisionedToAccount,
+
+    -- * Request Lenses
+    listPermissionSetsProvisionedToAccount_maxResults,
+    listPermissionSetsProvisionedToAccount_nextToken,
+    listPermissionSetsProvisionedToAccount_provisioningStatus,
+    listPermissionSetsProvisionedToAccount_instanceArn,
+    listPermissionSetsProvisionedToAccount_accountId,
+
+    -- * Destructuring the Response
+    ListPermissionSetsProvisionedToAccountResponse (..),
+    newListPermissionSetsProvisionedToAccountResponse,
+
+    -- * Response Lenses
+    listPermissionSetsProvisionedToAccountResponse_nextToken,
+    listPermissionSetsProvisionedToAccountResponse_permissionSets,
+    listPermissionSetsProvisionedToAccountResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListPermissionSetsProvisionedToAccount' smart constructor.
+data ListPermissionSetsProvisionedToAccount = ListPermissionSetsProvisionedToAccount'
+  { -- | The maximum number of results to display for the assignment.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The status object for the permission set provisioning operation.
+    provisioningStatus :: Prelude.Maybe ProvisioningStatus,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The identifier of the AWS account from which to list the assignments.
+    accountId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissionSetsProvisionedToAccount' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listPermissionSetsProvisionedToAccount_maxResults' - The maximum number of results to display for the assignment.
+--
+-- 'nextToken', 'listPermissionSetsProvisionedToAccount_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'provisioningStatus', 'listPermissionSetsProvisionedToAccount_provisioningStatus' - The status object for the permission set provisioning operation.
+--
+-- 'instanceArn', 'listPermissionSetsProvisionedToAccount_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'accountId', 'listPermissionSetsProvisionedToAccount_accountId' - The identifier of the AWS account from which to list the assignments.
+newListPermissionSetsProvisionedToAccount ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'accountId'
+  Prelude.Text ->
+  ListPermissionSetsProvisionedToAccount
+newListPermissionSetsProvisionedToAccount
+  pInstanceArn_
+  pAccountId_ =
+    ListPermissionSetsProvisionedToAccount'
+      { maxResults =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        provisioningStatus =
+          Prelude.Nothing,
+        instanceArn = pInstanceArn_,
+        accountId = pAccountId_
+      }
+
+-- | The maximum number of results to display for the assignment.
+listPermissionSetsProvisionedToAccount_maxResults :: Lens.Lens' ListPermissionSetsProvisionedToAccount (Prelude.Maybe Prelude.Natural)
+listPermissionSetsProvisionedToAccount_maxResults = Lens.lens (\ListPermissionSetsProvisionedToAccount' {maxResults} -> maxResults) (\s@ListPermissionSetsProvisionedToAccount' {} a -> s {maxResults = a} :: ListPermissionSetsProvisionedToAccount)
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listPermissionSetsProvisionedToAccount_nextToken :: Lens.Lens' ListPermissionSetsProvisionedToAccount (Prelude.Maybe Prelude.Text)
+listPermissionSetsProvisionedToAccount_nextToken = Lens.lens (\ListPermissionSetsProvisionedToAccount' {nextToken} -> nextToken) (\s@ListPermissionSetsProvisionedToAccount' {} a -> s {nextToken = a} :: ListPermissionSetsProvisionedToAccount)
+
+-- | The status object for the permission set provisioning operation.
+listPermissionSetsProvisionedToAccount_provisioningStatus :: Lens.Lens' ListPermissionSetsProvisionedToAccount (Prelude.Maybe ProvisioningStatus)
+listPermissionSetsProvisionedToAccount_provisioningStatus = Lens.lens (\ListPermissionSetsProvisionedToAccount' {provisioningStatus} -> provisioningStatus) (\s@ListPermissionSetsProvisionedToAccount' {} a -> s {provisioningStatus = a} :: ListPermissionSetsProvisionedToAccount)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listPermissionSetsProvisionedToAccount_instanceArn :: Lens.Lens' ListPermissionSetsProvisionedToAccount Prelude.Text
+listPermissionSetsProvisionedToAccount_instanceArn = Lens.lens (\ListPermissionSetsProvisionedToAccount' {instanceArn} -> instanceArn) (\s@ListPermissionSetsProvisionedToAccount' {} a -> s {instanceArn = a} :: ListPermissionSetsProvisionedToAccount)
+
+-- | The identifier of the AWS account from which to list the assignments.
+listPermissionSetsProvisionedToAccount_accountId :: Lens.Lens' ListPermissionSetsProvisionedToAccount Prelude.Text
+listPermissionSetsProvisionedToAccount_accountId = Lens.lens (\ListPermissionSetsProvisionedToAccount' {accountId} -> accountId) (\s@ListPermissionSetsProvisionedToAccount' {} a -> s {accountId = a} :: ListPermissionSetsProvisionedToAccount)
+
+instance
+  Core.AWSPager
+    ListPermissionSetsProvisionedToAccount
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listPermissionSetsProvisionedToAccountResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listPermissionSetsProvisionedToAccountResponse_permissionSets
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listPermissionSetsProvisionedToAccount_nextToken
+          Lens..~ rs
+          Lens.^? listPermissionSetsProvisionedToAccountResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListPermissionSetsProvisionedToAccount
+  where
+  type
+    AWSResponse
+      ListPermissionSetsProvisionedToAccount =
+      ListPermissionSetsProvisionedToAccountResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListPermissionSetsProvisionedToAccountResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (x Data..?> "PermissionSets" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListPermissionSetsProvisionedToAccount
+  where
+  hashWithSalt
+    _salt
+    ListPermissionSetsProvisionedToAccount' {..} =
+      _salt
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` provisioningStatus
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` accountId
+
+instance
+  Prelude.NFData
+    ListPermissionSetsProvisionedToAccount
+  where
+  rnf ListPermissionSetsProvisionedToAccount' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf provisioningStatus
+      `Prelude.seq` Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf accountId
+
+instance
+  Data.ToHeaders
+    ListPermissionSetsProvisionedToAccount
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListPermissionSetsProvisionedToAccount" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListPermissionSetsProvisionedToAccount
+  where
+  toJSON ListPermissionSetsProvisionedToAccount' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("ProvisioningStatus" Data..=)
+              Prelude.<$> provisioningStatus,
+            Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just ("AccountId" Data..= accountId)
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListPermissionSetsProvisionedToAccount
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListPermissionSetsProvisionedToAccount
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListPermissionSetsProvisionedToAccountResponse' smart constructor.
+data ListPermissionSetsProvisionedToAccountResponse = ListPermissionSetsProvisionedToAccountResponse'
+  { -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | Defines the level of access that an AWS account has.
+    permissionSets :: Prelude.Maybe [Prelude.Text],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListPermissionSetsProvisionedToAccountResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listPermissionSetsProvisionedToAccountResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'permissionSets', 'listPermissionSetsProvisionedToAccountResponse_permissionSets' - Defines the level of access that an AWS account has.
+--
+-- 'httpStatus', 'listPermissionSetsProvisionedToAccountResponse_httpStatus' - The response's http status code.
+newListPermissionSetsProvisionedToAccountResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListPermissionSetsProvisionedToAccountResponse
+newListPermissionSetsProvisionedToAccountResponse
+  pHttpStatus_ =
+    ListPermissionSetsProvisionedToAccountResponse'
+      { nextToken =
+          Prelude.Nothing,
+        permissionSets =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listPermissionSetsProvisionedToAccountResponse_nextToken :: Lens.Lens' ListPermissionSetsProvisionedToAccountResponse (Prelude.Maybe Prelude.Text)
+listPermissionSetsProvisionedToAccountResponse_nextToken = Lens.lens (\ListPermissionSetsProvisionedToAccountResponse' {nextToken} -> nextToken) (\s@ListPermissionSetsProvisionedToAccountResponse' {} a -> s {nextToken = a} :: ListPermissionSetsProvisionedToAccountResponse)
+
+-- | Defines the level of access that an AWS account has.
+listPermissionSetsProvisionedToAccountResponse_permissionSets :: Lens.Lens' ListPermissionSetsProvisionedToAccountResponse (Prelude.Maybe [Prelude.Text])
+listPermissionSetsProvisionedToAccountResponse_permissionSets = Lens.lens (\ListPermissionSetsProvisionedToAccountResponse' {permissionSets} -> permissionSets) (\s@ListPermissionSetsProvisionedToAccountResponse' {} a -> s {permissionSets = a} :: ListPermissionSetsProvisionedToAccountResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listPermissionSetsProvisionedToAccountResponse_httpStatus :: Lens.Lens' ListPermissionSetsProvisionedToAccountResponse Prelude.Int
+listPermissionSetsProvisionedToAccountResponse_httpStatus = Lens.lens (\ListPermissionSetsProvisionedToAccountResponse' {httpStatus} -> httpStatus) (\s@ListPermissionSetsProvisionedToAccountResponse' {} a -> s {httpStatus = a} :: ListPermissionSetsProvisionedToAccountResponse)
+
+instance
+  Prelude.NFData
+    ListPermissionSetsProvisionedToAccountResponse
+  where
+  rnf
+    ListPermissionSetsProvisionedToAccountResponse' {..} =
+      Prelude.rnf nextToken
+        `Prelude.seq` Prelude.rnf permissionSets
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ListTagsForResource.hs b/gen/Amazonka/SSOAdmin/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ListTagsForResource.hs
@@ -0,0 +1,252 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the tags that are attached to a specified resource.
+--
+-- This operation returns paginated results.
+module Amazonka.SSOAdmin.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_nextToken,
+    listTagsForResource_instanceArn,
+    listTagsForResource_resourceArn,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_nextToken,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the resource with the tags to be listed.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listTagsForResource_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'instanceArn', 'listTagsForResource_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'resourceArn', 'listTagsForResource_resourceArn' - The ARN of the resource with the tags to be listed.
+newListTagsForResource ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'resourceArn'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pInstanceArn_ pResourceArn_ =
+  ListTagsForResource'
+    { nextToken = Prelude.Nothing,
+      instanceArn = pInstanceArn_,
+      resourceArn = pResourceArn_
+    }
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listTagsForResource_nextToken :: Lens.Lens' ListTagsForResource (Prelude.Maybe Prelude.Text)
+listTagsForResource_nextToken = Lens.lens (\ListTagsForResource' {nextToken} -> nextToken) (\s@ListTagsForResource' {} a -> s {nextToken = a} :: ListTagsForResource)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+listTagsForResource_instanceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_instanceArn = Lens.lens (\ListTagsForResource' {instanceArn} -> instanceArn) (\s@ListTagsForResource' {} a -> s {instanceArn = a} :: ListTagsForResource)
+
+-- | The ARN of the resource with the tags to be listed.
+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)
+
+instance Core.AWSPager ListTagsForResource where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listTagsForResourceResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listTagsForResourceResponse_tags
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listTagsForResource_nextToken
+          Lens..~ rs
+          Lens.^? listTagsForResourceResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (x Data..?> "Tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf resourceArn
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ListTagsForResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListTagsForResource where
+  toJSON ListTagsForResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just ("ResourceArn" Data..= resourceArn)
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | The pagination token for the list API. Initially the value is null. Use
+    -- the output of previous API calls to make subsequent calls.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A set of key-value pairs that are used to manage the resource.
+    tags :: Prelude.Maybe [Tag],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listTagsForResourceResponse_nextToken' - The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - A set of key-value pairs that are used to manage the resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { nextToken =
+        Prelude.Nothing,
+      tags = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The pagination token for the list API. Initially the value is null. Use
+-- the output of previous API calls to make subsequent calls.
+listTagsForResourceResponse_nextToken :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe Prelude.Text)
+listTagsForResourceResponse_nextToken = Lens.lens (\ListTagsForResourceResponse' {nextToken} -> nextToken) (\s@ListTagsForResourceResponse' {} a -> s {nextToken = a} :: ListTagsForResourceResponse)
+
+-- | A set of key-value pairs that are used to manage the resource.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe [Tag])
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/ProvisionPermissionSet.hs b/gen/Amazonka/SSOAdmin/ProvisionPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/ProvisionPermissionSet.hs
@@ -0,0 +1,236 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.ProvisionPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- The process by which a specified permission set is provisioned to the
+-- specified target.
+module Amazonka.SSOAdmin.ProvisionPermissionSet
+  ( -- * Creating a Request
+    ProvisionPermissionSet (..),
+    newProvisionPermissionSet,
+
+    -- * Request Lenses
+    provisionPermissionSet_targetId,
+    provisionPermissionSet_instanceArn,
+    provisionPermissionSet_permissionSetArn,
+    provisionPermissionSet_targetType,
+
+    -- * Destructuring the Response
+    ProvisionPermissionSetResponse (..),
+    newProvisionPermissionSetResponse,
+
+    -- * Response Lenses
+    provisionPermissionSetResponse_permissionSetProvisioningStatus,
+    provisionPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newProvisionPermissionSet' smart constructor.
+data ProvisionPermissionSet = ProvisionPermissionSet'
+  { -- | TargetID is an AWS account identifier, typically a 10-12 digit string
+    -- (For example, 123456789012).
+    targetId :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the permission set.
+    permissionSetArn :: Prelude.Text,
+    -- | The entity type for which the assignment will be created.
+    targetType :: ProvisionTargetType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProvisionPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'targetId', 'provisionPermissionSet_targetId' - TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+--
+-- 'instanceArn', 'provisionPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'provisionPermissionSet_permissionSetArn' - The ARN of the permission set.
+--
+-- 'targetType', 'provisionPermissionSet_targetType' - The entity type for which the assignment will be created.
+newProvisionPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'targetType'
+  ProvisionTargetType ->
+  ProvisionPermissionSet
+newProvisionPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_
+  pTargetType_ =
+    ProvisionPermissionSet'
+      { targetId = Prelude.Nothing,
+        instanceArn = pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_,
+        targetType = pTargetType_
+      }
+
+-- | TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+provisionPermissionSet_targetId :: Lens.Lens' ProvisionPermissionSet (Prelude.Maybe Prelude.Text)
+provisionPermissionSet_targetId = Lens.lens (\ProvisionPermissionSet' {targetId} -> targetId) (\s@ProvisionPermissionSet' {} a -> s {targetId = a} :: ProvisionPermissionSet)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+provisionPermissionSet_instanceArn :: Lens.Lens' ProvisionPermissionSet Prelude.Text
+provisionPermissionSet_instanceArn = Lens.lens (\ProvisionPermissionSet' {instanceArn} -> instanceArn) (\s@ProvisionPermissionSet' {} a -> s {instanceArn = a} :: ProvisionPermissionSet)
+
+-- | The ARN of the permission set.
+provisionPermissionSet_permissionSetArn :: Lens.Lens' ProvisionPermissionSet Prelude.Text
+provisionPermissionSet_permissionSetArn = Lens.lens (\ProvisionPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@ProvisionPermissionSet' {} a -> s {permissionSetArn = a} :: ProvisionPermissionSet)
+
+-- | The entity type for which the assignment will be created.
+provisionPermissionSet_targetType :: Lens.Lens' ProvisionPermissionSet ProvisionTargetType
+provisionPermissionSet_targetType = Lens.lens (\ProvisionPermissionSet' {targetType} -> targetType) (\s@ProvisionPermissionSet' {} a -> s {targetType = a} :: ProvisionPermissionSet)
+
+instance Core.AWSRequest ProvisionPermissionSet where
+  type
+    AWSResponse ProvisionPermissionSet =
+      ProvisionPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ProvisionPermissionSetResponse'
+            Prelude.<$> (x Data..?> "PermissionSetProvisioningStatus")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ProvisionPermissionSet where
+  hashWithSalt _salt ProvisionPermissionSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` targetId
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` permissionSetArn
+      `Prelude.hashWithSalt` targetType
+
+instance Prelude.NFData ProvisionPermissionSet where
+  rnf ProvisionPermissionSet' {..} =
+    Prelude.rnf targetId
+      `Prelude.seq` Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf targetType
+
+instance Data.ToHeaders ProvisionPermissionSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.ProvisionPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ProvisionPermissionSet where
+  toJSON ProvisionPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("TargetId" Data..=) Prelude.<$> targetId,
+            Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn),
+            Prelude.Just ("TargetType" Data..= targetType)
+          ]
+      )
+
+instance Data.ToPath ProvisionPermissionSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ProvisionPermissionSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newProvisionPermissionSetResponse' smart constructor.
+data ProvisionPermissionSetResponse = ProvisionPermissionSetResponse'
+  { -- | The status object for the permission set provisioning operation.
+    permissionSetProvisioningStatus :: Prelude.Maybe PermissionSetProvisioningStatus,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProvisionPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'permissionSetProvisioningStatus', 'provisionPermissionSetResponse_permissionSetProvisioningStatus' - The status object for the permission set provisioning operation.
+--
+-- 'httpStatus', 'provisionPermissionSetResponse_httpStatus' - The response's http status code.
+newProvisionPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ProvisionPermissionSetResponse
+newProvisionPermissionSetResponse pHttpStatus_ =
+  ProvisionPermissionSetResponse'
+    { permissionSetProvisioningStatus =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The status object for the permission set provisioning operation.
+provisionPermissionSetResponse_permissionSetProvisioningStatus :: Lens.Lens' ProvisionPermissionSetResponse (Prelude.Maybe PermissionSetProvisioningStatus)
+provisionPermissionSetResponse_permissionSetProvisioningStatus = Lens.lens (\ProvisionPermissionSetResponse' {permissionSetProvisioningStatus} -> permissionSetProvisioningStatus) (\s@ProvisionPermissionSetResponse' {} a -> s {permissionSetProvisioningStatus = a} :: ProvisionPermissionSetResponse)
+
+-- | The response's http status code.
+provisionPermissionSetResponse_httpStatus :: Lens.Lens' ProvisionPermissionSetResponse Prelude.Int
+provisionPermissionSetResponse_httpStatus = Lens.lens (\ProvisionPermissionSetResponse' {httpStatus} -> httpStatus) (\s@ProvisionPermissionSetResponse' {} a -> s {httpStatus = a} :: ProvisionPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    ProvisionPermissionSetResponse
+  where
+  rnf ProvisionPermissionSetResponse' {..} =
+    Prelude.rnf permissionSetProvisioningStatus
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/PutInlinePolicyToPermissionSet.hs b/gen/Amazonka/SSOAdmin/PutInlinePolicyToPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/PutInlinePolicyToPermissionSet.hs
@@ -0,0 +1,228 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.PutInlinePolicyToPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Attaches an inline policy to a permission set.
+--
+-- If the permission set is already referenced by one or more account
+-- assignments, you will need to call @ @@ProvisionPermissionSet@@ @ after
+-- this action to apply the corresponding IAM policy updates to all
+-- assigned accounts.
+module Amazonka.SSOAdmin.PutInlinePolicyToPermissionSet
+  ( -- * Creating a Request
+    PutInlinePolicyToPermissionSet (..),
+    newPutInlinePolicyToPermissionSet,
+
+    -- * Request Lenses
+    putInlinePolicyToPermissionSet_instanceArn,
+    putInlinePolicyToPermissionSet_permissionSetArn,
+    putInlinePolicyToPermissionSet_inlinePolicy,
+
+    -- * Destructuring the Response
+    PutInlinePolicyToPermissionSetResponse (..),
+    newPutInlinePolicyToPermissionSetResponse,
+
+    -- * Response Lenses
+    putInlinePolicyToPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newPutInlinePolicyToPermissionSet' smart constructor.
+data PutInlinePolicyToPermissionSet = PutInlinePolicyToPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the permission set.
+    permissionSetArn :: Prelude.Text,
+    -- | The inline policy to attach to a PermissionSet.
+    inlinePolicy :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutInlinePolicyToPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'putInlinePolicyToPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'putInlinePolicyToPermissionSet_permissionSetArn' - The ARN of the permission set.
+--
+-- 'inlinePolicy', 'putInlinePolicyToPermissionSet_inlinePolicy' - The inline policy to attach to a PermissionSet.
+newPutInlinePolicyToPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'inlinePolicy'
+  Prelude.Text ->
+  PutInlinePolicyToPermissionSet
+newPutInlinePolicyToPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_
+  pInlinePolicy_ =
+    PutInlinePolicyToPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_,
+        inlinePolicy = pInlinePolicy_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+putInlinePolicyToPermissionSet_instanceArn :: Lens.Lens' PutInlinePolicyToPermissionSet Prelude.Text
+putInlinePolicyToPermissionSet_instanceArn = Lens.lens (\PutInlinePolicyToPermissionSet' {instanceArn} -> instanceArn) (\s@PutInlinePolicyToPermissionSet' {} a -> s {instanceArn = a} :: PutInlinePolicyToPermissionSet)
+
+-- | The ARN of the permission set.
+putInlinePolicyToPermissionSet_permissionSetArn :: Lens.Lens' PutInlinePolicyToPermissionSet Prelude.Text
+putInlinePolicyToPermissionSet_permissionSetArn = Lens.lens (\PutInlinePolicyToPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@PutInlinePolicyToPermissionSet' {} a -> s {permissionSetArn = a} :: PutInlinePolicyToPermissionSet)
+
+-- | The inline policy to attach to a PermissionSet.
+putInlinePolicyToPermissionSet_inlinePolicy :: Lens.Lens' PutInlinePolicyToPermissionSet Prelude.Text
+putInlinePolicyToPermissionSet_inlinePolicy = Lens.lens (\PutInlinePolicyToPermissionSet' {inlinePolicy} -> inlinePolicy) (\s@PutInlinePolicyToPermissionSet' {} a -> s {inlinePolicy = a} :: PutInlinePolicyToPermissionSet)
+
+instance
+  Core.AWSRequest
+    PutInlinePolicyToPermissionSet
+  where
+  type
+    AWSResponse PutInlinePolicyToPermissionSet =
+      PutInlinePolicyToPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          PutInlinePolicyToPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    PutInlinePolicyToPermissionSet
+  where
+  hashWithSalt
+    _salt
+    PutInlinePolicyToPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` inlinePolicy
+
+instance
+  Prelude.NFData
+    PutInlinePolicyToPermissionSet
+  where
+  rnf PutInlinePolicyToPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf inlinePolicy
+
+instance
+  Data.ToHeaders
+    PutInlinePolicyToPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.PutInlinePolicyToPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON PutInlinePolicyToPermissionSet where
+  toJSON PutInlinePolicyToPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn),
+            Prelude.Just ("InlinePolicy" Data..= inlinePolicy)
+          ]
+      )
+
+instance Data.ToPath PutInlinePolicyToPermissionSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery PutInlinePolicyToPermissionSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newPutInlinePolicyToPermissionSetResponse' smart constructor.
+data PutInlinePolicyToPermissionSetResponse = PutInlinePolicyToPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutInlinePolicyToPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'putInlinePolicyToPermissionSetResponse_httpStatus' - The response's http status code.
+newPutInlinePolicyToPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutInlinePolicyToPermissionSetResponse
+newPutInlinePolicyToPermissionSetResponse
+  pHttpStatus_ =
+    PutInlinePolicyToPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+putInlinePolicyToPermissionSetResponse_httpStatus :: Lens.Lens' PutInlinePolicyToPermissionSetResponse Prelude.Int
+putInlinePolicyToPermissionSetResponse_httpStatus = Lens.lens (\PutInlinePolicyToPermissionSetResponse' {httpStatus} -> httpStatus) (\s@PutInlinePolicyToPermissionSetResponse' {} a -> s {httpStatus = a} :: PutInlinePolicyToPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    PutInlinePolicyToPermissionSetResponse
+  where
+  rnf PutInlinePolicyToPermissionSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/PutPermissionsBoundaryToPermissionSet.hs b/gen/Amazonka/SSOAdmin/PutPermissionsBoundaryToPermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/PutPermissionsBoundaryToPermissionSet.hs
@@ -0,0 +1,232 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.PutPermissionsBoundaryToPermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Attaches an AWS managed or customer managed policy to the specified
+-- PermissionSet as a permissions boundary.
+module Amazonka.SSOAdmin.PutPermissionsBoundaryToPermissionSet
+  ( -- * Creating a Request
+    PutPermissionsBoundaryToPermissionSet (..),
+    newPutPermissionsBoundaryToPermissionSet,
+
+    -- * Request Lenses
+    putPermissionsBoundaryToPermissionSet_instanceArn,
+    putPermissionsBoundaryToPermissionSet_permissionSetArn,
+    putPermissionsBoundaryToPermissionSet_permissionsBoundary,
+
+    -- * Destructuring the Response
+    PutPermissionsBoundaryToPermissionSetResponse (..),
+    newPutPermissionsBoundaryToPermissionSetResponse,
+
+    -- * Response Lenses
+    putPermissionsBoundaryToPermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newPutPermissionsBoundaryToPermissionSet' smart constructor.
+data PutPermissionsBoundaryToPermissionSet = PutPermissionsBoundaryToPermissionSet'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the @PermissionSet@.
+    permissionSetArn :: Prelude.Text,
+    -- | The permissions boundary that you want to attach to a @PermissionSet@.
+    permissionsBoundary :: PermissionsBoundary
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutPermissionsBoundaryToPermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'putPermissionsBoundaryToPermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'permissionSetArn', 'putPermissionsBoundaryToPermissionSet_permissionSetArn' - The ARN of the @PermissionSet@.
+--
+-- 'permissionsBoundary', 'putPermissionsBoundaryToPermissionSet_permissionsBoundary' - The permissions boundary that you want to attach to a @PermissionSet@.
+newPutPermissionsBoundaryToPermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  -- | 'permissionsBoundary'
+  PermissionsBoundary ->
+  PutPermissionsBoundaryToPermissionSet
+newPutPermissionsBoundaryToPermissionSet
+  pInstanceArn_
+  pPermissionSetArn_
+  pPermissionsBoundary_ =
+    PutPermissionsBoundaryToPermissionSet'
+      { instanceArn =
+          pInstanceArn_,
+        permissionSetArn =
+          pPermissionSetArn_,
+        permissionsBoundary =
+          pPermissionsBoundary_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+putPermissionsBoundaryToPermissionSet_instanceArn :: Lens.Lens' PutPermissionsBoundaryToPermissionSet Prelude.Text
+putPermissionsBoundaryToPermissionSet_instanceArn = Lens.lens (\PutPermissionsBoundaryToPermissionSet' {instanceArn} -> instanceArn) (\s@PutPermissionsBoundaryToPermissionSet' {} a -> s {instanceArn = a} :: PutPermissionsBoundaryToPermissionSet)
+
+-- | The ARN of the @PermissionSet@.
+putPermissionsBoundaryToPermissionSet_permissionSetArn :: Lens.Lens' PutPermissionsBoundaryToPermissionSet Prelude.Text
+putPermissionsBoundaryToPermissionSet_permissionSetArn = Lens.lens (\PutPermissionsBoundaryToPermissionSet' {permissionSetArn} -> permissionSetArn) (\s@PutPermissionsBoundaryToPermissionSet' {} a -> s {permissionSetArn = a} :: PutPermissionsBoundaryToPermissionSet)
+
+-- | The permissions boundary that you want to attach to a @PermissionSet@.
+putPermissionsBoundaryToPermissionSet_permissionsBoundary :: Lens.Lens' PutPermissionsBoundaryToPermissionSet PermissionsBoundary
+putPermissionsBoundaryToPermissionSet_permissionsBoundary = Lens.lens (\PutPermissionsBoundaryToPermissionSet' {permissionsBoundary} -> permissionsBoundary) (\s@PutPermissionsBoundaryToPermissionSet' {} a -> s {permissionsBoundary = a} :: PutPermissionsBoundaryToPermissionSet)
+
+instance
+  Core.AWSRequest
+    PutPermissionsBoundaryToPermissionSet
+  where
+  type
+    AWSResponse
+      PutPermissionsBoundaryToPermissionSet =
+      PutPermissionsBoundaryToPermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          PutPermissionsBoundaryToPermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    PutPermissionsBoundaryToPermissionSet
+  where
+  hashWithSalt
+    _salt
+    PutPermissionsBoundaryToPermissionSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` permissionsBoundary
+
+instance
+  Prelude.NFData
+    PutPermissionsBoundaryToPermissionSet
+  where
+  rnf PutPermissionsBoundaryToPermissionSet' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf permissionsBoundary
+
+instance
+  Data.ToHeaders
+    PutPermissionsBoundaryToPermissionSet
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.PutPermissionsBoundaryToPermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    PutPermissionsBoundaryToPermissionSet
+  where
+  toJSON PutPermissionsBoundaryToPermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn),
+            Prelude.Just
+              ("PermissionsBoundary" Data..= permissionsBoundary)
+          ]
+      )
+
+instance
+  Data.ToPath
+    PutPermissionsBoundaryToPermissionSet
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    PutPermissionsBoundaryToPermissionSet
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newPutPermissionsBoundaryToPermissionSetResponse' smart constructor.
+data PutPermissionsBoundaryToPermissionSetResponse = PutPermissionsBoundaryToPermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutPermissionsBoundaryToPermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'putPermissionsBoundaryToPermissionSetResponse_httpStatus' - The response's http status code.
+newPutPermissionsBoundaryToPermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutPermissionsBoundaryToPermissionSetResponse
+newPutPermissionsBoundaryToPermissionSetResponse
+  pHttpStatus_ =
+    PutPermissionsBoundaryToPermissionSetResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+putPermissionsBoundaryToPermissionSetResponse_httpStatus :: Lens.Lens' PutPermissionsBoundaryToPermissionSetResponse Prelude.Int
+putPermissionsBoundaryToPermissionSetResponse_httpStatus = Lens.lens (\PutPermissionsBoundaryToPermissionSetResponse' {httpStatus} -> httpStatus) (\s@PutPermissionsBoundaryToPermissionSetResponse' {} a -> s {httpStatus = a} :: PutPermissionsBoundaryToPermissionSetResponse)
+
+instance
+  Prelude.NFData
+    PutPermissionsBoundaryToPermissionSetResponse
+  where
+  rnf
+    PutPermissionsBoundaryToPermissionSetResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/TagResource.hs b/gen/Amazonka/SSOAdmin/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/TagResource.hs
@@ -0,0 +1,192 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Associates a set of tags with a specified resource.
+module Amazonka.SSOAdmin.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_instanceArn,
+    tagResource_resourceArn,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the resource with the tags to be listed.
+    resourceArn :: Prelude.Text,
+    -- | A set of key-value pairs that are used to manage the resource.
+    tags :: [Tag]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'tagResource_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'resourceArn', 'tagResource_resourceArn' - The ARN of the resource with the tags to be listed.
+--
+-- 'tags', 'tagResource_tags' - A set of key-value pairs that are used to manage the resource.
+newTagResource ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'resourceArn'
+  Prelude.Text ->
+  TagResource
+newTagResource pInstanceArn_ pResourceArn_ =
+  TagResource'
+    { instanceArn = pInstanceArn_,
+      resourceArn = pResourceArn_,
+      tags = Prelude.mempty
+    }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+tagResource_instanceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_instanceArn = Lens.lens (\TagResource' {instanceArn} -> instanceArn) (\s@TagResource' {} a -> s {instanceArn = a} :: TagResource)
+
+-- | The ARN of the resource with the tags to be listed.
+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)
+
+-- | A set of key-value pairs that are used to manage the resource.
+tagResource_tags :: Lens.Lens' TagResource [Tag]
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.TagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just ("Tags" Data..= tags)
+          ]
+      )
+
+instance Data.ToPath TagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/Types.hs b/gen/Amazonka/SSOAdmin/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types.hs
@@ -0,0 +1,305 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _ConflictException,
+    _InternalServerException,
+    _ResourceNotFoundException,
+    _ServiceQuotaExceededException,
+    _ThrottlingException,
+    _ValidationException,
+
+    -- * InstanceAccessControlAttributeConfigurationStatus
+    InstanceAccessControlAttributeConfigurationStatus (..),
+
+    -- * PrincipalType
+    PrincipalType (..),
+
+    -- * ProvisionTargetType
+    ProvisionTargetType (..),
+
+    -- * ProvisioningStatus
+    ProvisioningStatus (..),
+
+    -- * StatusValues
+    StatusValues (..),
+
+    -- * TargetType
+    TargetType (..),
+
+    -- * AccessControlAttribute
+    AccessControlAttribute (..),
+    newAccessControlAttribute,
+    accessControlAttribute_key,
+    accessControlAttribute_value,
+
+    -- * AccessControlAttributeValue
+    AccessControlAttributeValue (..),
+    newAccessControlAttributeValue,
+    accessControlAttributeValue_source,
+
+    -- * AccountAssignment
+    AccountAssignment (..),
+    newAccountAssignment,
+    accountAssignment_accountId,
+    accountAssignment_permissionSetArn,
+    accountAssignment_principalId,
+    accountAssignment_principalType,
+
+    -- * AccountAssignmentOperationStatus
+    AccountAssignmentOperationStatus (..),
+    newAccountAssignmentOperationStatus,
+    accountAssignmentOperationStatus_createdDate,
+    accountAssignmentOperationStatus_failureReason,
+    accountAssignmentOperationStatus_permissionSetArn,
+    accountAssignmentOperationStatus_principalId,
+    accountAssignmentOperationStatus_principalType,
+    accountAssignmentOperationStatus_requestId,
+    accountAssignmentOperationStatus_status,
+    accountAssignmentOperationStatus_targetId,
+    accountAssignmentOperationStatus_targetType,
+
+    -- * AccountAssignmentOperationStatusMetadata
+    AccountAssignmentOperationStatusMetadata (..),
+    newAccountAssignmentOperationStatusMetadata,
+    accountAssignmentOperationStatusMetadata_createdDate,
+    accountAssignmentOperationStatusMetadata_requestId,
+    accountAssignmentOperationStatusMetadata_status,
+
+    -- * AttachedManagedPolicy
+    AttachedManagedPolicy (..),
+    newAttachedManagedPolicy,
+    attachedManagedPolicy_arn,
+    attachedManagedPolicy_name,
+
+    -- * CustomerManagedPolicyReference
+    CustomerManagedPolicyReference (..),
+    newCustomerManagedPolicyReference,
+    customerManagedPolicyReference_path,
+    customerManagedPolicyReference_name,
+
+    -- * InstanceAccessControlAttributeConfiguration
+    InstanceAccessControlAttributeConfiguration (..),
+    newInstanceAccessControlAttributeConfiguration,
+    instanceAccessControlAttributeConfiguration_accessControlAttributes,
+
+    -- * InstanceMetadata
+    InstanceMetadata (..),
+    newInstanceMetadata,
+    instanceMetadata_identityStoreId,
+    instanceMetadata_instanceArn,
+
+    -- * OperationStatusFilter
+    OperationStatusFilter (..),
+    newOperationStatusFilter,
+    operationStatusFilter_status,
+
+    -- * PermissionSet
+    PermissionSet (..),
+    newPermissionSet,
+    permissionSet_createdDate,
+    permissionSet_description,
+    permissionSet_name,
+    permissionSet_permissionSetArn,
+    permissionSet_relayState,
+    permissionSet_sessionDuration,
+
+    -- * PermissionSetProvisioningStatus
+    PermissionSetProvisioningStatus (..),
+    newPermissionSetProvisioningStatus,
+    permissionSetProvisioningStatus_accountId,
+    permissionSetProvisioningStatus_createdDate,
+    permissionSetProvisioningStatus_failureReason,
+    permissionSetProvisioningStatus_permissionSetArn,
+    permissionSetProvisioningStatus_requestId,
+    permissionSetProvisioningStatus_status,
+
+    -- * PermissionSetProvisioningStatusMetadata
+    PermissionSetProvisioningStatusMetadata (..),
+    newPermissionSetProvisioningStatusMetadata,
+    permissionSetProvisioningStatusMetadata_createdDate,
+    permissionSetProvisioningStatusMetadata_requestId,
+    permissionSetProvisioningStatusMetadata_status,
+
+    -- * PermissionsBoundary
+    PermissionsBoundary (..),
+    newPermissionsBoundary,
+    permissionsBoundary_customerManagedPolicyReference,
+    permissionsBoundary_managedPolicyArn,
+
+    -- * Tag
+    Tag (..),
+    newTag,
+    tag_key,
+    tag_value,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.AccessControlAttribute
+import Amazonka.SSOAdmin.Types.AccessControlAttributeValue
+import Amazonka.SSOAdmin.Types.AccountAssignment
+import Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatus
+import Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatusMetadata
+import Amazonka.SSOAdmin.Types.AttachedManagedPolicy
+import Amazonka.SSOAdmin.Types.CustomerManagedPolicyReference
+import Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfiguration
+import Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfigurationStatus
+import Amazonka.SSOAdmin.Types.InstanceMetadata
+import Amazonka.SSOAdmin.Types.OperationStatusFilter
+import Amazonka.SSOAdmin.Types.PermissionSet
+import Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatus
+import Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatusMetadata
+import Amazonka.SSOAdmin.Types.PermissionsBoundary
+import Amazonka.SSOAdmin.Types.PrincipalType
+import Amazonka.SSOAdmin.Types.ProvisionTargetType
+import Amazonka.SSOAdmin.Types.ProvisioningStatus
+import Amazonka.SSOAdmin.Types.StatusValues
+import Amazonka.SSOAdmin.Types.Tag
+import Amazonka.SSOAdmin.Types.TargetType
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2020-07-20@ of the Amazon Single Sign-On Admin SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "SSOAdmin",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "sso",
+      Core.signingName = "sso",
+      Core.version = "2020-07-20",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "SSOAdmin",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | You do not have sufficient access to perform this action.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+
+-- | Occurs when a conflict with a previous successful write is detected.
+-- This generally occurs when the previous write did not have time to
+-- propagate to the host serving the current request. A retry (with
+-- appropriate backoff logic) is the recommended response to this
+-- exception.
+_ConflictException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ConflictException =
+  Core._MatchServiceError
+    defaultService
+    "ConflictException"
+
+-- | The request processing has failed because of an unknown error,
+-- exception, or failure with an internal server.
+_InternalServerException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalServerException =
+  Core._MatchServiceError
+    defaultService
+    "InternalServerException"
+
+-- | Indicates that a requested resource is not found.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
+
+-- | Indicates that the principal has crossed the permitted number of
+-- resources that can be created.
+_ServiceQuotaExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ServiceQuotaExceededException =
+  Core._MatchServiceError
+    defaultService
+    "ServiceQuotaExceededException"
+
+-- | Indicates that the principal has crossed the throttling limits of the
+-- API operations.
+_ThrottlingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ThrottlingException =
+  Core._MatchServiceError
+    defaultService
+    "ThrottlingException"
+
+-- | The request failed because it contains a syntax error.
+_ValidationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ValidationException =
+  Core._MatchServiceError
+    defaultService
+    "ValidationException"
diff --git a/gen/Amazonka/SSOAdmin/Types/AccessControlAttribute.hs b/gen/Amazonka/SSOAdmin/Types/AccessControlAttribute.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/AccessControlAttribute.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.AccessControlAttribute
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.AccessControlAttribute where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.AccessControlAttributeValue
+
+-- | These are IAM Identity Center identity store attributes that you can
+-- configure for use in attributes-based access control (ABAC). You can
+-- create permissions policies that determine who can access your AWS
+-- resources based upon the configured attribute values. When you enable
+-- ABAC and specify @AccessControlAttributes@, IAM Identity Center passes
+-- the attribute values of the authenticated user into IAM for use in
+-- policy evaluation.
+--
+-- /See:/ 'newAccessControlAttribute' smart constructor.
+data AccessControlAttribute = AccessControlAttribute'
+  { -- | The name of the attribute associated with your identities in your
+    -- identity source. This is used to map a specified attribute in your
+    -- identity source with an attribute in IAM Identity Center.
+    key :: Prelude.Text,
+    -- | The value used for mapping a specified attribute to an identity source.
+    value :: AccessControlAttributeValue
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessControlAttribute' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'accessControlAttribute_key' - The name of the attribute associated with your identities in your
+-- identity source. This is used to map a specified attribute in your
+-- identity source with an attribute in IAM Identity Center.
+--
+-- 'value', 'accessControlAttribute_value' - The value used for mapping a specified attribute to an identity source.
+newAccessControlAttribute ::
+  -- | 'key'
+  Prelude.Text ->
+  -- | 'value'
+  AccessControlAttributeValue ->
+  AccessControlAttribute
+newAccessControlAttribute pKey_ pValue_ =
+  AccessControlAttribute'
+    { key = pKey_,
+      value = pValue_
+    }
+
+-- | The name of the attribute associated with your identities in your
+-- identity source. This is used to map a specified attribute in your
+-- identity source with an attribute in IAM Identity Center.
+accessControlAttribute_key :: Lens.Lens' AccessControlAttribute Prelude.Text
+accessControlAttribute_key = Lens.lens (\AccessControlAttribute' {key} -> key) (\s@AccessControlAttribute' {} a -> s {key = a} :: AccessControlAttribute)
+
+-- | The value used for mapping a specified attribute to an identity source.
+accessControlAttribute_value :: Lens.Lens' AccessControlAttribute AccessControlAttributeValue
+accessControlAttribute_value = Lens.lens (\AccessControlAttribute' {value} -> value) (\s@AccessControlAttribute' {} a -> s {value = a} :: AccessControlAttribute)
+
+instance Data.FromJSON AccessControlAttribute where
+  parseJSON =
+    Data.withObject
+      "AccessControlAttribute"
+      ( \x ->
+          AccessControlAttribute'
+            Prelude.<$> (x Data..: "Key")
+            Prelude.<*> (x Data..: "Value")
+      )
+
+instance Prelude.Hashable AccessControlAttribute where
+  hashWithSalt _salt AccessControlAttribute' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData AccessControlAttribute where
+  rnf AccessControlAttribute' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON AccessControlAttribute where
+  toJSON AccessControlAttribute' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Key" Data..= key),
+            Prelude.Just ("Value" Data..= value)
+          ]
+      )
diff --git a/gen/Amazonka/SSOAdmin/Types/AccessControlAttributeValue.hs b/gen/Amazonka/SSOAdmin/Types/AccessControlAttributeValue.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/AccessControlAttributeValue.hs
@@ -0,0 +1,87 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.AccessControlAttributeValue
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.AccessControlAttributeValue where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The value used for mapping a specified attribute to an identity source.
+-- For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html Attribute mappings>
+-- in the /IAM Identity Center User Guide/.
+--
+-- /See:/ 'newAccessControlAttributeValue' smart constructor.
+data AccessControlAttributeValue = AccessControlAttributeValue'
+  { -- | The identity source to use when mapping a specified attribute to IAM
+    -- Identity Center.
+    source :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccessControlAttributeValue' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'source', 'accessControlAttributeValue_source' - The identity source to use when mapping a specified attribute to IAM
+-- Identity Center.
+newAccessControlAttributeValue ::
+  -- | 'source'
+  Prelude.NonEmpty Prelude.Text ->
+  AccessControlAttributeValue
+newAccessControlAttributeValue pSource_ =
+  AccessControlAttributeValue'
+    { source =
+        Lens.coerced Lens.# pSource_
+    }
+
+-- | The identity source to use when mapping a specified attribute to IAM
+-- Identity Center.
+accessControlAttributeValue_source :: Lens.Lens' AccessControlAttributeValue (Prelude.NonEmpty Prelude.Text)
+accessControlAttributeValue_source = Lens.lens (\AccessControlAttributeValue' {source} -> source) (\s@AccessControlAttributeValue' {} a -> s {source = a} :: AccessControlAttributeValue) Prelude.. Lens.coerced
+
+instance Data.FromJSON AccessControlAttributeValue where
+  parseJSON =
+    Data.withObject
+      "AccessControlAttributeValue"
+      ( \x ->
+          AccessControlAttributeValue'
+            Prelude.<$> (x Data..: "Source")
+      )
+
+instance Prelude.Hashable AccessControlAttributeValue where
+  hashWithSalt _salt AccessControlAttributeValue' {..} =
+    _salt `Prelude.hashWithSalt` source
+
+instance Prelude.NFData AccessControlAttributeValue where
+  rnf AccessControlAttributeValue' {..} =
+    Prelude.rnf source
+
+instance Data.ToJSON AccessControlAttributeValue where
+  toJSON AccessControlAttributeValue' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Source" Data..= source)]
+      )
diff --git a/gen/Amazonka/SSOAdmin/Types/AccountAssignment.hs b/gen/Amazonka/SSOAdmin/Types/AccountAssignment.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/AccountAssignment.hs
@@ -0,0 +1,131 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.AccountAssignment
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.AccountAssignment where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.PrincipalType
+
+-- | The assignment that indicates a principal\'s limited access to a
+-- specified AWS account with a specified permission set.
+--
+-- The term /principal/ here refers to a user or group that is defined in
+-- IAM Identity Center.
+--
+-- /See:/ 'newAccountAssignment' smart constructor.
+data AccountAssignment = AccountAssignment'
+  { -- | The identifier of the AWS account.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the permission set. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    permissionSetArn :: Prelude.Maybe Prelude.Text,
+    -- | An identifier for an object in IAM Identity Center, such as a user or
+    -- group. PrincipalIds are GUIDs (For example,
+    -- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    -- PrincipalIds in IAM Identity Center, see the
+    -- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+    principalId :: Prelude.Maybe Prelude.Text,
+    -- | The entity type for which the assignment will be created.
+    principalType :: Prelude.Maybe PrincipalType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountAssignment' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'accountAssignment_accountId' - The identifier of the AWS account.
+--
+-- 'permissionSetArn', 'accountAssignment_permissionSetArn' - The ARN of the permission set. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'principalId', 'accountAssignment_principalId' - An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+--
+-- 'principalType', 'accountAssignment_principalType' - The entity type for which the assignment will be created.
+newAccountAssignment ::
+  AccountAssignment
+newAccountAssignment =
+  AccountAssignment'
+    { accountId = Prelude.Nothing,
+      permissionSetArn = Prelude.Nothing,
+      principalId = Prelude.Nothing,
+      principalType = Prelude.Nothing
+    }
+
+-- | The identifier of the AWS account.
+accountAssignment_accountId :: Lens.Lens' AccountAssignment (Prelude.Maybe Prelude.Text)
+accountAssignment_accountId = Lens.lens (\AccountAssignment' {accountId} -> accountId) (\s@AccountAssignment' {} a -> s {accountId = a} :: AccountAssignment)
+
+-- | The ARN of the permission set. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+accountAssignment_permissionSetArn :: Lens.Lens' AccountAssignment (Prelude.Maybe Prelude.Text)
+accountAssignment_permissionSetArn = Lens.lens (\AccountAssignment' {permissionSetArn} -> permissionSetArn) (\s@AccountAssignment' {} a -> s {permissionSetArn = a} :: AccountAssignment)
+
+-- | An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+accountAssignment_principalId :: Lens.Lens' AccountAssignment (Prelude.Maybe Prelude.Text)
+accountAssignment_principalId = Lens.lens (\AccountAssignment' {principalId} -> principalId) (\s@AccountAssignment' {} a -> s {principalId = a} :: AccountAssignment)
+
+-- | The entity type for which the assignment will be created.
+accountAssignment_principalType :: Lens.Lens' AccountAssignment (Prelude.Maybe PrincipalType)
+accountAssignment_principalType = Lens.lens (\AccountAssignment' {principalType} -> principalType) (\s@AccountAssignment' {} a -> s {principalType = a} :: AccountAssignment)
+
+instance Data.FromJSON AccountAssignment where
+  parseJSON =
+    Data.withObject
+      "AccountAssignment"
+      ( \x ->
+          AccountAssignment'
+            Prelude.<$> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "PermissionSetArn")
+            Prelude.<*> (x Data..:? "PrincipalId")
+            Prelude.<*> (x Data..:? "PrincipalType")
+      )
+
+instance Prelude.Hashable AccountAssignment where
+  hashWithSalt _salt AccountAssignment' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` permissionSetArn
+      `Prelude.hashWithSalt` principalId
+      `Prelude.hashWithSalt` principalType
+
+instance Prelude.NFData AccountAssignment where
+  rnf AccountAssignment' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf principalId
+      `Prelude.seq` Prelude.rnf principalType
diff --git a/gen/Amazonka/SSOAdmin/Types/AccountAssignmentOperationStatus.hs b/gen/Amazonka/SSOAdmin/Types/AccountAssignmentOperationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/AccountAssignmentOperationStatus.hs
@@ -0,0 +1,211 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.PrincipalType
+import Amazonka.SSOAdmin.Types.StatusValues
+import Amazonka.SSOAdmin.Types.TargetType
+
+-- | The status of the creation or deletion operation of an assignment that a
+-- principal needs to access an account.
+--
+-- /See:/ 'newAccountAssignmentOperationStatus' smart constructor.
+data AccountAssignmentOperationStatus = AccountAssignmentOperationStatus'
+  { -- | The date that the permission set was created.
+    createdDate :: Prelude.Maybe Data.POSIX,
+    -- | The message that contains an error or exception in case of an operation
+    -- failure.
+    failureReason :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the permission set. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    permissionSetArn :: Prelude.Maybe Prelude.Text,
+    -- | An identifier for an object in IAM Identity Center, such as a user or
+    -- group. PrincipalIds are GUIDs (For example,
+    -- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+    -- PrincipalIds in IAM Identity Center, see the
+    -- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+    principalId :: Prelude.Maybe Prelude.Text,
+    -- | The entity type for which the assignment will be created.
+    principalType :: Prelude.Maybe PrincipalType,
+    -- | The identifier for tracking the request operation that is generated by
+    -- the universally unique identifier (UUID) workflow.
+    requestId :: Prelude.Maybe Prelude.Text,
+    -- | The status of the permission set provisioning process.
+    status :: Prelude.Maybe StatusValues,
+    -- | TargetID is an AWS account identifier, typically a 10-12 digit string
+    -- (For example, 123456789012).
+    targetId :: Prelude.Maybe Prelude.Text,
+    -- | The entity type for which the assignment will be created.
+    targetType :: Prelude.Maybe TargetType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountAssignmentOperationStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdDate', 'accountAssignmentOperationStatus_createdDate' - The date that the permission set was created.
+--
+-- 'failureReason', 'accountAssignmentOperationStatus_failureReason' - The message that contains an error or exception in case of an operation
+-- failure.
+--
+-- 'permissionSetArn', 'accountAssignmentOperationStatus_permissionSetArn' - The ARN of the permission set. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'principalId', 'accountAssignmentOperationStatus_principalId' - An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+--
+-- 'principalType', 'accountAssignmentOperationStatus_principalType' - The entity type for which the assignment will be created.
+--
+-- 'requestId', 'accountAssignmentOperationStatus_requestId' - The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+--
+-- 'status', 'accountAssignmentOperationStatus_status' - The status of the permission set provisioning process.
+--
+-- 'targetId', 'accountAssignmentOperationStatus_targetId' - TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+--
+-- 'targetType', 'accountAssignmentOperationStatus_targetType' - The entity type for which the assignment will be created.
+newAccountAssignmentOperationStatus ::
+  AccountAssignmentOperationStatus
+newAccountAssignmentOperationStatus =
+  AccountAssignmentOperationStatus'
+    { createdDate =
+        Prelude.Nothing,
+      failureReason = Prelude.Nothing,
+      permissionSetArn = Prelude.Nothing,
+      principalId = Prelude.Nothing,
+      principalType = Prelude.Nothing,
+      requestId = Prelude.Nothing,
+      status = Prelude.Nothing,
+      targetId = Prelude.Nothing,
+      targetType = Prelude.Nothing
+    }
+
+-- | The date that the permission set was created.
+accountAssignmentOperationStatus_createdDate :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe Prelude.UTCTime)
+accountAssignmentOperationStatus_createdDate = Lens.lens (\AccountAssignmentOperationStatus' {createdDate} -> createdDate) (\s@AccountAssignmentOperationStatus' {} a -> s {createdDate = a} :: AccountAssignmentOperationStatus) Prelude.. Lens.mapping Data._Time
+
+-- | The message that contains an error or exception in case of an operation
+-- failure.
+accountAssignmentOperationStatus_failureReason :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe Prelude.Text)
+accountAssignmentOperationStatus_failureReason = Lens.lens (\AccountAssignmentOperationStatus' {failureReason} -> failureReason) (\s@AccountAssignmentOperationStatus' {} a -> s {failureReason = a} :: AccountAssignmentOperationStatus)
+
+-- | The ARN of the permission set. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+accountAssignmentOperationStatus_permissionSetArn :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe Prelude.Text)
+accountAssignmentOperationStatus_permissionSetArn = Lens.lens (\AccountAssignmentOperationStatus' {permissionSetArn} -> permissionSetArn) (\s@AccountAssignmentOperationStatus' {} a -> s {permissionSetArn = a} :: AccountAssignmentOperationStatus)
+
+-- | An identifier for an object in IAM Identity Center, such as a user or
+-- group. PrincipalIds are GUIDs (For example,
+-- f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about
+-- PrincipalIds in IAM Identity Center, see the
+-- </singlesignon/latest/IdentityStoreAPIReference/welcome.html IAM Identity Center Identity Store API Reference>.
+accountAssignmentOperationStatus_principalId :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe Prelude.Text)
+accountAssignmentOperationStatus_principalId = Lens.lens (\AccountAssignmentOperationStatus' {principalId} -> principalId) (\s@AccountAssignmentOperationStatus' {} a -> s {principalId = a} :: AccountAssignmentOperationStatus)
+
+-- | The entity type for which the assignment will be created.
+accountAssignmentOperationStatus_principalType :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe PrincipalType)
+accountAssignmentOperationStatus_principalType = Lens.lens (\AccountAssignmentOperationStatus' {principalType} -> principalType) (\s@AccountAssignmentOperationStatus' {} a -> s {principalType = a} :: AccountAssignmentOperationStatus)
+
+-- | The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+accountAssignmentOperationStatus_requestId :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe Prelude.Text)
+accountAssignmentOperationStatus_requestId = Lens.lens (\AccountAssignmentOperationStatus' {requestId} -> requestId) (\s@AccountAssignmentOperationStatus' {} a -> s {requestId = a} :: AccountAssignmentOperationStatus)
+
+-- | The status of the permission set provisioning process.
+accountAssignmentOperationStatus_status :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe StatusValues)
+accountAssignmentOperationStatus_status = Lens.lens (\AccountAssignmentOperationStatus' {status} -> status) (\s@AccountAssignmentOperationStatus' {} a -> s {status = a} :: AccountAssignmentOperationStatus)
+
+-- | TargetID is an AWS account identifier, typically a 10-12 digit string
+-- (For example, 123456789012).
+accountAssignmentOperationStatus_targetId :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe Prelude.Text)
+accountAssignmentOperationStatus_targetId = Lens.lens (\AccountAssignmentOperationStatus' {targetId} -> targetId) (\s@AccountAssignmentOperationStatus' {} a -> s {targetId = a} :: AccountAssignmentOperationStatus)
+
+-- | The entity type for which the assignment will be created.
+accountAssignmentOperationStatus_targetType :: Lens.Lens' AccountAssignmentOperationStatus (Prelude.Maybe TargetType)
+accountAssignmentOperationStatus_targetType = Lens.lens (\AccountAssignmentOperationStatus' {targetType} -> targetType) (\s@AccountAssignmentOperationStatus' {} a -> s {targetType = a} :: AccountAssignmentOperationStatus)
+
+instance
+  Data.FromJSON
+    AccountAssignmentOperationStatus
+  where
+  parseJSON =
+    Data.withObject
+      "AccountAssignmentOperationStatus"
+      ( \x ->
+          AccountAssignmentOperationStatus'
+            Prelude.<$> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "FailureReason")
+            Prelude.<*> (x Data..:? "PermissionSetArn")
+            Prelude.<*> (x Data..:? "PrincipalId")
+            Prelude.<*> (x Data..:? "PrincipalType")
+            Prelude.<*> (x Data..:? "RequestId")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "TargetId")
+            Prelude.<*> (x Data..:? "TargetType")
+      )
+
+instance
+  Prelude.Hashable
+    AccountAssignmentOperationStatus
+  where
+  hashWithSalt
+    _salt
+    AccountAssignmentOperationStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` createdDate
+        `Prelude.hashWithSalt` failureReason
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` principalId
+        `Prelude.hashWithSalt` principalType
+        `Prelude.hashWithSalt` requestId
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` targetId
+        `Prelude.hashWithSalt` targetType
+
+instance
+  Prelude.NFData
+    AccountAssignmentOperationStatus
+  where
+  rnf AccountAssignmentOperationStatus' {..} =
+    Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf failureReason
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf principalId
+      `Prelude.seq` Prelude.rnf principalType
+      `Prelude.seq` Prelude.rnf requestId
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf targetId
+      `Prelude.seq` Prelude.rnf targetType
diff --git a/gen/Amazonka/SSOAdmin/Types/AccountAssignmentOperationStatusMetadata.hs b/gen/Amazonka/SSOAdmin/Types/AccountAssignmentOperationStatusMetadata.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/AccountAssignmentOperationStatusMetadata.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatusMetadata
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.AccountAssignmentOperationStatusMetadata where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.StatusValues
+
+-- | Provides information about the AccountAssignment creation request.
+--
+-- /See:/ 'newAccountAssignmentOperationStatusMetadata' smart constructor.
+data AccountAssignmentOperationStatusMetadata = AccountAssignmentOperationStatusMetadata'
+  { -- | The date that the permission set was created.
+    createdDate :: Prelude.Maybe Data.POSIX,
+    -- | The identifier for tracking the request operation that is generated by
+    -- the universally unique identifier (UUID) workflow.
+    requestId :: Prelude.Maybe Prelude.Text,
+    -- | The status of the permission set provisioning process.
+    status :: Prelude.Maybe StatusValues
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountAssignmentOperationStatusMetadata' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdDate', 'accountAssignmentOperationStatusMetadata_createdDate' - The date that the permission set was created.
+--
+-- 'requestId', 'accountAssignmentOperationStatusMetadata_requestId' - The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+--
+-- 'status', 'accountAssignmentOperationStatusMetadata_status' - The status of the permission set provisioning process.
+newAccountAssignmentOperationStatusMetadata ::
+  AccountAssignmentOperationStatusMetadata
+newAccountAssignmentOperationStatusMetadata =
+  AccountAssignmentOperationStatusMetadata'
+    { createdDate =
+        Prelude.Nothing,
+      requestId = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The date that the permission set was created.
+accountAssignmentOperationStatusMetadata_createdDate :: Lens.Lens' AccountAssignmentOperationStatusMetadata (Prelude.Maybe Prelude.UTCTime)
+accountAssignmentOperationStatusMetadata_createdDate = Lens.lens (\AccountAssignmentOperationStatusMetadata' {createdDate} -> createdDate) (\s@AccountAssignmentOperationStatusMetadata' {} a -> s {createdDate = a} :: AccountAssignmentOperationStatusMetadata) Prelude.. Lens.mapping Data._Time
+
+-- | The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+accountAssignmentOperationStatusMetadata_requestId :: Lens.Lens' AccountAssignmentOperationStatusMetadata (Prelude.Maybe Prelude.Text)
+accountAssignmentOperationStatusMetadata_requestId = Lens.lens (\AccountAssignmentOperationStatusMetadata' {requestId} -> requestId) (\s@AccountAssignmentOperationStatusMetadata' {} a -> s {requestId = a} :: AccountAssignmentOperationStatusMetadata)
+
+-- | The status of the permission set provisioning process.
+accountAssignmentOperationStatusMetadata_status :: Lens.Lens' AccountAssignmentOperationStatusMetadata (Prelude.Maybe StatusValues)
+accountAssignmentOperationStatusMetadata_status = Lens.lens (\AccountAssignmentOperationStatusMetadata' {status} -> status) (\s@AccountAssignmentOperationStatusMetadata' {} a -> s {status = a} :: AccountAssignmentOperationStatusMetadata)
+
+instance
+  Data.FromJSON
+    AccountAssignmentOperationStatusMetadata
+  where
+  parseJSON =
+    Data.withObject
+      "AccountAssignmentOperationStatusMetadata"
+      ( \x ->
+          AccountAssignmentOperationStatusMetadata'
+            Prelude.<$> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "RequestId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    AccountAssignmentOperationStatusMetadata
+  where
+  hashWithSalt
+    _salt
+    AccountAssignmentOperationStatusMetadata' {..} =
+      _salt
+        `Prelude.hashWithSalt` createdDate
+        `Prelude.hashWithSalt` requestId
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    AccountAssignmentOperationStatusMetadata
+  where
+  rnf AccountAssignmentOperationStatusMetadata' {..} =
+    Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf requestId
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/SSOAdmin/Types/AttachedManagedPolicy.hs b/gen/Amazonka/SSOAdmin/Types/AttachedManagedPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/AttachedManagedPolicy.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.AttachedManagedPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.AttachedManagedPolicy where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A structure that stores the details of the AWS managed policy.
+--
+-- /See:/ 'newAttachedManagedPolicy' smart constructor.
+data AttachedManagedPolicy = AttachedManagedPolicy'
+  { -- | The ARN of the AWS managed policy. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The name of the AWS managed policy.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttachedManagedPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'attachedManagedPolicy_arn' - The ARN of the AWS managed policy. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'name', 'attachedManagedPolicy_name' - The name of the AWS managed policy.
+newAttachedManagedPolicy ::
+  AttachedManagedPolicy
+newAttachedManagedPolicy =
+  AttachedManagedPolicy'
+    { arn = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The ARN of the AWS managed policy. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+attachedManagedPolicy_arn :: Lens.Lens' AttachedManagedPolicy (Prelude.Maybe Prelude.Text)
+attachedManagedPolicy_arn = Lens.lens (\AttachedManagedPolicy' {arn} -> arn) (\s@AttachedManagedPolicy' {} a -> s {arn = a} :: AttachedManagedPolicy)
+
+-- | The name of the AWS managed policy.
+attachedManagedPolicy_name :: Lens.Lens' AttachedManagedPolicy (Prelude.Maybe Prelude.Text)
+attachedManagedPolicy_name = Lens.lens (\AttachedManagedPolicy' {name} -> name) (\s@AttachedManagedPolicy' {} a -> s {name = a} :: AttachedManagedPolicy)
+
+instance Data.FromJSON AttachedManagedPolicy where
+  parseJSON =
+    Data.withObject
+      "AttachedManagedPolicy"
+      ( \x ->
+          AttachedManagedPolicy'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable AttachedManagedPolicy where
+  hashWithSalt _salt AttachedManagedPolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData AttachedManagedPolicy where
+  rnf AttachedManagedPolicy' {..} =
+    Prelude.rnf arn `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/SSOAdmin/Types/CustomerManagedPolicyReference.hs b/gen/Amazonka/SSOAdmin/Types/CustomerManagedPolicyReference.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/CustomerManagedPolicyReference.hs
@@ -0,0 +1,120 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.CustomerManagedPolicyReference
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.CustomerManagedPolicyReference where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies the name and path of a customer managed policy. You must have
+-- an IAM policy that matches the name and path in each AWS account where
+-- you want to deploy your permission set.
+--
+-- /See:/ 'newCustomerManagedPolicyReference' smart constructor.
+data CustomerManagedPolicyReference = CustomerManagedPolicyReference'
+  { -- | The path to the IAM policy that you have configured in each account
+    -- where you want to deploy your permission set. The default is @\/@. For
+    -- more information, see
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names Friendly names and paths>
+    -- in the /IAM User Guide/.
+    path :: Prelude.Maybe Prelude.Text,
+    -- | The name of the IAM policy that you have configured in each account
+    -- where you want to deploy your permission set.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CustomerManagedPolicyReference' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'path', 'customerManagedPolicyReference_path' - The path to the IAM policy that you have configured in each account
+-- where you want to deploy your permission set. The default is @\/@. For
+-- more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names Friendly names and paths>
+-- in the /IAM User Guide/.
+--
+-- 'name', 'customerManagedPolicyReference_name' - The name of the IAM policy that you have configured in each account
+-- where you want to deploy your permission set.
+newCustomerManagedPolicyReference ::
+  -- | 'name'
+  Prelude.Text ->
+  CustomerManagedPolicyReference
+newCustomerManagedPolicyReference pName_ =
+  CustomerManagedPolicyReference'
+    { path =
+        Prelude.Nothing,
+      name = pName_
+    }
+
+-- | The path to the IAM policy that you have configured in each account
+-- where you want to deploy your permission set. The default is @\/@. For
+-- more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names Friendly names and paths>
+-- in the /IAM User Guide/.
+customerManagedPolicyReference_path :: Lens.Lens' CustomerManagedPolicyReference (Prelude.Maybe Prelude.Text)
+customerManagedPolicyReference_path = Lens.lens (\CustomerManagedPolicyReference' {path} -> path) (\s@CustomerManagedPolicyReference' {} a -> s {path = a} :: CustomerManagedPolicyReference)
+
+-- | The name of the IAM policy that you have configured in each account
+-- where you want to deploy your permission set.
+customerManagedPolicyReference_name :: Lens.Lens' CustomerManagedPolicyReference Prelude.Text
+customerManagedPolicyReference_name = Lens.lens (\CustomerManagedPolicyReference' {name} -> name) (\s@CustomerManagedPolicyReference' {} a -> s {name = a} :: CustomerManagedPolicyReference)
+
+instance Data.FromJSON CustomerManagedPolicyReference where
+  parseJSON =
+    Data.withObject
+      "CustomerManagedPolicyReference"
+      ( \x ->
+          CustomerManagedPolicyReference'
+            Prelude.<$> (x Data..:? "Path")
+            Prelude.<*> (x Data..: "Name")
+      )
+
+instance
+  Prelude.Hashable
+    CustomerManagedPolicyReference
+  where
+  hashWithSalt
+    _salt
+    CustomerManagedPolicyReference' {..} =
+      _salt
+        `Prelude.hashWithSalt` path
+        `Prelude.hashWithSalt` name
+
+instance
+  Prelude.NFData
+    CustomerManagedPolicyReference
+  where
+  rnf CustomerManagedPolicyReference' {..} =
+    Prelude.rnf path `Prelude.seq` Prelude.rnf name
+
+instance Data.ToJSON CustomerManagedPolicyReference where
+  toJSON CustomerManagedPolicyReference' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Path" Data..=) Prelude.<$> path,
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
diff --git a/gen/Amazonka/SSOAdmin/Types/InstanceAccessControlAttributeConfiguration.hs b/gen/Amazonka/SSOAdmin/Types/InstanceAccessControlAttributeConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/InstanceAccessControlAttributeConfiguration.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.AccessControlAttribute
+
+-- | Specifies the attributes to add to your attribute-based access control
+-- (ABAC) configuration.
+--
+-- /See:/ 'newInstanceAccessControlAttributeConfiguration' smart constructor.
+data InstanceAccessControlAttributeConfiguration = InstanceAccessControlAttributeConfiguration'
+  { -- | Lists the attributes that are configured for ABAC in the specified IAM
+    -- Identity Center instance.
+    accessControlAttributes :: [AccessControlAttribute]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InstanceAccessControlAttributeConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessControlAttributes', 'instanceAccessControlAttributeConfiguration_accessControlAttributes' - Lists the attributes that are configured for ABAC in the specified IAM
+-- Identity Center instance.
+newInstanceAccessControlAttributeConfiguration ::
+  InstanceAccessControlAttributeConfiguration
+newInstanceAccessControlAttributeConfiguration =
+  InstanceAccessControlAttributeConfiguration'
+    { accessControlAttributes =
+        Prelude.mempty
+    }
+
+-- | Lists the attributes that are configured for ABAC in the specified IAM
+-- Identity Center instance.
+instanceAccessControlAttributeConfiguration_accessControlAttributes :: Lens.Lens' InstanceAccessControlAttributeConfiguration [AccessControlAttribute]
+instanceAccessControlAttributeConfiguration_accessControlAttributes = Lens.lens (\InstanceAccessControlAttributeConfiguration' {accessControlAttributes} -> accessControlAttributes) (\s@InstanceAccessControlAttributeConfiguration' {} a -> s {accessControlAttributes = a} :: InstanceAccessControlAttributeConfiguration) Prelude.. Lens.coerced
+
+instance
+  Data.FromJSON
+    InstanceAccessControlAttributeConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "InstanceAccessControlAttributeConfiguration"
+      ( \x ->
+          InstanceAccessControlAttributeConfiguration'
+            Prelude.<$> ( x
+                            Data..:? "AccessControlAttributes"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance
+  Prelude.Hashable
+    InstanceAccessControlAttributeConfiguration
+  where
+  hashWithSalt
+    _salt
+    InstanceAccessControlAttributeConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` accessControlAttributes
+
+instance
+  Prelude.NFData
+    InstanceAccessControlAttributeConfiguration
+  where
+  rnf InstanceAccessControlAttributeConfiguration' {..} =
+    Prelude.rnf accessControlAttributes
+
+instance
+  Data.ToJSON
+    InstanceAccessControlAttributeConfiguration
+  where
+  toJSON
+    InstanceAccessControlAttributeConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ Prelude.Just
+                ( "AccessControlAttributes"
+                    Data..= accessControlAttributes
+                )
+            ]
+        )
diff --git a/gen/Amazonka/SSOAdmin/Types/InstanceAccessControlAttributeConfigurationStatus.hs b/gen/Amazonka/SSOAdmin/Types/InstanceAccessControlAttributeConfigurationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/InstanceAccessControlAttributeConfigurationStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfigurationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.InstanceAccessControlAttributeConfigurationStatus
+  ( InstanceAccessControlAttributeConfigurationStatus
+      ( ..,
+        InstanceAccessControlAttributeConfigurationStatus_CREATION_FAILED,
+        InstanceAccessControlAttributeConfigurationStatus_CREATION_IN_PROGRESS,
+        InstanceAccessControlAttributeConfigurationStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype InstanceAccessControlAttributeConfigurationStatus = InstanceAccessControlAttributeConfigurationStatus'
+  { fromInstanceAccessControlAttributeConfigurationStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern InstanceAccessControlAttributeConfigurationStatus_CREATION_FAILED :: InstanceAccessControlAttributeConfigurationStatus
+pattern InstanceAccessControlAttributeConfigurationStatus_CREATION_FAILED = InstanceAccessControlAttributeConfigurationStatus' "CREATION_FAILED"
+
+pattern InstanceAccessControlAttributeConfigurationStatus_CREATION_IN_PROGRESS :: InstanceAccessControlAttributeConfigurationStatus
+pattern InstanceAccessControlAttributeConfigurationStatus_CREATION_IN_PROGRESS = InstanceAccessControlAttributeConfigurationStatus' "CREATION_IN_PROGRESS"
+
+pattern InstanceAccessControlAttributeConfigurationStatus_ENABLED :: InstanceAccessControlAttributeConfigurationStatus
+pattern InstanceAccessControlAttributeConfigurationStatus_ENABLED = InstanceAccessControlAttributeConfigurationStatus' "ENABLED"
+
+{-# COMPLETE
+  InstanceAccessControlAttributeConfigurationStatus_CREATION_FAILED,
+  InstanceAccessControlAttributeConfigurationStatus_CREATION_IN_PROGRESS,
+  InstanceAccessControlAttributeConfigurationStatus_ENABLED,
+  InstanceAccessControlAttributeConfigurationStatus'
+  #-}
diff --git a/gen/Amazonka/SSOAdmin/Types/InstanceMetadata.hs b/gen/Amazonka/SSOAdmin/Types/InstanceMetadata.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/InstanceMetadata.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.InstanceMetadata
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.InstanceMetadata where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the IAM Identity Center instance.
+--
+-- /See:/ 'newInstanceMetadata' smart constructor.
+data InstanceMetadata = InstanceMetadata'
+  { -- | The identifier of the identity store that is connected to the IAM
+    -- Identity Center instance.
+    identityStoreId :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InstanceMetadata' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'identityStoreId', 'instanceMetadata_identityStoreId' - The identifier of the identity store that is connected to the IAM
+-- Identity Center instance.
+--
+-- 'instanceArn', 'instanceMetadata_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+newInstanceMetadata ::
+  InstanceMetadata
+newInstanceMetadata =
+  InstanceMetadata'
+    { identityStoreId =
+        Prelude.Nothing,
+      instanceArn = Prelude.Nothing
+    }
+
+-- | The identifier of the identity store that is connected to the IAM
+-- Identity Center instance.
+instanceMetadata_identityStoreId :: Lens.Lens' InstanceMetadata (Prelude.Maybe Prelude.Text)
+instanceMetadata_identityStoreId = Lens.lens (\InstanceMetadata' {identityStoreId} -> identityStoreId) (\s@InstanceMetadata' {} a -> s {identityStoreId = a} :: InstanceMetadata)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+instanceMetadata_instanceArn :: Lens.Lens' InstanceMetadata (Prelude.Maybe Prelude.Text)
+instanceMetadata_instanceArn = Lens.lens (\InstanceMetadata' {instanceArn} -> instanceArn) (\s@InstanceMetadata' {} a -> s {instanceArn = a} :: InstanceMetadata)
+
+instance Data.FromJSON InstanceMetadata where
+  parseJSON =
+    Data.withObject
+      "InstanceMetadata"
+      ( \x ->
+          InstanceMetadata'
+            Prelude.<$> (x Data..:? "IdentityStoreId")
+            Prelude.<*> (x Data..:? "InstanceArn")
+      )
+
+instance Prelude.Hashable InstanceMetadata where
+  hashWithSalt _salt InstanceMetadata' {..} =
+    _salt
+      `Prelude.hashWithSalt` identityStoreId
+      `Prelude.hashWithSalt` instanceArn
+
+instance Prelude.NFData InstanceMetadata where
+  rnf InstanceMetadata' {..} =
+    Prelude.rnf identityStoreId
+      `Prelude.seq` Prelude.rnf instanceArn
diff --git a/gen/Amazonka/SSOAdmin/Types/OperationStatusFilter.hs b/gen/Amazonka/SSOAdmin/Types/OperationStatusFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/OperationStatusFilter.hs
@@ -0,0 +1,67 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.OperationStatusFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.OperationStatusFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.StatusValues
+
+-- | Filters he operation status list based on the passed attribute value.
+--
+-- /See:/ 'newOperationStatusFilter' smart constructor.
+data OperationStatusFilter = OperationStatusFilter'
+  { -- | Filters the list operations result based on the status attribute.
+    status :: Prelude.Maybe StatusValues
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OperationStatusFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'operationStatusFilter_status' - Filters the list operations result based on the status attribute.
+newOperationStatusFilter ::
+  OperationStatusFilter
+newOperationStatusFilter =
+  OperationStatusFilter' {status = Prelude.Nothing}
+
+-- | Filters the list operations result based on the status attribute.
+operationStatusFilter_status :: Lens.Lens' OperationStatusFilter (Prelude.Maybe StatusValues)
+operationStatusFilter_status = Lens.lens (\OperationStatusFilter' {status} -> status) (\s@OperationStatusFilter' {} a -> s {status = a} :: OperationStatusFilter)
+
+instance Prelude.Hashable OperationStatusFilter where
+  hashWithSalt _salt OperationStatusFilter' {..} =
+    _salt `Prelude.hashWithSalt` status
+
+instance Prelude.NFData OperationStatusFilter where
+  rnf OperationStatusFilter' {..} = Prelude.rnf status
+
+instance Data.ToJSON OperationStatusFilter where
+  toJSON OperationStatusFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("Status" Data..=) Prelude.<$> status]
+      )
diff --git a/gen/Amazonka/SSOAdmin/Types/PermissionSet.hs b/gen/Amazonka/SSOAdmin/Types/PermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/PermissionSet.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.PermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.PermissionSet where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | An entity that contains IAM policies.
+--
+-- /See:/ 'newPermissionSet' smart constructor.
+data PermissionSet = PermissionSet'
+  { -- | The date that the permission set was created.
+    createdDate :: Prelude.Maybe Data.POSIX,
+    -- | The description of the PermissionSet.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The name of the permission set.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the permission set. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    permissionSetArn :: Prelude.Maybe Prelude.Text,
+    -- | Used to redirect users within the application during the federation
+    -- authentication process.
+    relayState :: Prelude.Maybe Prelude.Text,
+    -- | The length of time that the application user sessions are valid for in
+    -- the ISO-8601 standard.
+    sessionDuration :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdDate', 'permissionSet_createdDate' - The date that the permission set was created.
+--
+-- 'description', 'permissionSet_description' - The description of the PermissionSet.
+--
+-- 'name', 'permissionSet_name' - The name of the permission set.
+--
+-- 'permissionSetArn', 'permissionSet_permissionSetArn' - The ARN of the permission set. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'relayState', 'permissionSet_relayState' - Used to redirect users within the application during the federation
+-- authentication process.
+--
+-- 'sessionDuration', 'permissionSet_sessionDuration' - The length of time that the application user sessions are valid for in
+-- the ISO-8601 standard.
+newPermissionSet ::
+  PermissionSet
+newPermissionSet =
+  PermissionSet'
+    { createdDate = Prelude.Nothing,
+      description = Prelude.Nothing,
+      name = Prelude.Nothing,
+      permissionSetArn = Prelude.Nothing,
+      relayState = Prelude.Nothing,
+      sessionDuration = Prelude.Nothing
+    }
+
+-- | The date that the permission set was created.
+permissionSet_createdDate :: Lens.Lens' PermissionSet (Prelude.Maybe Prelude.UTCTime)
+permissionSet_createdDate = Lens.lens (\PermissionSet' {createdDate} -> createdDate) (\s@PermissionSet' {} a -> s {createdDate = a} :: PermissionSet) Prelude.. Lens.mapping Data._Time
+
+-- | The description of the PermissionSet.
+permissionSet_description :: Lens.Lens' PermissionSet (Prelude.Maybe Prelude.Text)
+permissionSet_description = Lens.lens (\PermissionSet' {description} -> description) (\s@PermissionSet' {} a -> s {description = a} :: PermissionSet)
+
+-- | The name of the permission set.
+permissionSet_name :: Lens.Lens' PermissionSet (Prelude.Maybe Prelude.Text)
+permissionSet_name = Lens.lens (\PermissionSet' {name} -> name) (\s@PermissionSet' {} a -> s {name = a} :: PermissionSet)
+
+-- | The ARN of the permission set. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+permissionSet_permissionSetArn :: Lens.Lens' PermissionSet (Prelude.Maybe Prelude.Text)
+permissionSet_permissionSetArn = Lens.lens (\PermissionSet' {permissionSetArn} -> permissionSetArn) (\s@PermissionSet' {} a -> s {permissionSetArn = a} :: PermissionSet)
+
+-- | Used to redirect users within the application during the federation
+-- authentication process.
+permissionSet_relayState :: Lens.Lens' PermissionSet (Prelude.Maybe Prelude.Text)
+permissionSet_relayState = Lens.lens (\PermissionSet' {relayState} -> relayState) (\s@PermissionSet' {} a -> s {relayState = a} :: PermissionSet)
+
+-- | The length of time that the application user sessions are valid for in
+-- the ISO-8601 standard.
+permissionSet_sessionDuration :: Lens.Lens' PermissionSet (Prelude.Maybe Prelude.Text)
+permissionSet_sessionDuration = Lens.lens (\PermissionSet' {sessionDuration} -> sessionDuration) (\s@PermissionSet' {} a -> s {sessionDuration = a} :: PermissionSet)
+
+instance Data.FromJSON PermissionSet where
+  parseJSON =
+    Data.withObject
+      "PermissionSet"
+      ( \x ->
+          PermissionSet'
+            Prelude.<$> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "PermissionSetArn")
+            Prelude.<*> (x Data..:? "RelayState")
+            Prelude.<*> (x Data..:? "SessionDuration")
+      )
+
+instance Prelude.Hashable PermissionSet where
+  hashWithSalt _salt PermissionSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` createdDate
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` permissionSetArn
+      `Prelude.hashWithSalt` relayState
+      `Prelude.hashWithSalt` sessionDuration
+
+instance Prelude.NFData PermissionSet where
+  rnf PermissionSet' {..} =
+    Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf relayState
+      `Prelude.seq` Prelude.rnf sessionDuration
diff --git a/gen/Amazonka/SSOAdmin/Types/PermissionSetProvisioningStatus.hs b/gen/Amazonka/SSOAdmin/Types/PermissionSetProvisioningStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/PermissionSetProvisioningStatus.hs
@@ -0,0 +1,161 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatus where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.StatusValues
+
+-- | A structure that is used to provide the status of the provisioning
+-- operation for a specified permission set.
+--
+-- /See:/ 'newPermissionSetProvisioningStatus' smart constructor.
+data PermissionSetProvisioningStatus = PermissionSetProvisioningStatus'
+  { -- | The identifier of the AWS account from which to list the assignments.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The date that the permission set was created.
+    createdDate :: Prelude.Maybe Data.POSIX,
+    -- | The message that contains an error or exception in case of an operation
+    -- failure.
+    failureReason :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the permission set that is being provisioned. For more
+    -- information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    permissionSetArn :: Prelude.Maybe Prelude.Text,
+    -- | The identifier for tracking the request operation that is generated by
+    -- the universally unique identifier (UUID) workflow.
+    requestId :: Prelude.Maybe Prelude.Text,
+    -- | The status of the permission set provisioning process.
+    status :: Prelude.Maybe StatusValues
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PermissionSetProvisioningStatus' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'permissionSetProvisioningStatus_accountId' - The identifier of the AWS account from which to list the assignments.
+--
+-- 'createdDate', 'permissionSetProvisioningStatus_createdDate' - The date that the permission set was created.
+--
+-- 'failureReason', 'permissionSetProvisioningStatus_failureReason' - The message that contains an error or exception in case of an operation
+-- failure.
+--
+-- 'permissionSetArn', 'permissionSetProvisioningStatus_permissionSetArn' - The ARN of the permission set that is being provisioned. For more
+-- information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'requestId', 'permissionSetProvisioningStatus_requestId' - The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+--
+-- 'status', 'permissionSetProvisioningStatus_status' - The status of the permission set provisioning process.
+newPermissionSetProvisioningStatus ::
+  PermissionSetProvisioningStatus
+newPermissionSetProvisioningStatus =
+  PermissionSetProvisioningStatus'
+    { accountId =
+        Prelude.Nothing,
+      createdDate = Prelude.Nothing,
+      failureReason = Prelude.Nothing,
+      permissionSetArn = Prelude.Nothing,
+      requestId = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The identifier of the AWS account from which to list the assignments.
+permissionSetProvisioningStatus_accountId :: Lens.Lens' PermissionSetProvisioningStatus (Prelude.Maybe Prelude.Text)
+permissionSetProvisioningStatus_accountId = Lens.lens (\PermissionSetProvisioningStatus' {accountId} -> accountId) (\s@PermissionSetProvisioningStatus' {} a -> s {accountId = a} :: PermissionSetProvisioningStatus)
+
+-- | The date that the permission set was created.
+permissionSetProvisioningStatus_createdDate :: Lens.Lens' PermissionSetProvisioningStatus (Prelude.Maybe Prelude.UTCTime)
+permissionSetProvisioningStatus_createdDate = Lens.lens (\PermissionSetProvisioningStatus' {createdDate} -> createdDate) (\s@PermissionSetProvisioningStatus' {} a -> s {createdDate = a} :: PermissionSetProvisioningStatus) Prelude.. Lens.mapping Data._Time
+
+-- | The message that contains an error or exception in case of an operation
+-- failure.
+permissionSetProvisioningStatus_failureReason :: Lens.Lens' PermissionSetProvisioningStatus (Prelude.Maybe Prelude.Text)
+permissionSetProvisioningStatus_failureReason = Lens.lens (\PermissionSetProvisioningStatus' {failureReason} -> failureReason) (\s@PermissionSetProvisioningStatus' {} a -> s {failureReason = a} :: PermissionSetProvisioningStatus)
+
+-- | The ARN of the permission set that is being provisioned. For more
+-- information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+permissionSetProvisioningStatus_permissionSetArn :: Lens.Lens' PermissionSetProvisioningStatus (Prelude.Maybe Prelude.Text)
+permissionSetProvisioningStatus_permissionSetArn = Lens.lens (\PermissionSetProvisioningStatus' {permissionSetArn} -> permissionSetArn) (\s@PermissionSetProvisioningStatus' {} a -> s {permissionSetArn = a} :: PermissionSetProvisioningStatus)
+
+-- | The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+permissionSetProvisioningStatus_requestId :: Lens.Lens' PermissionSetProvisioningStatus (Prelude.Maybe Prelude.Text)
+permissionSetProvisioningStatus_requestId = Lens.lens (\PermissionSetProvisioningStatus' {requestId} -> requestId) (\s@PermissionSetProvisioningStatus' {} a -> s {requestId = a} :: PermissionSetProvisioningStatus)
+
+-- | The status of the permission set provisioning process.
+permissionSetProvisioningStatus_status :: Lens.Lens' PermissionSetProvisioningStatus (Prelude.Maybe StatusValues)
+permissionSetProvisioningStatus_status = Lens.lens (\PermissionSetProvisioningStatus' {status} -> status) (\s@PermissionSetProvisioningStatus' {} a -> s {status = a} :: PermissionSetProvisioningStatus)
+
+instance
+  Data.FromJSON
+    PermissionSetProvisioningStatus
+  where
+  parseJSON =
+    Data.withObject
+      "PermissionSetProvisioningStatus"
+      ( \x ->
+          PermissionSetProvisioningStatus'
+            Prelude.<$> (x Data..:? "AccountId")
+            Prelude.<*> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "FailureReason")
+            Prelude.<*> (x Data..:? "PermissionSetArn")
+            Prelude.<*> (x Data..:? "RequestId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    PermissionSetProvisioningStatus
+  where
+  hashWithSalt
+    _salt
+    PermissionSetProvisioningStatus' {..} =
+      _salt
+        `Prelude.hashWithSalt` accountId
+        `Prelude.hashWithSalt` createdDate
+        `Prelude.hashWithSalt` failureReason
+        `Prelude.hashWithSalt` permissionSetArn
+        `Prelude.hashWithSalt` requestId
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    PermissionSetProvisioningStatus
+  where
+  rnf PermissionSetProvisioningStatus' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf failureReason
+      `Prelude.seq` Prelude.rnf permissionSetArn
+      `Prelude.seq` Prelude.rnf requestId
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/SSOAdmin/Types/PermissionSetProvisioningStatusMetadata.hs b/gen/Amazonka/SSOAdmin/Types/PermissionSetProvisioningStatusMetadata.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/PermissionSetProvisioningStatusMetadata.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatusMetadata
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.PermissionSetProvisioningStatusMetadata where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.StatusValues
+
+-- | Provides information about the permission set provisioning status.
+--
+-- /See:/ 'newPermissionSetProvisioningStatusMetadata' smart constructor.
+data PermissionSetProvisioningStatusMetadata = PermissionSetProvisioningStatusMetadata'
+  { -- | The date that the permission set was created.
+    createdDate :: Prelude.Maybe Data.POSIX,
+    -- | The identifier for tracking the request operation that is generated by
+    -- the universally unique identifier (UUID) workflow.
+    requestId :: Prelude.Maybe Prelude.Text,
+    -- | The status of the permission set provisioning process.
+    status :: Prelude.Maybe StatusValues
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PermissionSetProvisioningStatusMetadata' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'createdDate', 'permissionSetProvisioningStatusMetadata_createdDate' - The date that the permission set was created.
+--
+-- 'requestId', 'permissionSetProvisioningStatusMetadata_requestId' - The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+--
+-- 'status', 'permissionSetProvisioningStatusMetadata_status' - The status of the permission set provisioning process.
+newPermissionSetProvisioningStatusMetadata ::
+  PermissionSetProvisioningStatusMetadata
+newPermissionSetProvisioningStatusMetadata =
+  PermissionSetProvisioningStatusMetadata'
+    { createdDate =
+        Prelude.Nothing,
+      requestId = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The date that the permission set was created.
+permissionSetProvisioningStatusMetadata_createdDate :: Lens.Lens' PermissionSetProvisioningStatusMetadata (Prelude.Maybe Prelude.UTCTime)
+permissionSetProvisioningStatusMetadata_createdDate = Lens.lens (\PermissionSetProvisioningStatusMetadata' {createdDate} -> createdDate) (\s@PermissionSetProvisioningStatusMetadata' {} a -> s {createdDate = a} :: PermissionSetProvisioningStatusMetadata) Prelude.. Lens.mapping Data._Time
+
+-- | The identifier for tracking the request operation that is generated by
+-- the universally unique identifier (UUID) workflow.
+permissionSetProvisioningStatusMetadata_requestId :: Lens.Lens' PermissionSetProvisioningStatusMetadata (Prelude.Maybe Prelude.Text)
+permissionSetProvisioningStatusMetadata_requestId = Lens.lens (\PermissionSetProvisioningStatusMetadata' {requestId} -> requestId) (\s@PermissionSetProvisioningStatusMetadata' {} a -> s {requestId = a} :: PermissionSetProvisioningStatusMetadata)
+
+-- | The status of the permission set provisioning process.
+permissionSetProvisioningStatusMetadata_status :: Lens.Lens' PermissionSetProvisioningStatusMetadata (Prelude.Maybe StatusValues)
+permissionSetProvisioningStatusMetadata_status = Lens.lens (\PermissionSetProvisioningStatusMetadata' {status} -> status) (\s@PermissionSetProvisioningStatusMetadata' {} a -> s {status = a} :: PermissionSetProvisioningStatusMetadata)
+
+instance
+  Data.FromJSON
+    PermissionSetProvisioningStatusMetadata
+  where
+  parseJSON =
+    Data.withObject
+      "PermissionSetProvisioningStatusMetadata"
+      ( \x ->
+          PermissionSetProvisioningStatusMetadata'
+            Prelude.<$> (x Data..:? "CreatedDate")
+            Prelude.<*> (x Data..:? "RequestId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    PermissionSetProvisioningStatusMetadata
+  where
+  hashWithSalt
+    _salt
+    PermissionSetProvisioningStatusMetadata' {..} =
+      _salt
+        `Prelude.hashWithSalt` createdDate
+        `Prelude.hashWithSalt` requestId
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    PermissionSetProvisioningStatusMetadata
+  where
+  rnf PermissionSetProvisioningStatusMetadata' {..} =
+    Prelude.rnf createdDate
+      `Prelude.seq` Prelude.rnf requestId
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/SSOAdmin/Types/PermissionsBoundary.hs b/gen/Amazonka/SSOAdmin/Types/PermissionsBoundary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/PermissionsBoundary.hs
@@ -0,0 +1,119 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.PermissionsBoundary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.PermissionsBoundary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Types.CustomerManagedPolicyReference
+
+-- | Specifies the configuration of the AWS managed or customer managed
+-- policy that you want to set as a permissions boundary. Specify either
+-- @CustomerManagedPolicyReference@ to use the name and path of a customer
+-- managed policy, or @ManagedPolicyArn@ to use the ARN of an AWS managed
+-- policy. A permissions boundary represents the maximum permissions that
+-- any policy can grant your role. For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html Permissions boundaries for IAM entities>
+-- in the /IAM User Guide/.
+--
+-- Policies used as permissions boundaries don\'t provide permissions. You
+-- must also attach an IAM policy to the role. To learn how the effective
+-- permissions for a role are evaluated, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html IAM JSON policy evaluation logic>
+-- in the /IAM User Guide/.
+--
+-- /See:/ 'newPermissionsBoundary' smart constructor.
+data PermissionsBoundary = PermissionsBoundary'
+  { -- | Specifies the name and path of a customer managed policy. You must have
+    -- an IAM policy that matches the name and path in each AWS account where
+    -- you want to deploy your permission set.
+    customerManagedPolicyReference :: Prelude.Maybe CustomerManagedPolicyReference,
+    -- | The AWS managed policy ARN that you want to attach to a permission set
+    -- as a permissions boundary.
+    managedPolicyArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PermissionsBoundary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customerManagedPolicyReference', 'permissionsBoundary_customerManagedPolicyReference' - Specifies the name and path of a customer managed policy. You must have
+-- an IAM policy that matches the name and path in each AWS account where
+-- you want to deploy your permission set.
+--
+-- 'managedPolicyArn', 'permissionsBoundary_managedPolicyArn' - The AWS managed policy ARN that you want to attach to a permission set
+-- as a permissions boundary.
+newPermissionsBoundary ::
+  PermissionsBoundary
+newPermissionsBoundary =
+  PermissionsBoundary'
+    { customerManagedPolicyReference =
+        Prelude.Nothing,
+      managedPolicyArn = Prelude.Nothing
+    }
+
+-- | Specifies the name and path of a customer managed policy. You must have
+-- an IAM policy that matches the name and path in each AWS account where
+-- you want to deploy your permission set.
+permissionsBoundary_customerManagedPolicyReference :: Lens.Lens' PermissionsBoundary (Prelude.Maybe CustomerManagedPolicyReference)
+permissionsBoundary_customerManagedPolicyReference = Lens.lens (\PermissionsBoundary' {customerManagedPolicyReference} -> customerManagedPolicyReference) (\s@PermissionsBoundary' {} a -> s {customerManagedPolicyReference = a} :: PermissionsBoundary)
+
+-- | The AWS managed policy ARN that you want to attach to a permission set
+-- as a permissions boundary.
+permissionsBoundary_managedPolicyArn :: Lens.Lens' PermissionsBoundary (Prelude.Maybe Prelude.Text)
+permissionsBoundary_managedPolicyArn = Lens.lens (\PermissionsBoundary' {managedPolicyArn} -> managedPolicyArn) (\s@PermissionsBoundary' {} a -> s {managedPolicyArn = a} :: PermissionsBoundary)
+
+instance Data.FromJSON PermissionsBoundary where
+  parseJSON =
+    Data.withObject
+      "PermissionsBoundary"
+      ( \x ->
+          PermissionsBoundary'
+            Prelude.<$> (x Data..:? "CustomerManagedPolicyReference")
+            Prelude.<*> (x Data..:? "ManagedPolicyArn")
+      )
+
+instance Prelude.Hashable PermissionsBoundary where
+  hashWithSalt _salt PermissionsBoundary' {..} =
+    _salt
+      `Prelude.hashWithSalt` customerManagedPolicyReference
+      `Prelude.hashWithSalt` managedPolicyArn
+
+instance Prelude.NFData PermissionsBoundary where
+  rnf PermissionsBoundary' {..} =
+    Prelude.rnf customerManagedPolicyReference
+      `Prelude.seq` Prelude.rnf managedPolicyArn
+
+instance Data.ToJSON PermissionsBoundary where
+  toJSON PermissionsBoundary' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomerManagedPolicyReference" Data..=)
+              Prelude.<$> customerManagedPolicyReference,
+            ("ManagedPolicyArn" Data..=)
+              Prelude.<$> managedPolicyArn
+          ]
+      )
diff --git a/gen/Amazonka/SSOAdmin/Types/PrincipalType.hs b/gen/Amazonka/SSOAdmin/Types/PrincipalType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/PrincipalType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.PrincipalType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.PrincipalType
+  ( PrincipalType
+      ( ..,
+        PrincipalType_GROUP,
+        PrincipalType_USER
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype PrincipalType = PrincipalType'
+  { fromPrincipalType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern PrincipalType_GROUP :: PrincipalType
+pattern PrincipalType_GROUP = PrincipalType' "GROUP"
+
+pattern PrincipalType_USER :: PrincipalType
+pattern PrincipalType_USER = PrincipalType' "USER"
+
+{-# COMPLETE
+  PrincipalType_GROUP,
+  PrincipalType_USER,
+  PrincipalType'
+  #-}
diff --git a/gen/Amazonka/SSOAdmin/Types/ProvisionTargetType.hs b/gen/Amazonka/SSOAdmin/Types/ProvisionTargetType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/ProvisionTargetType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.ProvisionTargetType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.ProvisionTargetType
+  ( ProvisionTargetType
+      ( ..,
+        ProvisionTargetType_ALL_PROVISIONED_ACCOUNTS,
+        ProvisionTargetType_AWS_ACCOUNT
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ProvisionTargetType = ProvisionTargetType'
+  { fromProvisionTargetType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ProvisionTargetType_ALL_PROVISIONED_ACCOUNTS :: ProvisionTargetType
+pattern ProvisionTargetType_ALL_PROVISIONED_ACCOUNTS = ProvisionTargetType' "ALL_PROVISIONED_ACCOUNTS"
+
+pattern ProvisionTargetType_AWS_ACCOUNT :: ProvisionTargetType
+pattern ProvisionTargetType_AWS_ACCOUNT = ProvisionTargetType' "AWS_ACCOUNT"
+
+{-# COMPLETE
+  ProvisionTargetType_ALL_PROVISIONED_ACCOUNTS,
+  ProvisionTargetType_AWS_ACCOUNT,
+  ProvisionTargetType'
+  #-}
diff --git a/gen/Amazonka/SSOAdmin/Types/ProvisioningStatus.hs b/gen/Amazonka/SSOAdmin/Types/ProvisioningStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/ProvisioningStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.ProvisioningStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.ProvisioningStatus
+  ( ProvisioningStatus
+      ( ..,
+        ProvisioningStatus_LATEST_PERMISSION_SET_NOT_PROVISIONED,
+        ProvisioningStatus_LATEST_PERMISSION_SET_PROVISIONED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ProvisioningStatus = ProvisioningStatus'
+  { fromProvisioningStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ProvisioningStatus_LATEST_PERMISSION_SET_NOT_PROVISIONED :: ProvisioningStatus
+pattern ProvisioningStatus_LATEST_PERMISSION_SET_NOT_PROVISIONED = ProvisioningStatus' "LATEST_PERMISSION_SET_NOT_PROVISIONED"
+
+pattern ProvisioningStatus_LATEST_PERMISSION_SET_PROVISIONED :: ProvisioningStatus
+pattern ProvisioningStatus_LATEST_PERMISSION_SET_PROVISIONED = ProvisioningStatus' "LATEST_PERMISSION_SET_PROVISIONED"
+
+{-# COMPLETE
+  ProvisioningStatus_LATEST_PERMISSION_SET_NOT_PROVISIONED,
+  ProvisioningStatus_LATEST_PERMISSION_SET_PROVISIONED,
+  ProvisioningStatus'
+  #-}
diff --git a/gen/Amazonka/SSOAdmin/Types/StatusValues.hs b/gen/Amazonka/SSOAdmin/Types/StatusValues.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/StatusValues.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.StatusValues
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.StatusValues
+  ( StatusValues
+      ( ..,
+        StatusValues_FAILED,
+        StatusValues_IN_PROGRESS,
+        StatusValues_SUCCEEDED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype StatusValues = StatusValues'
+  { fromStatusValues ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern StatusValues_FAILED :: StatusValues
+pattern StatusValues_FAILED = StatusValues' "FAILED"
+
+pattern StatusValues_IN_PROGRESS :: StatusValues
+pattern StatusValues_IN_PROGRESS = StatusValues' "IN_PROGRESS"
+
+pattern StatusValues_SUCCEEDED :: StatusValues
+pattern StatusValues_SUCCEEDED = StatusValues' "SUCCEEDED"
+
+{-# COMPLETE
+  StatusValues_FAILED,
+  StatusValues_IN_PROGRESS,
+  StatusValues_SUCCEEDED,
+  StatusValues'
+  #-}
diff --git a/gen/Amazonka/SSOAdmin/Types/Tag.hs b/gen/Amazonka/SSOAdmin/Types/Tag.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/Tag.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.Tag
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.Tag where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A set of key-value pairs that are used to manage the resource. Tags can
+-- only be applied to permission sets and cannot be applied to
+-- corresponding roles that IAM Identity Center creates in AWS accounts.
+--
+-- /See:/ 'newTag' smart constructor.
+data Tag = Tag'
+  { -- | The key for the tag.
+    key :: Prelude.Text,
+    -- | The value of the tag.
+    value :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Tag' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'tag_key' - The key for the tag.
+--
+-- 'value', 'tag_value' - The value of the tag.
+newTag ::
+  -- | 'key'
+  Prelude.Text ->
+  -- | 'value'
+  Prelude.Text ->
+  Tag
+newTag pKey_ pValue_ =
+  Tag' {key = pKey_, value = pValue_}
+
+-- | The key for the tag.
+tag_key :: Lens.Lens' Tag Prelude.Text
+tag_key = Lens.lens (\Tag' {key} -> key) (\s@Tag' {} a -> s {key = a} :: Tag)
+
+-- | The value of the tag.
+tag_value :: Lens.Lens' Tag Prelude.Text
+tag_value = Lens.lens (\Tag' {value} -> value) (\s@Tag' {} a -> s {value = a} :: Tag)
+
+instance Data.FromJSON Tag where
+  parseJSON =
+    Data.withObject
+      "Tag"
+      ( \x ->
+          Tag'
+            Prelude.<$> (x Data..: "Key")
+            Prelude.<*> (x Data..: "Value")
+      )
+
+instance Prelude.Hashable Tag where
+  hashWithSalt _salt Tag' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData Tag where
+  rnf Tag' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON Tag where
+  toJSON Tag' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Key" Data..= key),
+            Prelude.Just ("Value" Data..= value)
+          ]
+      )
diff --git a/gen/Amazonka/SSOAdmin/Types/TargetType.hs b/gen/Amazonka/SSOAdmin/Types/TargetType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Types/TargetType.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Types.TargetType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Types.TargetType
+  ( TargetType
+      ( ..,
+        TargetType_AWS_ACCOUNT
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype TargetType = TargetType'
+  { fromTargetType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern TargetType_AWS_ACCOUNT :: TargetType
+pattern TargetType_AWS_ACCOUNT = TargetType' "AWS_ACCOUNT"
+
+{-# COMPLETE
+  TargetType_AWS_ACCOUNT,
+  TargetType'
+  #-}
diff --git a/gen/Amazonka/SSOAdmin/UntagResource.hs b/gen/Amazonka/SSOAdmin/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/UntagResource.hs
@@ -0,0 +1,200 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates a set of tags from a specified resource.
+module Amazonka.SSOAdmin.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_instanceArn,
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the resource with the tags to be listed.
+    resourceArn :: Prelude.Text,
+    -- | The keys of tags that are attached to the resource.
+    tagKeys :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'untagResource_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'resourceArn', 'untagResource_resourceArn' - The ARN of the resource with the tags to be listed.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - The keys of tags that are attached to the resource.
+newUntagResource ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'tagKeys'
+  Prelude.NonEmpty Prelude.Text ->
+  UntagResource
+newUntagResource
+  pInstanceArn_
+  pResourceArn_
+  pTagKeys_ =
+    UntagResource'
+      { instanceArn = pInstanceArn_,
+        resourceArn = pResourceArn_,
+        tagKeys = Lens.coerced Lens.# pTagKeys_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+untagResource_instanceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_instanceArn = Lens.lens (\UntagResource' {instanceArn} -> instanceArn) (\s@UntagResource' {} a -> s {instanceArn = a} :: UntagResource)
+
+-- | The ARN of the resource with the tags to be listed.
+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)
+
+-- | The keys of tags that are attached to the resource.
+untagResource_tagKeys :: Lens.Lens' UntagResource (Prelude.NonEmpty Prelude.Text)
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.UntagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UntagResource where
+  toJSON UntagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just ("TagKeys" Data..= tagKeys)
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UntagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/UpdateInstanceAccessControlAttributeConfiguration.hs b/gen/Amazonka/SSOAdmin/UpdateInstanceAccessControlAttributeConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/UpdateInstanceAccessControlAttributeConfiguration.hs
@@ -0,0 +1,227 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.UpdateInstanceAccessControlAttributeConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the IAM Identity Center identity store attributes that you can
+-- use with the IAM Identity Center instance for attributes-based access
+-- control (ABAC). When using an external identity provider as an identity
+-- source, you can pass attributes through the SAML assertion as an
+-- alternative to configuring attributes from the IAM Identity Center
+-- identity store. If a SAML assertion passes any of these attributes, IAM
+-- Identity Center replaces the attribute value with the value from the IAM
+-- Identity Center identity store. For more information about ABAC, see
+-- </singlesignon/latest/userguide/abac.html Attribute-Based Access Control>
+-- in the /IAM Identity Center User Guide/.
+module Amazonka.SSOAdmin.UpdateInstanceAccessControlAttributeConfiguration
+  ( -- * Creating a Request
+    UpdateInstanceAccessControlAttributeConfiguration (..),
+    newUpdateInstanceAccessControlAttributeConfiguration,
+
+    -- * Request Lenses
+    updateInstanceAccessControlAttributeConfiguration_instanceArn,
+    updateInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration,
+
+    -- * Destructuring the Response
+    UpdateInstanceAccessControlAttributeConfigurationResponse (..),
+    newUpdateInstanceAccessControlAttributeConfigurationResponse,
+
+    -- * Response Lenses
+    updateInstanceAccessControlAttributeConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newUpdateInstanceAccessControlAttributeConfiguration' smart constructor.
+data UpdateInstanceAccessControlAttributeConfiguration = UpdateInstanceAccessControlAttributeConfiguration'
+  { -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed.
+    instanceArn :: Prelude.Text,
+    -- | Updates the attributes for your ABAC configuration.
+    instanceAccessControlAttributeConfiguration :: InstanceAccessControlAttributeConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateInstanceAccessControlAttributeConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'instanceArn', 'updateInstanceAccessControlAttributeConfiguration_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+--
+-- 'instanceAccessControlAttributeConfiguration', 'updateInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration' - Updates the attributes for your ABAC configuration.
+newUpdateInstanceAccessControlAttributeConfiguration ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'instanceAccessControlAttributeConfiguration'
+  InstanceAccessControlAttributeConfiguration ->
+  UpdateInstanceAccessControlAttributeConfiguration
+newUpdateInstanceAccessControlAttributeConfiguration
+  pInstanceArn_
+  pInstanceAccessControlAttributeConfiguration_ =
+    UpdateInstanceAccessControlAttributeConfiguration'
+      { instanceArn =
+          pInstanceArn_,
+        instanceAccessControlAttributeConfiguration =
+          pInstanceAccessControlAttributeConfiguration_
+      }
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed.
+updateInstanceAccessControlAttributeConfiguration_instanceArn :: Lens.Lens' UpdateInstanceAccessControlAttributeConfiguration Prelude.Text
+updateInstanceAccessControlAttributeConfiguration_instanceArn = Lens.lens (\UpdateInstanceAccessControlAttributeConfiguration' {instanceArn} -> instanceArn) (\s@UpdateInstanceAccessControlAttributeConfiguration' {} a -> s {instanceArn = a} :: UpdateInstanceAccessControlAttributeConfiguration)
+
+-- | Updates the attributes for your ABAC configuration.
+updateInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration :: Lens.Lens' UpdateInstanceAccessControlAttributeConfiguration InstanceAccessControlAttributeConfiguration
+updateInstanceAccessControlAttributeConfiguration_instanceAccessControlAttributeConfiguration = Lens.lens (\UpdateInstanceAccessControlAttributeConfiguration' {instanceAccessControlAttributeConfiguration} -> instanceAccessControlAttributeConfiguration) (\s@UpdateInstanceAccessControlAttributeConfiguration' {} a -> s {instanceAccessControlAttributeConfiguration = a} :: UpdateInstanceAccessControlAttributeConfiguration)
+
+instance
+  Core.AWSRequest
+    UpdateInstanceAccessControlAttributeConfiguration
+  where
+  type
+    AWSResponse
+      UpdateInstanceAccessControlAttributeConfiguration =
+      UpdateInstanceAccessControlAttributeConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateInstanceAccessControlAttributeConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateInstanceAccessControlAttributeConfiguration
+  where
+  hashWithSalt
+    _salt
+    UpdateInstanceAccessControlAttributeConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` instanceArn
+        `Prelude.hashWithSalt` instanceAccessControlAttributeConfiguration
+
+instance
+  Prelude.NFData
+    UpdateInstanceAccessControlAttributeConfiguration
+  where
+  rnf
+    UpdateInstanceAccessControlAttributeConfiguration' {..} =
+      Prelude.rnf instanceArn
+        `Prelude.seq` Prelude.rnf
+          instanceAccessControlAttributeConfiguration
+
+instance
+  Data.ToHeaders
+    UpdateInstanceAccessControlAttributeConfiguration
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.UpdateInstanceAccessControlAttributeConfiguration" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    UpdateInstanceAccessControlAttributeConfiguration
+  where
+  toJSON
+    UpdateInstanceAccessControlAttributeConfiguration' {..} =
+      Data.object
+        ( Prelude.catMaybes
+            [ Prelude.Just ("InstanceArn" Data..= instanceArn),
+              Prelude.Just
+                ( "InstanceAccessControlAttributeConfiguration"
+                    Data..= instanceAccessControlAttributeConfiguration
+                )
+            ]
+        )
+
+instance
+  Data.ToPath
+    UpdateInstanceAccessControlAttributeConfiguration
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    UpdateInstanceAccessControlAttributeConfiguration
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateInstanceAccessControlAttributeConfigurationResponse' smart constructor.
+data UpdateInstanceAccessControlAttributeConfigurationResponse = UpdateInstanceAccessControlAttributeConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateInstanceAccessControlAttributeConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateInstanceAccessControlAttributeConfigurationResponse_httpStatus' - The response's http status code.
+newUpdateInstanceAccessControlAttributeConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateInstanceAccessControlAttributeConfigurationResponse
+newUpdateInstanceAccessControlAttributeConfigurationResponse
+  pHttpStatus_ =
+    UpdateInstanceAccessControlAttributeConfigurationResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+updateInstanceAccessControlAttributeConfigurationResponse_httpStatus :: Lens.Lens' UpdateInstanceAccessControlAttributeConfigurationResponse Prelude.Int
+updateInstanceAccessControlAttributeConfigurationResponse_httpStatus = Lens.lens (\UpdateInstanceAccessControlAttributeConfigurationResponse' {httpStatus} -> httpStatus) (\s@UpdateInstanceAccessControlAttributeConfigurationResponse' {} a -> s {httpStatus = a} :: UpdateInstanceAccessControlAttributeConfigurationResponse)
+
+instance
+  Prelude.NFData
+    UpdateInstanceAccessControlAttributeConfigurationResponse
+  where
+  rnf
+    UpdateInstanceAccessControlAttributeConfigurationResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/UpdatePermissionSet.hs b/gen/Amazonka/SSOAdmin/UpdatePermissionSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/UpdatePermissionSet.hs
@@ -0,0 +1,234 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.UpdatePermissionSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates an existing permission set.
+module Amazonka.SSOAdmin.UpdatePermissionSet
+  ( -- * Creating a Request
+    UpdatePermissionSet (..),
+    newUpdatePermissionSet,
+
+    -- * Request Lenses
+    updatePermissionSet_description,
+    updatePermissionSet_relayState,
+    updatePermissionSet_sessionDuration,
+    updatePermissionSet_instanceArn,
+    updatePermissionSet_permissionSetArn,
+
+    -- * Destructuring the Response
+    UpdatePermissionSetResponse (..),
+    newUpdatePermissionSetResponse,
+
+    -- * Response Lenses
+    updatePermissionSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSOAdmin.Types
+
+-- | /See:/ 'newUpdatePermissionSet' smart constructor.
+data UpdatePermissionSet = UpdatePermissionSet'
+  { -- | The description of the PermissionSet.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | Used to redirect users within the application during the federation
+    -- authentication process.
+    relayState :: Prelude.Maybe Prelude.Text,
+    -- | The length of time that the application user sessions are valid for in
+    -- the ISO-8601 standard.
+    sessionDuration :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the IAM Identity Center instance under which the operation
+    -- will be executed. For more information about ARNs, see
+    -- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+    -- in the /AWS General Reference/.
+    instanceArn :: Prelude.Text,
+    -- | The ARN of the permission set.
+    permissionSetArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdatePermissionSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'updatePermissionSet_description' - The description of the PermissionSet.
+--
+-- 'relayState', 'updatePermissionSet_relayState' - Used to redirect users within the application during the federation
+-- authentication process.
+--
+-- 'sessionDuration', 'updatePermissionSet_sessionDuration' - The length of time that the application user sessions are valid for in
+-- the ISO-8601 standard.
+--
+-- 'instanceArn', 'updatePermissionSet_instanceArn' - The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+--
+-- 'permissionSetArn', 'updatePermissionSet_permissionSetArn' - The ARN of the permission set.
+newUpdatePermissionSet ::
+  -- | 'instanceArn'
+  Prelude.Text ->
+  -- | 'permissionSetArn'
+  Prelude.Text ->
+  UpdatePermissionSet
+newUpdatePermissionSet
+  pInstanceArn_
+  pPermissionSetArn_ =
+    UpdatePermissionSet'
+      { description = Prelude.Nothing,
+        relayState = Prelude.Nothing,
+        sessionDuration = Prelude.Nothing,
+        instanceArn = pInstanceArn_,
+        permissionSetArn = pPermissionSetArn_
+      }
+
+-- | The description of the PermissionSet.
+updatePermissionSet_description :: Lens.Lens' UpdatePermissionSet (Prelude.Maybe Prelude.Text)
+updatePermissionSet_description = Lens.lens (\UpdatePermissionSet' {description} -> description) (\s@UpdatePermissionSet' {} a -> s {description = a} :: UpdatePermissionSet)
+
+-- | Used to redirect users within the application during the federation
+-- authentication process.
+updatePermissionSet_relayState :: Lens.Lens' UpdatePermissionSet (Prelude.Maybe Prelude.Text)
+updatePermissionSet_relayState = Lens.lens (\UpdatePermissionSet' {relayState} -> relayState) (\s@UpdatePermissionSet' {} a -> s {relayState = a} :: UpdatePermissionSet)
+
+-- | The length of time that the application user sessions are valid for in
+-- the ISO-8601 standard.
+updatePermissionSet_sessionDuration :: Lens.Lens' UpdatePermissionSet (Prelude.Maybe Prelude.Text)
+updatePermissionSet_sessionDuration = Lens.lens (\UpdatePermissionSet' {sessionDuration} -> sessionDuration) (\s@UpdatePermissionSet' {} a -> s {sessionDuration = a} :: UpdatePermissionSet)
+
+-- | The ARN of the IAM Identity Center instance under which the operation
+-- will be executed. For more information about ARNs, see
+-- </general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) and AWS Service Namespaces>
+-- in the /AWS General Reference/.
+updatePermissionSet_instanceArn :: Lens.Lens' UpdatePermissionSet Prelude.Text
+updatePermissionSet_instanceArn = Lens.lens (\UpdatePermissionSet' {instanceArn} -> instanceArn) (\s@UpdatePermissionSet' {} a -> s {instanceArn = a} :: UpdatePermissionSet)
+
+-- | The ARN of the permission set.
+updatePermissionSet_permissionSetArn :: Lens.Lens' UpdatePermissionSet Prelude.Text
+updatePermissionSet_permissionSetArn = Lens.lens (\UpdatePermissionSet' {permissionSetArn} -> permissionSetArn) (\s@UpdatePermissionSet' {} a -> s {permissionSetArn = a} :: UpdatePermissionSet)
+
+instance Core.AWSRequest UpdatePermissionSet where
+  type
+    AWSResponse UpdatePermissionSet =
+      UpdatePermissionSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdatePermissionSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdatePermissionSet where
+  hashWithSalt _salt UpdatePermissionSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` relayState
+      `Prelude.hashWithSalt` sessionDuration
+      `Prelude.hashWithSalt` instanceArn
+      `Prelude.hashWithSalt` permissionSetArn
+
+instance Prelude.NFData UpdatePermissionSet where
+  rnf UpdatePermissionSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf relayState
+      `Prelude.seq` Prelude.rnf sessionDuration
+      `Prelude.seq` Prelude.rnf instanceArn
+      `Prelude.seq` Prelude.rnf permissionSetArn
+
+instance Data.ToHeaders UpdatePermissionSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "SWBExternalService.UpdatePermissionSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdatePermissionSet where
+  toJSON UpdatePermissionSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            ("RelayState" Data..=) Prelude.<$> relayState,
+            ("SessionDuration" Data..=)
+              Prelude.<$> sessionDuration,
+            Prelude.Just ("InstanceArn" Data..= instanceArn),
+            Prelude.Just
+              ("PermissionSetArn" Data..= permissionSetArn)
+          ]
+      )
+
+instance Data.ToPath UpdatePermissionSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdatePermissionSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdatePermissionSetResponse' smart constructor.
+data UpdatePermissionSetResponse = UpdatePermissionSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdatePermissionSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updatePermissionSetResponse_httpStatus' - The response's http status code.
+newUpdatePermissionSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdatePermissionSetResponse
+newUpdatePermissionSetResponse pHttpStatus_ =
+  UpdatePermissionSetResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updatePermissionSetResponse_httpStatus :: Lens.Lens' UpdatePermissionSetResponse Prelude.Int
+updatePermissionSetResponse_httpStatus = Lens.lens (\UpdatePermissionSetResponse' {httpStatus} -> httpStatus) (\s@UpdatePermissionSetResponse' {} a -> s {httpStatus = a} :: UpdatePermissionSetResponse)
+
+instance Prelude.NFData UpdatePermissionSetResponse where
+  rnf UpdatePermissionSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSOAdmin/Waiters.hs b/gen/Amazonka/SSOAdmin/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSOAdmin/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSOAdmin.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSOAdmin.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSOAdmin.Lens
+import Amazonka.SSOAdmin.Types
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.SSOAdmin
+import Test.Amazonka.SSOAdmin.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "SSOAdmin"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/SSOAdmin.hs b/test/Test/Amazonka/Gen/SSOAdmin.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/SSOAdmin.hs
@@ -0,0 +1,778 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.SSOAdmin
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.SSOAdmin where
+
+import Amazonka.SSOAdmin
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.SSOAdmin.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestAttachCustomerManagedPolicyReferenceToPermissionSet $
+--             newAttachCustomerManagedPolicyReferenceToPermissionSet
+--
+--         , requestAttachManagedPolicyToPermissionSet $
+--             newAttachManagedPolicyToPermissionSet
+--
+--         , requestCreateAccountAssignment $
+--             newCreateAccountAssignment
+--
+--         , requestCreateInstanceAccessControlAttributeConfiguration $
+--             newCreateInstanceAccessControlAttributeConfiguration
+--
+--         , requestCreatePermissionSet $
+--             newCreatePermissionSet
+--
+--         , requestDeleteAccountAssignment $
+--             newDeleteAccountAssignment
+--
+--         , requestDeleteInlinePolicyFromPermissionSet $
+--             newDeleteInlinePolicyFromPermissionSet
+--
+--         , requestDeleteInstanceAccessControlAttributeConfiguration $
+--             newDeleteInstanceAccessControlAttributeConfiguration
+--
+--         , requestDeletePermissionSet $
+--             newDeletePermissionSet
+--
+--         , requestDeletePermissionsBoundaryFromPermissionSet $
+--             newDeletePermissionsBoundaryFromPermissionSet
+--
+--         , requestDescribeAccountAssignmentCreationStatus $
+--             newDescribeAccountAssignmentCreationStatus
+--
+--         , requestDescribeAccountAssignmentDeletionStatus $
+--             newDescribeAccountAssignmentDeletionStatus
+--
+--         , requestDescribeInstanceAccessControlAttributeConfiguration $
+--             newDescribeInstanceAccessControlAttributeConfiguration
+--
+--         , requestDescribePermissionSet $
+--             newDescribePermissionSet
+--
+--         , requestDescribePermissionSetProvisioningStatus $
+--             newDescribePermissionSetProvisioningStatus
+--
+--         , requestDetachCustomerManagedPolicyReferenceFromPermissionSet $
+--             newDetachCustomerManagedPolicyReferenceFromPermissionSet
+--
+--         , requestDetachManagedPolicyFromPermissionSet $
+--             newDetachManagedPolicyFromPermissionSet
+--
+--         , requestGetInlinePolicyForPermissionSet $
+--             newGetInlinePolicyForPermissionSet
+--
+--         , requestGetPermissionsBoundaryForPermissionSet $
+--             newGetPermissionsBoundaryForPermissionSet
+--
+--         , requestListAccountAssignmentCreationStatus $
+--             newListAccountAssignmentCreationStatus
+--
+--         , requestListAccountAssignmentDeletionStatus $
+--             newListAccountAssignmentDeletionStatus
+--
+--         , requestListAccountAssignments $
+--             newListAccountAssignments
+--
+--         , requestListAccountsForProvisionedPermissionSet $
+--             newListAccountsForProvisionedPermissionSet
+--
+--         , requestListCustomerManagedPolicyReferencesInPermissionSet $
+--             newListCustomerManagedPolicyReferencesInPermissionSet
+--
+--         , requestListInstances $
+--             newListInstances
+--
+--         , requestListManagedPoliciesInPermissionSet $
+--             newListManagedPoliciesInPermissionSet
+--
+--         , requestListPermissionSetProvisioningStatus $
+--             newListPermissionSetProvisioningStatus
+--
+--         , requestListPermissionSets $
+--             newListPermissionSets
+--
+--         , requestListPermissionSetsProvisionedToAccount $
+--             newListPermissionSetsProvisionedToAccount
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestProvisionPermissionSet $
+--             newProvisionPermissionSet
+--
+--         , requestPutInlinePolicyToPermissionSet $
+--             newPutInlinePolicyToPermissionSet
+--
+--         , requestPutPermissionsBoundaryToPermissionSet $
+--             newPutPermissionsBoundaryToPermissionSet
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateInstanceAccessControlAttributeConfiguration $
+--             newUpdateInstanceAccessControlAttributeConfiguration
+--
+--         , requestUpdatePermissionSet $
+--             newUpdatePermissionSet
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseAttachCustomerManagedPolicyReferenceToPermissionSet $
+--             newAttachCustomerManagedPolicyReferenceToPermissionSetResponse
+--
+--         , responseAttachManagedPolicyToPermissionSet $
+--             newAttachManagedPolicyToPermissionSetResponse
+--
+--         , responseCreateAccountAssignment $
+--             newCreateAccountAssignmentResponse
+--
+--         , responseCreateInstanceAccessControlAttributeConfiguration $
+--             newCreateInstanceAccessControlAttributeConfigurationResponse
+--
+--         , responseCreatePermissionSet $
+--             newCreatePermissionSetResponse
+--
+--         , responseDeleteAccountAssignment $
+--             newDeleteAccountAssignmentResponse
+--
+--         , responseDeleteInlinePolicyFromPermissionSet $
+--             newDeleteInlinePolicyFromPermissionSetResponse
+--
+--         , responseDeleteInstanceAccessControlAttributeConfiguration $
+--             newDeleteInstanceAccessControlAttributeConfigurationResponse
+--
+--         , responseDeletePermissionSet $
+--             newDeletePermissionSetResponse
+--
+--         , responseDeletePermissionsBoundaryFromPermissionSet $
+--             newDeletePermissionsBoundaryFromPermissionSetResponse
+--
+--         , responseDescribeAccountAssignmentCreationStatus $
+--             newDescribeAccountAssignmentCreationStatusResponse
+--
+--         , responseDescribeAccountAssignmentDeletionStatus $
+--             newDescribeAccountAssignmentDeletionStatusResponse
+--
+--         , responseDescribeInstanceAccessControlAttributeConfiguration $
+--             newDescribeInstanceAccessControlAttributeConfigurationResponse
+--
+--         , responseDescribePermissionSet $
+--             newDescribePermissionSetResponse
+--
+--         , responseDescribePermissionSetProvisioningStatus $
+--             newDescribePermissionSetProvisioningStatusResponse
+--
+--         , responseDetachCustomerManagedPolicyReferenceFromPermissionSet $
+--             newDetachCustomerManagedPolicyReferenceFromPermissionSetResponse
+--
+--         , responseDetachManagedPolicyFromPermissionSet $
+--             newDetachManagedPolicyFromPermissionSetResponse
+--
+--         , responseGetInlinePolicyForPermissionSet $
+--             newGetInlinePolicyForPermissionSetResponse
+--
+--         , responseGetPermissionsBoundaryForPermissionSet $
+--             newGetPermissionsBoundaryForPermissionSetResponse
+--
+--         , responseListAccountAssignmentCreationStatus $
+--             newListAccountAssignmentCreationStatusResponse
+--
+--         , responseListAccountAssignmentDeletionStatus $
+--             newListAccountAssignmentDeletionStatusResponse
+--
+--         , responseListAccountAssignments $
+--             newListAccountAssignmentsResponse
+--
+--         , responseListAccountsForProvisionedPermissionSet $
+--             newListAccountsForProvisionedPermissionSetResponse
+--
+--         , responseListCustomerManagedPolicyReferencesInPermissionSet $
+--             newListCustomerManagedPolicyReferencesInPermissionSetResponse
+--
+--         , responseListInstances $
+--             newListInstancesResponse
+--
+--         , responseListManagedPoliciesInPermissionSet $
+--             newListManagedPoliciesInPermissionSetResponse
+--
+--         , responseListPermissionSetProvisioningStatus $
+--             newListPermissionSetProvisioningStatusResponse
+--
+--         , responseListPermissionSets $
+--             newListPermissionSetsResponse
+--
+--         , responseListPermissionSetsProvisionedToAccount $
+--             newListPermissionSetsProvisionedToAccountResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseProvisionPermissionSet $
+--             newProvisionPermissionSetResponse
+--
+--         , responsePutInlinePolicyToPermissionSet $
+--             newPutInlinePolicyToPermissionSetResponse
+--
+--         , responsePutPermissionsBoundaryToPermissionSet $
+--             newPutPermissionsBoundaryToPermissionSetResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateInstanceAccessControlAttributeConfiguration $
+--             newUpdateInstanceAccessControlAttributeConfigurationResponse
+--
+--         , responseUpdatePermissionSet $
+--             newUpdatePermissionSetResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestAttachCustomerManagedPolicyReferenceToPermissionSet :: AttachCustomerManagedPolicyReferenceToPermissionSet -> TestTree
+requestAttachCustomerManagedPolicyReferenceToPermissionSet =
+  req
+    "AttachCustomerManagedPolicyReferenceToPermissionSet"
+    "fixture/AttachCustomerManagedPolicyReferenceToPermissionSet.yaml"
+
+requestAttachManagedPolicyToPermissionSet :: AttachManagedPolicyToPermissionSet -> TestTree
+requestAttachManagedPolicyToPermissionSet =
+  req
+    "AttachManagedPolicyToPermissionSet"
+    "fixture/AttachManagedPolicyToPermissionSet.yaml"
+
+requestCreateAccountAssignment :: CreateAccountAssignment -> TestTree
+requestCreateAccountAssignment =
+  req
+    "CreateAccountAssignment"
+    "fixture/CreateAccountAssignment.yaml"
+
+requestCreateInstanceAccessControlAttributeConfiguration :: CreateInstanceAccessControlAttributeConfiguration -> TestTree
+requestCreateInstanceAccessControlAttributeConfiguration =
+  req
+    "CreateInstanceAccessControlAttributeConfiguration"
+    "fixture/CreateInstanceAccessControlAttributeConfiguration.yaml"
+
+requestCreatePermissionSet :: CreatePermissionSet -> TestTree
+requestCreatePermissionSet =
+  req
+    "CreatePermissionSet"
+    "fixture/CreatePermissionSet.yaml"
+
+requestDeleteAccountAssignment :: DeleteAccountAssignment -> TestTree
+requestDeleteAccountAssignment =
+  req
+    "DeleteAccountAssignment"
+    "fixture/DeleteAccountAssignment.yaml"
+
+requestDeleteInlinePolicyFromPermissionSet :: DeleteInlinePolicyFromPermissionSet -> TestTree
+requestDeleteInlinePolicyFromPermissionSet =
+  req
+    "DeleteInlinePolicyFromPermissionSet"
+    "fixture/DeleteInlinePolicyFromPermissionSet.yaml"
+
+requestDeleteInstanceAccessControlAttributeConfiguration :: DeleteInstanceAccessControlAttributeConfiguration -> TestTree
+requestDeleteInstanceAccessControlAttributeConfiguration =
+  req
+    "DeleteInstanceAccessControlAttributeConfiguration"
+    "fixture/DeleteInstanceAccessControlAttributeConfiguration.yaml"
+
+requestDeletePermissionSet :: DeletePermissionSet -> TestTree
+requestDeletePermissionSet =
+  req
+    "DeletePermissionSet"
+    "fixture/DeletePermissionSet.yaml"
+
+requestDeletePermissionsBoundaryFromPermissionSet :: DeletePermissionsBoundaryFromPermissionSet -> TestTree
+requestDeletePermissionsBoundaryFromPermissionSet =
+  req
+    "DeletePermissionsBoundaryFromPermissionSet"
+    "fixture/DeletePermissionsBoundaryFromPermissionSet.yaml"
+
+requestDescribeAccountAssignmentCreationStatus :: DescribeAccountAssignmentCreationStatus -> TestTree
+requestDescribeAccountAssignmentCreationStatus =
+  req
+    "DescribeAccountAssignmentCreationStatus"
+    "fixture/DescribeAccountAssignmentCreationStatus.yaml"
+
+requestDescribeAccountAssignmentDeletionStatus :: DescribeAccountAssignmentDeletionStatus -> TestTree
+requestDescribeAccountAssignmentDeletionStatus =
+  req
+    "DescribeAccountAssignmentDeletionStatus"
+    "fixture/DescribeAccountAssignmentDeletionStatus.yaml"
+
+requestDescribeInstanceAccessControlAttributeConfiguration :: DescribeInstanceAccessControlAttributeConfiguration -> TestTree
+requestDescribeInstanceAccessControlAttributeConfiguration =
+  req
+    "DescribeInstanceAccessControlAttributeConfiguration"
+    "fixture/DescribeInstanceAccessControlAttributeConfiguration.yaml"
+
+requestDescribePermissionSet :: DescribePermissionSet -> TestTree
+requestDescribePermissionSet =
+  req
+    "DescribePermissionSet"
+    "fixture/DescribePermissionSet.yaml"
+
+requestDescribePermissionSetProvisioningStatus :: DescribePermissionSetProvisioningStatus -> TestTree
+requestDescribePermissionSetProvisioningStatus =
+  req
+    "DescribePermissionSetProvisioningStatus"
+    "fixture/DescribePermissionSetProvisioningStatus.yaml"
+
+requestDetachCustomerManagedPolicyReferenceFromPermissionSet :: DetachCustomerManagedPolicyReferenceFromPermissionSet -> TestTree
+requestDetachCustomerManagedPolicyReferenceFromPermissionSet =
+  req
+    "DetachCustomerManagedPolicyReferenceFromPermissionSet"
+    "fixture/DetachCustomerManagedPolicyReferenceFromPermissionSet.yaml"
+
+requestDetachManagedPolicyFromPermissionSet :: DetachManagedPolicyFromPermissionSet -> TestTree
+requestDetachManagedPolicyFromPermissionSet =
+  req
+    "DetachManagedPolicyFromPermissionSet"
+    "fixture/DetachManagedPolicyFromPermissionSet.yaml"
+
+requestGetInlinePolicyForPermissionSet :: GetInlinePolicyForPermissionSet -> TestTree
+requestGetInlinePolicyForPermissionSet =
+  req
+    "GetInlinePolicyForPermissionSet"
+    "fixture/GetInlinePolicyForPermissionSet.yaml"
+
+requestGetPermissionsBoundaryForPermissionSet :: GetPermissionsBoundaryForPermissionSet -> TestTree
+requestGetPermissionsBoundaryForPermissionSet =
+  req
+    "GetPermissionsBoundaryForPermissionSet"
+    "fixture/GetPermissionsBoundaryForPermissionSet.yaml"
+
+requestListAccountAssignmentCreationStatus :: ListAccountAssignmentCreationStatus -> TestTree
+requestListAccountAssignmentCreationStatus =
+  req
+    "ListAccountAssignmentCreationStatus"
+    "fixture/ListAccountAssignmentCreationStatus.yaml"
+
+requestListAccountAssignmentDeletionStatus :: ListAccountAssignmentDeletionStatus -> TestTree
+requestListAccountAssignmentDeletionStatus =
+  req
+    "ListAccountAssignmentDeletionStatus"
+    "fixture/ListAccountAssignmentDeletionStatus.yaml"
+
+requestListAccountAssignments :: ListAccountAssignments -> TestTree
+requestListAccountAssignments =
+  req
+    "ListAccountAssignments"
+    "fixture/ListAccountAssignments.yaml"
+
+requestListAccountsForProvisionedPermissionSet :: ListAccountsForProvisionedPermissionSet -> TestTree
+requestListAccountsForProvisionedPermissionSet =
+  req
+    "ListAccountsForProvisionedPermissionSet"
+    "fixture/ListAccountsForProvisionedPermissionSet.yaml"
+
+requestListCustomerManagedPolicyReferencesInPermissionSet :: ListCustomerManagedPolicyReferencesInPermissionSet -> TestTree
+requestListCustomerManagedPolicyReferencesInPermissionSet =
+  req
+    "ListCustomerManagedPolicyReferencesInPermissionSet"
+    "fixture/ListCustomerManagedPolicyReferencesInPermissionSet.yaml"
+
+requestListInstances :: ListInstances -> TestTree
+requestListInstances =
+  req
+    "ListInstances"
+    "fixture/ListInstances.yaml"
+
+requestListManagedPoliciesInPermissionSet :: ListManagedPoliciesInPermissionSet -> TestTree
+requestListManagedPoliciesInPermissionSet =
+  req
+    "ListManagedPoliciesInPermissionSet"
+    "fixture/ListManagedPoliciesInPermissionSet.yaml"
+
+requestListPermissionSetProvisioningStatus :: ListPermissionSetProvisioningStatus -> TestTree
+requestListPermissionSetProvisioningStatus =
+  req
+    "ListPermissionSetProvisioningStatus"
+    "fixture/ListPermissionSetProvisioningStatus.yaml"
+
+requestListPermissionSets :: ListPermissionSets -> TestTree
+requestListPermissionSets =
+  req
+    "ListPermissionSets"
+    "fixture/ListPermissionSets.yaml"
+
+requestListPermissionSetsProvisionedToAccount :: ListPermissionSetsProvisionedToAccount -> TestTree
+requestListPermissionSetsProvisionedToAccount =
+  req
+    "ListPermissionSetsProvisionedToAccount"
+    "fixture/ListPermissionSetsProvisionedToAccount.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestProvisionPermissionSet :: ProvisionPermissionSet -> TestTree
+requestProvisionPermissionSet =
+  req
+    "ProvisionPermissionSet"
+    "fixture/ProvisionPermissionSet.yaml"
+
+requestPutInlinePolicyToPermissionSet :: PutInlinePolicyToPermissionSet -> TestTree
+requestPutInlinePolicyToPermissionSet =
+  req
+    "PutInlinePolicyToPermissionSet"
+    "fixture/PutInlinePolicyToPermissionSet.yaml"
+
+requestPutPermissionsBoundaryToPermissionSet :: PutPermissionsBoundaryToPermissionSet -> TestTree
+requestPutPermissionsBoundaryToPermissionSet =
+  req
+    "PutPermissionsBoundaryToPermissionSet"
+    "fixture/PutPermissionsBoundaryToPermissionSet.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateInstanceAccessControlAttributeConfiguration :: UpdateInstanceAccessControlAttributeConfiguration -> TestTree
+requestUpdateInstanceAccessControlAttributeConfiguration =
+  req
+    "UpdateInstanceAccessControlAttributeConfiguration"
+    "fixture/UpdateInstanceAccessControlAttributeConfiguration.yaml"
+
+requestUpdatePermissionSet :: UpdatePermissionSet -> TestTree
+requestUpdatePermissionSet =
+  req
+    "UpdatePermissionSet"
+    "fixture/UpdatePermissionSet.yaml"
+
+-- Responses
+
+responseAttachCustomerManagedPolicyReferenceToPermissionSet :: AttachCustomerManagedPolicyReferenceToPermissionSetResponse -> TestTree
+responseAttachCustomerManagedPolicyReferenceToPermissionSet =
+  res
+    "AttachCustomerManagedPolicyReferenceToPermissionSetResponse"
+    "fixture/AttachCustomerManagedPolicyReferenceToPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AttachCustomerManagedPolicyReferenceToPermissionSet)
+
+responseAttachManagedPolicyToPermissionSet :: AttachManagedPolicyToPermissionSetResponse -> TestTree
+responseAttachManagedPolicyToPermissionSet =
+  res
+    "AttachManagedPolicyToPermissionSetResponse"
+    "fixture/AttachManagedPolicyToPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AttachManagedPolicyToPermissionSet)
+
+responseCreateAccountAssignment :: CreateAccountAssignmentResponse -> TestTree
+responseCreateAccountAssignment =
+  res
+    "CreateAccountAssignmentResponse"
+    "fixture/CreateAccountAssignmentResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateAccountAssignment)
+
+responseCreateInstanceAccessControlAttributeConfiguration :: CreateInstanceAccessControlAttributeConfigurationResponse -> TestTree
+responseCreateInstanceAccessControlAttributeConfiguration =
+  res
+    "CreateInstanceAccessControlAttributeConfigurationResponse"
+    "fixture/CreateInstanceAccessControlAttributeConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateInstanceAccessControlAttributeConfiguration)
+
+responseCreatePermissionSet :: CreatePermissionSetResponse -> TestTree
+responseCreatePermissionSet =
+  res
+    "CreatePermissionSetResponse"
+    "fixture/CreatePermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreatePermissionSet)
+
+responseDeleteAccountAssignment :: DeleteAccountAssignmentResponse -> TestTree
+responseDeleteAccountAssignment =
+  res
+    "DeleteAccountAssignmentResponse"
+    "fixture/DeleteAccountAssignmentResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteAccountAssignment)
+
+responseDeleteInlinePolicyFromPermissionSet :: DeleteInlinePolicyFromPermissionSetResponse -> TestTree
+responseDeleteInlinePolicyFromPermissionSet =
+  res
+    "DeleteInlinePolicyFromPermissionSetResponse"
+    "fixture/DeleteInlinePolicyFromPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteInlinePolicyFromPermissionSet)
+
+responseDeleteInstanceAccessControlAttributeConfiguration :: DeleteInstanceAccessControlAttributeConfigurationResponse -> TestTree
+responseDeleteInstanceAccessControlAttributeConfiguration =
+  res
+    "DeleteInstanceAccessControlAttributeConfigurationResponse"
+    "fixture/DeleteInstanceAccessControlAttributeConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteInstanceAccessControlAttributeConfiguration)
+
+responseDeletePermissionSet :: DeletePermissionSetResponse -> TestTree
+responseDeletePermissionSet =
+  res
+    "DeletePermissionSetResponse"
+    "fixture/DeletePermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeletePermissionSet)
+
+responseDeletePermissionsBoundaryFromPermissionSet :: DeletePermissionsBoundaryFromPermissionSetResponse -> TestTree
+responseDeletePermissionsBoundaryFromPermissionSet =
+  res
+    "DeletePermissionsBoundaryFromPermissionSetResponse"
+    "fixture/DeletePermissionsBoundaryFromPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeletePermissionsBoundaryFromPermissionSet)
+
+responseDescribeAccountAssignmentCreationStatus :: DescribeAccountAssignmentCreationStatusResponse -> TestTree
+responseDescribeAccountAssignmentCreationStatus =
+  res
+    "DescribeAccountAssignmentCreationStatusResponse"
+    "fixture/DescribeAccountAssignmentCreationStatusResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeAccountAssignmentCreationStatus)
+
+responseDescribeAccountAssignmentDeletionStatus :: DescribeAccountAssignmentDeletionStatusResponse -> TestTree
+responseDescribeAccountAssignmentDeletionStatus =
+  res
+    "DescribeAccountAssignmentDeletionStatusResponse"
+    "fixture/DescribeAccountAssignmentDeletionStatusResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeAccountAssignmentDeletionStatus)
+
+responseDescribeInstanceAccessControlAttributeConfiguration :: DescribeInstanceAccessControlAttributeConfigurationResponse -> TestTree
+responseDescribeInstanceAccessControlAttributeConfiguration =
+  res
+    "DescribeInstanceAccessControlAttributeConfigurationResponse"
+    "fixture/DescribeInstanceAccessControlAttributeConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeInstanceAccessControlAttributeConfiguration)
+
+responseDescribePermissionSet :: DescribePermissionSetResponse -> TestTree
+responseDescribePermissionSet =
+  res
+    "DescribePermissionSetResponse"
+    "fixture/DescribePermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribePermissionSet)
+
+responseDescribePermissionSetProvisioningStatus :: DescribePermissionSetProvisioningStatusResponse -> TestTree
+responseDescribePermissionSetProvisioningStatus =
+  res
+    "DescribePermissionSetProvisioningStatusResponse"
+    "fixture/DescribePermissionSetProvisioningStatusResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribePermissionSetProvisioningStatus)
+
+responseDetachCustomerManagedPolicyReferenceFromPermissionSet :: DetachCustomerManagedPolicyReferenceFromPermissionSetResponse -> TestTree
+responseDetachCustomerManagedPolicyReferenceFromPermissionSet =
+  res
+    "DetachCustomerManagedPolicyReferenceFromPermissionSetResponse"
+    "fixture/DetachCustomerManagedPolicyReferenceFromPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DetachCustomerManagedPolicyReferenceFromPermissionSet)
+
+responseDetachManagedPolicyFromPermissionSet :: DetachManagedPolicyFromPermissionSetResponse -> TestTree
+responseDetachManagedPolicyFromPermissionSet =
+  res
+    "DetachManagedPolicyFromPermissionSetResponse"
+    "fixture/DetachManagedPolicyFromPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DetachManagedPolicyFromPermissionSet)
+
+responseGetInlinePolicyForPermissionSet :: GetInlinePolicyForPermissionSetResponse -> TestTree
+responseGetInlinePolicyForPermissionSet =
+  res
+    "GetInlinePolicyForPermissionSetResponse"
+    "fixture/GetInlinePolicyForPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetInlinePolicyForPermissionSet)
+
+responseGetPermissionsBoundaryForPermissionSet :: GetPermissionsBoundaryForPermissionSetResponse -> TestTree
+responseGetPermissionsBoundaryForPermissionSet =
+  res
+    "GetPermissionsBoundaryForPermissionSetResponse"
+    "fixture/GetPermissionsBoundaryForPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetPermissionsBoundaryForPermissionSet)
+
+responseListAccountAssignmentCreationStatus :: ListAccountAssignmentCreationStatusResponse -> TestTree
+responseListAccountAssignmentCreationStatus =
+  res
+    "ListAccountAssignmentCreationStatusResponse"
+    "fixture/ListAccountAssignmentCreationStatusResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccountAssignmentCreationStatus)
+
+responseListAccountAssignmentDeletionStatus :: ListAccountAssignmentDeletionStatusResponse -> TestTree
+responseListAccountAssignmentDeletionStatus =
+  res
+    "ListAccountAssignmentDeletionStatusResponse"
+    "fixture/ListAccountAssignmentDeletionStatusResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccountAssignmentDeletionStatus)
+
+responseListAccountAssignments :: ListAccountAssignmentsResponse -> TestTree
+responseListAccountAssignments =
+  res
+    "ListAccountAssignmentsResponse"
+    "fixture/ListAccountAssignmentsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccountAssignments)
+
+responseListAccountsForProvisionedPermissionSet :: ListAccountsForProvisionedPermissionSetResponse -> TestTree
+responseListAccountsForProvisionedPermissionSet =
+  res
+    "ListAccountsForProvisionedPermissionSetResponse"
+    "fixture/ListAccountsForProvisionedPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccountsForProvisionedPermissionSet)
+
+responseListCustomerManagedPolicyReferencesInPermissionSet :: ListCustomerManagedPolicyReferencesInPermissionSetResponse -> TestTree
+responseListCustomerManagedPolicyReferencesInPermissionSet =
+  res
+    "ListCustomerManagedPolicyReferencesInPermissionSetResponse"
+    "fixture/ListCustomerManagedPolicyReferencesInPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListCustomerManagedPolicyReferencesInPermissionSet)
+
+responseListInstances :: ListInstancesResponse -> TestTree
+responseListInstances =
+  res
+    "ListInstancesResponse"
+    "fixture/ListInstancesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListInstances)
+
+responseListManagedPoliciesInPermissionSet :: ListManagedPoliciesInPermissionSetResponse -> TestTree
+responseListManagedPoliciesInPermissionSet =
+  res
+    "ListManagedPoliciesInPermissionSetResponse"
+    "fixture/ListManagedPoliciesInPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListManagedPoliciesInPermissionSet)
+
+responseListPermissionSetProvisioningStatus :: ListPermissionSetProvisioningStatusResponse -> TestTree
+responseListPermissionSetProvisioningStatus =
+  res
+    "ListPermissionSetProvisioningStatusResponse"
+    "fixture/ListPermissionSetProvisioningStatusResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListPermissionSetProvisioningStatus)
+
+responseListPermissionSets :: ListPermissionSetsResponse -> TestTree
+responseListPermissionSets =
+  res
+    "ListPermissionSetsResponse"
+    "fixture/ListPermissionSetsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListPermissionSets)
+
+responseListPermissionSetsProvisionedToAccount :: ListPermissionSetsProvisionedToAccountResponse -> TestTree
+responseListPermissionSetsProvisionedToAccount =
+  res
+    "ListPermissionSetsProvisionedToAccountResponse"
+    "fixture/ListPermissionSetsProvisionedToAccountResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListPermissionSetsProvisionedToAccount)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseProvisionPermissionSet :: ProvisionPermissionSetResponse -> TestTree
+responseProvisionPermissionSet =
+  res
+    "ProvisionPermissionSetResponse"
+    "fixture/ProvisionPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ProvisionPermissionSet)
+
+responsePutInlinePolicyToPermissionSet :: PutInlinePolicyToPermissionSetResponse -> TestTree
+responsePutInlinePolicyToPermissionSet =
+  res
+    "PutInlinePolicyToPermissionSetResponse"
+    "fixture/PutInlinePolicyToPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutInlinePolicyToPermissionSet)
+
+responsePutPermissionsBoundaryToPermissionSet :: PutPermissionsBoundaryToPermissionSetResponse -> TestTree
+responsePutPermissionsBoundaryToPermissionSet =
+  res
+    "PutPermissionsBoundaryToPermissionSetResponse"
+    "fixture/PutPermissionsBoundaryToPermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutPermissionsBoundaryToPermissionSet)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateInstanceAccessControlAttributeConfiguration :: UpdateInstanceAccessControlAttributeConfigurationResponse -> TestTree
+responseUpdateInstanceAccessControlAttributeConfiguration =
+  res
+    "UpdateInstanceAccessControlAttributeConfigurationResponse"
+    "fixture/UpdateInstanceAccessControlAttributeConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateInstanceAccessControlAttributeConfiguration)
+
+responseUpdatePermissionSet :: UpdatePermissionSetResponse -> TestTree
+responseUpdatePermissionSet =
+  res
+    "UpdatePermissionSetResponse"
+    "fixture/UpdatePermissionSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdatePermissionSet)
diff --git a/test/Test/Amazonka/SSOAdmin.hs b/test/Test/Amazonka/SSOAdmin.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SSOAdmin.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.SSOAdmin
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SSOAdmin
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/SSOAdmin/Internal.hs b/test/Test/Amazonka/SSOAdmin/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SSOAdmin/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.SSOAdmin.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SSOAdmin.Internal where
