diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon Single Sign-On SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-sso)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.SSO](http://hackage.haskell.org/package/amazonka-sso/docs/Amazonka-SSO.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-sso` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-sso.cabal b/amazonka-sso.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-sso.cabal
@@ -0,0 +1,90 @@
+cabal-version:      2.2
+name:               amazonka-sso
+version:            2.0
+synopsis:           Amazon Single Sign-On SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.SSO.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.SSO" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-sso
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.SSO
+    Amazonka.SSO.GetRoleCredentials
+    Amazonka.SSO.Lens
+    Amazonka.SSO.ListAccountRoles
+    Amazonka.SSO.ListAccounts
+    Amazonka.SSO.Logout
+    Amazonka.SSO.Types
+    Amazonka.SSO.Types.AccountInfo
+    Amazonka.SSO.Types.RoleCredentials
+    Amazonka.SSO.Types.RoleInfo
+    Amazonka.SSO.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-sso-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.SSO
+    Test.Amazonka.SSO
+    Test.Amazonka.SSO.Internal
+
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-sso
+    , amazonka-test         >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/GetRoleCredentials.yaml b/fixture/GetRoleCredentials.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetRoleCredentials.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/portal.sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  portal.sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetRoleCredentialsResponse.proto b/fixture/GetRoleCredentialsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetRoleCredentialsResponse.proto
diff --git a/fixture/ListAccountRoles.yaml b/fixture/ListAccountRoles.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountRoles.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/portal.sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  portal.sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccountRolesResponse.proto b/fixture/ListAccountRolesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountRolesResponse.proto
diff --git a/fixture/ListAccounts.yaml b/fixture/ListAccounts.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccounts.yaml
@@ -0,0 +1,10 @@
+---
+method: GET
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/portal.sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  portal.sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAccountsResponse.proto b/fixture/ListAccountsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAccountsResponse.proto
diff --git a/fixture/Logout.yaml b/fixture/Logout.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/Logout.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/portal.sso/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  portal.sso.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/LogoutResponse.proto b/fixture/LogoutResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/LogoutResponse.proto
diff --git a/gen/Amazonka/SSO.hs b/gen/Amazonka/SSO.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO.hs
@@ -0,0 +1,133 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.SSO
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2019-06-10@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- AWS IAM Identity Center (successor to AWS Single Sign-On) Portal is a
+-- web service that makes it easy for you to assign user access to IAM
+-- Identity Center resources such as the AWS access portal. Users can get
+-- AWS account applications and roles assigned to them and get federated
+-- into the application.
+--
+-- Although AWS Single Sign-On was renamed, the @sso@ and @identitystore@
+-- API namespaces will continue to retain their original name for backward
+-- compatibility purposes. For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed IAM Identity Center rename>.
+--
+-- This reference guide describes the IAM Identity Center Portal operations
+-- that you can call programatically and includes detailed information on
+-- data types and errors.
+--
+-- AWS provides SDKs that consist of libraries and sample code for various
+-- programming languages and platforms, such as Java, Ruby, .Net, iOS, or
+-- Android. The SDKs provide a convenient way to create programmatic access
+-- to IAM Identity Center and other AWS services. For more information
+-- about the AWS SDKs, including how to download and install them, see
+-- <http://aws.amazon.com/tools/ Tools for Amazon Web Services>.
+module Amazonka.SSO
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** InvalidRequestException
+    _InvalidRequestException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- ** TooManyRequestsException
+    _TooManyRequestsException,
+
+    -- ** UnauthorizedException
+    _UnauthorizedException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** GetRoleCredentials
+    GetRoleCredentials (GetRoleCredentials'),
+    newGetRoleCredentials,
+    GetRoleCredentialsResponse (GetRoleCredentialsResponse'),
+    newGetRoleCredentialsResponse,
+
+    -- ** ListAccountRoles (Paginated)
+    ListAccountRoles (ListAccountRoles'),
+    newListAccountRoles,
+    ListAccountRolesResponse (ListAccountRolesResponse'),
+    newListAccountRolesResponse,
+
+    -- ** ListAccounts (Paginated)
+    ListAccounts (ListAccounts'),
+    newListAccounts,
+    ListAccountsResponse (ListAccountsResponse'),
+    newListAccountsResponse,
+
+    -- ** Logout
+    Logout (Logout'),
+    newLogout,
+    LogoutResponse (LogoutResponse'),
+    newLogoutResponse,
+
+    -- * Types
+
+    -- ** AccountInfo
+    AccountInfo (AccountInfo'),
+    newAccountInfo,
+
+    -- ** RoleCredentials
+    RoleCredentials (RoleCredentials'),
+    newRoleCredentials,
+
+    -- ** RoleInfo
+    RoleInfo (RoleInfo'),
+    newRoleInfo,
+  )
+where
+
+import Amazonka.SSO.GetRoleCredentials
+import Amazonka.SSO.Lens
+import Amazonka.SSO.ListAccountRoles
+import Amazonka.SSO.ListAccounts
+import Amazonka.SSO.Logout
+import Amazonka.SSO.Types
+import Amazonka.SSO.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'SSO'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/SSO/GetRoleCredentials.hs b/gen/Amazonka/SSO/GetRoleCredentials.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/GetRoleCredentials.hs
@@ -0,0 +1,207 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.GetRoleCredentials
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the STS short-term credentials for a given role name that is
+-- assigned to the user.
+module Amazonka.SSO.GetRoleCredentials
+  ( -- * Creating a Request
+    GetRoleCredentials (..),
+    newGetRoleCredentials,
+
+    -- * Request Lenses
+    getRoleCredentials_roleName,
+    getRoleCredentials_accountId,
+    getRoleCredentials_accessToken,
+
+    -- * Destructuring the Response
+    GetRoleCredentialsResponse (..),
+    newGetRoleCredentialsResponse,
+
+    -- * Response Lenses
+    getRoleCredentialsResponse_httpStatus,
+    getRoleCredentialsResponse_roleCredentials,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSO.Types
+
+-- | /See:/ 'newGetRoleCredentials' smart constructor.
+data GetRoleCredentials = GetRoleCredentials'
+  { -- | The friendly name of the role that is assigned to the user.
+    roleName :: Prelude.Text,
+    -- | The identifier for the AWS account that is assigned to the user.
+    accountId :: Prelude.Text,
+    -- | The token issued by the @CreateToken@ API call. For more information,
+    -- see
+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+    -- in the /IAM Identity Center OIDC API Reference Guide/.
+    accessToken :: Data.Sensitive Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRoleCredentials' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'roleName', 'getRoleCredentials_roleName' - The friendly name of the role that is assigned to the user.
+--
+-- 'accountId', 'getRoleCredentials_accountId' - The identifier for the AWS account that is assigned to the user.
+--
+-- 'accessToken', 'getRoleCredentials_accessToken' - The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+newGetRoleCredentials ::
+  -- | 'roleName'
+  Prelude.Text ->
+  -- | 'accountId'
+  Prelude.Text ->
+  -- | 'accessToken'
+  Prelude.Text ->
+  GetRoleCredentials
+newGetRoleCredentials
+  pRoleName_
+  pAccountId_
+  pAccessToken_ =
+    GetRoleCredentials'
+      { roleName = pRoleName_,
+        accountId = pAccountId_,
+        accessToken = Data._Sensitive Lens.# pAccessToken_
+      }
+
+-- | The friendly name of the role that is assigned to the user.
+getRoleCredentials_roleName :: Lens.Lens' GetRoleCredentials Prelude.Text
+getRoleCredentials_roleName = Lens.lens (\GetRoleCredentials' {roleName} -> roleName) (\s@GetRoleCredentials' {} a -> s {roleName = a} :: GetRoleCredentials)
+
+-- | The identifier for the AWS account that is assigned to the user.
+getRoleCredentials_accountId :: Lens.Lens' GetRoleCredentials Prelude.Text
+getRoleCredentials_accountId = Lens.lens (\GetRoleCredentials' {accountId} -> accountId) (\s@GetRoleCredentials' {} a -> s {accountId = a} :: GetRoleCredentials)
+
+-- | The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+getRoleCredentials_accessToken :: Lens.Lens' GetRoleCredentials Prelude.Text
+getRoleCredentials_accessToken = Lens.lens (\GetRoleCredentials' {accessToken} -> accessToken) (\s@GetRoleCredentials' {} a -> s {accessToken = a} :: GetRoleCredentials) Prelude.. Data._Sensitive
+
+instance Core.AWSRequest GetRoleCredentials where
+  type
+    AWSResponse GetRoleCredentials =
+      GetRoleCredentialsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetRoleCredentialsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "roleCredentials")
+      )
+
+instance Prelude.Hashable GetRoleCredentials where
+  hashWithSalt _salt GetRoleCredentials' {..} =
+    _salt
+      `Prelude.hashWithSalt` roleName
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` accessToken
+
+instance Prelude.NFData GetRoleCredentials where
+  rnf GetRoleCredentials' {..} =
+    Prelude.rnf roleName
+      `Prelude.seq` Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf accessToken
+
+instance Data.ToHeaders GetRoleCredentials where
+  toHeaders GetRoleCredentials' {..} =
+    Prelude.mconcat
+      [ "x-amz-sso_bearer_token" Data.=# accessToken,
+        "Content-Type"
+          Data.=# ("application/x-amz-json-1.1" :: Prelude.ByteString)
+      ]
+
+instance Data.ToPath GetRoleCredentials where
+  toPath = Prelude.const "/federation/credentials"
+
+instance Data.ToQuery GetRoleCredentials where
+  toQuery GetRoleCredentials' {..} =
+    Prelude.mconcat
+      [ "role_name" Data.=: roleName,
+        "account_id" Data.=: accountId
+      ]
+
+-- | /See:/ 'newGetRoleCredentialsResponse' smart constructor.
+data GetRoleCredentialsResponse = GetRoleCredentialsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The credentials for the role that is assigned to the user.
+    roleCredentials :: RoleCredentials
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRoleCredentialsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getRoleCredentialsResponse_httpStatus' - The response's http status code.
+--
+-- 'roleCredentials', 'getRoleCredentialsResponse_roleCredentials' - The credentials for the role that is assigned to the user.
+newGetRoleCredentialsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'roleCredentials'
+  RoleCredentials ->
+  GetRoleCredentialsResponse
+newGetRoleCredentialsResponse
+  pHttpStatus_
+  pRoleCredentials_ =
+    GetRoleCredentialsResponse'
+      { httpStatus =
+          pHttpStatus_,
+        roleCredentials = pRoleCredentials_
+      }
+
+-- | The response's http status code.
+getRoleCredentialsResponse_httpStatus :: Lens.Lens' GetRoleCredentialsResponse Prelude.Int
+getRoleCredentialsResponse_httpStatus = Lens.lens (\GetRoleCredentialsResponse' {httpStatus} -> httpStatus) (\s@GetRoleCredentialsResponse' {} a -> s {httpStatus = a} :: GetRoleCredentialsResponse)
+
+-- | The credentials for the role that is assigned to the user.
+getRoleCredentialsResponse_roleCredentials :: Lens.Lens' GetRoleCredentialsResponse RoleCredentials
+getRoleCredentialsResponse_roleCredentials = Lens.lens (\GetRoleCredentialsResponse' {roleCredentials} -> roleCredentials) (\s@GetRoleCredentialsResponse' {} a -> s {roleCredentials = a} :: GetRoleCredentialsResponse)
+
+instance Prelude.NFData GetRoleCredentialsResponse where
+  rnf GetRoleCredentialsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf roleCredentials
diff --git a/gen/Amazonka/SSO/Lens.hs b/gen/Amazonka/SSO/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/Lens.hs
@@ -0,0 +1,69 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSO.Lens
+  ( -- * Operations
+
+    -- ** GetRoleCredentials
+    getRoleCredentials_roleName,
+    getRoleCredentials_accountId,
+    getRoleCredentials_accessToken,
+    getRoleCredentialsResponse_httpStatus,
+    getRoleCredentialsResponse_roleCredentials,
+
+    -- ** ListAccountRoles
+    listAccountRoles_maxResults,
+    listAccountRoles_nextToken,
+    listAccountRoles_accessToken,
+    listAccountRoles_accountId,
+    listAccountRolesResponse_nextToken,
+    listAccountRolesResponse_roleList,
+    listAccountRolesResponse_httpStatus,
+
+    -- ** ListAccounts
+    listAccounts_maxResults,
+    listAccounts_nextToken,
+    listAccounts_accessToken,
+    listAccountsResponse_accountList,
+    listAccountsResponse_nextToken,
+    listAccountsResponse_httpStatus,
+
+    -- ** Logout
+    logout_accessToken,
+
+    -- * Types
+
+    -- ** AccountInfo
+    accountInfo_accountId,
+    accountInfo_accountName,
+    accountInfo_emailAddress,
+
+    -- ** RoleCredentials
+    roleCredentials_expiration,
+    roleCredentials_sessionToken,
+    roleCredentials_accessKeyId,
+    roleCredentials_secretAccessKey,
+
+    -- ** RoleInfo
+    roleInfo_accountId,
+    roleInfo_roleName,
+  )
+where
+
+import Amazonka.SSO.GetRoleCredentials
+import Amazonka.SSO.ListAccountRoles
+import Amazonka.SSO.ListAccounts
+import Amazonka.SSO.Logout
+import Amazonka.SSO.Types.AccountInfo
+import Amazonka.SSO.Types.RoleCredentials
+import Amazonka.SSO.Types.RoleInfo
diff --git a/gen/Amazonka/SSO/ListAccountRoles.hs b/gen/Amazonka/SSO/ListAccountRoles.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/ListAccountRoles.hs
@@ -0,0 +1,252 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.ListAccountRoles
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all roles that are assigned to the user for a given AWS account.
+--
+-- This operation returns paginated results.
+module Amazonka.SSO.ListAccountRoles
+  ( -- * Creating a Request
+    ListAccountRoles (..),
+    newListAccountRoles,
+
+    -- * Request Lenses
+    listAccountRoles_maxResults,
+    listAccountRoles_nextToken,
+    listAccountRoles_accessToken,
+    listAccountRoles_accountId,
+
+    -- * Destructuring the Response
+    ListAccountRolesResponse (..),
+    newListAccountRolesResponse,
+
+    -- * Response Lenses
+    listAccountRolesResponse_nextToken,
+    listAccountRolesResponse_roleList,
+    listAccountRolesResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSO.Types
+
+-- | /See:/ 'newListAccountRoles' smart constructor.
+data ListAccountRoles = ListAccountRoles'
+  { -- | The number of items that clients can request per page.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | The page token from the previous response output when you request
+    -- subsequent pages.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The token issued by the @CreateToken@ API call. For more information,
+    -- see
+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+    -- in the /IAM Identity Center OIDC API Reference Guide/.
+    accessToken :: Data.Sensitive Prelude.Text,
+    -- | The identifier for the AWS account that is assigned to the user.
+    accountId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountRoles' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listAccountRoles_maxResults' - The number of items that clients can request per page.
+--
+-- 'nextToken', 'listAccountRoles_nextToken' - The page token from the previous response output when you request
+-- subsequent pages.
+--
+-- 'accessToken', 'listAccountRoles_accessToken' - The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+--
+-- 'accountId', 'listAccountRoles_accountId' - The identifier for the AWS account that is assigned to the user.
+newListAccountRoles ::
+  -- | 'accessToken'
+  Prelude.Text ->
+  -- | 'accountId'
+  Prelude.Text ->
+  ListAccountRoles
+newListAccountRoles pAccessToken_ pAccountId_ =
+  ListAccountRoles'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      accessToken = Data._Sensitive Lens.# pAccessToken_,
+      accountId = pAccountId_
+    }
+
+-- | The number of items that clients can request per page.
+listAccountRoles_maxResults :: Lens.Lens' ListAccountRoles (Prelude.Maybe Prelude.Natural)
+listAccountRoles_maxResults = Lens.lens (\ListAccountRoles' {maxResults} -> maxResults) (\s@ListAccountRoles' {} a -> s {maxResults = a} :: ListAccountRoles)
+
+-- | The page token from the previous response output when you request
+-- subsequent pages.
+listAccountRoles_nextToken :: Lens.Lens' ListAccountRoles (Prelude.Maybe Prelude.Text)
+listAccountRoles_nextToken = Lens.lens (\ListAccountRoles' {nextToken} -> nextToken) (\s@ListAccountRoles' {} a -> s {nextToken = a} :: ListAccountRoles)
+
+-- | The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+listAccountRoles_accessToken :: Lens.Lens' ListAccountRoles Prelude.Text
+listAccountRoles_accessToken = Lens.lens (\ListAccountRoles' {accessToken} -> accessToken) (\s@ListAccountRoles' {} a -> s {accessToken = a} :: ListAccountRoles) Prelude.. Data._Sensitive
+
+-- | The identifier for the AWS account that is assigned to the user.
+listAccountRoles_accountId :: Lens.Lens' ListAccountRoles Prelude.Text
+listAccountRoles_accountId = Lens.lens (\ListAccountRoles' {accountId} -> accountId) (\s@ListAccountRoles' {} a -> s {accountId = a} :: ListAccountRoles)
+
+instance Core.AWSPager ListAccountRoles where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccountRolesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listAccountRolesResponse_roleList
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccountRoles_nextToken
+          Lens..~ rs
+          Lens.^? listAccountRolesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAccountRoles where
+  type
+    AWSResponse ListAccountRoles =
+      ListAccountRolesResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccountRolesResponse'
+            Prelude.<$> (x Data..?> "nextToken")
+            Prelude.<*> (x Data..?> "roleList" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListAccountRoles where
+  hashWithSalt _salt ListAccountRoles' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` accessToken
+      `Prelude.hashWithSalt` accountId
+
+instance Prelude.NFData ListAccountRoles where
+  rnf ListAccountRoles' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf accessToken
+      `Prelude.seq` Prelude.rnf accountId
+
+instance Data.ToHeaders ListAccountRoles where
+  toHeaders ListAccountRoles' {..} =
+    Prelude.mconcat
+      [ "x-amz-sso_bearer_token" Data.=# accessToken,
+        "Content-Type"
+          Data.=# ("application/x-amz-json-1.1" :: Prelude.ByteString)
+      ]
+
+instance Data.ToPath ListAccountRoles where
+  toPath = Prelude.const "/assignment/roles"
+
+instance Data.ToQuery ListAccountRoles where
+  toQuery ListAccountRoles' {..} =
+    Prelude.mconcat
+      [ "max_result" Data.=: maxResults,
+        "next_token" Data.=: nextToken,
+        "account_id" Data.=: accountId
+      ]
+
+-- | /See:/ 'newListAccountRolesResponse' smart constructor.
+data ListAccountRolesResponse = ListAccountRolesResponse'
+  { -- | The page token client that is used to retrieve the list of accounts.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A paginated response with the list of roles and the next token if more
+    -- results are available.
+    roleList :: Prelude.Maybe [RoleInfo],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountRolesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listAccountRolesResponse_nextToken' - The page token client that is used to retrieve the list of accounts.
+--
+-- 'roleList', 'listAccountRolesResponse_roleList' - A paginated response with the list of roles and the next token if more
+-- results are available.
+--
+-- 'httpStatus', 'listAccountRolesResponse_httpStatus' - The response's http status code.
+newListAccountRolesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccountRolesResponse
+newListAccountRolesResponse pHttpStatus_ =
+  ListAccountRolesResponse'
+    { nextToken =
+        Prelude.Nothing,
+      roleList = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The page token client that is used to retrieve the list of accounts.
+listAccountRolesResponse_nextToken :: Lens.Lens' ListAccountRolesResponse (Prelude.Maybe Prelude.Text)
+listAccountRolesResponse_nextToken = Lens.lens (\ListAccountRolesResponse' {nextToken} -> nextToken) (\s@ListAccountRolesResponse' {} a -> s {nextToken = a} :: ListAccountRolesResponse)
+
+-- | A paginated response with the list of roles and the next token if more
+-- results are available.
+listAccountRolesResponse_roleList :: Lens.Lens' ListAccountRolesResponse (Prelude.Maybe [RoleInfo])
+listAccountRolesResponse_roleList = Lens.lens (\ListAccountRolesResponse' {roleList} -> roleList) (\s@ListAccountRolesResponse' {} a -> s {roleList = a} :: ListAccountRolesResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listAccountRolesResponse_httpStatus :: Lens.Lens' ListAccountRolesResponse Prelude.Int
+listAccountRolesResponse_httpStatus = Lens.lens (\ListAccountRolesResponse' {httpStatus} -> httpStatus) (\s@ListAccountRolesResponse' {} a -> s {httpStatus = a} :: ListAccountRolesResponse)
+
+instance Prelude.NFData ListAccountRolesResponse where
+  rnf ListAccountRolesResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf roleList
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSO/ListAccounts.hs b/gen/Amazonka/SSO/ListAccounts.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/ListAccounts.hs
@@ -0,0 +1,239 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.ListAccounts
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all AWS accounts assigned to the user. These AWS accounts are
+-- assigned by the administrator of the account. For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers Assign User Access>
+-- in the /IAM Identity Center User Guide/. This operation returns a
+-- paginated response.
+--
+-- This operation returns paginated results.
+module Amazonka.SSO.ListAccounts
+  ( -- * Creating a Request
+    ListAccounts (..),
+    newListAccounts,
+
+    -- * Request Lenses
+    listAccounts_maxResults,
+    listAccounts_nextToken,
+    listAccounts_accessToken,
+
+    -- * Destructuring the Response
+    ListAccountsResponse (..),
+    newListAccountsResponse,
+
+    -- * Response Lenses
+    listAccountsResponse_accountList,
+    listAccountsResponse_nextToken,
+    listAccountsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSO.Types
+
+-- | /See:/ 'newListAccounts' smart constructor.
+data ListAccounts = ListAccounts'
+  { -- | This is the number of items clients can request per page.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | (Optional) When requesting subsequent pages, this is the page token from
+    -- the previous response output.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The token issued by the @CreateToken@ API call. For more information,
+    -- see
+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+    -- in the /IAM Identity Center OIDC API Reference Guide/.
+    accessToken :: Data.Sensitive Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccounts' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listAccounts_maxResults' - This is the number of items clients can request per page.
+--
+-- 'nextToken', 'listAccounts_nextToken' - (Optional) When requesting subsequent pages, this is the page token from
+-- the previous response output.
+--
+-- 'accessToken', 'listAccounts_accessToken' - The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+newListAccounts ::
+  -- | 'accessToken'
+  Prelude.Text ->
+  ListAccounts
+newListAccounts pAccessToken_ =
+  ListAccounts'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      accessToken = Data._Sensitive Lens.# pAccessToken_
+    }
+
+-- | This is the number of items clients can request per page.
+listAccounts_maxResults :: Lens.Lens' ListAccounts (Prelude.Maybe Prelude.Natural)
+listAccounts_maxResults = Lens.lens (\ListAccounts' {maxResults} -> maxResults) (\s@ListAccounts' {} a -> s {maxResults = a} :: ListAccounts)
+
+-- | (Optional) When requesting subsequent pages, this is the page token from
+-- the previous response output.
+listAccounts_nextToken :: Lens.Lens' ListAccounts (Prelude.Maybe Prelude.Text)
+listAccounts_nextToken = Lens.lens (\ListAccounts' {nextToken} -> nextToken) (\s@ListAccounts' {} a -> s {nextToken = a} :: ListAccounts)
+
+-- | The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+listAccounts_accessToken :: Lens.Lens' ListAccounts Prelude.Text
+listAccounts_accessToken = Lens.lens (\ListAccounts' {accessToken} -> accessToken) (\s@ListAccounts' {} a -> s {accessToken = a} :: ListAccounts) Prelude.. Data._Sensitive
+
+instance Core.AWSPager ListAccounts where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAccountsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listAccountsResponse_accountList
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAccounts_nextToken
+          Lens..~ rs
+          Lens.^? listAccountsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAccounts where
+  type AWSResponse ListAccounts = ListAccountsResponse
+  request overrides =
+    Request.get (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAccountsResponse'
+            Prelude.<$> (x Data..?> "accountList" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "nextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListAccounts where
+  hashWithSalt _salt ListAccounts' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` accessToken
+
+instance Prelude.NFData ListAccounts where
+  rnf ListAccounts' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf accessToken
+
+instance Data.ToHeaders ListAccounts where
+  toHeaders ListAccounts' {..} =
+    Prelude.mconcat
+      [ "x-amz-sso_bearer_token" Data.=# accessToken,
+        "Content-Type"
+          Data.=# ("application/x-amz-json-1.1" :: Prelude.ByteString)
+      ]
+
+instance Data.ToPath ListAccounts where
+  toPath = Prelude.const "/assignment/accounts"
+
+instance Data.ToQuery ListAccounts where
+  toQuery ListAccounts' {..} =
+    Prelude.mconcat
+      [ "max_result" Data.=: maxResults,
+        "next_token" Data.=: nextToken
+      ]
+
+-- | /See:/ 'newListAccountsResponse' smart constructor.
+data ListAccountsResponse = ListAccountsResponse'
+  { -- | A paginated response with the list of account information and the next
+    -- token if more results are available.
+    accountList :: Prelude.Maybe [AccountInfo],
+    -- | The page token client that is used to retrieve the list of accounts.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAccountsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountList', 'listAccountsResponse_accountList' - A paginated response with the list of account information and the next
+-- token if more results are available.
+--
+-- 'nextToken', 'listAccountsResponse_nextToken' - The page token client that is used to retrieve the list of accounts.
+--
+-- 'httpStatus', 'listAccountsResponse_httpStatus' - The response's http status code.
+newListAccountsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAccountsResponse
+newListAccountsResponse pHttpStatus_ =
+  ListAccountsResponse'
+    { accountList =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A paginated response with the list of account information and the next
+-- token if more results are available.
+listAccountsResponse_accountList :: Lens.Lens' ListAccountsResponse (Prelude.Maybe [AccountInfo])
+listAccountsResponse_accountList = Lens.lens (\ListAccountsResponse' {accountList} -> accountList) (\s@ListAccountsResponse' {} a -> s {accountList = a} :: ListAccountsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The page token client that is used to retrieve the list of accounts.
+listAccountsResponse_nextToken :: Lens.Lens' ListAccountsResponse (Prelude.Maybe Prelude.Text)
+listAccountsResponse_nextToken = Lens.lens (\ListAccountsResponse' {nextToken} -> nextToken) (\s@ListAccountsResponse' {} a -> s {nextToken = a} :: ListAccountsResponse)
+
+-- | The response's http status code.
+listAccountsResponse_httpStatus :: Lens.Lens' ListAccountsResponse Prelude.Int
+listAccountsResponse_httpStatus = Lens.lens (\ListAccountsResponse' {httpStatus} -> httpStatus) (\s@ListAccountsResponse' {} a -> s {httpStatus = a} :: ListAccountsResponse)
+
+instance Prelude.NFData ListAccountsResponse where
+  rnf ListAccountsResponse' {..} =
+    Prelude.rnf accountList
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/SSO/Logout.hs b/gen/Amazonka/SSO/Logout.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/Logout.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.Logout
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes the locally stored SSO tokens from the client-side cache and
+-- sends an API call to the IAM Identity Center service to invalidate the
+-- corresponding server-side IAM Identity Center sign in session.
+--
+-- If a user uses IAM Identity Center to access the AWS CLI, the user’s IAM
+-- Identity Center sign in session is used to obtain an IAM session, as
+-- specified in the corresponding IAM Identity Center permission set. More
+-- specifically, IAM Identity Center assumes an IAM role in the target
+-- account on behalf of the user, and the corresponding temporary AWS
+-- credentials are returned to the client.
+--
+-- After user logout, any existing IAM role sessions that were created by
+-- using IAM Identity Center permission sets continue based on the duration
+-- configured in the permission set. For more information, see
+-- <https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html User authentications>
+-- in the /IAM Identity Center User Guide/.
+module Amazonka.SSO.Logout
+  ( -- * Creating a Request
+    Logout (..),
+    newLogout,
+
+    -- * Request Lenses
+    logout_accessToken,
+
+    -- * Destructuring the Response
+    LogoutResponse (..),
+    newLogoutResponse,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.SSO.Types
+
+-- | /See:/ 'newLogout' smart constructor.
+data Logout = Logout'
+  { -- | The token issued by the @CreateToken@ API call. For more information,
+    -- see
+    -- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+    -- in the /IAM Identity Center OIDC API Reference Guide/.
+    accessToken :: Data.Sensitive Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Logout' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accessToken', 'logout_accessToken' - The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+newLogout ::
+  -- | 'accessToken'
+  Prelude.Text ->
+  Logout
+newLogout pAccessToken_ =
+  Logout'
+    { accessToken =
+        Data._Sensitive Lens.# pAccessToken_
+    }
+
+-- | The token issued by the @CreateToken@ API call. For more information,
+-- see
+-- <https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html CreateToken>
+-- in the /IAM Identity Center OIDC API Reference Guide/.
+logout_accessToken :: Lens.Lens' Logout Prelude.Text
+logout_accessToken = Lens.lens (\Logout' {accessToken} -> accessToken) (\s@Logout' {} a -> s {accessToken = a} :: Logout) Prelude.. Data._Sensitive
+
+instance Core.AWSRequest Logout where
+  type AWSResponse Logout = LogoutResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response = Response.receiveNull LogoutResponse'
+
+instance Prelude.Hashable Logout where
+  hashWithSalt _salt Logout' {..} =
+    _salt `Prelude.hashWithSalt` accessToken
+
+instance Prelude.NFData Logout where
+  rnf Logout' {..} = Prelude.rnf accessToken
+
+instance Data.ToHeaders Logout where
+  toHeaders Logout' {..} =
+    Prelude.mconcat
+      [ "x-amz-sso_bearer_token" Data.=# accessToken,
+        "Content-Type"
+          Data.=# ("application/x-amz-json-1.1" :: Prelude.ByteString)
+      ]
+
+instance Data.ToJSON Logout where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath Logout where
+  toPath = Prelude.const "/logout"
+
+instance Data.ToQuery Logout where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newLogoutResponse' smart constructor.
+data LogoutResponse = LogoutResponse'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LogoutResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newLogoutResponse ::
+  LogoutResponse
+newLogoutResponse = LogoutResponse'
+
+instance Prelude.NFData LogoutResponse where
+  rnf _ = ()
diff --git a/gen/Amazonka/SSO/Types.hs b/gen/Amazonka/SSO/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/Types.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSO.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _InvalidRequestException,
+    _ResourceNotFoundException,
+    _TooManyRequestsException,
+    _UnauthorizedException,
+
+    -- * AccountInfo
+    AccountInfo (..),
+    newAccountInfo,
+    accountInfo_accountId,
+    accountInfo_accountName,
+    accountInfo_emailAddress,
+
+    -- * RoleCredentials
+    RoleCredentials (..),
+    newRoleCredentials,
+    roleCredentials_expiration,
+    roleCredentials_sessionToken,
+    roleCredentials_accessKeyId,
+    roleCredentials_secretAccessKey,
+
+    -- * RoleInfo
+    RoleInfo (..),
+    newRoleInfo,
+    roleInfo_accountId,
+    roleInfo_roleName,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSO.Types.AccountInfo
+import Amazonka.SSO.Types.RoleCredentials
+import Amazonka.SSO.Types.RoleInfo
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2019-06-10@ of the Amazon Single Sign-On SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "SSO",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "portal.sso",
+      Core.signingName = "awsssoportal",
+      Core.version = "2019-06-10",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "SSO",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | Indicates that a problem occurred with the input to the request. For
+-- example, a required parameter might be missing or out of range.
+_InvalidRequestException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidRequestException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidRequestException"
+    Prelude.. Core.hasStatus 400
+
+-- | The specified resource doesn\'t exist.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
+    Prelude.. Core.hasStatus 404
+
+-- | Indicates that the request is being made too frequently and is more than
+-- what the server can handle.
+_TooManyRequestsException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_TooManyRequestsException =
+  Core._MatchServiceError
+    defaultService
+    "TooManyRequestsException"
+    Prelude.. Core.hasStatus 429
+
+-- | Indicates that the request is not authorized. This can happen due to an
+-- invalid access token in the request.
+_UnauthorizedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_UnauthorizedException =
+  Core._MatchServiceError
+    defaultService
+    "UnauthorizedException"
+    Prelude.. Core.hasStatus 401
diff --git a/gen/Amazonka/SSO/Types/AccountInfo.hs b/gen/Amazonka/SSO/Types/AccountInfo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/Types/AccountInfo.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.Types.AccountInfo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSO.Types.AccountInfo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about your AWS account.
+--
+-- /See:/ 'newAccountInfo' smart constructor.
+data AccountInfo = AccountInfo'
+  { -- | The identifier of the AWS account that is assigned to the user.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The display name of the AWS account that is assigned to the user.
+    accountName :: Prelude.Maybe Prelude.Text,
+    -- | The email address of the AWS account that is assigned to the user.
+    emailAddress :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AccountInfo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'accountInfo_accountId' - The identifier of the AWS account that is assigned to the user.
+--
+-- 'accountName', 'accountInfo_accountName' - The display name of the AWS account that is assigned to the user.
+--
+-- 'emailAddress', 'accountInfo_emailAddress' - The email address of the AWS account that is assigned to the user.
+newAccountInfo ::
+  AccountInfo
+newAccountInfo =
+  AccountInfo'
+    { accountId = Prelude.Nothing,
+      accountName = Prelude.Nothing,
+      emailAddress = Prelude.Nothing
+    }
+
+-- | The identifier of the AWS account that is assigned to the user.
+accountInfo_accountId :: Lens.Lens' AccountInfo (Prelude.Maybe Prelude.Text)
+accountInfo_accountId = Lens.lens (\AccountInfo' {accountId} -> accountId) (\s@AccountInfo' {} a -> s {accountId = a} :: AccountInfo)
+
+-- | The display name of the AWS account that is assigned to the user.
+accountInfo_accountName :: Lens.Lens' AccountInfo (Prelude.Maybe Prelude.Text)
+accountInfo_accountName = Lens.lens (\AccountInfo' {accountName} -> accountName) (\s@AccountInfo' {} a -> s {accountName = a} :: AccountInfo)
+
+-- | The email address of the AWS account that is assigned to the user.
+accountInfo_emailAddress :: Lens.Lens' AccountInfo (Prelude.Maybe Prelude.Text)
+accountInfo_emailAddress = Lens.lens (\AccountInfo' {emailAddress} -> emailAddress) (\s@AccountInfo' {} a -> s {emailAddress = a} :: AccountInfo)
+
+instance Data.FromJSON AccountInfo where
+  parseJSON =
+    Data.withObject
+      "AccountInfo"
+      ( \x ->
+          AccountInfo'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "accountName")
+            Prelude.<*> (x Data..:? "emailAddress")
+      )
+
+instance Prelude.Hashable AccountInfo where
+  hashWithSalt _salt AccountInfo' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` accountName
+      `Prelude.hashWithSalt` emailAddress
+
+instance Prelude.NFData AccountInfo where
+  rnf AccountInfo' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf accountName
+      `Prelude.seq` Prelude.rnf emailAddress
diff --git a/gen/Amazonka/SSO/Types/RoleCredentials.hs b/gen/Amazonka/SSO/Types/RoleCredentials.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/Types/RoleCredentials.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.Types.RoleCredentials
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSO.Types.RoleCredentials where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the role credentials that are assigned to the
+-- user.
+--
+-- /See:/ 'newRoleCredentials' smart constructor.
+data RoleCredentials = RoleCredentials'
+  { -- | The date on which temporary security credentials expire.
+    expiration :: Prelude.Maybe Prelude.Integer,
+    -- | The token used for temporary credentials. For more information, see
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+    -- in the /AWS IAM User Guide/.
+    sessionToken :: Prelude.Maybe (Data.Sensitive Core.SessionToken),
+    -- | The identifier used for the temporary security credentials. For more
+    -- information, see
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+    -- in the /AWS IAM User Guide/.
+    accessKeyId :: Core.AccessKey,
+    -- | The key that is used to sign the request. For more information, see
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+    -- in the /AWS IAM User Guide/.
+    secretAccessKey :: Data.Sensitive Core.SecretKey
+  }
+  deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RoleCredentials' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'expiration', 'roleCredentials_expiration' - The date on which temporary security credentials expire.
+--
+-- 'sessionToken', 'roleCredentials_sessionToken' - The token used for temporary credentials. For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+-- in the /AWS IAM User Guide/.
+--
+-- 'accessKeyId', 'roleCredentials_accessKeyId' - The identifier used for the temporary security credentials. For more
+-- information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+-- in the /AWS IAM User Guide/.
+--
+-- 'secretAccessKey', 'roleCredentials_secretAccessKey' - The key that is used to sign the request. For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+-- in the /AWS IAM User Guide/.
+newRoleCredentials ::
+  -- | 'accessKeyId'
+  Core.AccessKey ->
+  -- | 'secretAccessKey'
+  Core.SecretKey ->
+  RoleCredentials
+newRoleCredentials pAccessKeyId_ pSecretAccessKey_ =
+  RoleCredentials'
+    { expiration = Prelude.Nothing,
+      sessionToken = Prelude.Nothing,
+      accessKeyId = pAccessKeyId_,
+      secretAccessKey =
+        Data._Sensitive Lens.# pSecretAccessKey_
+    }
+
+-- | The date on which temporary security credentials expire.
+roleCredentials_expiration :: Lens.Lens' RoleCredentials (Prelude.Maybe Prelude.Integer)
+roleCredentials_expiration = Lens.lens (\RoleCredentials' {expiration} -> expiration) (\s@RoleCredentials' {} a -> s {expiration = a} :: RoleCredentials)
+
+-- | The token used for temporary credentials. For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+-- in the /AWS IAM User Guide/.
+roleCredentials_sessionToken :: Lens.Lens' RoleCredentials (Prelude.Maybe Core.SessionToken)
+roleCredentials_sessionToken = Lens.lens (\RoleCredentials' {sessionToken} -> sessionToken) (\s@RoleCredentials' {} a -> s {sessionToken = a} :: RoleCredentials) Prelude.. Lens.mapping Data._Sensitive
+
+-- | The identifier used for the temporary security credentials. For more
+-- information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+-- in the /AWS IAM User Guide/.
+roleCredentials_accessKeyId :: Lens.Lens' RoleCredentials Core.AccessKey
+roleCredentials_accessKeyId = Lens.lens (\RoleCredentials' {accessKeyId} -> accessKeyId) (\s@RoleCredentials' {} a -> s {accessKeyId = a} :: RoleCredentials)
+
+-- | The key that is used to sign the request. For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html Using Temporary Security Credentials to Request Access to AWS Resources>
+-- in the /AWS IAM User Guide/.
+roleCredentials_secretAccessKey :: Lens.Lens' RoleCredentials Core.SecretKey
+roleCredentials_secretAccessKey = Lens.lens (\RoleCredentials' {secretAccessKey} -> secretAccessKey) (\s@RoleCredentials' {} a -> s {secretAccessKey = a} :: RoleCredentials) Prelude.. Data._Sensitive
+
+instance Data.FromJSON RoleCredentials where
+  parseJSON =
+    Data.withObject
+      "RoleCredentials"
+      ( \x ->
+          RoleCredentials'
+            Prelude.<$> (x Data..:? "expiration")
+            Prelude.<*> (x Data..:? "sessionToken")
+            Prelude.<*> (x Data..: "accessKeyId")
+            Prelude.<*> (x Data..: "secretAccessKey")
+      )
+
+instance Prelude.Hashable RoleCredentials where
+  hashWithSalt _salt RoleCredentials' {..} =
+    _salt
+      `Prelude.hashWithSalt` expiration
+      `Prelude.hashWithSalt` sessionToken
+      `Prelude.hashWithSalt` accessKeyId
+      `Prelude.hashWithSalt` secretAccessKey
+
+instance Prelude.NFData RoleCredentials where
+  rnf RoleCredentials' {..} =
+    Prelude.rnf expiration
+      `Prelude.seq` Prelude.rnf sessionToken
+      `Prelude.seq` Prelude.rnf accessKeyId
+      `Prelude.seq` Prelude.rnf secretAccessKey
diff --git a/gen/Amazonka/SSO/Types/RoleInfo.hs b/gen/Amazonka/SSO/Types/RoleInfo.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/Types/RoleInfo.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.Types.RoleInfo
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSO.Types.RoleInfo where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Provides information about the role that is assigned to the user.
+--
+-- /See:/ 'newRoleInfo' smart constructor.
+data RoleInfo = RoleInfo'
+  { -- | The identifier of the AWS account assigned to the user.
+    accountId :: Prelude.Maybe Prelude.Text,
+    -- | The friendly name of the role that is assigned to the user.
+    roleName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RoleInfo' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'accountId', 'roleInfo_accountId' - The identifier of the AWS account assigned to the user.
+--
+-- 'roleName', 'roleInfo_roleName' - The friendly name of the role that is assigned to the user.
+newRoleInfo ::
+  RoleInfo
+newRoleInfo =
+  RoleInfo'
+    { accountId = Prelude.Nothing,
+      roleName = Prelude.Nothing
+    }
+
+-- | The identifier of the AWS account assigned to the user.
+roleInfo_accountId :: Lens.Lens' RoleInfo (Prelude.Maybe Prelude.Text)
+roleInfo_accountId = Lens.lens (\RoleInfo' {accountId} -> accountId) (\s@RoleInfo' {} a -> s {accountId = a} :: RoleInfo)
+
+-- | The friendly name of the role that is assigned to the user.
+roleInfo_roleName :: Lens.Lens' RoleInfo (Prelude.Maybe Prelude.Text)
+roleInfo_roleName = Lens.lens (\RoleInfo' {roleName} -> roleName) (\s@RoleInfo' {} a -> s {roleName = a} :: RoleInfo)
+
+instance Data.FromJSON RoleInfo where
+  parseJSON =
+    Data.withObject
+      "RoleInfo"
+      ( \x ->
+          RoleInfo'
+            Prelude.<$> (x Data..:? "accountId")
+            Prelude.<*> (x Data..:? "roleName")
+      )
+
+instance Prelude.Hashable RoleInfo where
+  hashWithSalt _salt RoleInfo' {..} =
+    _salt
+      `Prelude.hashWithSalt` accountId
+      `Prelude.hashWithSalt` roleName
+
+instance Prelude.NFData RoleInfo where
+  rnf RoleInfo' {..} =
+    Prelude.rnf accountId
+      `Prelude.seq` Prelude.rnf roleName
diff --git a/gen/Amazonka/SSO/Waiters.hs b/gen/Amazonka/SSO/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/SSO/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.SSO.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.SSO.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.SSO.Lens
+import Amazonka.SSO.Types
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.SSO
+import Test.Amazonka.SSO.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "SSO"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/SSO.hs b/test/Test/Amazonka/Gen/SSO.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/SSO.hs
@@ -0,0 +1,118 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.SSO
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.SSO where
+
+import Amazonka.SSO
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.SSO.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestGetRoleCredentials $
+--             newGetRoleCredentials
+--
+--         , requestListAccountRoles $
+--             newListAccountRoles
+--
+--         , requestListAccounts $
+--             newListAccounts
+--
+--         , requestLogout $
+--             newLogout
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseGetRoleCredentials $
+--             newGetRoleCredentialsResponse
+--
+--         , responseListAccountRoles $
+--             newListAccountRolesResponse
+--
+--         , responseListAccounts $
+--             newListAccountsResponse
+--
+--         , responseLogout $
+--             newLogoutResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestGetRoleCredentials :: GetRoleCredentials -> TestTree
+requestGetRoleCredentials =
+  req
+    "GetRoleCredentials"
+    "fixture/GetRoleCredentials.yaml"
+
+requestListAccountRoles :: ListAccountRoles -> TestTree
+requestListAccountRoles =
+  req
+    "ListAccountRoles"
+    "fixture/ListAccountRoles.yaml"
+
+requestListAccounts :: ListAccounts -> TestTree
+requestListAccounts =
+  req
+    "ListAccounts"
+    "fixture/ListAccounts.yaml"
+
+requestLogout :: Logout -> TestTree
+requestLogout =
+  req
+    "Logout"
+    "fixture/Logout.yaml"
+
+-- Responses
+
+responseGetRoleCredentials :: GetRoleCredentialsResponse -> TestTree
+responseGetRoleCredentials =
+  res
+    "GetRoleCredentialsResponse"
+    "fixture/GetRoleCredentialsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetRoleCredentials)
+
+responseListAccountRoles :: ListAccountRolesResponse -> TestTree
+responseListAccountRoles =
+  res
+    "ListAccountRolesResponse"
+    "fixture/ListAccountRolesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccountRoles)
+
+responseListAccounts :: ListAccountsResponse -> TestTree
+responseListAccounts =
+  res
+    "ListAccountsResponse"
+    "fixture/ListAccountsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAccounts)
+
+responseLogout :: LogoutResponse -> TestTree
+responseLogout =
+  res
+    "LogoutResponse"
+    "fixture/LogoutResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy Logout)
diff --git a/test/Test/Amazonka/SSO.hs b/test/Test/Amazonka/SSO.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SSO.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.SSO
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SSO
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/SSO/Internal.hs b/test/Test/Amazonka/SSO/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/SSO/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.SSO.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.SSO.Internal where
