diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 
 ## Version
 
-`1.2.0.2`
+`1.3.0`
 
 
 ## Description
diff --git a/amazonka-sts.cabal b/amazonka-sts.cabal
--- a/amazonka-sts.cabal
+++ b/amazonka-sts.cabal
@@ -1,5 +1,5 @@
 name:                  amazonka-sts
-version:               1.2.0.2
+version:               1.3.0
 synopsis:              Amazon Security Token Service SDK.
 homepage:              https://github.com/brendanhay/amazonka
 bug-reports:           https://github.com/brendanhay/amazonka/issues
@@ -110,7 +110,7 @@
         , Network.AWS.STS.Types.Sum
 
     build-depends:
-          amazonka-core == 1.2.0.*
+          amazonka-core == 1.3.0.*
         , base          >= 4.7     && < 5
 
 test-suite amazonka-sts-test
@@ -130,9 +130,9 @@
         , Test.AWS.STS.Internal
 
     build-depends:
-          amazonka-core == 1.2.0.*
-        , amazonka-test == 1.2.0.*
-        , amazonka-sts == 1.2.0.*
+          amazonka-core == 1.3.0.*
+        , amazonka-test == 1.3.0.*
+        , amazonka-sts == 1.3.0.*
         , base
         , bytestring
         , lens
diff --git a/gen/Network/AWS/STS.hs b/gen/Network/AWS/STS.hs
--- a/gen/Network/AWS/STS.hs
+++ b/gen/Network/AWS/STS.hs
@@ -80,20 +80,20 @@
     -- ** MalformedPolicyDocumentException
     , _MalformedPolicyDocumentException
 
-    -- ** PackedPolicyTooLargeException
-    , _PackedPolicyTooLargeException
-
     -- ** InvalidAuthorizationMessageException
     , _InvalidAuthorizationMessageException
 
+    -- ** PackedPolicyTooLargeException
+    , _PackedPolicyTooLargeException
+
     -- ** IdPCommunicationErrorException
     , _IdPCommunicationErrorException
 
-    -- ** ExpiredTokenException
-    , _ExpiredTokenException
-
     -- ** InvalidIdentityTokenException
     , _InvalidIdentityTokenException
+
+    -- ** ExpiredTokenException
+    , _ExpiredTokenException
 
     -- ** IdPRejectedClaimException
     , _IdPRejectedClaimException
diff --git a/gen/Network/AWS/STS/AssumeRole.hs b/gen/Network/AWS/STS/AssumeRole.hs
--- a/gen/Network/AWS/STS/AssumeRole.hs
+++ b/gen/Network/AWS/STS/AssumeRole.hs
@@ -106,8 +106,8 @@
     -- * Request Lenses
     , arTokenCode
     , arDurationSeconds
-    , arExternalId
     , arPolicy
+    , arExternalId
     , arSerialNumber
     , arRoleARN
     , arRoleSessionName
@@ -119,7 +119,7 @@
     , arrsPackedPolicySize
     , arrsCredentials
     , arrsAssumedRoleUser
-    , arrsStatus
+    , arrsResponseStatus
     ) where
 
 import           Network.AWS.Prelude
@@ -132,8 +132,8 @@
 data AssumeRole = AssumeRole'
     { _arTokenCode       :: !(Maybe Text)
     , _arDurationSeconds :: !(Maybe Nat)
-    , _arExternalId      :: !(Maybe Text)
     , _arPolicy          :: !(Maybe Text)
+    , _arExternalId      :: !(Maybe Text)
     , _arSerialNumber    :: !(Maybe Text)
     , _arRoleARN         :: !Text
     , _arRoleSessionName :: !Text
@@ -147,10 +147,10 @@
 --
 -- * 'arDurationSeconds'
 --
--- * 'arExternalId'
---
 -- * 'arPolicy'
 --
+-- * 'arExternalId'
+--
 -- * 'arSerialNumber'
 --
 -- * 'arRoleARN'
@@ -164,8 +164,8 @@
     AssumeRole'
     { _arTokenCode = Nothing
     , _arDurationSeconds = Nothing
-    , _arExternalId = Nothing
     , _arPolicy = Nothing
+    , _arExternalId = Nothing
     , _arSerialNumber = Nothing
     , _arRoleARN = pRoleARN_
     , _arRoleSessionName = pRoleSessionName_
@@ -185,19 +185,6 @@
 arDurationSeconds :: Lens' AssumeRole (Maybe Natural)
 arDurationSeconds = lens _arDurationSeconds (\ s a -> s{_arDurationSeconds = a}) . mapping _Nat;
 
--- | A unique identifier that is used by third parties when assuming roles in
--- their customers\' accounts. For each role that the third party can
--- assume, they should instruct their customers to ensure the role\'s trust
--- policy checks for the external ID that the third party generated. Each
--- time the third party assumes the role, they should pass the customer\'s
--- external ID. The external ID is useful in order to help third parties
--- bind a role to the customer who created it. For more information about
--- the external ID, see
--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-delegating-externalid.html How to Use External ID When Granting Access to Your AWS Resources>
--- in /Using Temporary Security Credentials/.
-arExternalId :: Lens' AssumeRole (Maybe Text)
-arExternalId = lens _arExternalId (\ s a -> s{_arExternalId = a});
-
 -- | An IAM policy in JSON format.
 --
 -- This parameter is optional. If you pass a policy, the temporary security
@@ -219,6 +206,19 @@
 arPolicy :: Lens' AssumeRole (Maybe Text)
 arPolicy = lens _arPolicy (\ s a -> s{_arPolicy = a});
 
+-- | A unique identifier that is used by third parties when assuming roles in
+-- their customers\' accounts. For each role that the third party can
+-- assume, they should instruct their customers to ensure the role\'s trust
+-- policy checks for the external ID that the third party generated. Each
+-- time the third party assumes the role, they should pass the customer\'s
+-- external ID. The external ID is useful in order to help third parties
+-- bind a role to the customer who created it. For more information about
+-- the external ID, see
+-- <http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-delegating-externalid.html How to Use External ID When Granting Access to Your AWS Resources>
+-- in /Using Temporary Security Credentials/.
+arExternalId :: Lens' AssumeRole (Maybe Text)
+arExternalId = lens _arExternalId (\ s a -> s{_arExternalId = a});
+
 -- | The identification number of the MFA device that is associated with the
 -- user who is making the 'AssumeRole' call. Specify this value if the
 -- trust policy of the role being assumed includes a condition that
@@ -270,7 +270,7 @@
                "Version" =: ("2011-06-15" :: ByteString),
                "TokenCode" =: _arTokenCode,
                "DurationSeconds" =: _arDurationSeconds,
-               "ExternalId" =: _arExternalId, "Policy" =: _arPolicy,
+               "Policy" =: _arPolicy, "ExternalId" =: _arExternalId,
                "SerialNumber" =: _arSerialNumber,
                "RoleArn" =: _arRoleARN,
                "RoleSessionName" =: _arRoleSessionName]
@@ -283,7 +283,7 @@
     { _arrsPackedPolicySize :: !(Maybe Nat)
     , _arrsCredentials      :: !(Maybe Credentials)
     , _arrsAssumedRoleUser  :: !(Maybe AssumedRoleUser)
-    , _arrsStatus           :: !Int
+    , _arrsResponseStatus   :: !Int
     } deriving (Eq,Read,Show,Data,Typeable,Generic)
 
 -- | Creates a value of 'AssumeRoleResponse' with the minimum fields required to make a request.
@@ -296,16 +296,16 @@
 --
 -- * 'arrsAssumedRoleUser'
 --
--- * 'arrsStatus'
+-- * 'arrsResponseStatus'
 assumeRoleResponse
-    :: Int -- ^ 'arrsStatus'
+    :: Int -- ^ 'arrsResponseStatus'
     -> AssumeRoleResponse
-assumeRoleResponse pStatus_ =
+assumeRoleResponse pResponseStatus_ =
     AssumeRoleResponse'
     { _arrsPackedPolicySize = Nothing
     , _arrsCredentials = Nothing
     , _arrsAssumedRoleUser = Nothing
-    , _arrsStatus = pStatus_
+    , _arrsResponseStatus = pResponseStatus_
     }
 
 -- | A percentage value that indicates the size of the policy in packed form.
@@ -329,5 +329,5 @@
 arrsAssumedRoleUser = lens _arrsAssumedRoleUser (\ s a -> s{_arrsAssumedRoleUser = a});
 
 -- | The response status code.
-arrsStatus :: Lens' AssumeRoleResponse Int
-arrsStatus = lens _arrsStatus (\ s a -> s{_arrsStatus = a});
+arrsResponseStatus :: Lens' AssumeRoleResponse Int
+arrsResponseStatus = lens _arrsResponseStatus (\ s a -> s{_arrsResponseStatus = a});
diff --git a/gen/Network/AWS/STS/AssumeRoleWithSAML.hs b/gen/Network/AWS/STS/AssumeRoleWithSAML.hs
--- a/gen/Network/AWS/STS/AssumeRoleWithSAML.hs
+++ b/gen/Network/AWS/STS/AssumeRoleWithSAML.hs
@@ -89,15 +89,15 @@
     , assumeRoleWithSAMLResponse
     , AssumeRoleWithSAMLResponse
     -- * Response Lenses
-    , arwsamlrsAudience
     , arwsamlrsSubject
+    , arwsamlrsAudience
     , arwsamlrsPackedPolicySize
     , arwsamlrsCredentials
     , arwsamlrsSubjectType
     , arwsamlrsNameQualifier
     , arwsamlrsAssumedRoleUser
     , arwsamlrsIssuer
-    , arwsamlrsStatus
+    , arwsamlrsResponseStatus
     ) where
 
 import           Network.AWS.Prelude
@@ -199,7 +199,7 @@
           = receiveXMLWrapper "AssumeRoleWithSAMLResult"
               (\ s h x ->
                  AssumeRoleWithSAMLResponse' <$>
-                   (x .@? "Audience") <*> (x .@? "Subject") <*>
+                   (x .@? "Subject") <*> (x .@? "Audience") <*>
                      (x .@? "PackedPolicySize")
                      <*> (x .@? "Credentials")
                      <*> (x .@? "SubjectType")
@@ -231,25 +231,25 @@
 --
 -- /See:/ 'assumeRoleWithSAMLResponse' smart constructor.
 data AssumeRoleWithSAMLResponse = AssumeRoleWithSAMLResponse'
-    { _arwsamlrsAudience         :: !(Maybe Text)
-    , _arwsamlrsSubject          :: !(Maybe Text)
+    { _arwsamlrsSubject          :: !(Maybe Text)
+    , _arwsamlrsAudience         :: !(Maybe Text)
     , _arwsamlrsPackedPolicySize :: !(Maybe Nat)
     , _arwsamlrsCredentials      :: !(Maybe Credentials)
     , _arwsamlrsSubjectType      :: !(Maybe Text)
     , _arwsamlrsNameQualifier    :: !(Maybe Text)
     , _arwsamlrsAssumedRoleUser  :: !(Maybe AssumedRoleUser)
     , _arwsamlrsIssuer           :: !(Maybe Text)
-    , _arwsamlrsStatus           :: !Int
+    , _arwsamlrsResponseStatus   :: !Int
     } deriving (Eq,Read,Show,Data,Typeable,Generic)
 
 -- | Creates a value of 'AssumeRoleWithSAMLResponse' with the minimum fields required to make a request.
 --
 -- Use one of the following lenses to modify other fields as desired:
 --
--- * 'arwsamlrsAudience'
---
 -- * 'arwsamlrsSubject'
 --
+-- * 'arwsamlrsAudience'
+--
 -- * 'arwsamlrsPackedPolicySize'
 --
 -- * 'arwsamlrsCredentials'
@@ -262,33 +262,33 @@
 --
 -- * 'arwsamlrsIssuer'
 --
--- * 'arwsamlrsStatus'
+-- * 'arwsamlrsResponseStatus'
 assumeRoleWithSAMLResponse
-    :: Int -- ^ 'arwsamlrsStatus'
+    :: Int -- ^ 'arwsamlrsResponseStatus'
     -> AssumeRoleWithSAMLResponse
-assumeRoleWithSAMLResponse pStatus_ =
+assumeRoleWithSAMLResponse pResponseStatus_ =
     AssumeRoleWithSAMLResponse'
-    { _arwsamlrsAudience = Nothing
-    , _arwsamlrsSubject = Nothing
+    { _arwsamlrsSubject = Nothing
+    , _arwsamlrsAudience = Nothing
     , _arwsamlrsPackedPolicySize = Nothing
     , _arwsamlrsCredentials = Nothing
     , _arwsamlrsSubjectType = Nothing
     , _arwsamlrsNameQualifier = Nothing
     , _arwsamlrsAssumedRoleUser = Nothing
     , _arwsamlrsIssuer = Nothing
-    , _arwsamlrsStatus = pStatus_
+    , _arwsamlrsResponseStatus = pResponseStatus_
     }
 
--- | The value of the 'Recipient' attribute of the 'SubjectConfirmationData'
--- element of the SAML assertion.
-arwsamlrsAudience :: Lens' AssumeRoleWithSAMLResponse (Maybe Text)
-arwsamlrsAudience = lens _arwsamlrsAudience (\ s a -> s{_arwsamlrsAudience = a});
-
 -- | The value of the 'NameID' element in the 'Subject' element of the SAML
 -- assertion.
 arwsamlrsSubject :: Lens' AssumeRoleWithSAMLResponse (Maybe Text)
 arwsamlrsSubject = lens _arwsamlrsSubject (\ s a -> s{_arwsamlrsSubject = a});
 
+-- | The value of the 'Recipient' attribute of the 'SubjectConfirmationData'
+-- element of the SAML assertion.
+arwsamlrsAudience :: Lens' AssumeRoleWithSAMLResponse (Maybe Text)
+arwsamlrsAudience = lens _arwsamlrsAudience (\ s a -> s{_arwsamlrsAudience = a});
+
 -- | A percentage value that indicates the size of the policy in packed form.
 -- The service rejects any policy with a packed size greater than 100
 -- percent, which means the policy exceeded the allowed space.
@@ -331,5 +331,5 @@
 arwsamlrsIssuer = lens _arwsamlrsIssuer (\ s a -> s{_arwsamlrsIssuer = a});
 
 -- | The response status code.
-arwsamlrsStatus :: Lens' AssumeRoleWithSAMLResponse Int
-arwsamlrsStatus = lens _arwsamlrsStatus (\ s a -> s{_arwsamlrsStatus = a});
+arwsamlrsResponseStatus :: Lens' AssumeRoleWithSAMLResponse Int
+arwsamlrsResponseStatus = lens _arwsamlrsResponseStatus (\ s a -> s{_arwsamlrsResponseStatus = a});
diff --git a/gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs b/gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs
--- a/gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs
+++ b/gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs
@@ -118,7 +118,7 @@
     , arwwirsCredentials
     , arwwirsAssumedRoleUser
     , arwwirsProvider
-    , arwwirsStatus
+    , arwwirsResponseStatus
     ) where
 
 import           Network.AWS.Prelude
@@ -272,7 +272,7 @@
     , _arwwirsCredentials                 :: !(Maybe Credentials)
     , _arwwirsAssumedRoleUser             :: !(Maybe AssumedRoleUser)
     , _arwwirsProvider                    :: !(Maybe Text)
-    , _arwwirsStatus                      :: !Int
+    , _arwwirsResponseStatus              :: !Int
     } deriving (Eq,Read,Show,Data,Typeable,Generic)
 
 -- | Creates a value of 'AssumeRoleWithWebIdentityResponse' with the minimum fields required to make a request.
@@ -291,11 +291,11 @@
 --
 -- * 'arwwirsProvider'
 --
--- * 'arwwirsStatus'
+-- * 'arwwirsResponseStatus'
 assumeRoleWithWebIdentityResponse
-    :: Int -- ^ 'arwwirsStatus'
+    :: Int -- ^ 'arwwirsResponseStatus'
     -> AssumeRoleWithWebIdentityResponse
-assumeRoleWithWebIdentityResponse pStatus_ =
+assumeRoleWithWebIdentityResponse pResponseStatus_ =
     AssumeRoleWithWebIdentityResponse'
     { _arwwirsAudience = Nothing
     , _arwwirsSubjectFromWebIdentityToken = Nothing
@@ -303,7 +303,7 @@
     , _arwwirsCredentials = Nothing
     , _arwwirsAssumedRoleUser = Nothing
     , _arwwirsProvider = Nothing
-    , _arwwirsStatus = pStatus_
+    , _arwwirsResponseStatus = pResponseStatus_
     }
 
 -- | The intended audience (also known as client ID) of the web identity
@@ -350,5 +350,5 @@
 arwwirsProvider = lens _arwwirsProvider (\ s a -> s{_arwwirsProvider = a});
 
 -- | The response status code.
-arwwirsStatus :: Lens' AssumeRoleWithWebIdentityResponse Int
-arwwirsStatus = lens _arwwirsStatus (\ s a -> s{_arwwirsStatus = a});
+arwwirsResponseStatus :: Lens' AssumeRoleWithWebIdentityResponse Int
+arwwirsResponseStatus = lens _arwwirsResponseStatus (\ s a -> s{_arwwirsResponseStatus = a});
diff --git a/gen/Network/AWS/STS/DecodeAuthorizationMessage.hs b/gen/Network/AWS/STS/DecodeAuthorizationMessage.hs
--- a/gen/Network/AWS/STS/DecodeAuthorizationMessage.hs
+++ b/gen/Network/AWS/STS/DecodeAuthorizationMessage.hs
@@ -62,7 +62,7 @@
     , DecodeAuthorizationMessageResponse
     -- * Response Lenses
     , damrsDecodedMessage
-    , damrsStatus
+    , damrsResponseStatus
     ) where
 
 import           Network.AWS.Prelude
@@ -125,7 +125,7 @@
 -- /See:/ 'decodeAuthorizationMessageResponse' smart constructor.
 data DecodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse'
     { _damrsDecodedMessage :: !(Maybe Text)
-    , _damrsStatus         :: !Int
+    , _damrsResponseStatus :: !Int
     } deriving (Eq,Read,Show,Data,Typeable,Generic)
 
 -- | Creates a value of 'DecodeAuthorizationMessageResponse' with the minimum fields required to make a request.
@@ -134,14 +134,14 @@
 --
 -- * 'damrsDecodedMessage'
 --
--- * 'damrsStatus'
+-- * 'damrsResponseStatus'
 decodeAuthorizationMessageResponse
-    :: Int -- ^ 'damrsStatus'
+    :: Int -- ^ 'damrsResponseStatus'
     -> DecodeAuthorizationMessageResponse
-decodeAuthorizationMessageResponse pStatus_ =
+decodeAuthorizationMessageResponse pResponseStatus_ =
     DecodeAuthorizationMessageResponse'
     { _damrsDecodedMessage = Nothing
-    , _damrsStatus = pStatus_
+    , _damrsResponseStatus = pResponseStatus_
     }
 
 -- | An XML document that contains the decoded message. For more information,
@@ -150,5 +150,5 @@
 damrsDecodedMessage = lens _damrsDecodedMessage (\ s a -> s{_damrsDecodedMessage = a});
 
 -- | The response status code.
-damrsStatus :: Lens' DecodeAuthorizationMessageResponse Int
-damrsStatus = lens _damrsStatus (\ s a -> s{_damrsStatus = a});
+damrsResponseStatus :: Lens' DecodeAuthorizationMessageResponse Int
+damrsResponseStatus = lens _damrsResponseStatus (\ s a -> s{_damrsResponseStatus = a});
diff --git a/gen/Network/AWS/STS/GetFederationToken.hs b/gen/Network/AWS/STS/GetFederationToken.hs
--- a/gen/Network/AWS/STS/GetFederationToken.hs
+++ b/gen/Network/AWS/STS/GetFederationToken.hs
@@ -108,7 +108,7 @@
     , gftrsPackedPolicySize
     , gftrsCredentials
     , gftrsFederatedUser
-    , gftrsStatus
+    , gftrsResponseStatus
     ) where
 
 import           Network.AWS.Prelude
@@ -223,7 +223,7 @@
     { _gftrsPackedPolicySize :: !(Maybe Nat)
     , _gftrsCredentials      :: !(Maybe Credentials)
     , _gftrsFederatedUser    :: !(Maybe FederatedUser)
-    , _gftrsStatus           :: !Int
+    , _gftrsResponseStatus   :: !Int
     } deriving (Eq,Read,Show,Data,Typeable,Generic)
 
 -- | Creates a value of 'GetFederationTokenResponse' with the minimum fields required to make a request.
@@ -236,16 +236,16 @@
 --
 -- * 'gftrsFederatedUser'
 --
--- * 'gftrsStatus'
+-- * 'gftrsResponseStatus'
 getFederationTokenResponse
-    :: Int -- ^ 'gftrsStatus'
+    :: Int -- ^ 'gftrsResponseStatus'
     -> GetFederationTokenResponse
-getFederationTokenResponse pStatus_ =
+getFederationTokenResponse pResponseStatus_ =
     GetFederationTokenResponse'
     { _gftrsPackedPolicySize = Nothing
     , _gftrsCredentials = Nothing
     , _gftrsFederatedUser = Nothing
-    , _gftrsStatus = pStatus_
+    , _gftrsResponseStatus = pResponseStatus_
     }
 
 -- | A percentage value indicating the size of the policy in packed form. The
@@ -266,5 +266,5 @@
 gftrsFederatedUser = lens _gftrsFederatedUser (\ s a -> s{_gftrsFederatedUser = a});
 
 -- | The response status code.
-gftrsStatus :: Lens' GetFederationTokenResponse Int
-gftrsStatus = lens _gftrsStatus (\ s a -> s{_gftrsStatus = a});
+gftrsResponseStatus :: Lens' GetFederationTokenResponse Int
+gftrsResponseStatus = lens _gftrsResponseStatus (\ s a -> s{_gftrsResponseStatus = a});
diff --git a/gen/Network/AWS/STS/GetSessionToken.hs b/gen/Network/AWS/STS/GetSessionToken.hs
--- a/gen/Network/AWS/STS/GetSessionToken.hs
+++ b/gen/Network/AWS/STS/GetSessionToken.hs
@@ -69,7 +69,7 @@
     , GetSessionTokenResponse
     -- * Response Lenses
     , gstrsCredentials
-    , gstrsStatus
+    , gstrsResponseStatus
     ) where
 
 import           Network.AWS.Prelude
@@ -161,8 +161,8 @@
 --
 -- /See:/ 'getSessionTokenResponse' smart constructor.
 data GetSessionTokenResponse = GetSessionTokenResponse'
-    { _gstrsCredentials :: !(Maybe Credentials)
-    , _gstrsStatus      :: !Int
+    { _gstrsCredentials    :: !(Maybe Credentials)
+    , _gstrsResponseStatus :: !Int
     } deriving (Eq,Read,Show,Data,Typeable,Generic)
 
 -- | Creates a value of 'GetSessionTokenResponse' with the minimum fields required to make a request.
@@ -171,14 +171,14 @@
 --
 -- * 'gstrsCredentials'
 --
--- * 'gstrsStatus'
+-- * 'gstrsResponseStatus'
 getSessionTokenResponse
-    :: Int -- ^ 'gstrsStatus'
+    :: Int -- ^ 'gstrsResponseStatus'
     -> GetSessionTokenResponse
-getSessionTokenResponse pStatus_ =
+getSessionTokenResponse pResponseStatus_ =
     GetSessionTokenResponse'
     { _gstrsCredentials = Nothing
-    , _gstrsStatus = pStatus_
+    , _gstrsResponseStatus = pResponseStatus_
     }
 
 -- | The session credentials for API authentication.
@@ -186,5 +186,5 @@
 gstrsCredentials = lens _gstrsCredentials (\ s a -> s{_gstrsCredentials = a});
 
 -- | The response status code.
-gstrsStatus :: Lens' GetSessionTokenResponse Int
-gstrsStatus = lens _gstrsStatus (\ s a -> s{_gstrsStatus = a});
+gstrsResponseStatus :: Lens' GetSessionTokenResponse Int
+gstrsResponseStatus = lens _gstrsResponseStatus (\ s a -> s{_gstrsResponseStatus = a});
diff --git a/gen/Network/AWS/STS/Types.hs b/gen/Network/AWS/STS/Types.hs
--- a/gen/Network/AWS/STS/Types.hs
+++ b/gen/Network/AWS/STS/Types.hs
@@ -17,11 +17,11 @@
 
     -- * Errors
     , _MalformedPolicyDocumentException
-    , _PackedPolicyTooLargeException
     , _InvalidAuthorizationMessageException
+    , _PackedPolicyTooLargeException
     , _IdPCommunicationErrorException
-    , _ExpiredTokenException
     , _InvalidIdentityTokenException
+    , _ExpiredTokenException
     , _IdPRejectedClaimException
 
     -- * AssumedRoleUser
@@ -87,13 +87,6 @@
 _MalformedPolicyDocumentException =
     _ServiceError . hasStatus 400 . hasCode "MalformedPolicyDocument"
 
--- | The request was rejected because the policy document was too large. The
--- error message describes how big the policy document is, in packed form,
--- as a percentage of what the API allows.
-_PackedPolicyTooLargeException :: AsError a => Getting (First ServiceError) a ServiceError
-_PackedPolicyTooLargeException =
-    _ServiceError . hasStatus 400 . hasCode "PackedPolicyTooLarge"
-
 -- | The error returned if the message passed to 'DecodeAuthorizationMessage'
 -- was invalid. This can happen if the token contains invalid characters,
 -- such as linebreaks.
@@ -102,6 +95,13 @@
     _ServiceError .
     hasStatus 400 . hasCode "InvalidAuthorizationMessageException"
 
+-- | The request was rejected because the policy document was too large. The
+-- error message describes how big the policy document is, in packed form,
+-- as a percentage of what the API allows.
+_PackedPolicyTooLargeException :: AsError a => Getting (First ServiceError) a ServiceError
+_PackedPolicyTooLargeException =
+    _ServiceError . hasStatus 400 . hasCode "PackedPolicyTooLarge"
+
 -- | The request could not be fulfilled because the non-AWS identity provider
 -- (IDP) that was asked to verify the incoming identity token could not be
 -- reached. This is often a transient error caused by network conditions.
@@ -112,19 +112,19 @@
 _IdPCommunicationErrorException =
     _ServiceError . hasStatus 400 . hasCode "IDPCommunicationError"
 
--- | The web identity token that was passed is expired or is not valid. Get a
--- new identity token from the identity provider and then retry the
--- request.
-_ExpiredTokenException :: AsError a => Getting (First ServiceError) a ServiceError
-_ExpiredTokenException =
-    _ServiceError . hasStatus 400 . hasCode "ExpiredTokenException"
-
 -- | The web identity token that was passed could not be validated by AWS.
 -- Get a new identity token from the identity provider and then retry the
 -- request.
 _InvalidIdentityTokenException :: AsError a => Getting (First ServiceError) a ServiceError
 _InvalidIdentityTokenException =
     _ServiceError . hasStatus 400 . hasCode "InvalidIdentityToken"
+
+-- | The web identity token that was passed is expired or is not valid. Get a
+-- new identity token from the identity provider and then retry the
+-- request.
+_ExpiredTokenException :: AsError a => Getting (First ServiceError) a ServiceError
+_ExpiredTokenException =
+    _ServiceError . hasStatus 400 . hasCode "ExpiredTokenException"
 
 -- | The identity provider (IdP) reported that authentication failed. This
 -- might be because the claim is invalid.
