Update Go AWS SDK to the latest version

2026-05-06 22:18:28 +00:00 · 2019-07-13 00:03:55 +03:00
parent d08be990ef
commit 94a72b23ff
2183 changed files with 885887 additions and 228114 deletions
@@ -7,7 +7,7 @@
 // to manage users and user permissions under your AWS account. This guide provides
 // descriptions of IAM actions that you can call programmatically. For general
 // information about IAM, see AWS Identity and Access Management (IAM) (http://aws.amazon.com/iam/).
-// For the user guide for IAM, see Using IAM (http://docs.aws.amazon.com/IAM/latest/UserGuide/).
+// For the user guide for IAM, see Using IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/).
 //
 // AWS provides SDKs that consist of libraries and sample code for various programming
 // languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs
@@ -20,7 +20,7 @@
 // We recommend that you use the AWS SDKs to make programmatic API calls to
 // IAM. However, you can also use the IAM Query API to make direct calls to
 // the IAM web service. To learn more about the IAM Query API, see Making Query
-// Requests (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
+// Requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html)
 // in the Using IAM guide. IAM supports GET and POST requests for all actions.
 // That is, the API does not require you to use GET for some actions and POST
 // for others. However, GET requests are subject to the limitation size of a
@@ -35,7 +35,7 @@
 // Token Service to generate temporary security credentials and use those to
 // sign requests.
 //
-// To sign requests, we recommend that you use Signature Version 4 (http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
+// To sign requests, we recommend that you use Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
 // If you have an existing application that uses Signature Version 2, you do
 // not have to update it to use Signature Version 4. However, some operations
 // now require Signature Version 4. The documentation for operations that require
@@ -45,15 +45,15 @@
 //
 // For more information, see the following:
 //
-//    * AWS Security Credentials (http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html).
+//    * AWS Security Credentials (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html).
 //    This topic provides general information about the types of credentials
 //    used for accessing AWS.
 //
-//    * IAM Best Practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html).
+//    * IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html).
 //    This topic presents a list of suggestions for using the IAM service to
 //    help secure your AWS resources.
 //
-//    * Signing AWS API Requests (http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html).
+//    * Signing AWS API Requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html).
 //    This set of topics walk you through the process of signing a request using
 //    an access key ID and secret access key.
 //
@@ -4,13 +4,21 @@ package iam

 const (

+	// ErrCodeConcurrentModificationException for service response error code
+	// "ConcurrentModification".
+	//
+	// The request was rejected because multiple requests to change this object
+	// were submitted simultaneously. Wait a few minutes and submit your request
+	// again.
+	ErrCodeConcurrentModificationException = "ConcurrentModification"
+
 	// ErrCodeCredentialReportExpiredException for service response error code
 	// "ReportExpired".
 	//
 	// The request was rejected because the most recent credential report has expired.
 	// To generate a new credential report, use GenerateCredentialReport. For more
 	// information about credential report expiration, see Getting Credential Reports
-	// (http://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
+	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html)
 	// in the IAM User Guide.
 	ErrCodeCredentialReportExpiredException = "ReportExpired"

@@ -129,8 +137,8 @@ const (
 	// ErrCodeNoSuchEntityException for service response error code
 	// "NoSuchEntity".
 	//
-	// The request was rejected because it referenced an entity that does not exist.
-	// The error message describes the entity.
+	// The request was rejected because it referenced a resource entity that does
+	// not exist. The error message describes the resource.
 	ErrCodeNoSuchEntityException = "NoSuchEntity"

 	// ErrCodePasswordPolicyViolationException for service response error code
@@ -154,6 +162,13 @@ const (
 	// to the service-linked role for that service.
 	ErrCodePolicyNotAttachableException = "PolicyNotAttachable"

+	// ErrCodeReportGenerationLimitExceededException for service response error code
+	// "ReportGenerationLimitExceeded".
+	//
+	// The request failed because the maximum number of concurrent requests for
+	// this account are already running.
+	ErrCodeReportGenerationLimitExceededException = "ReportGenerationLimitExceeded"
+
 	// ErrCodeServiceFailureException for service response error code
 	// "ServiceFailure".
 	//
@@ -515,13 +515,14 @@ func ExampleIAM_CreateOpenIDConnectProvider_shared00() {
 // To create an IAM role
 //
 // The following command creates a role named Test-Role and attaches a trust policy
-// to it that is provided as a URL-encoded JSON string.
+// that you must convert from JSON to a string. Upon success, the response includes
+// the same policy as a URL-encoded JSON string.
 func ExampleIAM_CreateRole_shared00() {
 	svc := iam.New(session.New())
 	input := &iam.CreateRoleInput{
-		AssumeRolePolicyDocument: aws.String("<URL-encoded-JSON>"),
-		Path:     aws.String("/"),
-		RoleName: aws.String("Test-Role"),
+		AssumeRolePolicyDocument: aws.String("<Stringified-JSON>"),
+		Path:                     aws.String("/"),
+		RoleName:                 aws.String("Test-Role"),
 	}

 	result, err := svc.CreateRole(input)
@@ -536,6 +537,8 @@ func ExampleIAM_CreateRole_shared00() {
 				fmt.Println(iam.ErrCodeEntityAlreadyExistsException, aerr.Error())
 			case iam.ErrCodeMalformedPolicyDocumentException:
 				fmt.Println(iam.ErrCodeMalformedPolicyDocumentException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
 			case iam.ErrCodeServiceFailureException:
 				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
 			default:
@@ -571,6 +574,10 @@ func ExampleIAM_CreateUser_shared00() {
 				fmt.Println(iam.ErrCodeEntityAlreadyExistsException, aerr.Error())
 			case iam.ErrCodeNoSuchEntityException:
 				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeInvalidInputException:
+				fmt.Println(iam.ErrCodeInvalidInputException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
 			case iam.ErrCodeServiceFailureException:
 				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
 			default:
@@ -812,6 +819,8 @@ func ExampleIAM_DeleteRole_shared00() {
 				fmt.Println(iam.ErrCodeLimitExceededException, aerr.Error())
 			case iam.ErrCodeUnmodifiableEntityException:
 				fmt.Println(iam.ErrCodeUnmodifiableEntityException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
 			case iam.ErrCodeServiceFailureException:
 				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
 			default:
@@ -919,6 +928,8 @@ func ExampleIAM_DeleteUser_shared00() {
 				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
 			case iam.ErrCodeDeleteConflictException:
 				fmt.Println(iam.ErrCodeDeleteConflictException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
 			case iam.ErrCodeServiceFailureException:
 				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
 			default:
@@ -1006,6 +1017,66 @@ func ExampleIAM_DeleteVirtualMFADevice_shared00() {
 	fmt.Println(result)
 }

+// To generate a service last accessed data report for an organizational unit
+//
+// The following operation generates a report for the organizational unit ou-rge0-awexample
+func ExampleIAM_GenerateOrganizationsAccessReport_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.GenerateOrganizationsAccessReportInput{
+		EntityPath: aws.String("o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-1a2b3c-k9l8m7n6o5example"),
+	}
+
+	result, err := svc.GenerateOrganizationsAccessReport(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeReportGenerationLimitExceededException:
+				fmt.Println(iam.ErrCodeReportGenerationLimitExceededException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
+// To generate a service last accessed data report for a policy
+//
+// The following operation generates a report for the policy: ExamplePolicy1
+func ExampleIAM_GenerateServiceLastAccessedDetails_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.GenerateServiceLastAccessedDetailsInput{
+		Arn: aws.String("arn:aws:iam::123456789012:policy/ExamplePolicy1"),
+	}
+
+	result, err := svc.GenerateServiceLastAccessedDetails(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeInvalidInputException:
+				fmt.Println(iam.ErrCodeInvalidInputException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
 // To see the current account password policy
 //
 // The following command displays details about the password policy for the current
@@ -1127,6 +1198,35 @@ func ExampleIAM_GetLoginProfile_shared00() {
 	fmt.Println(result)
 }

+// To get details from a previously generated organizational unit report
+//
+// The following operation gets details about the report with the job ID: examplea-1234-b567-cde8-90fg123abcd4
+func ExampleIAM_GetOrganizationsAccessReport_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.GetOrganizationsAccessReportInput{
+		JobId: aws.String("examplea-1234-b567-cde8-90fg123abcd4"),
+	}
+
+	result, err := svc.GetOrganizationsAccessReport(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
 // To get information about an IAM role
 //
 // The following command gets information about the role named Test-Role.
@@ -1158,6 +1258,70 @@ func ExampleIAM_GetRole_shared00() {
 	fmt.Println(result)
 }

+// To get details from a previously-generated report
+//
+// The following operation gets details about the report with the job ID: examplef-1305-c245-eba4-71fe298bcda7
+func ExampleIAM_GetServiceLastAccessedDetails_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.GetServiceLastAccessedDetailsInput{
+		JobId: aws.String("examplef-1305-c245-eba4-71fe298bcda7"),
+	}
+
+	result, err := svc.GetServiceLastAccessedDetails(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeInvalidInputException:
+				fmt.Println(iam.ErrCodeInvalidInputException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
+// To get sntity details from a previously-generated report
+//
+// The following operation returns details about the entities that attempted to access
+// the IAM service.
+func ExampleIAM_GetServiceLastAccessedDetailsWithEntities_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.GetServiceLastAccessedDetailsWithEntitiesInput{
+		JobId:            aws.String("examplef-1305-c245-eba4-71fe298bcda7"),
+		ServiceNamespace: aws.String("iam"),
+	}
+
+	result, err := svc.GetServiceLastAccessedDetailsWithEntities(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeInvalidInputException:
+				fmt.Println(iam.ErrCodeInvalidInputException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
 // To get information about an IAM user
 //
 // The following command gets information about the IAM user named Bob.
@@ -1337,6 +1501,73 @@ func ExampleIAM_ListGroupsForUser_shared00() {
 	fmt.Println(result)
 }

+// To list policies that allow access to a service
+//
+// The following operation lists policies that allow ExampleUser01 to access IAM or
+// EC2.
+func ExampleIAM_ListPoliciesGrantingServiceAccess_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.ListPoliciesGrantingServiceAccessInput{
+		Arn: aws.String("arn:aws:iam::123456789012:user/ExampleUser01"),
+		ServiceNamespaces: []*string{
+			aws.String("iam"),
+			aws.String("ec2"),
+		},
+	}
+
+	result, err := svc.ListPoliciesGrantingServiceAccess(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeInvalidInputException:
+				fmt.Println(iam.ErrCodeInvalidInputException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
+// To list the tags attached to an IAM role
+//
+// The following example shows how to list the tags attached to a role.
+func ExampleIAM_ListRoleTags_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.ListRoleTagsInput{
+		RoleName: aws.String("taggedrole1"),
+	}
+
+	result, err := svc.ListRoleTags(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeServiceFailureException:
+				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
 // To list the signing certificates for an IAM user
 //
 // The following command lists the signing certificates for the IAM user named Bob.
@@ -1368,6 +1599,37 @@ func ExampleIAM_ListSigningCertificates_shared00() {
 	fmt.Println(result)
 }

+// To list the tags attached to an IAM user
+//
+// The following example shows how to list the tags attached to a user.
+func ExampleIAM_ListUserTags_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.ListUserTagsInput{
+		UserName: aws.String("anika"),
+	}
+
+	result, err := svc.ListUserTags(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeServiceFailureException:
+				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
 // To list IAM users
 //
 // The following command lists the IAM users in the current account.
@@ -1605,6 +1867,204 @@ func ExampleIAM_RemoveUserFromGroup_shared00() {
 	fmt.Println(result)
 }

+// To delete an access key for an IAM user
+//
+// The following command sets the STS global endpoint token to version 2. Version 2
+// tokens are valid in all Regions.
+func ExampleIAM_SetSecurityTokenServicePreferences_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.SetSecurityTokenServicePreferencesInput{
+		GlobalEndpointTokenVersion: aws.String("v2Token"),
+	}
+
+	result, err := svc.SetSecurityTokenServicePreferences(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeServiceFailureException:
+				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
+// To add a tag key and value to an IAM role
+//
+// The following example shows how to add tags to an existing role.
+func ExampleIAM_TagRole_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.TagRoleInput{
+		RoleName: aws.String("taggedrole"),
+		Tags: []*iam.Tag{
+			{
+				Key:   aws.String("Dept"),
+				Value: aws.String("Accounting"),
+			},
+			{
+				Key:   aws.String("CostCenter"),
+				Value: aws.String("12345"),
+			},
+		},
+	}
+
+	result, err := svc.TagRole(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeLimitExceededException:
+				fmt.Println(iam.ErrCodeLimitExceededException, aerr.Error())
+			case iam.ErrCodeInvalidInputException:
+				fmt.Println(iam.ErrCodeInvalidInputException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
+			case iam.ErrCodeServiceFailureException:
+				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
+// To add a tag key and value to an IAM user
+//
+// The following example shows how to add tags to an existing user.
+func ExampleIAM_TagUser_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.TagUserInput{
+		Tags: []*iam.Tag{
+			{
+				Key:   aws.String("Dept"),
+				Value: aws.String("Accounting"),
+			},
+			{
+				Key:   aws.String("CostCenter"),
+				Value: aws.String("12345"),
+			},
+		},
+		UserName: aws.String("anika"),
+	}
+
+	result, err := svc.TagUser(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeLimitExceededException:
+				fmt.Println(iam.ErrCodeLimitExceededException, aerr.Error())
+			case iam.ErrCodeInvalidInputException:
+				fmt.Println(iam.ErrCodeInvalidInputException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
+			case iam.ErrCodeServiceFailureException:
+				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
+// To remove a tag from an IAM role
+//
+// The following example shows how to remove a tag with the key 'Dept' from a role named
+// 'taggedrole'.
+func ExampleIAM_UntagRole_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.UntagRoleInput{
+		RoleName: aws.String("taggedrole"),
+		TagKeys: []*string{
+			aws.String("Dept"),
+		},
+	}
+
+	result, err := svc.UntagRole(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
+			case iam.ErrCodeServiceFailureException:
+				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
+// To remove a tag from an IAM user
+//
+// The following example shows how to remove tags that are attached to a user named
+// 'anika'.
+func ExampleIAM_UntagUser_shared00() {
+	svc := iam.New(session.New())
+	input := &iam.UntagUserInput{
+		TagKeys: []*string{
+			aws.String("Dept"),
+		},
+		UserName: aws.String("anika"),
+	}
+
+	result, err := svc.UntagUser(input)
+	if err != nil {
+		if aerr, ok := err.(awserr.Error); ok {
+			switch aerr.Code() {
+			case iam.ErrCodeNoSuchEntityException:
+				fmt.Println(iam.ErrCodeNoSuchEntityException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
+			case iam.ErrCodeServiceFailureException:
+				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
+			default:
+				fmt.Println(aerr.Error())
+			}
+		} else {
+			// Print the error, cast err to awserr.Error to get the Code and
+			// Message from an error.
+			fmt.Println(err.Error())
+		}
+		return
+	}
+
+	fmt.Println(result)
+}
+
 // To activate or deactivate an access key for an IAM user
 //
 // The following command deactivates the specified access key (access key ID and secret
@@ -1849,6 +2309,8 @@ func ExampleIAM_UpdateUser_shared00() {
 				fmt.Println(iam.ErrCodeEntityAlreadyExistsException, aerr.Error())
 			case iam.ErrCodeEntityTemporarilyUnmodifiableException:
 				fmt.Println(iam.ErrCodeEntityTemporarilyUnmodifiableException, aerr.Error())
+			case iam.ErrCodeConcurrentModificationException:
+				fmt.Println(iam.ErrCodeConcurrentModificationException, aerr.Error())
 			case iam.ErrCodeServiceFailureException:
 				fmt.Println(iam.ErrCodeServiceFailureException, aerr.Error())
 			default:
@@ -192,6 +192,10 @@ type IAMAPI interface {
 	DeleteRoleWithContext(aws.Context, *iam.DeleteRoleInput, ...request.Option) (*iam.DeleteRoleOutput, error)
 	DeleteRoleRequest(*iam.DeleteRoleInput) (*request.Request, *iam.DeleteRoleOutput)

+	DeleteRolePermissionsBoundary(*iam.DeleteRolePermissionsBoundaryInput) (*iam.DeleteRolePermissionsBoundaryOutput, error)
+	DeleteRolePermissionsBoundaryWithContext(aws.Context, *iam.DeleteRolePermissionsBoundaryInput, ...request.Option) (*iam.DeleteRolePermissionsBoundaryOutput, error)
+	DeleteRolePermissionsBoundaryRequest(*iam.DeleteRolePermissionsBoundaryInput) (*request.Request, *iam.DeleteRolePermissionsBoundaryOutput)
+
 	DeleteRolePolicy(*iam.DeleteRolePolicyInput) (*iam.DeleteRolePolicyOutput, error)
 	DeleteRolePolicyWithContext(aws.Context, *iam.DeleteRolePolicyInput, ...request.Option) (*iam.DeleteRolePolicyOutput, error)
 	DeleteRolePolicyRequest(*iam.DeleteRolePolicyInput) (*request.Request, *iam.DeleteRolePolicyOutput)
@@ -224,6 +228,10 @@ type IAMAPI interface {
 	DeleteUserWithContext(aws.Context, *iam.DeleteUserInput, ...request.Option) (*iam.DeleteUserOutput, error)
 	DeleteUserRequest(*iam.DeleteUserInput) (*request.Request, *iam.DeleteUserOutput)

+	DeleteUserPermissionsBoundary(*iam.DeleteUserPermissionsBoundaryInput) (*iam.DeleteUserPermissionsBoundaryOutput, error)
+	DeleteUserPermissionsBoundaryWithContext(aws.Context, *iam.DeleteUserPermissionsBoundaryInput, ...request.Option) (*iam.DeleteUserPermissionsBoundaryOutput, error)
+	DeleteUserPermissionsBoundaryRequest(*iam.DeleteUserPermissionsBoundaryInput) (*request.Request, *iam.DeleteUserPermissionsBoundaryOutput)
+
 	DeleteUserPolicy(*iam.DeleteUserPolicyInput) (*iam.DeleteUserPolicyOutput, error)
 	DeleteUserPolicyWithContext(aws.Context, *iam.DeleteUserPolicyInput, ...request.Option) (*iam.DeleteUserPolicyOutput, error)
 	DeleteUserPolicyRequest(*iam.DeleteUserPolicyInput) (*request.Request, *iam.DeleteUserPolicyOutput)
@@ -252,6 +260,14 @@ type IAMAPI interface {
 	GenerateCredentialReportWithContext(aws.Context, *iam.GenerateCredentialReportInput, ...request.Option) (*iam.GenerateCredentialReportOutput, error)
 	GenerateCredentialReportRequest(*iam.GenerateCredentialReportInput) (*request.Request, *iam.GenerateCredentialReportOutput)

+	GenerateOrganizationsAccessReport(*iam.GenerateOrganizationsAccessReportInput) (*iam.GenerateOrganizationsAccessReportOutput, error)
+	GenerateOrganizationsAccessReportWithContext(aws.Context, *iam.GenerateOrganizationsAccessReportInput, ...request.Option) (*iam.GenerateOrganizationsAccessReportOutput, error)
+	GenerateOrganizationsAccessReportRequest(*iam.GenerateOrganizationsAccessReportInput) (*request.Request, *iam.GenerateOrganizationsAccessReportOutput)
+
+	GenerateServiceLastAccessedDetails(*iam.GenerateServiceLastAccessedDetailsInput) (*iam.GenerateServiceLastAccessedDetailsOutput, error)
+	GenerateServiceLastAccessedDetailsWithContext(aws.Context, *iam.GenerateServiceLastAccessedDetailsInput, ...request.Option) (*iam.GenerateServiceLastAccessedDetailsOutput, error)
+	GenerateServiceLastAccessedDetailsRequest(*iam.GenerateServiceLastAccessedDetailsInput) (*request.Request, *iam.GenerateServiceLastAccessedDetailsOutput)
+
 	GetAccessKeyLastUsed(*iam.GetAccessKeyLastUsedInput) (*iam.GetAccessKeyLastUsedOutput, error)
 	GetAccessKeyLastUsedWithContext(aws.Context, *iam.GetAccessKeyLastUsedInput, ...request.Option) (*iam.GetAccessKeyLastUsedOutput, error)
 	GetAccessKeyLastUsedRequest(*iam.GetAccessKeyLastUsedInput) (*request.Request, *iam.GetAccessKeyLastUsedOutput)
@@ -306,6 +322,10 @@ type IAMAPI interface {
 	GetOpenIDConnectProviderWithContext(aws.Context, *iam.GetOpenIDConnectProviderInput, ...request.Option) (*iam.GetOpenIDConnectProviderOutput, error)
 	GetOpenIDConnectProviderRequest(*iam.GetOpenIDConnectProviderInput) (*request.Request, *iam.GetOpenIDConnectProviderOutput)

+	GetOrganizationsAccessReport(*iam.GetOrganizationsAccessReportInput) (*iam.GetOrganizationsAccessReportOutput, error)
+	GetOrganizationsAccessReportWithContext(aws.Context, *iam.GetOrganizationsAccessReportInput, ...request.Option) (*iam.GetOrganizationsAccessReportOutput, error)
+	GetOrganizationsAccessReportRequest(*iam.GetOrganizationsAccessReportInput) (*request.Request, *iam.GetOrganizationsAccessReportOutput)
+
 	GetPolicy(*iam.GetPolicyInput) (*iam.GetPolicyOutput, error)
 	GetPolicyWithContext(aws.Context, *iam.GetPolicyInput, ...request.Option) (*iam.GetPolicyOutput, error)
 	GetPolicyRequest(*iam.GetPolicyInput) (*request.Request, *iam.GetPolicyOutput)
@@ -334,6 +354,14 @@ type IAMAPI interface {
 	GetServerCertificateWithContext(aws.Context, *iam.GetServerCertificateInput, ...request.Option) (*iam.GetServerCertificateOutput, error)
 	GetServerCertificateRequest(*iam.GetServerCertificateInput) (*request.Request, *iam.GetServerCertificateOutput)

+	GetServiceLastAccessedDetails(*iam.GetServiceLastAccessedDetailsInput) (*iam.GetServiceLastAccessedDetailsOutput, error)
+	GetServiceLastAccessedDetailsWithContext(aws.Context, *iam.GetServiceLastAccessedDetailsInput, ...request.Option) (*iam.GetServiceLastAccessedDetailsOutput, error)
+	GetServiceLastAccessedDetailsRequest(*iam.GetServiceLastAccessedDetailsInput) (*request.Request, *iam.GetServiceLastAccessedDetailsOutput)
+
+	GetServiceLastAccessedDetailsWithEntities(*iam.GetServiceLastAccessedDetailsWithEntitiesInput) (*iam.GetServiceLastAccessedDetailsWithEntitiesOutput, error)
+	GetServiceLastAccessedDetailsWithEntitiesWithContext(aws.Context, *iam.GetServiceLastAccessedDetailsWithEntitiesInput, ...request.Option) (*iam.GetServiceLastAccessedDetailsWithEntitiesOutput, error)
+	GetServiceLastAccessedDetailsWithEntitiesRequest(*iam.GetServiceLastAccessedDetailsWithEntitiesInput) (*request.Request, *iam.GetServiceLastAccessedDetailsWithEntitiesOutput)
+
 	GetServiceLinkedRoleDeletionStatus(*iam.GetServiceLinkedRoleDeletionStatusInput) (*iam.GetServiceLinkedRoleDeletionStatusOutput, error)
 	GetServiceLinkedRoleDeletionStatusWithContext(aws.Context, *iam.GetServiceLinkedRoleDeletionStatusInput, ...request.Option) (*iam.GetServiceLinkedRoleDeletionStatusOutput, error)
 	GetServiceLinkedRoleDeletionStatusRequest(*iam.GetServiceLinkedRoleDeletionStatusInput) (*request.Request, *iam.GetServiceLinkedRoleDeletionStatusOutput)
@@ -441,6 +469,10 @@ type IAMAPI interface {
 	ListPoliciesPages(*iam.ListPoliciesInput, func(*iam.ListPoliciesOutput, bool) bool) error
 	ListPoliciesPagesWithContext(aws.Context, *iam.ListPoliciesInput, func(*iam.ListPoliciesOutput, bool) bool, ...request.Option) error

+	ListPoliciesGrantingServiceAccess(*iam.ListPoliciesGrantingServiceAccessInput) (*iam.ListPoliciesGrantingServiceAccessOutput, error)
+	ListPoliciesGrantingServiceAccessWithContext(aws.Context, *iam.ListPoliciesGrantingServiceAccessInput, ...request.Option) (*iam.ListPoliciesGrantingServiceAccessOutput, error)
+	ListPoliciesGrantingServiceAccessRequest(*iam.ListPoliciesGrantingServiceAccessInput) (*request.Request, *iam.ListPoliciesGrantingServiceAccessOutput)
+
 	ListPolicyVersions(*iam.ListPolicyVersionsInput) (*iam.ListPolicyVersionsOutput, error)
 	ListPolicyVersionsWithContext(aws.Context, *iam.ListPolicyVersionsInput, ...request.Option) (*iam.ListPolicyVersionsOutput, error)
 	ListPolicyVersionsRequest(*iam.ListPolicyVersionsInput) (*request.Request, *iam.ListPolicyVersionsOutput)
@@ -455,6 +487,10 @@ type IAMAPI interface {
 	ListRolePoliciesPages(*iam.ListRolePoliciesInput, func(*iam.ListRolePoliciesOutput, bool) bool) error
 	ListRolePoliciesPagesWithContext(aws.Context, *iam.ListRolePoliciesInput, func(*iam.ListRolePoliciesOutput, bool) bool, ...request.Option) error

+	ListRoleTags(*iam.ListRoleTagsInput) (*iam.ListRoleTagsOutput, error)
+	ListRoleTagsWithContext(aws.Context, *iam.ListRoleTagsInput, ...request.Option) (*iam.ListRoleTagsOutput, error)
+	ListRoleTagsRequest(*iam.ListRoleTagsInput) (*request.Request, *iam.ListRoleTagsOutput)
+
 	ListRoles(*iam.ListRolesInput) (*iam.ListRolesOutput, error)
 	ListRolesWithContext(aws.Context, *iam.ListRolesInput, ...request.Option) (*iam.ListRolesOutput, error)
 	ListRolesRequest(*iam.ListRolesInput) (*request.Request, *iam.ListRolesOutput)
@@ -498,6 +534,10 @@ type IAMAPI interface {
 	ListUserPoliciesPages(*iam.ListUserPoliciesInput, func(*iam.ListUserPoliciesOutput, bool) bool) error
 	ListUserPoliciesPagesWithContext(aws.Context, *iam.ListUserPoliciesInput, func(*iam.ListUserPoliciesOutput, bool) bool, ...request.Option) error

+	ListUserTags(*iam.ListUserTagsInput) (*iam.ListUserTagsOutput, error)
+	ListUserTagsWithContext(aws.Context, *iam.ListUserTagsInput, ...request.Option) (*iam.ListUserTagsOutput, error)
+	ListUserTagsRequest(*iam.ListUserTagsInput) (*request.Request, *iam.ListUserTagsOutput)
+
 	ListUsers(*iam.ListUsersInput) (*iam.ListUsersOutput, error)
 	ListUsersWithContext(aws.Context, *iam.ListUsersInput, ...request.Option) (*iam.ListUsersOutput, error)
 	ListUsersRequest(*iam.ListUsersInput) (*request.Request, *iam.ListUsersOutput)
@@ -516,10 +556,18 @@ type IAMAPI interface {
 	PutGroupPolicyWithContext(aws.Context, *iam.PutGroupPolicyInput, ...request.Option) (*iam.PutGroupPolicyOutput, error)
 	PutGroupPolicyRequest(*iam.PutGroupPolicyInput) (*request.Request, *iam.PutGroupPolicyOutput)

+	PutRolePermissionsBoundary(*iam.PutRolePermissionsBoundaryInput) (*iam.PutRolePermissionsBoundaryOutput, error)
+	PutRolePermissionsBoundaryWithContext(aws.Context, *iam.PutRolePermissionsBoundaryInput, ...request.Option) (*iam.PutRolePermissionsBoundaryOutput, error)
+	PutRolePermissionsBoundaryRequest(*iam.PutRolePermissionsBoundaryInput) (*request.Request, *iam.PutRolePermissionsBoundaryOutput)
+
 	PutRolePolicy(*iam.PutRolePolicyInput) (*iam.PutRolePolicyOutput, error)
 	PutRolePolicyWithContext(aws.Context, *iam.PutRolePolicyInput, ...request.Option) (*iam.PutRolePolicyOutput, error)
 	PutRolePolicyRequest(*iam.PutRolePolicyInput) (*request.Request, *iam.PutRolePolicyOutput)

+	PutUserPermissionsBoundary(*iam.PutUserPermissionsBoundaryInput) (*iam.PutUserPermissionsBoundaryOutput, error)
+	PutUserPermissionsBoundaryWithContext(aws.Context, *iam.PutUserPermissionsBoundaryInput, ...request.Option) (*iam.PutUserPermissionsBoundaryOutput, error)
+	PutUserPermissionsBoundaryRequest(*iam.PutUserPermissionsBoundaryInput) (*request.Request, *iam.PutUserPermissionsBoundaryOutput)
+
 	PutUserPolicy(*iam.PutUserPolicyInput) (*iam.PutUserPolicyOutput, error)
 	PutUserPolicyWithContext(aws.Context, *iam.PutUserPolicyInput, ...request.Option) (*iam.PutUserPolicyOutput, error)
 	PutUserPolicyRequest(*iam.PutUserPolicyInput) (*request.Request, *iam.PutUserPolicyOutput)
@@ -548,6 +596,10 @@ type IAMAPI interface {
 	SetDefaultPolicyVersionWithContext(aws.Context, *iam.SetDefaultPolicyVersionInput, ...request.Option) (*iam.SetDefaultPolicyVersionOutput, error)
 	SetDefaultPolicyVersionRequest(*iam.SetDefaultPolicyVersionInput) (*request.Request, *iam.SetDefaultPolicyVersionOutput)

+	SetSecurityTokenServicePreferences(*iam.SetSecurityTokenServicePreferencesInput) (*iam.SetSecurityTokenServicePreferencesOutput, error)
+	SetSecurityTokenServicePreferencesWithContext(aws.Context, *iam.SetSecurityTokenServicePreferencesInput, ...request.Option) (*iam.SetSecurityTokenServicePreferencesOutput, error)
+	SetSecurityTokenServicePreferencesRequest(*iam.SetSecurityTokenServicePreferencesInput) (*request.Request, *iam.SetSecurityTokenServicePreferencesOutput)
+
 	SimulateCustomPolicy(*iam.SimulateCustomPolicyInput) (*iam.SimulatePolicyResponse, error)
 	SimulateCustomPolicyWithContext(aws.Context, *iam.SimulateCustomPolicyInput, ...request.Option) (*iam.SimulatePolicyResponse, error)
 	SimulateCustomPolicyRequest(*iam.SimulateCustomPolicyInput) (*request.Request, *iam.SimulatePolicyResponse)
@@ -562,6 +614,22 @@ type IAMAPI interface {
 	SimulatePrincipalPolicyPages(*iam.SimulatePrincipalPolicyInput, func(*iam.SimulatePolicyResponse, bool) bool) error
 	SimulatePrincipalPolicyPagesWithContext(aws.Context, *iam.SimulatePrincipalPolicyInput, func(*iam.SimulatePolicyResponse, bool) bool, ...request.Option) error

+	TagRole(*iam.TagRoleInput) (*iam.TagRoleOutput, error)
+	TagRoleWithContext(aws.Context, *iam.TagRoleInput, ...request.Option) (*iam.TagRoleOutput, error)
+	TagRoleRequest(*iam.TagRoleInput) (*request.Request, *iam.TagRoleOutput)
+
+	TagUser(*iam.TagUserInput) (*iam.TagUserOutput, error)
+	TagUserWithContext(aws.Context, *iam.TagUserInput, ...request.Option) (*iam.TagUserOutput, error)
+	TagUserRequest(*iam.TagUserInput) (*request.Request, *iam.TagUserOutput)
+
+	UntagRole(*iam.UntagRoleInput) (*iam.UntagRoleOutput, error)
+	UntagRoleWithContext(aws.Context, *iam.UntagRoleInput, ...request.Option) (*iam.UntagRoleOutput, error)
+	UntagRoleRequest(*iam.UntagRoleInput) (*request.Request, *iam.UntagRoleOutput)
+
+	UntagUser(*iam.UntagUserInput) (*iam.UntagUserOutput, error)
+	UntagUserWithContext(aws.Context, *iam.UntagUserInput, ...request.Option) (*iam.UntagUserOutput, error)
+	UntagUserRequest(*iam.UntagUserInput) (*request.Request, *iam.UntagUserOutput)
+
 	UpdateAccessKey(*iam.UpdateAccessKeyInput) (*iam.UpdateAccessKeyOutput, error)
 	UpdateAccessKeyWithContext(aws.Context, *iam.UpdateAccessKeyInput, ...request.Option) (*iam.UpdateAccessKeyOutput, error)
 	UpdateAccessKeyRequest(*iam.UpdateAccessKeyInput) (*request.Request, *iam.UpdateAccessKeyOutput)
@@ -633,6 +701,12 @@ type IAMAPI interface {
 	WaitUntilInstanceProfileExists(*iam.GetInstanceProfileInput) error
 	WaitUntilInstanceProfileExistsWithContext(aws.Context, *iam.GetInstanceProfileInput, ...request.WaiterOption) error

+	WaitUntilPolicyExists(*iam.GetPolicyInput) error
+	WaitUntilPolicyExistsWithContext(aws.Context, *iam.GetPolicyInput, ...request.WaiterOption) error
+
+	WaitUntilRoleExists(*iam.GetRoleInput) error
+	WaitUntilRoleExistsWithContext(aws.Context, *iam.GetRoleInput, ...request.WaiterOption) error
+
 	WaitUntilUserExists(*iam.GetUserInput) error
 	WaitUntilUserExistsWithContext(aws.Context, *iam.GetUserInput, ...request.WaiterOption) error
 }
@@ -0,0 +1,58 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// +build go1.10,integration
+
+package iam_test
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/awstesting/integration"
+	"github.com/aws/aws-sdk-go/service/iam"
+)
+
+var _ aws.Config
+var _ awserr.Error
+var _ request.Request
+
+func TestInteg_00_ListUsers(t *testing.T) {
+	ctx, cancelFn := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancelFn()
+
+	sess := integration.SessionWithDefaultRegion("us-east-1")
+	svc := iam.New(sess)
+	params := &iam.ListUsersInput{}
+	_, err := svc.ListUsersWithContext(ctx, params)
+	if err != nil {
+		t.Errorf("expect no error, got %v", err)
+	}
+}
+func TestInteg_01_GetUser(t *testing.T) {
+	ctx, cancelFn := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancelFn()
+
+	sess := integration.SessionWithDefaultRegion("us-east-1")
+	svc := iam.New(sess)
+	params := &iam.GetUserInput{
+		UserName: aws.String("fake_user"),
+	}
+	_, err := svc.GetUserWithContext(ctx, params)
+	if err == nil {
+		t.Fatalf("expect request to fail")
+	}
+	aerr, ok := err.(awserr.RequestFailure)
+	if !ok {
+		t.Fatalf("expect awserr, was %T", err)
+	}
+	if len(aerr.Code()) == 0 {
+		t.Errorf("expect non-empty error code")
+	}
+	if v := aerr.Code(); v == request.ErrCodeSerialization {
+		t.Errorf("expect API error code got serialization failure")
+	}
+}
@@ -29,8 +29,9 @@ var initRequest func(*request.Request)

 // Service information constants
 const (
-	ServiceName = "iam"       // Service endpoint prefix API calls made to.
-	EndpointsID = ServiceName // Service ID for Regions and Endpoints metadata.
+	ServiceName = "iam"       // Name of service.
+	EndpointsID = ServiceName // ID to lookup a service endpoint with.
+	ServiceID   = "IAM"       // ServiceID is a unique identifer of a specific service.
 )

 // New creates a new instance of the IAM client with a session.
@@ -55,6 +56,7 @@ func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio
 			cfg,
 			metadata.ClientInfo{
 				ServiceName:   ServiceName,
+				ServiceID:     ServiceID,
 				SigningName:   signingName,
 				SigningRegion: signingRegion,
 				Endpoint:      endpoint,
@@ -60,6 +60,108 @@ func (c *IAM) WaitUntilInstanceProfileExistsWithContext(ctx aws.Context, input *
 	return w.WaitWithContext(ctx)
 }

+// WaitUntilPolicyExists uses the IAM API operation
+// GetPolicy to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *IAM) WaitUntilPolicyExists(input *GetPolicyInput) error {
+	return c.WaitUntilPolicyExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilPolicyExistsWithContext is an extended version of WaitUntilPolicyExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *IAM) WaitUntilPolicyExistsWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilPolicyExists",
+		MaxAttempts: 20,
+		Delay:       request.ConstantWaiterDelay(1 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 200,
+			},
+			{
+				State:    request.RetryWaiterState,
+				Matcher:  request.ErrorWaiterMatch,
+				Expected: "NoSuchEntity",
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *GetPolicyInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.GetPolicyRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
+// WaitUntilRoleExists uses the IAM API operation
+// GetRole to wait for a condition to be met before returning.
+// If the condition is not met within the max attempt window, an error will
+// be returned.
+func (c *IAM) WaitUntilRoleExists(input *GetRoleInput) error {
+	return c.WaitUntilRoleExistsWithContext(aws.BackgroundContext(), input)
+}
+
+// WaitUntilRoleExistsWithContext is an extended version of WaitUntilRoleExists.
+// With the support for passing in a context and options to configure the
+// Waiter and the underlying request options.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *IAM) WaitUntilRoleExistsWithContext(ctx aws.Context, input *GetRoleInput, opts ...request.WaiterOption) error {
+	w := request.Waiter{
+		Name:        "WaitUntilRoleExists",
+		MaxAttempts: 20,
+		Delay:       request.ConstantWaiterDelay(1 * time.Second),
+		Acceptors: []request.WaiterAcceptor{
+			{
+				State:    request.SuccessWaiterState,
+				Matcher:  request.StatusWaiterMatch,
+				Expected: 200,
+			},
+			{
+				State:    request.RetryWaiterState,
+				Matcher:  request.ErrorWaiterMatch,
+				Expected: "NoSuchEntity",
+			},
+		},
+		Logger: c.Config.Logger,
+		NewRequest: func(opts []request.Option) (*request.Request, error) {
+			var inCpy *GetRoleInput
+			if input != nil {
+				tmp := *input
+				inCpy = &tmp
+			}
+			req, _ := c.GetRoleRequest(inCpy)
+			req.SetContext(ctx)
+			req.ApplyOptions(opts...)
+			return req, nil
+		},
+	}
+	w.ApplyOptions(opts...)
+
+	return w.WaitWithContext(ctx)
+}
+
 // WaitUntilUserExists uses the IAM API operation
 // GetUser to wait for a condition to be met before returning.
 // If the condition is not met within the max attempt window, an error will