aws-sdk-fms 1.11.0 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f863de37d76ecef4557189d804a4671b90258037
-  data.tar.gz: b91928b4763e00a45683becd192c0d968bc62e75
+  metadata.gz: 4fb1c6969e8db31be13a5b413a5a2e5991d8e833
+  data.tar.gz: e1a2d1196692c7fcbaa7ba391104669f9b6135a1
 SHA512:
-  metadata.gz: 6d6f863c4aa7cfe520ab7f55086ee97304a806016d81ca22479a2eb990c24660cd6c73d70208aedaaef74383e47fe2016e47368d97769a6f87c6ec86e3bfa6af
-  data.tar.gz: fa2ef9c93875e58af25f970a03b3bae4396d0894953a70771f46dfbf29cb95a704ec76fe8c0713af50bf71202167d84dfba800f6ca4e55c63afdd164e58e3315
+  metadata.gz: 456a0ed2c47ad0047686498d91dd9eff41355dd9bc8c5e02f9a39e64e30037700d5b144c882989903902e0d3038369d5bb9df6b39a81668d814b403ac4a02a1c
+  data.tar.gz: b2cab0725e9d878634d5e23e72747885f28c77927f3ed1569410ca6c1ddd52398a2848523b01092329c22fa9801e1ac6f22c16147d4c072a58df39e198551550

data/lib/aws-sdk-fms.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-fms/customizations'
 # @service
 module Aws::FMS
 
-  GEM_VERSION = '1.11.0'
+  GEM_VERSION = '1.12.0'
 
 end

data/lib/aws-sdk-fms/client.rb

@@ -275,9 +275,21 @@ module Aws::FMS
     #   by `PutPolicy` and by `ListPolicies`.
     #
     # @option params [Boolean] :delete_all_policy_resources
-    #   If `True`, the request will also delete all web ACLs in this policy.
-    #   Associated resources will no longer be protected by web ACLs in this
-    #   policy.
+    #   If `True`, the request will also perform a clean-up process that will:
+    #
+    #   * Delete rule groups created by AWS Firewall Manager
+    #
+    #   * Remove web ACLs from in-scope resources
+    #
+    #   * Delete web ACLs that contain no rules or rule groups
+    #
+    #   After the cleanup, in-scope resources will no longer be protected by
+    #   web ACLs in this policy. Protection of out-of-scope resources will
+    #   remain unchanged. Scope is determined by tags and accounts associated
+    #   with the policy. When creating the policy, if you specified that only
+    #   resources in specific accounts or with specific tags be protected by
+    #   the policy, those resources are in-scope. All others are out of scope.
+    #   If you did not specify tags or accounts, all resources are in-scope.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -366,7 +378,7 @@ module Aws::FMS
     #   resp.policy_compliance_detail.member_account #=> String
     #   resp.policy_compliance_detail.violators #=> Array
     #   resp.policy_compliance_detail.violators[0].resource_id #=> String
-    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL"
+    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION"
     #   resp.policy_compliance_detail.violators[0].resource_type #=> String
     #   resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
     #   resp.policy_compliance_detail.expired_at #=> Time
@@ -426,9 +438,11 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "SHIELD_ADVANCED"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
+    #   resp.policy.resource_type_list #=> Array
+    #   resp.policy.resource_type_list[0] #=> String
     #   resp.policy.resource_tags #=> Array
     #   resp.policy.resource_tags[0].key #=> String
     #   resp.policy.resource_tags[0].value #=> String
@@ -451,6 +465,77 @@ module Aws::FMS
       req.send_request(options)
     end
 
+    # If you created a Shield Advanced policy, returns policy-level attack
+    # summary information in the event of a potential DDoS attack.
+    #
+    # @option params [required, String] :policy_id
+    #   The ID of the policy for which you want to get the attack information.
+    #
+    # @option params [String] :member_account_id
+    #   The AWS account that is in scope of the policy that you want to get
+    #   the details for.
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :start_time
+    #   The start of the time period to query for the attacks. This is a
+    #   `timestamp` type. The sample request above indicates a number type
+    #   because the default used by AWS Firewall Manager is Unix time in
+    #   seconds. However, any valid `timestamp` format is allowed.
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :end_time
+    #   The end of the time period to query for the attacks. This is a
+    #   `timestamp` type. The sample request above indicates a number type
+    #   because the default used by AWS Firewall Manager is Unix time in
+    #   seconds. However, any valid `timestamp` format is allowed.
+    #
+    # @option params [String] :next_token
+    #   If you specify a value for `MaxResults` and you have more objects than
+    #   the number that you specify for `MaxResults`, AWS Firewall Manager
+    #   returns a `NextToken` value in the response that allows you to list
+    #   another group of objects. For the second and subsequent
+    #   `GetProtectionStatus` requests, specify the value of `NextToken` from
+    #   the previous response to get information about another batch of
+    #   objects.
+    #
+    # @option params [Integer] :max_results
+    #   Specifies the number of objects that you want AWS Firewall Manager to
+    #   return for this request. If you have more objects than the number that
+    #   you specify for `MaxResults`, the response includes a `NextToken`
+    #   value that you can use to get another batch of objects.
+    #
+    # @return [Types::GetProtectionStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetProtectionStatusResponse#admin_account_id #admin_account_id} => String
+    #   * {Types::GetProtectionStatusResponse#service_type #service_type} => String
+    #   * {Types::GetProtectionStatusResponse#data #data} => String
+    #   * {Types::GetProtectionStatusResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_protection_status({
+    #     policy_id: "PolicyId", # required
+    #     member_account_id: "AWSAccountId",
+    #     start_time: Time.now,
+    #     end_time: Time.now,
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.admin_account_id #=> String
+    #   resp.service_type #=> String, one of "WAF", "SHIELD_ADVANCED"
+    #   resp.data #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtectionStatus AWS API Documentation
+    #
+    # @overload get_protection_status(params = {})
+    # @param [Hash] params ({})
+    def get_protection_status(params = {}, options = {})
+      req = build_request(:get_protection_status, params)
+      req.send_request(options)
+    end
+
     # Returns an array of `PolicyComplianceStatus` objects in the response.
     # Use `PolicyComplianceStatus` to get a summary of which member accounts
     # are protected by the specified policy.
@@ -600,7 +685,7 @@ module Aws::FMS
     #   resp.policy_list[0].policy_id #=> String
     #   resp.policy_list[0].policy_name #=> String
     #   resp.policy_list[0].resource_type #=> String
-    #   resp.policy_list[0].security_service_type #=> String, one of "WAF"
+    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "SHIELD_ADVANCED"
     #   resp.policy_list[0].remediation_enabled #=> Boolean
     #   resp.next_token #=> String
     #
@@ -644,6 +729,23 @@ module Aws::FMS
 
     # Creates an AWS Firewall Manager policy.
     #
+    # Firewall Manager provides two types of policies: A Shield Advanced
+    # policy, which applies Shield Advanced protection to specified accounts
+    # and resources, or a WAF policy, which contains a rule group and
+    # defines which resources are to be protected by that rule group. A
+    # policy is specific to either WAF or Shield Advanced. If you want to
+    # enforce both WAF rules and Shield Advanced protection across accounts,
+    # you can create multiple policies. You can create one or more policies
+    # for WAF rules, and one or more policies for Shield Advanced.
+    #
+    # You must be subscribed to Shield Advanced to create a Shield Advanced
+    # policy. For more information on subscribing to Shield Advanced, see
+    # [CreateSubscription][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html
+    #
     # @option params [required, Types::Policy] :policy
     #   The details of the AWS Firewall Manager policy to be created.
     #
@@ -660,10 +762,11 @@ module Aws::FMS
     #       policy_name: "ResourceName", # required
     #       policy_update_token: "PolicyUpdateToken",
     #       security_service_policy_data: { # required
-    #         type: "WAF", # required, accepts WAF
+    #         type: "WAF", # required, accepts WAF, SHIELD_ADVANCED
     #         managed_service_data: "ManagedServiceData",
     #       },
     #       resource_type: "ResourceType", # required
+    #       resource_type_list: ["ResourceType"],
     #       resource_tags: [
     #         {
     #           key: "TagKey", # required
@@ -686,9 +789,11 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "SHIELD_ADVANCED"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
+    #   resp.policy.resource_type_list #=> Array
+    #   resp.policy.resource_type_list[0] #=> String
     #   resp.policy.resource_tags #=> Array
     #   resp.policy.resource_tags[0].key #=> String
     #   resp.policy.resource_tags[0].value #=> String
@@ -724,7 +829,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.11.0'
+      context[:gem_version] = '1.12.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-fms/client_api.rb

@@ -37,6 +37,8 @@ module Aws::FMS
     GetNotificationChannelResponse = Shapes::StructureShape.new(name: 'GetNotificationChannelResponse')
     GetPolicyRequest = Shapes::StructureShape.new(name: 'GetPolicyRequest')
     GetPolicyResponse = Shapes::StructureShape.new(name: 'GetPolicyResponse')
+    GetProtectionStatusRequest = Shapes::StructureShape.new(name: 'GetProtectionStatusRequest')
+    GetProtectionStatusResponse = Shapes::StructureShape.new(name: 'GetProtectionStatusResponse')
     InternalErrorException = Shapes::StructureShape.new(name: 'InternalErrorException')
     InvalidInputException = Shapes::StructureShape.new(name: 'InvalidInputException')
     InvalidOperationException = Shapes::StructureShape.new(name: 'InvalidOperationException')
@@ -62,6 +64,7 @@ module Aws::FMS
     PolicySummary = Shapes::StructureShape.new(name: 'PolicySummary')
     PolicySummaryList = Shapes::ListShape.new(name: 'PolicySummaryList')
     PolicyUpdateToken = Shapes::StringShape.new(name: 'PolicyUpdateToken')
+    ProtectionData = Shapes::StringShape.new(name: 'ProtectionData')
     PutNotificationChannelRequest = Shapes::StructureShape.new(name: 'PutNotificationChannelRequest')
     PutPolicyRequest = Shapes::StructureShape.new(name: 'PutPolicyRequest')
     PutPolicyResponse = Shapes::StructureShape.new(name: 'PutPolicyResponse')
@@ -73,6 +76,7 @@ module Aws::FMS
     ResourceTag = Shapes::StructureShape.new(name: 'ResourceTag')
     ResourceTags = Shapes::ListShape.new(name: 'ResourceTags')
     ResourceType = Shapes::StringShape.new(name: 'ResourceType')
+    ResourceTypeList = Shapes::ListShape.new(name: 'ResourceTypeList')
     SecurityServicePolicyData = Shapes::StructureShape.new(name: 'SecurityServicePolicyData')
     SecurityServiceType = Shapes::StringShape.new(name: 'SecurityServiceType')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
@@ -136,6 +140,20 @@ module Aws::FMS
     GetPolicyResponse.add_member(:policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "PolicyArn"))
     GetPolicyResponse.struct_class = Types::GetPolicyResponse
 
+    GetProtectionStatusRequest.add_member(:policy_id, Shapes::ShapeRef.new(shape: PolicyId, required: true, location_name: "PolicyId"))
+    GetProtectionStatusRequest.add_member(:member_account_id, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "MemberAccountId"))
+    GetProtectionStatusRequest.add_member(:start_time, Shapes::ShapeRef.new(shape: TimeStamp, location_name: "StartTime"))
+    GetProtectionStatusRequest.add_member(:end_time, Shapes::ShapeRef.new(shape: TimeStamp, location_name: "EndTime"))
+    GetProtectionStatusRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    GetProtectionStatusRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PaginationMaxResults, location_name: "MaxResults"))
+    GetProtectionStatusRequest.struct_class = Types::GetProtectionStatusRequest
+
+    GetProtectionStatusResponse.add_member(:admin_account_id, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AdminAccountId"))
+    GetProtectionStatusResponse.add_member(:service_type, Shapes::ShapeRef.new(shape: SecurityServiceType, location_name: "ServiceType"))
+    GetProtectionStatusResponse.add_member(:data, Shapes::ShapeRef.new(shape: ProtectionData, location_name: "Data"))
+    GetProtectionStatusResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    GetProtectionStatusResponse.struct_class = Types::GetProtectionStatusResponse
+
     IssueInfoMap.key = Shapes::ShapeRef.new(shape: DependentServiceName)
     IssueInfoMap.value = Shapes::ShapeRef.new(shape: DetailedInfo)
 
@@ -171,6 +189,7 @@ module Aws::FMS
     Policy.add_member(:policy_update_token, Shapes::ShapeRef.new(shape: PolicyUpdateToken, location_name: "PolicyUpdateToken"))
     Policy.add_member(:security_service_policy_data, Shapes::ShapeRef.new(shape: SecurityServicePolicyData, required: true, location_name: "SecurityServicePolicyData"))
     Policy.add_member(:resource_type, Shapes::ShapeRef.new(shape: ResourceType, required: true, location_name: "ResourceType"))
+    Policy.add_member(:resource_type_list, Shapes::ShapeRef.new(shape: ResourceTypeList, location_name: "ResourceTypeList"))
     Policy.add_member(:resource_tags, Shapes::ShapeRef.new(shape: ResourceTags, location_name: "ResourceTags"))
     Policy.add_member(:exclude_resource_tags, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "ExcludeResourceTags"))
     Policy.add_member(:remediation_enabled, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "RemediationEnabled"))
@@ -225,6 +244,8 @@ module Aws::FMS
 
     ResourceTags.member = Shapes::ShapeRef.new(shape: ResourceTag)
 
+    ResourceTypeList.member = Shapes::ShapeRef.new(shape: ResourceType)
+
     SecurityServicePolicyData.add_member(:type, Shapes::ShapeRef.new(shape: SecurityServiceType, required: true, location_name: "Type"))
     SecurityServicePolicyData.add_member(:managed_service_data, Shapes::ShapeRef.new(shape: ManagedServiceData, location_name: "ManagedServiceData"))
     SecurityServicePolicyData.struct_class = Types::SecurityServicePolicyData
@@ -337,6 +358,17 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidTypeException)
       end)
 
+      api.add_operation(:get_protection_status, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetProtectionStatus"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetProtectionStatusRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetProtectionStatusResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
+
       api.add_operation(:list_compliance_status, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListComplianceStatus"
         o.http_method = "POST"
@@ -345,6 +377,12 @@ module Aws::FMS
         o.output = Shapes::ShapeRef.new(shape: ListComplianceStatusResponse)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
       end)
 
       api.add_operation(:list_member_accounts, Seahorse::Model::Operation.new.tap do |o|
@@ -355,6 +393,12 @@ module Aws::FMS
         o.output = Shapes::ShapeRef.new(shape: ListMemberAccountsResponse)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
       end)
 
       api.add_operation(:list_policies, Seahorse::Model::Operation.new.tap do |o|
@@ -367,6 +411,12 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
       end)
 
       api.add_operation(:put_notification_channel, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-fms/types.rb

@@ -46,7 +46,7 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_type
     #   The resource type. This is in the format shown in [AWS Resource
-    #   Types Reference][1]. Valid values are
+    #   Types Reference][1]. For example:
     #   `AWS::ElasticLoadBalancingV2::LoadBalancer` or
     #   `AWS::CloudFront::Distribution`.
     #
@@ -84,9 +84,23 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] delete_all_policy_resources
-    #   If `True`, the request will also delete all web ACLs in this policy.
-    #   Associated resources will no longer be protected by web ACLs in this
-    #   policy.
+    #   If `True`, the request will also perform a clean-up process that
+    #   will:
+    #
+    #   * Delete rule groups created by AWS Firewall Manager
+    #
+    #   * Remove web ACLs from in-scope resources
+    #
+    #   * Delete web ACLs that contain no rules or rule groups
+    #
+    #   After the cleanup, in-scope resources will no longer be protected by
+    #   web ACLs in this policy. Protection of out-of-scope resources will
+    #   remain unchanged. Scope is determined by tags and accounts
+    #   associated with the policy. When creating the policy, if you
+    #   specified that only resources in specific accounts or with specific
+    #   tags be protected by the policy, those resources are in-scope. All
+    #   others are out of scope. If you did not specify tags or accounts,
+    #   all resources are in-scope.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeletePolicyRequest AWS API Documentation
@@ -252,6 +266,121 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetProtectionStatusRequest
+    #   data as a hash:
+    #
+    #       {
+    #         policy_id: "PolicyId", # required
+    #         member_account_id: "AWSAccountId",
+    #         start_time: Time.now,
+    #         end_time: Time.now,
+    #         next_token: "PaginationToken",
+    #         max_results: 1,
+    #       }
+    #
+    # @!attribute [rw] policy_id
+    #   The ID of the policy for which you want to get the attack
+    #   information.
+    #   @return [String]
+    #
+    # @!attribute [rw] member_account_id
+    #   The AWS account that is in scope of the policy that you want to get
+    #   the details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   The start of the time period to query for the attacks. This is a
+    #   `timestamp` type. The sample request above indicates a number type
+    #   because the default used by AWS Firewall Manager is Unix time in
+    #   seconds. However, any valid `timestamp` format is allowed.
+    #   @return [Time]
+    #
+    # @!attribute [rw] end_time
+    #   The end of the time period to query for the attacks. This is a
+    #   `timestamp` type. The sample request above indicates a number type
+    #   because the default used by AWS Firewall Manager is Unix time in
+    #   seconds. However, any valid `timestamp` format is allowed.
+    #   @return [Time]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` and you have more objects
+    #   than the number that you specify for `MaxResults`, AWS Firewall
+    #   Manager returns a `NextToken` value in the response that allows you
+    #   to list another group of objects. For the second and subsequent
+    #   `GetProtectionStatus` requests, specify the value of `NextToken`
+    #   from the previous response to get information about another batch of
+    #   objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   Specifies the number of objects that you want AWS Firewall Manager
+    #   to return for this request. If you have more objects than the number
+    #   that you specify for `MaxResults`, the response includes a
+    #   `NextToken` value that you can use to get another batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtectionStatusRequest AWS API Documentation
+    #
+    class GetProtectionStatusRequest < Struct.new(
+      :policy_id,
+      :member_account_id,
+      :start_time,
+      :end_time,
+      :next_token,
+      :max_results)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] admin_account_id
+    #   The ID of the AWS Firewall administrator account for this policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_type
+    #   The service type that is protected by the policy. Currently, this is
+    #   always `SHIELD_ADVANCED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] data
+    #   Details about the attack, including the following:
+    #
+    #   * Attack type
+    #
+    #   * Account ID
+    #
+    #   * ARN of the resource attacked
+    #
+    #   * Start time of the attack
+    #
+    #   * End time of the attack (ongoing attacks will not have an end time)
+    #
+    #   The details are in JSON format. An example is shown in the Examples
+    #   section below.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   If you have more objects than the number that you specified for
+    #   `MaxResults` in the request, the response includes a `NextToken`
+    #   value. To list more objects, submit another `GetProtectionStatus`
+    #   request, and specify the `NextToken` value from the response in the
+    #   `NextToken` value in the next request.
+    #
+    #   AWS SDKs provide auto-pagination that identify `NextToken` in a
+    #   response and make subsequent request calls automatically on your
+    #   behalf. However, this feature is not supported by
+    #   `GetProtectionStatus`. You must submit subsequent requests with
+    #   `NextToken` using your own processes.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtectionStatusResponse AWS API Documentation
+    #
+    class GetProtectionStatusResponse < Struct.new(
+      :admin_account_id,
+      :service_type,
+      :data,
+      :next_token)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListComplianceStatusRequest
     #   data as a hash:
     #
@@ -435,10 +564,11 @@ module Aws::FMS
     #         policy_name: "ResourceName", # required
     #         policy_update_token: "PolicyUpdateToken",
     #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF
+    #           type: "WAF", # required, accepts WAF, SHIELD_ADVANCED
     #           managed_service_data: "ManagedServiceData",
     #         },
     #         resource_type: "ResourceType", # required
+    #         resource_type_list: ["ResourceType"],
     #         resource_tags: [
     #           {
     #             key: "TagKey", # required
@@ -477,10 +607,9 @@ module Aws::FMS
     #   @return [Types::SecurityServicePolicyData]
     #
     # @!attribute [rw] resource_type
-    #   The type of resource to protect with the policy, either an
-    #   Application Load Balancer or a CloudFront distribution. This is in
-    #   the format shown in [AWS Resource Types Reference][1]. Valid values
-    #   are `AWS::ElasticLoadBalancingV2::LoadBalancer` or
+    #   The type of resource to protect with the policy. This is in the
+    #   format shown in [AWS Resource Types Reference][1]. For example:
+    #   `AWS::ElasticLoadBalancingV2::LoadBalancer` or
     #   `AWS::CloudFront::Distribution`.
     #
     #
@@ -488,6 +617,10 @@ module Aws::FMS
     #   [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
     #   @return [String]
     #
+    # @!attribute [rw] resource_type_list
+    #   An array of `ResourceType`.
+    #   @return [Array<String>]
+    #
     # @!attribute [rw] resource_tags
     #   An array of `ResourceTag` objects.
     #   @return [Array<Types::ResourceTag>]
@@ -533,6 +666,7 @@ module Aws::FMS
       :policy_update_token,
       :security_service_policy_data,
       :resource_type,
+      :resource_type_list,
       :resource_tags,
       :exclude_resource_tags,
       :remediation_enabled,
@@ -655,10 +789,9 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] resource_type
-    #   The type of resource to protect with the policy, either an
-    #   Application Load Balancer or a CloudFront distribution. This is in
-    #   the format shown in [AWS Resource Types Reference][1]. Valid values
-    #   are `AWS::ElasticLoadBalancingV2::LoadBalancer` or
+    #   The type of resource to protect with the policy. This is in the
+    #   format shown in [AWS Resource Types Reference][1]. For example:
+    #   `AWS::ElasticLoadBalancingV2::LoadBalancer` or
     #   `AWS::CloudFront::Distribution`.
     #
     #
@@ -668,7 +801,8 @@ module Aws::FMS
     #
     # @!attribute [rw] security_service_type
     #   The service that the policy is using to protect the resources. This
-    #   value is `WAF`.
+    #   specifies the type of policy that is created, either a WAF policy or
+    #   Shield Advanced policy.
     #   @return [String]
     #
     # @!attribute [rw] remediation_enabled
@@ -723,10 +857,11 @@ module Aws::FMS
     #           policy_name: "ResourceName", # required
     #           policy_update_token: "PolicyUpdateToken",
     #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF
+    #             type: "WAF", # required, accepts WAF, SHIELD_ADVANCED
     #             managed_service_data: "ManagedServiceData",
     #           },
     #           resource_type: "ResourceType", # required
+    #           resource_type_list: ["ResourceType"],
     #           resource_tags: [
     #             {
     #               key: "TagKey", # required
@@ -816,13 +951,14 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         type: "WAF", # required, accepts WAF
+    #         type: "WAF", # required, accepts WAF, SHIELD_ADVANCED
     #         managed_service_data: "ManagedServiceData",
     #       }
     #
     # @!attribute [rw] type
     #   The service that the policy is using to protect the resources. This
-    #   value is `WAF`.
+    #   specifies the type of policy that is created, either a WAF policy or
+    #   Shield Advanced policy.
     #   @return [String]
     #
     # @!attribute [rw] managed_service_data
@@ -833,6 +969,8 @@ module Aws::FMS
     #   [\{"id": "12345678-1bcd-9012-efga-0987654321ab",
     #   "overrideAction" : \{"type": "COUNT"\}\}], "defaultAction":
     #   \{"type": "BLOCK"\}\}`
+    #
+    #   If this is a Shield Advanced policy, this string will be empty.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityServicePolicyData AWS API Documentation

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.11.0
+  version: 1.12.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-21 00:00:00.000000000 Z
+date: 2019-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core