aws-sdk-fms 1.24.0 → 1.29.0

data/lib/aws-sdk-fms/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-fms/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:

data/lib/aws-sdk-fms/types.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
@@ -8,6 +10,153 @@
 module Aws::FMS
   module Types
 
+    # An individual AWS Firewall Manager application.
+    #
+    # @note When making an API call, you may pass App
+    #   data as a hash:
+    #
+    #       {
+    #         app_name: "ResourceName", # required
+    #         protocol: "Protocol", # required
+    #         port: 1, # required
+    #       }
+    #
+    # @!attribute [rw] app_name
+    #   The application's name.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The IP protocol name or number. The name can be one of `tcp`, `udp`,
+    #   or `icmp`. For information on possible numbers, see [Protocol
+    #   Numbers][1].
+    #
+    #
+    #
+    #   [1]: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+    #   @return [String]
+    #
+    # @!attribute [rw] port
+    #   The application's port number, for example `80`.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/App AWS API Documentation
+    #
+    class App < Struct.new(
+      :app_name,
+      :protocol,
+      :port)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An AWS Firewall Manager applications list.
+    #
+    # @note When making an API call, you may pass AppsListData
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId",
+    #         list_name: "ResourceName", # required
+    #         list_update_token: "UpdateToken",
+    #         create_time: Time.now,
+    #         last_update_time: Time.now,
+    #         apps_list: [ # required
+    #           {
+    #             app_name: "ResourceName", # required
+    #             protocol: "Protocol", # required
+    #             port: 1, # required
+    #           },
+    #         ],
+    #         previous_apps_list: {
+    #           "PreviousListVersion" => [
+    #             {
+    #               app_name: "ResourceName", # required
+    #               protocol: "Protocol", # required
+    #               port: 1, # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the AWS Firewall Manager applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_update_token
+    #   A unique identifier for each update to the list. When you update the
+    #   list, the update token must match the token of the current version
+    #   of the application list. You can retrieve the update token by
+    #   getting the list.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_time
+    #   The time that the AWS Firewall Manager applications list was
+    #   created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_time
+    #   The time that the AWS Firewall Manager applications list was last
+    #   updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] apps_list
+    #   An array of applications in the AWS Firewall Manager applications
+    #   list.
+    #   @return [Array<Types::App>]
+    #
+    # @!attribute [rw] previous_apps_list
+    #   A map of previous version numbers to their corresponding `App`
+    #   object arrays.
+    #   @return [Hash<String,Array<Types::App>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListData AWS API Documentation
+    #
+    class AppsListData < Struct.new(
+      :list_id,
+      :list_name,
+      :list_update_token,
+      :create_time,
+      :last_update_time,
+      :apps_list,
+      :previous_apps_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Details of the AWS Firewall Manager applications list.
+    #
+    # @!attribute [rw] list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] apps_list
+    #   An array of `App` objects in the AWS Firewall Manager applications
+    #   list.
+    #   @return [Array<Types::App>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListDataSummary AWS API Documentation
+    #
+    class AppsListDataSummary < Struct.new(
+      :list_arn,
+      :list_id,
+      :list_name,
+      :apps_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass AssociateAdminAccountRequest
     #   data as a hash:
     #
@@ -31,6 +180,77 @@ module Aws::FMS
     #
     class AssociateAdminAccountRequest < Struct.new(
       :admin_account)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violations for an EC2 instance resource.
+    #
+    # @!attribute [rw] violation_target
+    #   The resource ID of the EC2 instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] aws_ec2_network_interface_violations
+    #   Violations for network interfaces associated with the EC2 instance.
+    #   @return [Array<Types::AwsEc2NetworkInterfaceViolation>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2InstanceViolation AWS API Documentation
+    #
+    class AwsEc2InstanceViolation < Struct.new(
+      :violation_target,
+      :aws_ec2_network_interface_violations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violations for network interfaces associated with an EC2 instance.
+    #
+    # @!attribute [rw] violation_target
+    #   The resource ID of the network interface.
+    #   @return [String]
+    #
+    # @!attribute [rw] violating_security_groups
+    #   List of security groups that violate the rules specified in the
+    #   master security group of the AWS Firewall Manager policy.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2NetworkInterfaceViolation AWS API Documentation
+    #
+    class AwsEc2NetworkInterfaceViolation < Struct.new(
+      :violation_target,
+      :violating_security_groups)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Details of the rule violation in a security group when compared to the
+    # master security group of the AWS Firewall Manager policy.
+    #
+    # @!attribute [rw] violation_target
+    #   The security group rule that is being evaluated.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the security group that violates the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] partial_matches
+    #   List of rules specified in the security group of the AWS Firewall
+    #   Manager policy that partially match the `ViolationTarget` rule.
+    #   @return [Array<Types::PartialMatch>]
+    #
+    # @!attribute [rw] possible_security_group_remediation_actions
+    #   Remediation options for the rule specified in the `ViolationTarget`.
+    #   @return [Array<Types::SecurityGroupRemediationAction>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsVPCSecurityGroupViolation AWS API Documentation
+    #
+    class AwsVPCSecurityGroupViolation < Struct.new(
+      :violation_target,
+      :violation_target_description,
+      :partial_matches,
+      :possible_security_group_remediation_actions)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -61,6 +281,28 @@ module Aws::FMS
       :resource_id,
       :violation_reason,
       :resource_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the applications list that you want to delete. You can
+    #   retrieve this ID from `PutAppsList`, `ListAppsLists`, and
+    #   `GetAppsList`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteAppsListRequest AWS API Documentation
+    #
+    class DeleteAppsListRequest < Struct.new(
+      :list_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -79,8 +321,8 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy_id
-    #   The ID of the policy that you want to delete. `PolicyId` is returned
-    #   by `PutPolicy` and by `ListPolicies`.
+    #   The ID of the policy that you want to delete. You can retrieve this
+    #   ID from `PutPolicy` and `ListPolicies`.
     #   @return [String]
     #
     # @!attribute [rw] delete_all_policy_resources
@@ -120,6 +362,28 @@ module Aws::FMS
     class DeletePolicyRequest < Struct.new(
       :policy_id,
       :delete_all_policy_resources)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass DeleteProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the protocols list that you want to delete. You can
+    #   retrieve this ID from `PutProtocolsList`, `ListProtocolsLists`, and
+    #   `GetProtocolsLost`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteProtocolsListRequest AWS API Documentation
+    #
+    class DeleteProtocolsListRequest < Struct.new(
+      :list_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -159,6 +423,7 @@ module Aws::FMS
       :compliance_status,
       :violator_count,
       :evaluation_limit_exceeded)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -183,6 +448,52 @@ module Aws::FMS
     class GetAdminAccountResponse < Struct.new(
       :admin_account,
       :role_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #         default_list: false,
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager applications list that you want
+    #   the details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] default_list
+    #   Specifies whether the list to retrieve is a default list owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListRequest AWS API Documentation
+    #
+    class GetAppsListRequest < Struct.new(
+      :list_id,
+      :default_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] apps_list
+    #   Information about the specified AWS Firewall Manager applications
+    #   list.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] apps_list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListResponse AWS API Documentation
+    #
+    class GetAppsListResponse < Struct.new(
+      :apps_list,
+      :apps_list_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -209,6 +520,7 @@ module Aws::FMS
     class GetComplianceDetailRequest < Struct.new(
       :policy_id,
       :member_account)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -221,6 +533,7 @@ module Aws::FMS
     #
     class GetComplianceDetailResponse < Struct.new(
       :policy_compliance_detail)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -244,6 +557,7 @@ module Aws::FMS
     class GetNotificationChannelResponse < Struct.new(
       :sns_topic_arn,
       :sns_role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -263,6 +577,7 @@ module Aws::FMS
     #
     class GetPolicyRequest < Struct.new(
       :policy_id)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -279,6 +594,7 @@ module Aws::FMS
     class GetPolicyResponse < Struct.new(
       :policy,
       :policy_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -344,6 +660,7 @@ module Aws::FMS
       :end_time,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -393,6 +710,109 @@ module Aws::FMS
       :service_type,
       :data,
       :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #         default_list: false,
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager protocols list that you want the
+    #   details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] default_list
+    #   Specifies whether the list to retrieve is a default list owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListRequest AWS API Documentation
+    #
+    class GetProtocolsListRequest < Struct.new(
+      :list_id,
+      :default_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] protocols_list
+    #   Information about the specified AWS Firewall Manager protocols list.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] protocols_list_arn
+    #   The Amazon Resource Name (ARN) of the specified protocols list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListResponse AWS API Documentation
+    #
+    class GetProtocolsListResponse < Struct.new(
+      :protocols_list,
+      :protocols_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetViolationDetailsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         policy_id: "PolicyId", # required
+    #         member_account: "AWSAccountId", # required
+    #         resource_id: "ResourceId", # required
+    #         resource_type: "ResourceType", # required
+    #       }
+    #
+    # @!attribute [rw] policy_id
+    #   The ID of the AWS Firewall Manager policy that you want the details
+    #   for. This currently only supports security group content audit
+    #   policies.
+    #   @return [String]
+    #
+    # @!attribute [rw] member_account
+    #   The AWS account ID that you want the details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The ID of the resource that has violations.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The resource type. This is in the format shown in the [AWS Resource
+    #   Types Reference][1]. Supported resource types are:
+    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`, or
+    #   `AWS::EC2::SecurityGroup`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsRequest AWS API Documentation
+    #
+    class GetViolationDetailsRequest < Struct.new(
+      :policy_id,
+      :member_account,
+      :resource_id,
+      :resource_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] violation_detail
+    #   Violation detail for a resource.
+    #   @return [Types::ViolationDetail]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsResponse AWS API Documentation
+    #
+    class GetViolationDetailsResponse < Struct.new(
+      :violation_detail)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -406,6 +826,7 @@ module Aws::FMS
     #
     class InternalErrorException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -418,13 +839,17 @@ module Aws::FMS
     #
     class InvalidInputException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
-    # The operation failed because there was nothing to do. For example, you
-    # might have submitted an `AssociateAdminAccount` request, but the
-    # account ID that you submitted was already set as the AWS Firewall
-    # Manager administrator.
+    # The operation failed because there was nothing to do or the operation
+    # wasn't possible. For example, you might have submitted an
+    # `AssociateAdminAccount` request for an account ID that was already set
+    # as the AWS Firewall Manager administrator. Or you might have tried to
+    # access a Region that's disabled by default, and that you need to
+    # enable for the Firewall Manager administrator account and for AWS
+    # Organizations before you can access it.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -433,6 +858,7 @@ module Aws::FMS
     #
     class InvalidOperationException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -445,6 +871,7 @@ module Aws::FMS
     #
     class InvalidTypeException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -464,6 +891,69 @@ module Aws::FMS
     #
     class LimitExceededException < Struct.new(
       :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListAppsListsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         default_lists: false,
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
+    #       }
+    #
+    # @!attribute [rw] default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. For all but the first request, you
+    #   provide the token returned by the prior request in the request
+    #   parameters, to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
+    #
+    #   If you don't specify this, AWS Firewall Manager returns all
+    #   available objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsRequest AWS API Documentation
+    #
+    class ListAppsListsRequest < Struct.new(
+      :default_lists,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] apps_lists
+    #   An array of `AppsListDataSummary` objects.
+    #   @return [Array<Types::AppsListDataSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. You can use this token in subsequent
+    #   requests to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsResponse AWS API Documentation
+    #
+    class ListAppsListsResponse < Struct.new(
+      :apps_lists,
+      :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -507,6 +997,7 @@ module Aws::FMS
       :policy_id,
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -528,6 +1019,7 @@ module Aws::FMS
     class ListComplianceStatusResponse < Struct.new(
       :policy_compliance_status_list,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -562,6 +1054,7 @@ module Aws::FMS
     class ListMemberAccountsRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -582,6 +1075,7 @@ module Aws::FMS
     class ListMemberAccountsResponse < Struct.new(
       :member_accounts,
       :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -617,6 +1111,7 @@ module Aws::FMS
     class ListPoliciesRequest < Struct.new(
       :next_token,
       :max_results)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -637,6 +1132,69 @@ module Aws::FMS
     class ListPoliciesResponse < Struct.new(
       :policy_list,
       :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListProtocolsListsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         default_lists: false,
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
+    #       }
+    #
+    # @!attribute [rw] default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. For all but the first request, you
+    #   provide the token returned by the prior request in the request
+    #   parameters, to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
+    #
+    #   If you don't specify this, AWS Firewall Manager returns all
+    #   available objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsRequest AWS API Documentation
+    #
+    class ListProtocolsListsRequest < Struct.new(
+      :default_lists,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] protocols_lists
+    #   An array of `ProtocolsListDataSummary` objects.
+    #   @return [Array<Types::ProtocolsListDataSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. You can use this token in subsequent
+    #   requests to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsResponse AWS API Documentation
+    #
+    class ListProtocolsListsResponse < Struct.new(
+      :protocols_lists,
+      :next_token)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -649,14 +1207,15 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
-    #   The Firewall Manager policy is the only AWS resource that supports
-    #   tagging, so this ARN is a policy ARN..
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceRequest AWS API Documentation
     #
     class ListTagsForResourceRequest < Struct.new(
       :resource_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -668,6 +1227,28 @@ module Aws::FMS
     #
     class ListTagsForResourceResponse < Struct.new(
       :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The reference rule that partially matches the `ViolationTarget` rule
+    # and violation reason.
+    #
+    # @!attribute [rw] reference
+    #   The reference rule from the master security group of the AWS
+    #   Firewall Manager policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reasons
+    #   The violation reason.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PartialMatch AWS API Documentation
+    #
+    class PartialMatch < Struct.new(
+      :reference,
+      :target_violation_reasons)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -707,7 +1288,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the AWS Firewall Manager policy.
+    #   The name of the AWS Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_update_token
@@ -835,6 +1416,7 @@ module Aws::FMS
       :remediation_enabled,
       :include_map,
       :exclude_map)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -888,6 +1470,7 @@ module Aws::FMS
       :evaluation_limit_exceeded,
       :expired_at,
       :issue_info_map)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -906,7 +1489,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the AWS Firewall Manager policy.
+    #   The name of the AWS Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] member_account
@@ -938,6 +1521,7 @@ module Aws::FMS
       :evaluation_results,
       :last_updated,
       :issue_info_map)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -952,7 +1536,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the specified policy.
+    #   The name of the specified policy.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -993,6 +1577,170 @@ module Aws::FMS
       :resource_type,
       :security_service_type,
       :remediation_enabled)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An AWS Firewall Manager protocols list.
+    #
+    # @note When making an API call, you may pass ProtocolsListData
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId",
+    #         list_name: "ResourceName", # required
+    #         list_update_token: "UpdateToken",
+    #         create_time: Time.now,
+    #         last_update_time: Time.now,
+    #         protocols_list: ["Protocol"], # required
+    #         previous_protocols_list: {
+    #           "PreviousListVersion" => ["Protocol"],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the AWS Firewall Manager protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_update_token
+    #   A unique identifier for each update to the list. When you update the
+    #   list, the update token must match the token of the current version
+    #   of the application list. You can retrieve the update token by
+    #   getting the list.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_time
+    #   The time that the AWS Firewall Manager protocols list was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_time
+    #   The time that the AWS Firewall Manager protocols list was last
+    #   updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] protocols_list
+    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] previous_protocols_list
+    #   A map of previous version numbers to their corresponding protocol
+    #   arrays.
+    #   @return [Hash<String,Array<String>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListData AWS API Documentation
+    #
+    class ProtocolsListData < Struct.new(
+      :list_id,
+      :list_name,
+      :list_update_token,
+      :create_time,
+      :last_update_time,
+      :protocols_list,
+      :previous_protocols_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Details of the AWS Firewall Manager protocols list.
+    #
+    # @!attribute [rw] list_arn
+    #   The Amazon Resource Name (ARN) of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocols_list
+    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListDataSummary AWS API Documentation
+    #
+    class ProtocolsListDataSummary < Struct.new(
+      :list_arn,
+      :list_id,
+      :list_name,
+      :protocols_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         apps_list: { # required
+    #           list_id: "ListId",
+    #           list_name: "ResourceName", # required
+    #           list_update_token: "UpdateToken",
+    #           create_time: Time.now,
+    #           last_update_time: Time.now,
+    #           apps_list: [ # required
+    #             {
+    #               app_name: "ResourceName", # required
+    #               protocol: "Protocol", # required
+    #               port: 1, # required
+    #             },
+    #           ],
+    #           previous_apps_list: {
+    #             "PreviousListVersion" => [
+    #               {
+    #                 app_name: "ResourceName", # required
+    #                 protocol: "Protocol", # required
+    #                 port: 1, # required
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         tag_list: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] apps_list
+    #   The details of the AWS Firewall Manager applications list to be
+    #   created.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] tag_list
+    #   The tags associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListRequest AWS API Documentation
+    #
+    class PutAppsListRequest < Struct.new(
+      :apps_list,
+      :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] apps_list
+    #   The details of the AWS Firewall Manager applications list.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] apps_list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListResponse AWS API Documentation
+    #
+    class PutAppsListResponse < Struct.new(
+      :apps_list,
+      :apps_list_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1019,6 +1767,7 @@ module Aws::FMS
     class PutNotificationChannelRequest < Struct.new(
       :sns_topic_arn,
       :sns_role_name)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1072,15 +1821,16 @@ module Aws::FMS
     class PutPolicyRequest < Struct.new(
       :policy,
       :tag_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
     # @!attribute [rw] policy
-    #   The details of the AWS Firewall Manager policy that was created.
+    #   The details of the AWS Firewall Manager policy.
     #   @return [Types::Policy]
     #
     # @!attribute [rw] policy_arn
-    #   The Amazon Resource Name (ARN) of the policy that was created.
+    #   The Amazon Resource Name (ARN) of the policy.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicyResponse AWS API Documentation
@@ -1088,6 +1838,65 @@ module Aws::FMS
     class PutPolicyResponse < Struct.new(
       :policy,
       :policy_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass PutProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         protocols_list: { # required
+    #           list_id: "ListId",
+    #           list_name: "ResourceName", # required
+    #           list_update_token: "UpdateToken",
+    #           create_time: Time.now,
+    #           last_update_time: Time.now,
+    #           protocols_list: ["Protocol"], # required
+    #           previous_protocols_list: {
+    #             "PreviousListVersion" => ["Protocol"],
+    #           },
+    #         },
+    #         tag_list: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] protocols_list
+    #   The details of the AWS Firewall Manager protocols list to be
+    #   created.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] tag_list
+    #   The tags associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListRequest AWS API Documentation
+    #
+    class PutProtocolsListRequest < Struct.new(
+      :protocols_list,
+      :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] protocols_list
+    #   The details of the AWS Firewall Manager protocols list.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] protocols_list_arn
+    #   The Amazon Resource Name (ARN) of the protocols list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListResponse AWS API Documentation
+    #
+    class PutProtocolsListResponse < Struct.new(
+      :protocols_list,
+      :protocols_list_arn)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1100,6 +1909,7 @@ module Aws::FMS
     #
     class ResourceNotFoundException < Struct.new(
       :message)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1138,6 +1948,103 @@ module Aws::FMS
     class ResourceTag < Struct.new(
       :key,
       :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violation detail based on resource type.
+    #
+    # @!attribute [rw] aws_vpc_security_group_violation
+    #   Violation details for security groups.
+    #   @return [Types::AwsVPCSecurityGroupViolation]
+    #
+    # @!attribute [rw] aws_ec2_network_interface_violation
+    #   Violation details for network interface.
+    #   @return [Types::AwsEc2NetworkInterfaceViolation]
+    #
+    # @!attribute [rw] aws_ec2_instance_violation
+    #   Violation details for an EC2 instance.
+    #   @return [Types::AwsEc2InstanceViolation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
+    #
+    class ResourceViolation < Struct.new(
+      :aws_vpc_security_group_violation,
+      :aws_ec2_network_interface_violation,
+      :aws_ec2_instance_violation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Remediation option for the rule specified in the `ViolationTarget`.
+    #
+    # @!attribute [rw] remediation_action_type
+    #   The remediation action that will be performed.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   Brief description of the action that will be performed.
+    #   @return [String]
+    #
+    # @!attribute [rw] remediation_result
+    #   The final state of the rule specified in the `ViolationTarget` after
+    #   it is remediated.
+    #   @return [Types::SecurityGroupRuleDescription]
+    #
+    # @!attribute [rw] is_default_action
+    #   Indicates if the current action is the default action.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRemediationAction AWS API Documentation
+    #
+    class SecurityGroupRemediationAction < Struct.new(
+      :remediation_action_type,
+      :description,
+      :remediation_result,
+      :is_default_action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes a set of permissions for a security group rule.
+    #
+    # @!attribute [rw] ipv4_range
+    #   The IPv4 ranges for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] ipv6_range
+    #   The IPv6 ranges for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] prefix_list_id
+    #   The ID of the prefix list for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The IP protocol name (`tcp`, `udp`, `icmp`, `icmpv6`) or number.
+    #   @return [String]
+    #
+    # @!attribute [rw] from_port
+    #   The start of the port range for the TCP and UDP protocols, or an
+    #   ICMP/ICMPv6 type number. A value of `-1` indicates all ICMP/ICMPv6
+    #   types.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] to_port
+    #   The end of the port range for the TCP and UDP protocols, or an
+    #   ICMP/ICMPv6 code. A value of `-1` indicates all ICMP/ICMPv6 codes.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRuleDescription AWS API Documentation
+    #
+    class SecurityGroupRuleDescription < Struct.new(
+      :ipv4_range,
+      :ipv6_range,
+      :prefix_list_id,
+      :protocol,
+      :from_port,
+      :to_port)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1170,7 +2077,7 @@ module Aws::FMS
     #   * Example: `WAFV2`
     #
     #     `"ManagedServiceData":
-    #     "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludedRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendor":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludedRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
+    #     "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludeRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendorName":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludeRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
     #
     #   * Example: `WAF Classic`
     #
@@ -1209,6 +2116,7 @@ module Aws::FMS
     class SecurityServicePolicyData < Struct.new(
       :type,
       :managed_service_data)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1244,6 +2152,7 @@ module Aws::FMS
     class Tag < Struct.new(
       :key,
       :value)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1261,9 +2170,9 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN
-    #   is a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for.
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_list
@@ -1275,6 +2184,7 @@ module Aws::FMS
     class TagResourceRequest < Struct.new(
       :resource_arn,
       :tag_list)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1291,9 +2201,9 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN
-    #   is a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for.
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
@@ -1305,6 +2215,7 @@ module Aws::FMS
     class UntagResourceRequest < Struct.new(
       :resource_arn,
       :tag_keys)
+      SENSITIVE = []
       include Aws::Structure
     end
 
@@ -1312,5 +2223,51 @@ module Aws::FMS
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # Violations for a resource based on the specified AWS Firewall Manager
+    # policy and AWS account.
+    #
+    # @!attribute [rw] policy_id
+    #   The ID of the AWS Firewall Manager policy that the violation details
+    #   were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] member_account
+    #   The AWS account that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The resource ID that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The resource type that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_violations
+    #   List of violations for the requested resource.
+    #   @return [Array<Types::ResourceViolation>]
+    #
+    # @!attribute [rw] resource_tags
+    #   The `ResourceTag` objects associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] resource_description
+    #   Brief description for the requested resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ViolationDetail AWS API Documentation
+    #
+    class ViolationDetail < Struct.new(
+      :policy_id,
+      :member_account,
+      :resource_id,
+      :resource_type,
+      :resource_violations,
+      :resource_tags,
+      :resource_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
   end
 end