RubyGems - aws-sdk-fms - Versions diffs - 1.28.0 → 1.29.0 - Mend

aws-sdk-fms 1.28.0 → 1.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-fms.rb +1 -1
data/lib/aws-sdk-fms/client.rb +484 -15
data/lib/aws-sdk-fms/client_api.rb +331 -0
data/lib/aws-sdk-fms/types.rb +937 -20
metadata +2 -2

data/lib/aws-sdk-fms/types.rb CHANGED

@@ -10,6 +10,153 @@
 module Aws::FMS
   module Types
+    # An individual AWS Firewall Manager application.
+    #
+    # @note When making an API call, you may pass App
+    #   data as a hash:
+    #
+    #       {
+    #         app_name: "ResourceName", # required
+    #         protocol: "Protocol", # required
+    #         port: 1, # required
+    #       }
+    #
+    # @!attribute [rw] app_name
+    #   The application's name.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The IP protocol name or number. The name can be one of `tcp`, `udp`,
+    #   or `icmp`. For information on possible numbers, see [Protocol
+    #   Numbers][1].
+    #
+    #
+    #
+    #   [1]: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+    #   @return [String]
+    #
+    # @!attribute [rw] port
+    #   The application's port number, for example `80`.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/App AWS API Documentation
+    #
+    class App < Struct.new(
+      :app_name,
+      :protocol,
+      :port)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # An AWS Firewall Manager applications list.
+    #
+    # @note When making an API call, you may pass AppsListData
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId",
+    #         list_name: "ResourceName", # required
+    #         list_update_token: "UpdateToken",
+    #         create_time: Time.now,
+    #         last_update_time: Time.now,
+    #         apps_list: [ # required
+    #           {
+    #             app_name: "ResourceName", # required
+    #             protocol: "Protocol", # required
+    #             port: 1, # required
+    #           },
+    #         ],
+    #         previous_apps_list: {
+    #           "PreviousListVersion" => [
+    #             {
+    #               app_name: "ResourceName", # required
+    #               protocol: "Protocol", # required
+    #               port: 1, # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the AWS Firewall Manager applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_update_token
+    #   A unique identifier for each update to the list. When you update the
+    #   list, the update token must match the token of the current version
+    #   of the application list. You can retrieve the update token by
+    #   getting the list.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_time
+    #   The time that the AWS Firewall Manager applications list was
+    #   created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_time
+    #   The time that the AWS Firewall Manager applications list was last
+    #   updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] apps_list
+    #   An array of applications in the AWS Firewall Manager applications
+    #   list.
+    #   @return [Array<Types::App>]
+    #
+    # @!attribute [rw] previous_apps_list
+    #   A map of previous version numbers to their corresponding `App`
+    #   object arrays.
+    #   @return [Hash<String,Array<Types::App>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListData AWS API Documentation
+    #
+    class AppsListData < Struct.new(
+      :list_id,
+      :list_name,
+      :list_update_token,
+      :create_time,
+      :last_update_time,
+      :apps_list,
+      :previous_apps_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Details of the AWS Firewall Manager applications list.
+    #
+    # @!attribute [rw] list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] apps_list
+    #   An array of `App` objects in the AWS Firewall Manager applications
+    #   list.
+    #   @return [Array<Types::App>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListDataSummary AWS API Documentation
+    #
+    class AppsListDataSummary < Struct.new(
+      :list_arn,
+      :list_id,
+      :list_name,
+      :apps_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass AssociateAdminAccountRequest
     #   data as a hash:
     #
@@ -37,6 +184,76 @@ module Aws::FMS
       include Aws::Structure
     end
+    # Violations for an EC2 instance resource.
+    #
+    # @!attribute [rw] violation_target
+    #   The resource ID of the EC2 instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] aws_ec2_network_interface_violations
+    #   Violations for network interfaces associated with the EC2 instance.
+    #   @return [Array<Types::AwsEc2NetworkInterfaceViolation>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2InstanceViolation AWS API Documentation
+    #
+    class AwsEc2InstanceViolation < Struct.new(
+      :violation_target,
+      :aws_ec2_network_interface_violations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violations for network interfaces associated with an EC2 instance.
+    #
+    # @!attribute [rw] violation_target
+    #   The resource ID of the network interface.
+    #   @return [String]
+    #
+    # @!attribute [rw] violating_security_groups
+    #   List of security groups that violate the rules specified in the
+    #   master security group of the AWS Firewall Manager policy.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2NetworkInterfaceViolation AWS API Documentation
+    #
+    class AwsEc2NetworkInterfaceViolation < Struct.new(
+      :violation_target,
+      :violating_security_groups)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Details of the rule violation in a security group when compared to the
+    # master security group of the AWS Firewall Manager policy.
+    #
+    # @!attribute [rw] violation_target
+    #   The security group rule that is being evaluated.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the security group that violates the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] partial_matches
+    #   List of rules specified in the security group of the AWS Firewall
+    #   Manager policy that partially match the `ViolationTarget` rule.
+    #   @return [Array<Types::PartialMatch>]
+    #
+    # @!attribute [rw] possible_security_group_remediation_actions
+    #   Remediation options for the rule specified in the `ViolationTarget`.
+    #   @return [Array<Types::SecurityGroupRemediationAction>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsVPCSecurityGroupViolation AWS API Documentation
+    #
+    class AwsVPCSecurityGroupViolation < Struct.new(
+      :violation_target,
+      :violation_target_description,
+      :partial_matches,
+      :possible_security_group_remediation_actions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Details of the resource that is not protected by the policy.
     #
     # @!attribute [rw] resource_id
@@ -68,6 +285,27 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass DeleteAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the applications list that you want to delete. You can
+    #   retrieve this ID from `PutAppsList`, `ListAppsLists`, and
+    #   `GetAppsList`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteAppsListRequest AWS API Documentation
+    #
+    class DeleteAppsListRequest < Struct.new(
+      :list_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteNotificationChannelRequest AWS API Documentation
@@ -83,8 +321,8 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy_id
-    #   The ID of the policy that you want to delete. `PolicyId` is returned
-    #   by `PutPolicy` and by `ListPolicies`.
+    #   The ID of the policy that you want to delete. You can retrieve this
+    #   ID from `PutPolicy` and `ListPolicies`.
     #   @return [String]
     #
     # @!attribute [rw] delete_all_policy_resources
@@ -128,6 +366,27 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass DeleteProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the protocols list that you want to delete. You can
+    #   retrieve this ID from `PutProtocolsList`, `ListProtocolsLists`, and
+    #   `GetProtocolsLost`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteProtocolsListRequest AWS API Documentation
+    #
+    class DeleteProtocolsListRequest < Struct.new(
+      :list_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateAdminAccountRequest AWS API Documentation
@@ -193,6 +452,51 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass GetAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #         default_list: false,
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager applications list that you want
+    #   the details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] default_list
+    #   Specifies whether the list to retrieve is a default list owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListRequest AWS API Documentation
+    #
+    class GetAppsListRequest < Struct.new(
+      :list_id,
+      :default_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] apps_list
+    #   Information about the specified AWS Firewall Manager applications
+    #   list.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] apps_list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListResponse AWS API Documentation
+    #
+    class GetAppsListResponse < Struct.new(
+      :apps_list,
+      :apps_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass GetComplianceDetailRequest
     #   data as a hash:
     #
@@ -410,6 +714,108 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass GetProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #         default_list: false,
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager protocols list that you want the
+    #   details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] default_list
+    #   Specifies whether the list to retrieve is a default list owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListRequest AWS API Documentation
+    #
+    class GetProtocolsListRequest < Struct.new(
+      :list_id,
+      :default_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] protocols_list
+    #   Information about the specified AWS Firewall Manager protocols list.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] protocols_list_arn
+    #   The Amazon Resource Name (ARN) of the specified protocols list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListResponse AWS API Documentation
+    #
+    class GetProtocolsListResponse < Struct.new(
+      :protocols_list,
+      :protocols_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass GetViolationDetailsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         policy_id: "PolicyId", # required
+    #         member_account: "AWSAccountId", # required
+    #         resource_id: "ResourceId", # required
+    #         resource_type: "ResourceType", # required
+    #       }
+    #
+    # @!attribute [rw] policy_id
+    #   The ID of the AWS Firewall Manager policy that you want the details
+    #   for. This currently only supports security group content audit
+    #   policies.
+    #   @return [String]
+    #
+    # @!attribute [rw] member_account
+    #   The AWS account ID that you want the details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The ID of the resource that has violations.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The resource type. This is in the format shown in the [AWS Resource
+    #   Types Reference][1]. Supported resource types are:
+    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`, or
+    #   `AWS::EC2::SecurityGroup`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsRequest AWS API Documentation
+    #
+    class GetViolationDetailsRequest < Struct.new(
+      :policy_id,
+      :member_account,
+      :resource_id,
+      :resource_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] violation_detail
+    #   Violation detail for a resource.
+    #   @return [Types::ViolationDetail]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsResponse AWS API Documentation
+    #
+    class GetViolationDetailsResponse < Struct.new(
+      :violation_detail)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # The operation failed because of a system problem, even though the
     # request was valid. Retry your request.
     #
@@ -437,10 +843,13 @@ module Aws::FMS
       include Aws::Structure
     end
-    # The operation failed because there was nothing to do. For example, you
-    # might have submitted an `AssociateAdminAccount` request, but the
-    # account ID that you submitted was already set as the AWS Firewall
-    # Manager administrator.
+    # The operation failed because there was nothing to do or the operation
+    # wasn't possible. For example, you might have submitted an
+    # `AssociateAdminAccount` request for an account ID that was already set
+    # as the AWS Firewall Manager administrator. Or you might have tried to
+    # access a Region that's disabled by default, and that you need to
+    # enable for the Firewall Manager administrator account and for AWS
+    # Organizations before you can access it.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -486,6 +895,68 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListAppsListsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         default_lists: false,
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
+    #       }
+    #
+    # @!attribute [rw] default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. For all but the first request, you
+    #   provide the token returned by the prior request in the request
+    #   parameters, to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
+    #
+    #   If you don't specify this, AWS Firewall Manager returns all
+    #   available objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsRequest AWS API Documentation
+    #
+    class ListAppsListsRequest < Struct.new(
+      :default_lists,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] apps_lists
+    #   An array of `AppsListDataSummary` objects.
+    #   @return [Array<Types::AppsListDataSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. You can use this token in subsequent
+    #   requests to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsResponse AWS API Documentation
+    #
+    class ListAppsListsResponse < Struct.new(
+      :apps_lists,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass ListComplianceStatusRequest
     #   data as a hash:
     #
@@ -665,6 +1136,68 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListProtocolsListsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         default_lists: false,
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
+    #       }
+    #
+    # @!attribute [rw] default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. For all but the first request, you
+    #   provide the token returned by the prior request in the request
+    #   parameters, to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
+    #
+    #   If you don't specify this, AWS Firewall Manager returns all
+    #   available objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsRequest AWS API Documentation
+    #
+    class ListProtocolsListsRequest < Struct.new(
+      :default_lists,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] protocols_lists
+    #   An array of `ProtocolsListDataSummary` objects.
+    #   @return [Array<Types::ProtocolsListDataSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. You can use this token in subsequent
+    #   requests to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsResponse AWS API Documentation
+    #
+    class ListProtocolsListsResponse < Struct.new(
+      :protocols_lists,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass ListTagsForResourceRequest
     #   data as a hash:
     #
@@ -674,8 +1207,8 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
-    #   The Firewall Manager policy is the only AWS resource that supports
-    #   tagging, so this ARN is a policy ARN..
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceRequest AWS API Documentation
@@ -698,6 +1231,27 @@ module Aws::FMS
       include Aws::Structure
     end
+    # The reference rule that partially matches the `ViolationTarget` rule
+    # and violation reason.
+    #
+    # @!attribute [rw] reference
+    #   The reference rule from the master security group of the AWS
+    #   Firewall Manager policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reasons
+    #   The violation reason.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PartialMatch AWS API Documentation
+    #
+    class PartialMatch < Struct.new(
+      :reference,
+      :target_violation_reasons)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # An AWS Firewall Manager policy.
     #
     # @note When making an API call, you may pass Policy
@@ -734,7 +1288,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the AWS Firewall Manager policy.
+    #   The name of the AWS Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_update_token
@@ -935,7 +1489,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the AWS Firewall Manager policy.
+    #   The name of the AWS Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] member_account
@@ -982,7 +1536,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the specified policy.
+    #   The name of the specified policy.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -1027,6 +1581,169 @@ module Aws::FMS
       include Aws::Structure
     end
+    # An AWS Firewall Manager protocols list.
+    #
+    # @note When making an API call, you may pass ProtocolsListData
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId",
+    #         list_name: "ResourceName", # required
+    #         list_update_token: "UpdateToken",
+    #         create_time: Time.now,
+    #         last_update_time: Time.now,
+    #         protocols_list: ["Protocol"], # required
+    #         previous_protocols_list: {
+    #           "PreviousListVersion" => ["Protocol"],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the AWS Firewall Manager protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_update_token
+    #   A unique identifier for each update to the list. When you update the
+    #   list, the update token must match the token of the current version
+    #   of the application list. You can retrieve the update token by
+    #   getting the list.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_time
+    #   The time that the AWS Firewall Manager protocols list was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_time
+    #   The time that the AWS Firewall Manager protocols list was last
+    #   updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] protocols_list
+    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] previous_protocols_list
+    #   A map of previous version numbers to their corresponding protocol
+    #   arrays.
+    #   @return [Hash<String,Array<String>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListData AWS API Documentation
+    #
+    class ProtocolsListData < Struct.new(
+      :list_id,
+      :list_name,
+      :list_update_token,
+      :create_time,
+      :last_update_time,
+      :protocols_list,
+      :previous_protocols_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Details of the AWS Firewall Manager protocols list.
+    #
+    # @!attribute [rw] list_arn
+    #   The Amazon Resource Name (ARN) of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocols_list
+    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListDataSummary AWS API Documentation
+    #
+    class ProtocolsListDataSummary < Struct.new(
+      :list_arn,
+      :list_id,
+      :list_name,
+      :protocols_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass PutAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         apps_list: { # required
+    #           list_id: "ListId",
+    #           list_name: "ResourceName", # required
+    #           list_update_token: "UpdateToken",
+    #           create_time: Time.now,
+    #           last_update_time: Time.now,
+    #           apps_list: [ # required
+    #             {
+    #               app_name: "ResourceName", # required
+    #               protocol: "Protocol", # required
+    #               port: 1, # required
+    #             },
+    #           ],
+    #           previous_apps_list: {
+    #             "PreviousListVersion" => [
+    #               {
+    #                 app_name: "ResourceName", # required
+    #                 protocol: "Protocol", # required
+    #                 port: 1, # required
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         tag_list: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] apps_list
+    #   The details of the AWS Firewall Manager applications list to be
+    #   created.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] tag_list
+    #   The tags associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListRequest AWS API Documentation
+    #
+    class PutAppsListRequest < Struct.new(
+      :apps_list,
+      :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] apps_list
+    #   The details of the AWS Firewall Manager applications list.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] apps_list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListResponse AWS API Documentation
+    #
+    class PutAppsListResponse < Struct.new(
+      :apps_list,
+      :apps_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass PutNotificationChannelRequest
     #   data as a hash:
     #
@@ -1109,11 +1826,11 @@ module Aws::FMS
     end
     # @!attribute [rw] policy
-    #   The details of the AWS Firewall Manager policy that was created.
+    #   The details of the AWS Firewall Manager policy.
     #   @return [Types::Policy]
     #
     # @!attribute [rw] policy_arn
-    #   The Amazon Resource Name (ARN) of the policy that was created.
+    #   The Amazon Resource Name (ARN) of the policy.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicyResponse AWS API Documentation
@@ -1125,6 +1842,64 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass PutProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         protocols_list: { # required
+    #           list_id: "ListId",
+    #           list_name: "ResourceName", # required
+    #           list_update_token: "UpdateToken",
+    #           create_time: Time.now,
+    #           last_update_time: Time.now,
+    #           protocols_list: ["Protocol"], # required
+    #           previous_protocols_list: {
+    #             "PreviousListVersion" => ["Protocol"],
+    #           },
+    #         },
+    #         tag_list: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] protocols_list
+    #   The details of the AWS Firewall Manager protocols list to be
+    #   created.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] tag_list
+    #   The tags associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListRequest AWS API Documentation
+    #
+    class PutProtocolsListRequest < Struct.new(
+      :protocols_list,
+      :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] protocols_list
+    #   The details of the AWS Firewall Manager protocols list.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] protocols_list_arn
+    #   The Amazon Resource Name (ARN) of the protocols list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListResponse AWS API Documentation
+    #
+    class PutProtocolsListResponse < Struct.new(
+      :protocols_list,
+      :protocols_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # The specified resource was not found.
     #
     # @!attribute [rw] message
@@ -1177,6 +1952,102 @@ module Aws::FMS
       include Aws::Structure
     end
+    # Violation detail based on resource type.
+    #
+    # @!attribute [rw] aws_vpc_security_group_violation
+    #   Violation details for security groups.
+    #   @return [Types::AwsVPCSecurityGroupViolation]
+    #
+    # @!attribute [rw] aws_ec2_network_interface_violation
+    #   Violation details for network interface.
+    #   @return [Types::AwsEc2NetworkInterfaceViolation]
+    #
+    # @!attribute [rw] aws_ec2_instance_violation
+    #   Violation details for an EC2 instance.
+    #   @return [Types::AwsEc2InstanceViolation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
+    #
+    class ResourceViolation < Struct.new(
+      :aws_vpc_security_group_violation,
+      :aws_ec2_network_interface_violation,
+      :aws_ec2_instance_violation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Remediation option for the rule specified in the `ViolationTarget`.
+    #
+    # @!attribute [rw] remediation_action_type
+    #   The remediation action that will be performed.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   Brief description of the action that will be performed.
+    #   @return [String]
+    #
+    # @!attribute [rw] remediation_result
+    #   The final state of the rule specified in the `ViolationTarget` after
+    #   it is remediated.
+    #   @return [Types::SecurityGroupRuleDescription]
+    #
+    # @!attribute [rw] is_default_action
+    #   Indicates if the current action is the default action.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRemediationAction AWS API Documentation
+    #
+    class SecurityGroupRemediationAction < Struct.new(
+      :remediation_action_type,
+      :description,
+      :remediation_result,
+      :is_default_action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Describes a set of permissions for a security group rule.
+    #
+    # @!attribute [rw] ipv4_range
+    #   The IPv4 ranges for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] ipv6_range
+    #   The IPv6 ranges for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] prefix_list_id
+    #   The ID of the prefix list for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The IP protocol name (`tcp`, `udp`, `icmp`, `icmpv6`) or number.
+    #   @return [String]
+    #
+    # @!attribute [rw] from_port
+    #   The start of the port range for the TCP and UDP protocols, or an
+    #   ICMP/ICMPv6 type number. A value of `-1` indicates all ICMP/ICMPv6
+    #   types.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] to_port
+    #   The end of the port range for the TCP and UDP protocols, or an
+    #   ICMP/ICMPv6 code. A value of `-1` indicates all ICMP/ICMPv6 codes.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRuleDescription AWS API Documentation
+    #
+    class SecurityGroupRuleDescription < Struct.new(
+      :ipv4_range,
+      :ipv6_range,
+      :prefix_list_id,
+      :protocol,
+      :from_port,
+      :to_port)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Details about the security service that is being used to protect the
     # resources.
     #
@@ -1206,7 +2077,7 @@ module Aws::FMS
     #   * Example: `WAFV2`
     #
     #     `"ManagedServiceData":
-    #     "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludedRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendor":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludedRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
+    #     "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludeRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendorName":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludeRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
     #
     #   * Example: `WAF Classic`
     #
@@ -1299,9 +2170,9 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN
-    #   is a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for.
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_list
@@ -1330,9 +2201,9 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN
-    #   is a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for.
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
@@ -1352,5 +2223,51 @@ module Aws::FMS
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
+    # Violations for a resource based on the specified AWS Firewall Manager
+    # policy and AWS account.
+    #
+    # @!attribute [rw] policy_id
+    #   The ID of the AWS Firewall Manager policy that the violation details
+    #   were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] member_account
+    #   The AWS account that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The resource ID that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The resource type that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_violations
+    #   List of violations for the requested resource.
+    #   @return [Array<Types::ResourceViolation>]
+    #
+    # @!attribute [rw] resource_tags
+    #   The `ResourceTag` objects associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] resource_description
+    #   Brief description for the requested resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ViolationDetail AWS API Documentation
+    #
+    class ViolationDetail < Struct.new(
+      :policy_id,
+      :member_account,
+      :resource_id,
+      :resource_type,
+      :resource_violations,
+      :resource_tags,
+      :resource_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
   end
 end