aws-sdk-fms 1.28.0 → 1.33.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd3c325fe3f0443a39a04cfb307d7cf7c388e3c2a27bd2da10309eb69ad53b30
-  data.tar.gz: f6664ecc32066e20f5a599b014a0e9b847d76aff8f76a7c96ff7efd584b30fad
+  metadata.gz: db4d701077981c960c71223fdd45be041e1f894c48223bb2cbe7e81c050a1a87
+  data.tar.gz: 58c0a54e63917e0abb207951b7cf72d9854b4aa3704da1cc65d82a7ca79e33d9
 SHA512:
-  metadata.gz: 6fc6f05405a8799f32c612e86074036fcf3fa1dfee2f3de8519d1ec228c3d8238642ca11db0f382622aa25a0a0f14674194f4c5273853e4a718914fd9248819d
-  data.tar.gz: 8691dc3e850b1a7fa129073de98526bf9ac76c3c110ede590734fa31289903b919d3c71bc915478ab93f847847ffceaccee02c71d383512cbd4358b9ff310ae5
+  metadata.gz: 55c07a19e2009d812925576000d529d088c67d66e0a541b9558c8ca7686886d7d9200b6328495c74943211feddc60361f478525d4cfc9c28b48175bca3c1063d
+  data.tar.gz: 2183267a9b5331b8c378bcf7d680900e62461ae47628e3a0e86c62383bb9b22bdbf789cd6506709e07f42dac8463d9f6fb36d745ee3cd9ae9b50e1426a3d3875

data/lib/aws-sdk-fms.rb

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 
+
 require 'aws-sdk-core'
 require 'aws-sigv4'
 
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-fms/customizations'
 #
 # See {Errors} for more information.
 #
-# @service
+# @!group service
 module Aws::FMS
 
-  GEM_VERSION = '1.28.0'
+  GEM_VERSION = '1.33.0'
 
 end

data/lib/aws-sdk-fms/client.rb

@@ -85,13 +85,28 @@ module Aws::FMS
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::FMS
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -360,6 +375,30 @@ module Aws::FMS
       req.send_request(options)
     end
 
+    # Permanently deletes an AWS Firewall Manager applications list.
+    #
+    # @option params [required, String] :list_id
+    #   The ID of the applications list that you want to delete. You can
+    #   retrieve this ID from `PutAppsList`, `ListAppsLists`, and
+    #   `GetAppsList`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_apps_list({
+    #     list_id: "ListId", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteAppsList AWS API Documentation
+    #
+    # @overload delete_apps_list(params = {})
+    # @param [Hash] params ({})
+    def delete_apps_list(params = {}, options = {})
+      req = build_request(:delete_apps_list, params)
+      req.send_request(options)
+    end
+
     # Deletes an AWS Firewall Manager association with the IAM role and the
     # Amazon Simple Notification Service (SNS) topic that is used to record
     # AWS Firewall Manager SNS logs.
@@ -378,8 +417,8 @@ module Aws::FMS
     # Permanently deletes an AWS Firewall Manager policy.
     #
     # @option params [required, String] :policy_id
-    #   The ID of the policy that you want to delete. `PolicyId` is returned
-    #   by `PutPolicy` and by `ListPolicies`.
+    #   The ID of the policy that you want to delete. You can retrieve this ID
+    #   from `PutPolicy` and `ListPolicies`.
     #
     # @option params [Boolean] :delete_all_policy_resources
     #   If `True`, the request performs cleanup according to the policy type.
@@ -429,6 +468,30 @@ module Aws::FMS
       req.send_request(options)
     end
 
+    # Permanently deletes an AWS Firewall Manager protocols list.
+    #
+    # @option params [required, String] :list_id
+    #   The ID of the protocols list that you want to delete. You can retrieve
+    #   this ID from `PutProtocolsList`, `ListProtocolsLists`, and
+    #   `GetProtocolsLost`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_protocols_list({
+    #     list_id: "ListId", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteProtocolsList AWS API Documentation
+    #
+    # @overload delete_protocols_list(params = {})
+    # @param [Hash] params ({})
+    def delete_protocols_list(params = {}, options = {})
+      req = build_request(:delete_protocols_list, params)
+      req.send_request(options)
+    end
+
     # Disassociates the account that has been set as the AWS Firewall
     # Manager administrator account. To set a different account as the
     # administrator account, you must submit an `AssociateAdminAccount`
@@ -467,6 +530,56 @@ module Aws::FMS
       req.send_request(options)
     end
 
+    # Returns information about the specified AWS Firewall Manager
+    # applications list.
+    #
+    # @option params [required, String] :list_id
+    #   The ID of the AWS Firewall Manager applications list that you want the
+    #   details for.
+    #
+    # @option params [Boolean] :default_list
+    #   Specifies whether the list to retrieve is a default list owned by AWS
+    #   Firewall Manager.
+    #
+    # @return [Types::GetAppsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetAppsListResponse#apps_list #apps_list} => Types::AppsListData
+    #   * {Types::GetAppsListResponse#apps_list_arn #apps_list_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_apps_list({
+    #     list_id: "ListId", # required
+    #     default_list: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.apps_list.list_id #=> String
+    #   resp.apps_list.list_name #=> String
+    #   resp.apps_list.list_update_token #=> String
+    #   resp.apps_list.create_time #=> Time
+    #   resp.apps_list.last_update_time #=> Time
+    #   resp.apps_list.apps_list #=> Array
+    #   resp.apps_list.apps_list[0].app_name #=> String
+    #   resp.apps_list.apps_list[0].protocol #=> String
+    #   resp.apps_list.apps_list[0].port #=> Integer
+    #   resp.apps_list.previous_apps_list #=> Hash
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"] #=> Array
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"][0].app_name #=> String
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"][0].protocol #=> String
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"][0].port #=> Integer
+    #   resp.apps_list_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsList AWS API Documentation
+    #
+    # @overload get_apps_list(params = {})
+    # @param [Hash] params ({})
+    def get_apps_list(params = {}, options = {})
+      req = build_request(:get_apps_list, params)
+      req.send_request(options)
+    end
+
     # Returns detailed compliance information about the specified member
     # account. Details include resources that are in and out of compliance
     # with the specified policy. Resources are considered noncompliant for
@@ -474,7 +587,12 @@ module Aws::FMS
     # been applied to them. Resources are considered noncompliant for
     # security group policies if they are in scope of the policy, they
     # violate one or more of the policy rules, and remediation is disabled
-    # or not possible.
+    # or not possible. Resources are considered noncompliant for Network
+    # Firewall policies if a firewall is missing in the VPC, if the firewall
+    # endpoint isn't set up in an expected Availability Zone and subnet, if
+    # a subnet created by the Firewall Manager doesn't have the expected
+    # route table, and for modifications to a firewall policy that violate
+    # the Firewall Manager policy's rules.
     #
     # @option params [required, String] :policy_id
     #   The ID of the policy that you want to get the details for. `PolicyId`
@@ -502,7 +620,7 @@ module Aws::FMS
     #   resp.policy_compliance_detail.member_account #=> String
     #   resp.policy_compliance_detail.violators #=> Array
     #   resp.policy_compliance_detail.violators[0].resource_id #=> String
-    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT"
+    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED"
     #   resp.policy_compliance_detail.violators[0].resource_type #=> String
     #   resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
     #   resp.policy_compliance_detail.expired_at #=> Time
@@ -562,7 +680,7 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
@@ -648,7 +766,7 @@ module Aws::FMS
     # @example Response structure
     #
     #   resp.admin_account_id #=> String
-    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.data #=> String
     #   resp.next_token #=> String
     #
@@ -661,9 +779,234 @@ module Aws::FMS
       req.send_request(options)
     end
 
-    # Returns an array of `PolicyComplianceStatus` objects in the response.
-    # Use `PolicyComplianceStatus` to get a summary of which member accounts
-    # are protected by the specified policy.
+    # Returns information about the specified AWS Firewall Manager protocols
+    # list.
+    #
+    # @option params [required, String] :list_id
+    #   The ID of the AWS Firewall Manager protocols list that you want the
+    #   details for.
+    #
+    # @option params [Boolean] :default_list
+    #   Specifies whether the list to retrieve is a default list owned by AWS
+    #   Firewall Manager.
+    #
+    # @return [Types::GetProtocolsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetProtocolsListResponse#protocols_list #protocols_list} => Types::ProtocolsListData
+    #   * {Types::GetProtocolsListResponse#protocols_list_arn #protocols_list_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_protocols_list({
+    #     list_id: "ListId", # required
+    #     default_list: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.protocols_list.list_id #=> String
+    #   resp.protocols_list.list_name #=> String
+    #   resp.protocols_list.list_update_token #=> String
+    #   resp.protocols_list.create_time #=> Time
+    #   resp.protocols_list.last_update_time #=> Time
+    #   resp.protocols_list.protocols_list #=> Array
+    #   resp.protocols_list.protocols_list[0] #=> String
+    #   resp.protocols_list.previous_protocols_list #=> Hash
+    #   resp.protocols_list.previous_protocols_list["PreviousListVersion"] #=> Array
+    #   resp.protocols_list.previous_protocols_list["PreviousListVersion"][0] #=> String
+    #   resp.protocols_list_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsList AWS API Documentation
+    #
+    # @overload get_protocols_list(params = {})
+    # @param [Hash] params ({})
+    def get_protocols_list(params = {}, options = {})
+      req = build_request(:get_protocols_list, params)
+      req.send_request(options)
+    end
+
+    # Retrieves violations for a resource based on the specified AWS
+    # Firewall Manager policy and AWS account.
+    #
+    # @option params [required, String] :policy_id
+    #   The ID of the AWS Firewall Manager policy that you want the details
+    #   for. This currently only supports security group content audit
+    #   policies.
+    #
+    # @option params [required, String] :member_account
+    #   The AWS account ID that you want the details for.
+    #
+    # @option params [required, String] :resource_id
+    #   The ID of the resource that has violations.
+    #
+    # @option params [required, String] :resource_type
+    #   The resource type. This is in the format shown in the [AWS Resource
+    #   Types Reference][1]. Supported resource types are:
+    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
+    #   `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`, and
+    #   `AWS::EC2::Subnet`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
+    #
+    # @return [Types::GetViolationDetailsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetViolationDetailsResponse#violation_detail #violation_detail} => Types::ViolationDetail
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_violation_details({
+    #     policy_id: "PolicyId", # required
+    #     member_account: "AWSAccountId", # required
+    #     resource_id: "ResourceId", # required
+    #     resource_type: "ResourceType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.violation_detail.policy_id #=> String
+    #   resp.violation_detail.member_account #=> String
+    #   resp.violation_detail.resource_id #=> String
+    #   resp.violation_detail.resource_type #=> String
+    #   resp.violation_detail.resource_violations #=> Array
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.violation_target_description #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.partial_matches #=> Array
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.partial_matches[0].reference #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.partial_matches[0].target_violation_reasons #=> Array
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.partial_matches[0].target_violation_reasons[0] #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].remediation_action_type #=> String, one of "REMOVE", "MODIFY"
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].description #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].remediation_result.ipv4_range #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].remediation_result.ipv6_range #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].remediation_result.prefix_list_id #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].remediation_result.protocol #=> String
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].remediation_result.from_port #=> Integer
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].remediation_result.to_port #=> Integer
+    #   resp.violation_detail.resource_violations[0].aws_vpc_security_group_violation.possible_security_group_remediation_actions[0].is_default_action #=> Boolean
+    #   resp.violation_detail.resource_violations[0].aws_ec2_network_interface_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].aws_ec2_network_interface_violation.violating_security_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].aws_ec2_network_interface_violation.violating_security_groups[0] #=> String
+    #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.aws_ec2_network_interface_violations #=> Array
+    #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.aws_ec2_network_interface_violations[0].violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.aws_ec2_network_interface_violations[0].violating_security_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.aws_ec2_network_interface_violations[0].violating_security_groups[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.current_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.expected_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups[0].priority #=> Integer
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_fragment_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_fragment_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_custom_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_custom_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].priority #=> Integer
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_fragment_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_fragment_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_custom_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_custom_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_tags #=> Array
+    #   resp.violation_detail.resource_tags[0].key #=> String
+    #   resp.violation_detail.resource_tags[0].value #=> String
+    #   resp.violation_detail.resource_description #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetails AWS API Documentation
+    #
+    # @overload get_violation_details(params = {})
+    # @param [Hash] params ({})
+    def get_violation_details(params = {}, options = {})
+      req = build_request(:get_violation_details, params)
+      req.send_request(options)
+    end
+
+    # Returns an array of `AppsListDataSummary` objects.
+    #
+    # @option params [Boolean] :default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by AWS
+    #   Firewall Manager.
+    #
+    # @option params [String] :next_token
+    #   If you specify a value for `MaxResults` in your list request, and you
+    #   have more objects than the maximum, AWS Firewall Manager returns this
+    #   token in the response. For all but the first request, you provide the
+    #   token returned by the prior request in the request parameters, to
+    #   retrieve the next batch of objects.
+    #
+    # @option params [required, Integer] :max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
+    #
+    #   If you don't specify this, AWS Firewall Manager returns all available
+    #   objects.
+    #
+    # @return [Types::ListAppsListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAppsListsResponse#apps_lists #apps_lists} => Array<Types::AppsListDataSummary>
+    #   * {Types::ListAppsListsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_apps_lists({
+    #     default_lists: false,
+    #     next_token: "PaginationToken",
+    #     max_results: 1, # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.apps_lists #=> Array
+    #   resp.apps_lists[0].list_arn #=> String
+    #   resp.apps_lists[0].list_id #=> String
+    #   resp.apps_lists[0].list_name #=> String
+    #   resp.apps_lists[0].apps_list #=> Array
+    #   resp.apps_lists[0].apps_list[0].app_name #=> String
+    #   resp.apps_lists[0].apps_list[0].protocol #=> String
+    #   resp.apps_lists[0].apps_list[0].port #=> Integer
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsLists AWS API Documentation
+    #
+    # @overload list_apps_lists(params = {})
+    # @param [Hash] params ({})
+    def list_apps_lists(params = {}, options = {})
+      req = build_request(:list_apps_lists, params)
+      req.send_request(options)
+    end
+
+    # Returns an array of `PolicyComplianceStatus` objects. Use
+    # `PolicyComplianceStatus` to get a summary of which member accounts are
+    # protected by the specified policy.
     #
     # @option params [required, String] :policy_id
     #   The ID of the AWS Firewall Manager policy that you want the details
@@ -777,7 +1120,7 @@ module Aws::FMS
       req.send_request(options)
     end
 
-    # Returns an array of `PolicySummary` objects in the response.
+    # Returns an array of `PolicySummary` objects.
     #
     # @option params [String] :next_token
     #   If you specify a value for `MaxResults` and you have more
@@ -816,7 +1159,7 @@ module Aws::FMS
     #   resp.policy_list[0].policy_id #=> String
     #   resp.policy_list[0].policy_name #=> String
     #   resp.policy_list[0].resource_type #=> String
-    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.policy_list[0].remediation_enabled #=> Boolean
     #   resp.next_token #=> String
     #
@@ -829,12 +1172,66 @@ module Aws::FMS
       req.send_request(options)
     end
 
+    # Returns an array of `ProtocolsListDataSummary` objects.
+    #
+    # @option params [Boolean] :default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by AWS
+    #   Firewall Manager.
+    #
+    # @option params [String] :next_token
+    #   If you specify a value for `MaxResults` in your list request, and you
+    #   have more objects than the maximum, AWS Firewall Manager returns this
+    #   token in the response. For all but the first request, you provide the
+    #   token returned by the prior request in the request parameters, to
+    #   retrieve the next batch of objects.
+    #
+    # @option params [required, Integer] :max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
+    #
+    #   If you don't specify this, AWS Firewall Manager returns all available
+    #   objects.
+    #
+    # @return [Types::ListProtocolsListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListProtocolsListsResponse#protocols_lists #protocols_lists} => Array<Types::ProtocolsListDataSummary>
+    #   * {Types::ListProtocolsListsResponse#next_token #next_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_protocols_lists({
+    #     default_lists: false,
+    #     next_token: "PaginationToken",
+    #     max_results: 1, # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.protocols_lists #=> Array
+    #   resp.protocols_lists[0].list_arn #=> String
+    #   resp.protocols_lists[0].list_id #=> String
+    #   resp.protocols_lists[0].list_name #=> String
+    #   resp.protocols_lists[0].protocols_list #=> Array
+    #   resp.protocols_lists[0].protocols_list[0] #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsLists AWS API Documentation
+    #
+    # @overload list_protocols_lists(params = {})
+    # @param [Hash] params ({})
+    def list_protocols_lists(params = {}, options = {})
+      req = build_request(:list_protocols_lists, params)
+      req.send_request(options)
+    end
+
     # Retrieves the list of tags for the specified AWS resource.
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for. The
-    #   Firewall Manager policy is the only AWS resource that supports
-    #   tagging, so this ARN is a policy ARN..
+    #   AWS Firewall Manager resources that support tagging are policies,
+    #   applications lists, and protocols lists.
     #
     # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -861,9 +1258,94 @@ module Aws::FMS
       req.send_request(options)
     end
 
+    # Creates an AWS Firewall Manager applications list.
+    #
+    # @option params [required, Types::AppsListData] :apps_list
+    #   The details of the AWS Firewall Manager applications list to be
+    #   created.
+    #
+    # @option params [Array<Types::Tag>] :tag_list
+    #   The tags associated with the resource.
+    #
+    # @return [Types::PutAppsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutAppsListResponse#apps_list #apps_list} => Types::AppsListData
+    #   * {Types::PutAppsListResponse#apps_list_arn #apps_list_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_apps_list({
+    #     apps_list: { # required
+    #       list_id: "ListId",
+    #       list_name: "ResourceName", # required
+    #       list_update_token: "UpdateToken",
+    #       create_time: Time.now,
+    #       last_update_time: Time.now,
+    #       apps_list: [ # required
+    #         {
+    #           app_name: "ResourceName", # required
+    #           protocol: "Protocol", # required
+    #           port: 1, # required
+    #         },
+    #       ],
+    #       previous_apps_list: {
+    #         "PreviousListVersion" => [
+    #           {
+    #             app_name: "ResourceName", # required
+    #             protocol: "Protocol", # required
+    #             port: 1, # required
+    #           },
+    #         ],
+    #       },
+    #     },
+    #     tag_list: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.apps_list.list_id #=> String
+    #   resp.apps_list.list_name #=> String
+    #   resp.apps_list.list_update_token #=> String
+    #   resp.apps_list.create_time #=> Time
+    #   resp.apps_list.last_update_time #=> Time
+    #   resp.apps_list.apps_list #=> Array
+    #   resp.apps_list.apps_list[0].app_name #=> String
+    #   resp.apps_list.apps_list[0].protocol #=> String
+    #   resp.apps_list.apps_list[0].port #=> Integer
+    #   resp.apps_list.previous_apps_list #=> Hash
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"] #=> Array
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"][0].app_name #=> String
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"][0].protocol #=> String
+    #   resp.apps_list.previous_apps_list["PreviousListVersion"][0].port #=> Integer
+    #   resp.apps_list_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsList AWS API Documentation
+    #
+    # @overload put_apps_list(params = {})
+    # @param [Hash] params ({})
+    def put_apps_list(params = {}, options = {})
+      req = build_request(:put_apps_list, params)
+      req.send_request(options)
+    end
+
     # Designates the IAM role and Amazon Simple Notification Service (SNS)
     # topic that AWS Firewall Manager uses to record SNS logs.
     #
+    # To perform this action outside of the console, you must configure the
+    # SNS topic to allow the Firewall Manager role `AWSServiceRoleForFMS` to
+    # publish SNS logs. For more information, see [Firewall Manager required
+    # permissions for API actions][1] in the *AWS Firewall Manager Developer
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html
+    #
     # @option params [required, String] :sns_topic_arn
     #   The Amazon Resource Name (ARN) of the SNS topic that collects
     #   notifications from AWS Firewall Manager.
@@ -894,18 +1376,21 @@ module Aws::FMS
     #
     # Firewall Manager provides the following types of policies:
     #
-    # * A Shield Advanced policy, which applies Shield Advanced protection
-    #   to specified accounts and resources
-    #
     # * An AWS WAF policy (type WAFV2), which defines rule groups to run
     #   first in the corresponding AWS WAF web ACL and rule groups to run
     #   last in the web ACL.
     #
     # * An AWS WAF Classic policy (type WAF), which defines a rule group.
     #
+    # * A Shield Advanced policy, which applies Shield Advanced protection
+    #   to specified accounts and resources.
+    #
     # * A security group policy, which manages VPC security groups across
     #   your AWS organization.
     #
+    # * An AWS Network Firewall policy, which provides firewall rules to
+    #   filter network traffic in specified Amazon VPCs.
+    #
     # Each policy is specific to one of the types. If you want to enforce
     # more than one policy type across accounts, create multiple policies.
     # You can create multiple policies for each type.
@@ -937,7 +1422,7 @@ module Aws::FMS
     #       policy_name: "ResourceName", # required
     #       policy_update_token: "PolicyUpdateToken",
     #       security_service_policy_data: { # required
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #       },
     #       resource_type: "ResourceType", # required
@@ -970,7 +1455,7 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
@@ -997,12 +1482,70 @@ module Aws::FMS
       req.send_request(options)
     end
 
+    # Creates an AWS Firewall Manager protocols list.
+    #
+    # @option params [required, Types::ProtocolsListData] :protocols_list
+    #   The details of the AWS Firewall Manager protocols list to be created.
+    #
+    # @option params [Array<Types::Tag>] :tag_list
+    #   The tags associated with the resource.
+    #
+    # @return [Types::PutProtocolsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutProtocolsListResponse#protocols_list #protocols_list} => Types::ProtocolsListData
+    #   * {Types::PutProtocolsListResponse#protocols_list_arn #protocols_list_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_protocols_list({
+    #     protocols_list: { # required
+    #       list_id: "ListId",
+    #       list_name: "ResourceName", # required
+    #       list_update_token: "UpdateToken",
+    #       create_time: Time.now,
+    #       last_update_time: Time.now,
+    #       protocols_list: ["Protocol"], # required
+    #       previous_protocols_list: {
+    #         "PreviousListVersion" => ["Protocol"],
+    #       },
+    #     },
+    #     tag_list: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.protocols_list.list_id #=> String
+    #   resp.protocols_list.list_name #=> String
+    #   resp.protocols_list.list_update_token #=> String
+    #   resp.protocols_list.create_time #=> Time
+    #   resp.protocols_list.last_update_time #=> Time
+    #   resp.protocols_list.protocols_list #=> Array
+    #   resp.protocols_list.protocols_list[0] #=> String
+    #   resp.protocols_list.previous_protocols_list #=> Hash
+    #   resp.protocols_list.previous_protocols_list["PreviousListVersion"] #=> Array
+    #   resp.protocols_list.previous_protocols_list["PreviousListVersion"][0] #=> String
+    #   resp.protocols_list_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsList AWS API Documentation
+    #
+    # @overload put_protocols_list(params = {})
+    # @param [Hash] params ({})
+    def put_protocols_list(params = {}, options = {})
+      req = build_request(:put_protocols_list, params)
+      req.send_request(options)
+    end
+
     # Adds one or more tags to an AWS resource.
     #
     # @option params [required, String] :resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN is
-    #   a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for. The
+    #   AWS Firewall Manager resources that support tagging are policies,
+    #   applications lists, and protocols lists.
     #
     # @option params [required, Array<Types::Tag>] :tag_list
     #   The tags to add to the resource.
@@ -1033,9 +1576,9 @@ module Aws::FMS
     # Removes one or more tags from an AWS resource.
     #
     # @option params [required, String] :resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN is
-    #   a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for. The
+    #   AWS Firewall Manager resources that support tagging are policies,
+    #   applications lists, and protocols lists.
     #
     # @option params [required, Array<String>] :tag_keys
     #   The keys of the tags to remove from the resource.
@@ -1071,7 +1614,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.28.0'
+      context[:gem_version] = '1.33.0'
       Seahorse::Client::Request.new(handlers, context)
     end