RubyGems - aws-sdk-fms - Versions diffs - 1.28.0 → 1.33.0 - Mend

aws-sdk-fms 1.28.0 → 1.33.0

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-fms.rb +3 -2
data/lib/aws-sdk-fms/client.rb +575 -32
data/lib/aws-sdk-fms/client_api.rb +396 -0
data/lib/aws-sdk-fms/types.rb +1220 -50
metadata +4 -4

@@ -10,6 +10,153 @@
 module Aws::FMS
   module Types
+    # An individual AWS Firewall Manager application.
+    #
+    # @note When making an API call, you may pass App
+    #   data as a hash:
+    #
+    #       {
+    #         app_name: "ResourceName", # required
+    #         protocol: "Protocol", # required
+    #         port: 1, # required
+    #       }
+    #
+    # @!attribute [rw] app_name
+    #   The application's name.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The IP protocol name or number. The name can be one of `tcp`, `udp`,
+    #   or `icmp`. For information on possible numbers, see [Protocol
+    #   Numbers][1].
+    #
+    #
+    #
+    #   [1]: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+    #   @return [String]
+    #
+    # @!attribute [rw] port
+    #   The application's port number, for example `80`.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/App AWS API Documentation
+    #
+    class App < Struct.new(
+      :app_name,
+      :protocol,
+      :port)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # An AWS Firewall Manager applications list.
+    #
+    # @note When making an API call, you may pass AppsListData
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId",
+    #         list_name: "ResourceName", # required
+    #         list_update_token: "UpdateToken",
+    #         create_time: Time.now,
+    #         last_update_time: Time.now,
+    #         apps_list: [ # required
+    #           {
+    #             app_name: "ResourceName", # required
+    #             protocol: "Protocol", # required
+    #             port: 1, # required
+    #           },
+    #         ],
+    #         previous_apps_list: {
+    #           "PreviousListVersion" => [
+    #             {
+    #               app_name: "ResourceName", # required
+    #               protocol: "Protocol", # required
+    #               port: 1, # required
+    #             },
+    #           ],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the AWS Firewall Manager applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_update_token
+    #   A unique identifier for each update to the list. When you update the
+    #   list, the update token must match the token of the current version
+    #   of the application list. You can retrieve the update token by
+    #   getting the list.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_time
+    #   The time that the AWS Firewall Manager applications list was
+    #   created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_time
+    #   The time that the AWS Firewall Manager applications list was last
+    #   updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] apps_list
+    #   An array of applications in the AWS Firewall Manager applications
+    #   list.
+    #   @return [Array<Types::App>]
+    #
+    # @!attribute [rw] previous_apps_list
+    #   A map of previous version numbers to their corresponding `App`
+    #   object arrays.
+    #   @return [Hash<String,Array<Types::App>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListData AWS API Documentation
+    #
+    class AppsListData < Struct.new(
+      :list_id,
+      :list_name,
+      :list_update_token,
+      :create_time,
+      :last_update_time,
+      :apps_list,
+      :previous_apps_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Details of the AWS Firewall Manager applications list.
+    #
+    # @!attribute [rw] list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the applications list.
+    #   @return [String]
+    #
+    # @!attribute [rw] apps_list
+    #   An array of `App` objects in the AWS Firewall Manager applications
+    #   list.
+    #   @return [Array<Types::App>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListDataSummary AWS API Documentation
+    #
+    class AppsListDataSummary < Struct.new(
+      :list_arn,
+      :list_id,
+      :list_name,
+      :apps_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass AssociateAdminAccountRequest
     #   data as a hash:
     #
@@ -37,6 +184,76 @@ module Aws::FMS
       include Aws::Structure
     end
+    # Violations for an EC2 instance resource.
+    #
+    # @!attribute [rw] violation_target
+    #   The resource ID of the EC2 instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] aws_ec2_network_interface_violations
+    #   Violations for network interfaces associated with the EC2 instance.
+    #   @return [Array<Types::AwsEc2NetworkInterfaceViolation>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2InstanceViolation AWS API Documentation
+    #
+    class AwsEc2InstanceViolation < Struct.new(
+      :violation_target,
+      :aws_ec2_network_interface_violations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violations for network interfaces associated with an EC2 instance.
+    #
+    # @!attribute [rw] violation_target
+    #   The resource ID of the network interface.
+    #   @return [String]
+    #
+    # @!attribute [rw] violating_security_groups
+    #   List of security groups that violate the rules specified in the
+    #   master security group of the AWS Firewall Manager policy.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2NetworkInterfaceViolation AWS API Documentation
+    #
+    class AwsEc2NetworkInterfaceViolation < Struct.new(
+      :violation_target,
+      :violating_security_groups)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Details of the rule violation in a security group when compared to the
+    # master security group of the AWS Firewall Manager policy.
+    #
+    # @!attribute [rw] violation_target
+    #   The security group rule that is being evaluated.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the security group that violates the policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] partial_matches
+    #   List of rules specified in the security group of the AWS Firewall
+    #   Manager policy that partially match the `ViolationTarget` rule.
+    #   @return [Array<Types::PartialMatch>]
+    #
+    # @!attribute [rw] possible_security_group_remediation_actions
+    #   Remediation options for the rule specified in the `ViolationTarget`.
+    #   @return [Array<Types::SecurityGroupRemediationAction>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsVPCSecurityGroupViolation AWS API Documentation
+    #
+    class AwsVPCSecurityGroupViolation < Struct.new(
+      :violation_target,
+      :violation_target_description,
+      :partial_matches,
+      :possible_security_group_remediation_actions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Details of the resource that is not protected by the policy.
     #
     # @!attribute [rw] resource_id
@@ -50,8 +267,9 @@ module Aws::FMS
     # @!attribute [rw] resource_type
     #   The resource type. This is in the format shown in the [AWS Resource
     #   Types Reference][1]. For example:
-    #   `AWS::ElasticLoadBalancingV2::LoadBalancer` or
-    #   `AWS::CloudFront::Distribution`.
+    #   `AWS::ElasticLoadBalancingV2::LoadBalancer`,
+    #   `AWS::CloudFront::Distribution`, or
+    #   `AWS::NetworkFirewall::FirewallPolicy`.
     #
     #
     #
@@ -68,6 +286,27 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass DeleteAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the applications list that you want to delete. You can
+    #   retrieve this ID from `PutAppsList`, `ListAppsLists`, and
+    #   `GetAppsList`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteAppsListRequest AWS API Documentation
+    #
+    class DeleteAppsListRequest < Struct.new(
+      :list_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteNotificationChannelRequest AWS API Documentation
@@ -83,8 +322,8 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy_id
-    #   The ID of the policy that you want to delete. `PolicyId` is returned
-    #   by `PutPolicy` and by `ListPolicies`.
+    #   The ID of the policy that you want to delete. You can retrieve this
+    #   ID from `PutPolicy` and `ListPolicies`.
     #   @return [String]
     #
     # @!attribute [rw] delete_all_policy_resources
@@ -128,6 +367,27 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass DeleteProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the protocols list that you want to delete. You can
+    #   retrieve this ID from `PutProtocolsList`, `ListProtocolsLists`, and
+    #   `GetProtocolsLost`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteProtocolsListRequest AWS API Documentation
+    #
+    class DeleteProtocolsListRequest < Struct.new(
+      :list_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateAdminAccountRequest AWS API Documentation
@@ -193,6 +453,51 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass GetAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #         default_list: false,
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager applications list that you want
+    #   the details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] default_list
+    #   Specifies whether the list to retrieve is a default list owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListRequest AWS API Documentation
+    #
+    class GetAppsListRequest < Struct.new(
+      :list_id,
+      :default_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] apps_list
+    #   Information about the specified AWS Firewall Manager applications
+    #   list.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] apps_list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListResponse AWS API Documentation
+    #
+    class GetAppsListResponse < Struct.new(
+      :apps_list,
+      :apps_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass GetComplianceDetailRequest
     #   data as a hash:
     #
@@ -410,6 +715,109 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass GetProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId", # required
+    #         default_list: false,
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager protocols list that you want the
+    #   details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] default_list
+    #   Specifies whether the list to retrieve is a default list owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListRequest AWS API Documentation
+    #
+    class GetProtocolsListRequest < Struct.new(
+      :list_id,
+      :default_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] protocols_list
+    #   Information about the specified AWS Firewall Manager protocols list.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] protocols_list_arn
+    #   The Amazon Resource Name (ARN) of the specified protocols list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListResponse AWS API Documentation
+    #
+    class GetProtocolsListResponse < Struct.new(
+      :protocols_list,
+      :protocols_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass GetViolationDetailsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         policy_id: "PolicyId", # required
+    #         member_account: "AWSAccountId", # required
+    #         resource_id: "ResourceId", # required
+    #         resource_type: "ResourceType", # required
+    #       }
+    #
+    # @!attribute [rw] policy_id
+    #   The ID of the AWS Firewall Manager policy that you want the details
+    #   for. This currently only supports security group content audit
+    #   policies.
+    #   @return [String]
+    #
+    # @!attribute [rw] member_account
+    #   The AWS account ID that you want the details for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The ID of the resource that has violations.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The resource type. This is in the format shown in the [AWS Resource
+    #   Types Reference][1]. Supported resource types are:
+    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
+    #   `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`,
+    #   and `AWS::EC2::Subnet`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsRequest AWS API Documentation
+    #
+    class GetViolationDetailsRequest < Struct.new(
+      :policy_id,
+      :member_account,
+      :resource_id,
+      :resource_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] violation_detail
+    #   Violation detail for a resource.
+    #   @return [Types::ViolationDetail]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsResponse AWS API Documentation
+    #
+    class GetViolationDetailsResponse < Struct.new(
+      :violation_detail)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # The operation failed because of a system problem, even though the
     # request was valid. Retry your request.
     #
@@ -437,10 +845,13 @@ module Aws::FMS
       include Aws::Structure
     end
-    # The operation failed because there was nothing to do. For example, you
-    # might have submitted an `AssociateAdminAccount` request, but the
-    # account ID that you submitted was already set as the AWS Firewall
-    # Manager administrator.
+    # The operation failed because there was nothing to do or the operation
+    # wasn't possible. For example, you might have submitted an
+    # `AssociateAdminAccount` request for an account ID that was already set
+    # as the AWS Firewall Manager administrator. Or you might have tried to
+    # access a Region that's disabled by default, and that you need to
+    # enable for the Firewall Manager administrator account and for AWS
+    # Organizations before you can access it.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -486,6 +897,68 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListAppsListsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         default_lists: false,
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
+    #       }
+    #
+    # @!attribute [rw] default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. For all but the first request, you
+    #   provide the token returned by the prior request in the request
+    #   parameters, to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
+    #
+    #   If you don't specify this, AWS Firewall Manager returns all
+    #   available objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsRequest AWS API Documentation
+    #
+    class ListAppsListsRequest < Struct.new(
+      :default_lists,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] apps_lists
+    #   An array of `AppsListDataSummary` objects.
+    #   @return [Array<Types::AppsListDataSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. You can use this token in subsequent
+    #   requests to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsResponse AWS API Documentation
+    #
+    class ListAppsListsResponse < Struct.new(
+      :apps_lists,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass ListComplianceStatusRequest
     #   data as a hash:
     #
@@ -665,32 +1138,94 @@ module Aws::FMS
       include Aws::Structure
     end
-    # @note When making an API call, you may pass ListTagsForResourceRequest
+    # @note When making an API call, you may pass ListProtocolsListsRequest
     #   data as a hash:
     #
     #       {
-    #         resource_arn: "ResourceArn", # required
+    #         default_lists: false,
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
     #       }
     #
-    # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource to return tags for.
-    #   The Firewall Manager policy is the only AWS resource that supports
-    #   tagging, so this ARN is a policy ARN..
+    # @!attribute [rw] default_lists
+    #   Specifies whether the lists to retrieve are default lists owned by
+    #   AWS Firewall Manager.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. For all but the first request, you
+    #   provide the token returned by the prior request in the request
+    #   parameters, to retrieve the next batch of objects.
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceRequest AWS API Documentation
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, AWS Firewall Manager provides a `NextToken` value that you
+    #   can use in a subsequent call to get the next batch of objects.
     #
-    class ListTagsForResourceRequest < Struct.new(
-      :resource_arn)
+    #   If you don't specify this, AWS Firewall Manager returns all
+    #   available objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsRequest AWS API Documentation
+    #
+    class ListProtocolsListsRequest < Struct.new(
+      :default_lists,
+      :next_token,
+      :max_results)
       SENSITIVE = []
       include Aws::Structure
     end
-    # @!attribute [rw] tag_list
-    #   The tags associated with the resource.
-    #   @return [Array<Types::Tag>]
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceResponse AWS API Documentation
+    # @!attribute [rw] protocols_lists
+    #   An array of `ProtocolsListDataSummary` objects.
+    #   @return [Array<Types::ProtocolsListDataSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   If you specify a value for `MaxResults` in your list request, and
+    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   this token in the response. You can use this token in subsequent
+    #   requests to retrieve the next batch of objects.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsResponse AWS API Documentation
+    #
+    class ListProtocolsListsResponse < Struct.new(
+      :protocols_lists,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass ListTagsForResourceRequest
+    #   data as a hash:
+    #
+    #       {
+    #         resource_arn: "ResourceArn", # required
+    #       }
+    #
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the resource to return tags for.
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceRequest AWS API Documentation
+    #
+    class ListTagsForResourceRequest < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] tag_list
+    #   The tags associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceResponse AWS API Documentation
     #
     class ListTagsForResourceResponse < Struct.new(
       :tag_list)
@@ -698,6 +1233,194 @@ module Aws::FMS
       include Aws::Structure
     end
+    # Violation details for AWS Network Firewall for a subnet that's not
+    # associated to the expected Firewall Manager managed route table.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_route_table
+    #   The resource ID of the current route table that's associated with
+    #   the subnet, if one is available.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_route_table
+    #   The resource ID of the route table that should be associated with
+    #   the subnet.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingExpectedRTViolation AWS API Documentation
+    #
+    class NetworkFirewallMissingExpectedRTViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :current_route_table,
+      :expected_route_table)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violation details for AWS Network Firewall for a subnet that doesn't
+    # have a Firewall Manager managed firewall in its VPC.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource has this violation, if one is available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingFirewallViolation AWS API Documentation
+    #
+    class NetworkFirewallMissingFirewallViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violation details for AWS Network Firewall for an Availability Zone
+    # that's missing the expected Firewall Manager managed subnet.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource has this violation, if one is available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingSubnetViolation AWS API Documentation
+    #
+    class NetworkFirewallMissingSubnetViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The definition of the AWS Network Firewall firewall policy.
+    #
+    # @!attribute [rw] stateless_rule_groups
+    #   The stateless rule groups that are used in the Network Firewall
+    #   firewall policy.
+    #   @return [Array<Types::StatelessRuleGroup>]
+    #
+    # @!attribute [rw] stateless_default_actions
+    #   The actions to take on packets that don't match any of the
+    #   stateless rule groups.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateless_fragment_default_actions
+    #   The actions to take on packet fragments that don't match any of the
+    #   stateless rule groups.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateless_custom_actions
+    #   Names of custom actions that are available for use in the stateless
+    #   default actions settings.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateful_rule_groups
+    #   The stateful rule groups that are used in the Network Firewall
+    #   firewall policy.
+    #   @return [Array<Types::StatefulRuleGroup>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyDescription AWS API Documentation
+    #
+    class NetworkFirewallPolicyDescription < Struct.new(
+      :stateless_rule_groups,
+      :stateless_default_actions,
+      :stateless_fragment_default_actions,
+      :stateless_custom_actions,
+      :stateful_rule_groups)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violation details for AWS Network Firewall for a firewall policy that
+    # has a different NetworkFirewallPolicyDescription than is required by
+    # the Firewall Manager policy.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_policy_description
+    #   The policy that's currently in use in the individual account.
+    #   @return [Types::NetworkFirewallPolicyDescription]
+    #
+    # @!attribute [rw] expected_policy_description
+    #   The policy that should be in use in the individual account in order
+    #   to be compliant.
+    #   @return [Types::NetworkFirewallPolicyDescription]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyModifiedViolation AWS API Documentation
+    #
+    class NetworkFirewallPolicyModifiedViolation < Struct.new(
+      :violation_target,
+      :current_policy_description,
+      :expected_policy_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The reference rule that partially matches the `ViolationTarget` rule
+    # and violation reason.
+    #
+    # @!attribute [rw] reference
+    #   The reference rule from the master security group of the AWS
+    #   Firewall Manager policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reasons
+    #   The violation reason.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PartialMatch AWS API Documentation
+    #
+    class PartialMatch < Struct.new(
+      :reference,
+      :target_violation_reasons)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # An AWS Firewall Manager policy.
     #
     # @note When making an API call, you may pass Policy
@@ -708,7 +1431,7 @@ module Aws::FMS
     #         policy_name: "ResourceName", # required
     #         policy_update_token: "PolicyUpdateToken",
     #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #           managed_service_data: "ManagedServiceData",
     #         },
     #         resource_type: "ResourceType", # required
@@ -734,7 +1457,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the AWS Firewall Manager policy.
+    #   The name of the AWS Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_update_token
@@ -761,7 +1484,8 @@ module Aws::FMS
     #   valid values are `AWS::EC2::SecurityGroup`,
     #   `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
     #   security group usage audit policy, the value is
-    #   `AWS::EC2::SecurityGroup`.
+    #   `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
+    #   value is `AWS::EC2::VPC`.
     #
     #
     #
@@ -935,7 +1659,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the AWS Firewall Manager policy.
+    #   The name of the AWS Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] member_account
@@ -982,7 +1706,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The friendly name of the specified policy.
+    #   The name of the specified policy.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -996,7 +1720,8 @@ module Aws::FMS
     #   valid values are `AWS::EC2::SecurityGroup`,
     #   `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
     #   security group usage audit policy, the value is
-    #   `AWS::EC2::SecurityGroup`.
+    #   `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
+    #   value is `AWS::EC2::VPC`.
     #
     #
     #
@@ -1027,6 +1752,169 @@ module Aws::FMS
       include Aws::Structure
     end
+    # An AWS Firewall Manager protocols list.
+    #
+    # @note When making an API call, you may pass ProtocolsListData
+    #   data as a hash:
+    #
+    #       {
+    #         list_id: "ListId",
+    #         list_name: "ResourceName", # required
+    #         list_update_token: "UpdateToken",
+    #         create_time: Time.now,
+    #         last_update_time: Time.now,
+    #         protocols_list: ["Protocol"], # required
+    #         previous_protocols_list: {
+    #           "PreviousListVersion" => ["Protocol"],
+    #         },
+    #       }
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the AWS Firewall Manager protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the AWS Firewall Manager protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_update_token
+    #   A unique identifier for each update to the list. When you update the
+    #   list, the update token must match the token of the current version
+    #   of the application list. You can retrieve the update token by
+    #   getting the list.
+    #   @return [String]
+    #
+    # @!attribute [rw] create_time
+    #   The time that the AWS Firewall Manager protocols list was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_time
+    #   The time that the AWS Firewall Manager protocols list was last
+    #   updated.
+    #   @return [Time]
+    #
+    # @!attribute [rw] protocols_list
+    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] previous_protocols_list
+    #   A map of previous version numbers to their corresponding protocol
+    #   arrays.
+    #   @return [Hash<String,Array<String>>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListData AWS API Documentation
+    #
+    class ProtocolsListData < Struct.new(
+      :list_id,
+      :list_name,
+      :list_update_token,
+      :create_time,
+      :last_update_time,
+      :protocols_list,
+      :previous_protocols_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Details of the AWS Firewall Manager protocols list.
+    #
+    # @!attribute [rw] list_arn
+    #   The Amazon Resource Name (ARN) of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_id
+    #   The ID of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] list_name
+    #   The name of the specified protocols list.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocols_list
+    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListDataSummary AWS API Documentation
+    #
+    class ProtocolsListDataSummary < Struct.new(
+      :list_arn,
+      :list_id,
+      :list_name,
+      :protocols_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass PutAppsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         apps_list: { # required
+    #           list_id: "ListId",
+    #           list_name: "ResourceName", # required
+    #           list_update_token: "UpdateToken",
+    #           create_time: Time.now,
+    #           last_update_time: Time.now,
+    #           apps_list: [ # required
+    #             {
+    #               app_name: "ResourceName", # required
+    #               protocol: "Protocol", # required
+    #               port: 1, # required
+    #             },
+    #           ],
+    #           previous_apps_list: {
+    #             "PreviousListVersion" => [
+    #               {
+    #                 app_name: "ResourceName", # required
+    #                 protocol: "Protocol", # required
+    #                 port: 1, # required
+    #               },
+    #             ],
+    #           },
+    #         },
+    #         tag_list: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] apps_list
+    #   The details of the AWS Firewall Manager applications list to be
+    #   created.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] tag_list
+    #   The tags associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListRequest AWS API Documentation
+    #
+    class PutAppsListRequest < Struct.new(
+      :apps_list,
+      :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] apps_list
+    #   The details of the AWS Firewall Manager applications list.
+    #   @return [Types::AppsListData]
+    #
+    # @!attribute [rw] apps_list_arn
+    #   The Amazon Resource Name (ARN) of the applications list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListResponse AWS API Documentation
+    #
+    class PutAppsListResponse < Struct.new(
+      :apps_list,
+      :apps_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass PutNotificationChannelRequest
     #   data as a hash:
     #
@@ -1063,7 +1951,7 @@ module Aws::FMS
     #           policy_name: "ResourceName", # required
     #           policy_update_token: "PolicyUpdateToken",
     #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #             managed_service_data: "ManagedServiceData",
     #           },
     #           resource_type: "ResourceType", # required
@@ -1109,11 +1997,11 @@ module Aws::FMS
     end
     # @!attribute [rw] policy
-    #   The details of the AWS Firewall Manager policy that was created.
+    #   The details of the AWS Firewall Manager policy.
     #   @return [Types::Policy]
     #
     # @!attribute [rw] policy_arn
-    #   The Amazon Resource Name (ARN) of the policy that was created.
+    #   The Amazon Resource Name (ARN) of the policy.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicyResponse AWS API Documentation
@@ -1125,6 +2013,64 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass PutProtocolsListRequest
+    #   data as a hash:
+    #
+    #       {
+    #         protocols_list: { # required
+    #           list_id: "ListId",
+    #           list_name: "ResourceName", # required
+    #           list_update_token: "UpdateToken",
+    #           create_time: Time.now,
+    #           last_update_time: Time.now,
+    #           protocols_list: ["Protocol"], # required
+    #           previous_protocols_list: {
+    #             "PreviousListVersion" => ["Protocol"],
+    #           },
+    #         },
+    #         tag_list: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] protocols_list
+    #   The details of the AWS Firewall Manager protocols list to be
+    #   created.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] tag_list
+    #   The tags associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListRequest AWS API Documentation
+    #
+    class PutProtocolsListRequest < Struct.new(
+      :protocols_list,
+      :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] protocols_list
+    #   The details of the AWS Firewall Manager protocols list.
+    #   @return [Types::ProtocolsListData]
+    #
+    # @!attribute [rw] protocols_list_arn
+    #   The Amazon Resource Name (ARN) of the protocols list.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListResponse AWS API Documentation
+    #
+    class PutProtocolsListResponse < Struct.new(
+      :protocols_list,
+      :protocols_list_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # The specified resource was not found.
     #
     # @!attribute [rw] message
@@ -1177,6 +2123,131 @@ module Aws::FMS
       include Aws::Structure
     end
+    # Violation detail based on resource type.
+    #
+    # @!attribute [rw] aws_vpc_security_group_violation
+    #   Violation details for security groups.
+    #   @return [Types::AwsVPCSecurityGroupViolation]
+    #
+    # @!attribute [rw] aws_ec2_network_interface_violation
+    #   Violation details for network interface.
+    #   @return [Types::AwsEc2NetworkInterfaceViolation]
+    #
+    # @!attribute [rw] aws_ec2_instance_violation
+    #   Violation details for an EC2 instance.
+    #   @return [Types::AwsEc2InstanceViolation]
+    #
+    # @!attribute [rw] network_firewall_missing_firewall_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   a subnet has no Firewall Manager managed firewall in its VPC.
+    #   @return [Types::NetworkFirewallMissingFirewallViolation]
+    #
+    # @!attribute [rw] network_firewall_missing_subnet_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   an Availability Zone is missing the expected Firewall Manager
+    #   managed subnet.
+    #   @return [Types::NetworkFirewallMissingSubnetViolation]
+    #
+    # @!attribute [rw] network_firewall_missing_expected_rt_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   a subnet is not associated with the expected Firewall Manager
+    #   managed route table.
+    #   @return [Types::NetworkFirewallMissingExpectedRTViolation]
+    #
+    # @!attribute [rw] network_firewall_policy_modified_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   a firewall policy in an individual account has been modified in a
+    #   way that makes it noncompliant. For example, the individual account
+    #   owner might have deleted a rule group, changed the priority of a
+    #   stateless rule group, or changed a policy default action.
+    #   @return [Types::NetworkFirewallPolicyModifiedViolation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
+    #
+    class ResourceViolation < Struct.new(
+      :aws_vpc_security_group_violation,
+      :aws_ec2_network_interface_violation,
+      :aws_ec2_instance_violation,
+      :network_firewall_missing_firewall_violation,
+      :network_firewall_missing_subnet_violation,
+      :network_firewall_missing_expected_rt_violation,
+      :network_firewall_policy_modified_violation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Remediation option for the rule specified in the `ViolationTarget`.
+    #
+    # @!attribute [rw] remediation_action_type
+    #   The remediation action that will be performed.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   Brief description of the action that will be performed.
+    #   @return [String]
+    #
+    # @!attribute [rw] remediation_result
+    #   The final state of the rule specified in the `ViolationTarget` after
+    #   it is remediated.
+    #   @return [Types::SecurityGroupRuleDescription]
+    #
+    # @!attribute [rw] is_default_action
+    #   Indicates if the current action is the default action.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRemediationAction AWS API Documentation
+    #
+    class SecurityGroupRemediationAction < Struct.new(
+      :remediation_action_type,
+      :description,
+      :remediation_result,
+      :is_default_action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Describes a set of permissions for a security group rule.
+    #
+    # @!attribute [rw] ipv4_range
+    #   The IPv4 ranges for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] ipv6_range
+    #   The IPv6 ranges for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] prefix_list_id
+    #   The ID of the prefix list for the security group rule.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The IP protocol name (`tcp`, `udp`, `icmp`, `icmpv6`) or number.
+    #   @return [String]
+    #
+    # @!attribute [rw] from_port
+    #   The start of the port range for the TCP and UDP protocols, or an
+    #   ICMP/ICMPv6 type number. A value of `-1` indicates all ICMP/ICMPv6
+    #   types.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] to_port
+    #   The end of the port range for the TCP and UDP protocols, or an
+    #   ICMP/ICMPv6 code. A value of `-1` indicates all ICMP/ICMPv6 codes.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRuleDescription AWS API Documentation
+    #
+    class SecurityGroupRuleDescription < Struct.new(
+      :ipv4_range,
+      :ipv6_range,
+      :prefix_list_id,
+      :protocol,
+      :from_port,
+      :to_port)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Details about the security service that is being used to protect the
     # resources.
     #
@@ -1184,7 +2255,7 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #       }
     #
@@ -1203,29 +2274,36 @@ module Aws::FMS
     #   JSON format. For service type `SHIELD_ADVANCED`, this is an empty
     #   string.
     #
+    #   * Example: `NETWORK_FIREWALL`
+    #
+    #     `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2","priority":10\}],"networkFirewallStatelessDefaultActions":["aws:pass","custom1"],"networkFirewallStatelessFragmentDefaultActions":["custom2","aws:pass"],"networkFirewallStatelessCustomActions":[\{"actionName":"custom1","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension1"\}]\}\}\},\{"actionName":"custom2","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension2"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":true,"allowedIPV4CidrList":["10.24.34.0/28"]\}
+    #     \}"`
+    #
     #   * Example: `WAFV2`
     #
-    #     `"ManagedServiceData":
-    #     "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludedRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendor":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludedRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
+    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
+    #
+    #     In the `loggingConfiguration`, you can specify one
+    #     `logDestinationConfigs`, you can optionally provide up to 20
+    #     `redactedFields`, and the `RedactedFieldType` must be one of
+    #     `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
     #
     #   * Example: `WAF Classic`
     #
-    #     `"ManagedServiceData": "\{"type": "WAF", "ruleGroups":
-    #     [\{"id": "12345678-1bcd-9012-efga-0987654321ab",
+    #     `"\{"type": "WAF", "ruleGroups":
+    #     [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
     #     "overrideAction" : \{"type": "COUNT"\}\}],
-    #     "defaultAction": \{"type": "BLOCK"\}\}`
+    #     "defaultAction": \{"type": "BLOCK"\}\}"`
     #
     #   * Example: `SECURITY_GROUPS_COMMON`
     #
-    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
+    #     `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
     #     "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
-    #     sg-000e55995d61a06bd"\}]\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
+    #     sg-000e55995d61a06bd"\}]\}"`
     #
     #   * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
     #
-    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"
-    #     sg-000e55995d61a06bd
-    #     "\}],"securityGroupAction":\{"type":"ALLOW"\}\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
+    #     `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
     #
     #     The security group action for content audit can be `ALLOW` or
     #     `DENY`. For `ALLOW`, all in-scope security group rules must be
@@ -1236,8 +2314,7 @@ module Aws::FMS
     #
     #   * Example: `SECURITY_GROUPS_USAGE_AUDIT`
     #
-    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"\},"RemediationEnabled":false,"Resou
-    #     rceType":"AWS::EC2::SecurityGroup"\}`
+    #     `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityServicePolicyData AWS API Documentation
@@ -1249,6 +2326,53 @@ module Aws::FMS
       include Aws::Structure
     end
+    # AWS Network Firewall stateful rule group, used in a
+    # NetworkFirewallPolicyDescription.
+    #
+    # @!attribute [rw] rule_group_name
+    #   The name of the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The resource ID of the rule group.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
+    #
+    class StatefulRuleGroup < Struct.new(
+      :rule_group_name,
+      :resource_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # AWS Network Firewall stateless rule group, used in a
+    # NetworkFirewallPolicyDescription.
+    #
+    # @!attribute [rw] rule_group_name
+    #   The name of the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The resource ID of the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] priority
+    #   The priority of the rule group. AWS Network Firewall evaluates the
+    #   stateless rule groups in a firewall policy starting from the lowest
+    #   priority setting.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatelessRuleGroup AWS API Documentation
+    #
+    class StatelessRuleGroup < Struct.new(
+      :rule_group_name,
+      :resource_id,
+      :priority)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # A collection of key:value pairs associated with an AWS resource. The
     # key:value pair can be anything you define. Typically, the tag key
     # represents a category (such as "environment") and the tag value
@@ -1299,9 +2423,9 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN
-    #   is a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for.
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_list
@@ -1330,9 +2454,9 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] resource_arn
-    #   The Amazon Resource Name (ARN) of the resource. The Firewall Manager
-    #   policy is the only AWS resource that supports tagging, so this ARN
-    #   is a policy ARN.
+    #   The Amazon Resource Name (ARN) of the resource to return tags for.
+    #   The AWS Firewall Manager resources that support tagging are
+    #   policies, applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
@@ -1352,5 +2476,51 @@ module Aws::FMS
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
+    # Violations for a resource based on the specified AWS Firewall Manager
+    # policy and AWS account.
+    #
+    # @!attribute [rw] policy_id
+    #   The ID of the AWS Firewall Manager policy that the violation details
+    #   were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] member_account
+    #   The AWS account that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The resource ID that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type
+    #   The resource type that the violation details were requested for.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_violations
+    #   List of violations for the requested resource.
+    #   @return [Array<Types::ResourceViolation>]
+    #
+    # @!attribute [rw] resource_tags
+    #   The `ResourceTag` objects associated with the resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] resource_description
+    #   Brief description for the requested resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ViolationDetail AWS API Documentation
+    #
+    class ViolationDetail < Struct.new(
+      :policy_id,
+      :member_account,
+      :resource_id,
+      :resource_type,
+      :resource_violations,
+      :resource_tags,
+      :resource_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
   end
 end