RubyGems - aws-sdk-fms - Versions diffs - 1.29.0 → 1.34.0 - Mend

aws-sdk-fms 1.29.0 → 1.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-fms.rb +3 -2
data/lib/aws-sdk-fms/client.rb +94 -20
data/lib/aws-sdk-fms/client_api.rb +65 -0
data/lib/aws-sdk-fms/types.rb +275 -22
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4db61e92793f6308507c93e7eccabd64991db41664014bab7cea910aa8d982ee
-  data.tar.gz: f99d0363d6c44d7ed95352795b3543941f2e9a43270831820061492a0c94c241
+  metadata.gz: 9b530ef3232ecc05feb925dd6d727a02d47f2c858be6d37274a6e13f30cc1fe6
+  data.tar.gz: 8bb0a8da7b283b62300d210d865f5f70e8bbbf5b9a12310b0f1036cba9408811
 SHA512:
-  metadata.gz: 1b5d08d9bc3be03c3cf54095eeab8eba9dbb2edbaab8c20be6f9907b466b23ca4528e0834051b79701e9373aed2ad6fa6bca43fe29d8a02b78c736b0454840e8
-  data.tar.gz: 4ace52aa3edc0db7128be5664e466f9a480e242e0bb1f0621db747fcb52cf047144b3680edb8531642e724dbb99d8742e54681c2c376af05c8a3c9e83be43c3a
+  metadata.gz: f9356cc6b50234826ffcdd066059bfbf19b19ad513e7ca998c5dfd5a089819a1693181023e7176a3b6d742c1204c5f09d10bb1fb17274974d26bc89ed5bc4a0d
+  data.tar.gz: 45d06186045a02e24b7045220c27e5f4d07dc14e5caf59f506c61fe494141dd82acee795ef814adbd9338366d39579f9c23ed0bf34bf9592eb85fb5c6bc78a93

data/lib/aws-sdk-fms.rb CHANGED Viewed

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 require 'aws-sdk-core'
 require 'aws-sigv4'
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-fms/customizations'
 #
 # See {Errors} for more information.
 #
-# @service
+# @!group service
 module Aws::FMS
-  GEM_VERSION = '1.29.0'
+  GEM_VERSION = '1.34.0'
 end

data/lib/aws-sdk-fms/client.rb CHANGED Viewed

@@ -85,13 +85,28 @@ module Aws::FMS
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::FMS
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -572,7 +587,12 @@ module Aws::FMS
     # been applied to them. Resources are considered noncompliant for
     # security group policies if they are in scope of the policy, they
     # violate one or more of the policy rules, and remediation is disabled
-    # or not possible.
+    # or not possible. Resources are considered noncompliant for Network
+    # Firewall policies if a firewall is missing in the VPC, if the firewall
+    # endpoint isn't set up in an expected Availability Zone and subnet, if
+    # a subnet created by the Firewall Manager doesn't have the expected
+    # route table, and for modifications to a firewall policy that violate
+    # the Firewall Manager policy's rules.
     #
     # @option params [required, String] :policy_id
     #   The ID of the policy that you want to get the details for. `PolicyId`
@@ -600,7 +620,7 @@ module Aws::FMS
     #   resp.policy_compliance_detail.member_account #=> String
     #   resp.policy_compliance_detail.violators #=> Array
     #   resp.policy_compliance_detail.violators[0].resource_id #=> String
-    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT"
+    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED"
     #   resp.policy_compliance_detail.violators[0].resource_type #=> String
     #   resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
     #   resp.policy_compliance_detail.expired_at #=> Time
@@ -660,7 +680,7 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
@@ -746,7 +766,7 @@ module Aws::FMS
     # @example Response structure
     #
     #   resp.admin_account_id #=> String
-    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.data #=> String
     #   resp.next_token #=> String
     #
@@ -822,8 +842,9 @@ module Aws::FMS
     # @option params [required, String] :resource_type
     #   The resource type. This is in the format shown in the [AWS Resource
     #   Types Reference][1]. Supported resource types are:
-    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`, or
-    #   `AWS::EC2::SecurityGroup`.
+    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
+    #   `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`, and
+    #   `AWS::EC2::Subnet`.
     #
     #
     #
@@ -873,6 +894,46 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.aws_ec2_network_interface_violations[0].violation_target #=> String
     #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.aws_ec2_network_interface_violations[0].violating_security_groups #=> Array
     #   resp.violation_detail.resource_violations[0].aws_ec2_instance_violation.aws_ec2_network_interface_violations[0].violating_security_groups[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_firewall_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_subnet_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.current_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_missing_expected_rt_violation.expected_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_rule_groups[0].priority #=> Integer
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_fragment_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_fragment_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_custom_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateless_custom_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].priority #=> Integer
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_fragment_default_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_fragment_default_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_custom_actions #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_custom_actions[0] #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
     #   resp.violation_detail.resource_tags #=> Array
     #   resp.violation_detail.resource_tags[0].key #=> String
     #   resp.violation_detail.resource_tags[0].value #=> String
@@ -1098,7 +1159,7 @@ module Aws::FMS
     #   resp.policy_list[0].policy_id #=> String
     #   resp.policy_list[0].policy_name #=> String
     #   resp.policy_list[0].resource_type #=> String
-    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.policy_list[0].remediation_enabled #=> Boolean
     #   resp.next_token #=> String
     #
@@ -1275,6 +1336,16 @@ module Aws::FMS
     # Designates the IAM role and Amazon Simple Notification Service (SNS)
     # topic that AWS Firewall Manager uses to record SNS logs.
     #
+    # To perform this action outside of the console, you must configure the
+    # SNS topic to allow the Firewall Manager role `AWSServiceRoleForFMS` to
+    # publish SNS logs. For more information, see [Firewall Manager required
+    # permissions for API actions][1] in the *AWS Firewall Manager Developer
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html
+    #
     # @option params [required, String] :sns_topic_arn
     #   The Amazon Resource Name (ARN) of the SNS topic that collects
     #   notifications from AWS Firewall Manager.
@@ -1305,18 +1376,21 @@ module Aws::FMS
     #
     # Firewall Manager provides the following types of policies:
     #
-    # * A Shield Advanced policy, which applies Shield Advanced protection
-    #   to specified accounts and resources
-    #
     # * An AWS WAF policy (type WAFV2), which defines rule groups to run
     #   first in the corresponding AWS WAF web ACL and rule groups to run
     #   last in the web ACL.
     #
     # * An AWS WAF Classic policy (type WAF), which defines a rule group.
     #
+    # * A Shield Advanced policy, which applies Shield Advanced protection
+    #   to specified accounts and resources.
+    #
     # * A security group policy, which manages VPC security groups across
     #   your AWS organization.
     #
+    # * An AWS Network Firewall policy, which provides firewall rules to
+    #   filter network traffic in specified Amazon VPCs.
+    #
     # Each policy is specific to one of the types. If you want to enforce
     # more than one policy type across accounts, create multiple policies.
     # You can create multiple policies for each type.
@@ -1348,7 +1422,7 @@ module Aws::FMS
     #       policy_name: "ResourceName", # required
     #       policy_update_token: "PolicyUpdateToken",
     #       security_service_policy_data: { # required
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #       },
     #       resource_type: "ResourceType", # required
@@ -1381,7 +1455,7 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
@@ -1540,7 +1614,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.29.0'
+      context[:gem_version] = '1.34.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-fms/client_api.rb CHANGED Viewed

@@ -82,6 +82,14 @@ module Aws::FMS
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
     ManagedServiceData = Shapes::StringShape.new(name: 'ManagedServiceData')
     MemberAccounts = Shapes::ListShape.new(name: 'MemberAccounts')
+    NetworkFirewallAction = Shapes::StringShape.new(name: 'NetworkFirewallAction')
+    NetworkFirewallActionList = Shapes::ListShape.new(name: 'NetworkFirewallActionList')
+    NetworkFirewallMissingExpectedRTViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingExpectedRTViolation')
+    NetworkFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingFirewallViolation')
+    NetworkFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingSubnetViolation')
+    NetworkFirewallPolicyDescription = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyDescription')
+    NetworkFirewallPolicyModifiedViolation = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyModifiedViolation')
+    NetworkFirewallResourceName = Shapes::StringShape.new(name: 'NetworkFirewallResourceName')
     PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
     PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
     PartialMatch = Shapes::StructureShape.new(name: 'PartialMatch')
@@ -133,6 +141,11 @@ module Aws::FMS
     SecurityGroupRuleDescription = Shapes::StructureShape.new(name: 'SecurityGroupRuleDescription')
     SecurityServicePolicyData = Shapes::StructureShape.new(name: 'SecurityServicePolicyData')
     SecurityServiceType = Shapes::StringShape.new(name: 'SecurityServiceType')
+    StatefulRuleGroup = Shapes::StructureShape.new(name: 'StatefulRuleGroup')
+    StatefulRuleGroupList = Shapes::ListShape.new(name: 'StatefulRuleGroupList')
+    StatelessRuleGroup = Shapes::StructureShape.new(name: 'StatelessRuleGroup')
+    StatelessRuleGroupList = Shapes::ListShape.new(name: 'StatelessRuleGroupList')
+    StatelessRuleGroupPriority = Shapes::IntegerShape.new(name: 'StatelessRuleGroupPriority')
     Tag = Shapes::StructureShape.new(name: 'Tag')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
     TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
@@ -360,6 +373,39 @@ module Aws::FMS
     MemberAccounts.member = Shapes::ShapeRef.new(shape: AWSAccountId)
+    NetworkFirewallActionList.member = Shapes::ShapeRef.new(shape: NetworkFirewallAction)
+    NetworkFirewallMissingExpectedRTViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    NetworkFirewallMissingExpectedRTViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    NetworkFirewallMissingExpectedRTViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    NetworkFirewallMissingExpectedRTViolation.add_member(:current_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentRouteTable"))
+    NetworkFirewallMissingExpectedRTViolation.add_member(:expected_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedRouteTable"))
+    NetworkFirewallMissingExpectedRTViolation.struct_class = Types::NetworkFirewallMissingExpectedRTViolation
+    NetworkFirewallMissingFirewallViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    NetworkFirewallMissingFirewallViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    NetworkFirewallMissingFirewallViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    NetworkFirewallMissingFirewallViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
+    NetworkFirewallMissingFirewallViolation.struct_class = Types::NetworkFirewallMissingFirewallViolation
+    NetworkFirewallMissingSubnetViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    NetworkFirewallMissingSubnetViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    NetworkFirewallMissingSubnetViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    NetworkFirewallMissingSubnetViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
+    NetworkFirewallMissingSubnetViolation.struct_class = Types::NetworkFirewallMissingSubnetViolation
+    NetworkFirewallPolicyDescription.add_member(:stateless_rule_groups, Shapes::ShapeRef.new(shape: StatelessRuleGroupList, location_name: "StatelessRuleGroups"))
+    NetworkFirewallPolicyDescription.add_member(:stateless_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessDefaultActions"))
+    NetworkFirewallPolicyDescription.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessFragmentDefaultActions"))
+    NetworkFirewallPolicyDescription.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessCustomActions"))
+    NetworkFirewallPolicyDescription.add_member(:stateful_rule_groups, Shapes::ShapeRef.new(shape: StatefulRuleGroupList, location_name: "StatefulRuleGroups"))
+    NetworkFirewallPolicyDescription.struct_class = Types::NetworkFirewallPolicyDescription
+    NetworkFirewallPolicyModifiedViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    NetworkFirewallPolicyModifiedViolation.add_member(:current_policy_description, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyDescription, location_name: "CurrentPolicyDescription"))
+    NetworkFirewallPolicyModifiedViolation.add_member(:expected_policy_description, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyDescription, location_name: "ExpectedPolicyDescription"))
+    NetworkFirewallPolicyModifiedViolation.struct_class = Types::NetworkFirewallPolicyModifiedViolation
     PartialMatch.add_member(:reference, Shapes::ShapeRef.new(shape: ReferenceRule, location_name: "Reference"))
     PartialMatch.add_member(:target_violation_reasons, Shapes::ShapeRef.new(shape: TargetViolationReasons, location_name: "TargetViolationReasons"))
     PartialMatch.struct_class = Types::PartialMatch
@@ -478,6 +524,10 @@ module Aws::FMS
     ResourceViolation.add_member(:aws_vpc_security_group_violation, Shapes::ShapeRef.new(shape: AwsVPCSecurityGroupViolation, location_name: "AwsVPCSecurityGroupViolation"))
     ResourceViolation.add_member(:aws_ec2_network_interface_violation, Shapes::ShapeRef.new(shape: AwsEc2NetworkInterfaceViolation, location_name: "AwsEc2NetworkInterfaceViolation"))
     ResourceViolation.add_member(:aws_ec2_instance_violation, Shapes::ShapeRef.new(shape: AwsEc2InstanceViolation, location_name: "AwsEc2InstanceViolation"))
+    ResourceViolation.add_member(:network_firewall_missing_firewall_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingFirewallViolation, location_name: "NetworkFirewallMissingFirewallViolation"))
+    ResourceViolation.add_member(:network_firewall_missing_subnet_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingSubnetViolation, location_name: "NetworkFirewallMissingSubnetViolation"))
+    ResourceViolation.add_member(:network_firewall_missing_expected_rt_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingExpectedRTViolation, location_name: "NetworkFirewallMissingExpectedRTViolation"))
+    ResourceViolation.add_member(:network_firewall_policy_modified_violation, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyModifiedViolation, location_name: "NetworkFirewallPolicyModifiedViolation"))
     ResourceViolation.struct_class = Types::ResourceViolation
     ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
@@ -502,6 +552,19 @@ module Aws::FMS
     SecurityServicePolicyData.add_member(:managed_service_data, Shapes::ShapeRef.new(shape: ManagedServiceData, location_name: "ManagedServiceData"))
     SecurityServicePolicyData.struct_class = Types::SecurityServicePolicyData
+    StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
+    StatefulRuleGroup.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
+    StatefulRuleGroup.struct_class = Types::StatefulRuleGroup
+    StatefulRuleGroupList.member = Shapes::ShapeRef.new(shape: StatefulRuleGroup)
+    StatelessRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
+    StatelessRuleGroup.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
+    StatelessRuleGroup.add_member(:priority, Shapes::ShapeRef.new(shape: StatelessRuleGroupPriority, location_name: "Priority"))
+    StatelessRuleGroup.struct_class = Types::StatelessRuleGroup
+    StatelessRuleGroupList.member = Shapes::ShapeRef.new(shape: StatelessRuleGroup)
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKey, required: true, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValue, required: true, location_name: "Value"))
     Tag.struct_class = Types::Tag
@@ -595,6 +658,8 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
       api.add_operation(:delete_protocols_list, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-fms/types.rb CHANGED Viewed

@@ -267,8 +267,9 @@ module Aws::FMS
     # @!attribute [rw] resource_type
     #   The resource type. This is in the format shown in the [AWS Resource
     #   Types Reference][1]. For example:
-    #   `AWS::ElasticLoadBalancingV2::LoadBalancer` or
-    #   `AWS::CloudFront::Distribution`.
+    #   `AWS::ElasticLoadBalancingV2::LoadBalancer`,
+    #   `AWS::CloudFront::Distribution`, or
+    #   `AWS::NetworkFirewall::FirewallPolicy`.
     #
     #
     #
@@ -785,8 +786,9 @@ module Aws::FMS
     # @!attribute [rw] resource_type
     #   The resource type. This is in the format shown in the [AWS Resource
     #   Types Reference][1]. Supported resource types are:
-    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`, or
-    #   `AWS::EC2::SecurityGroup`.
+    #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
+    #   `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`,
+    #   and `AWS::EC2::Subnet`.
     #
     #
     #
@@ -1231,6 +1233,173 @@ module Aws::FMS
       include Aws::Structure
     end
+    # Violation details for AWS Network Firewall for a subnet that's not
+    # associated to the expected Firewall Manager managed route table.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_route_table
+    #   The resource ID of the current route table that's associated with
+    #   the subnet, if one is available.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_route_table
+    #   The resource ID of the route table that should be associated with
+    #   the subnet.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingExpectedRTViolation AWS API Documentation
+    #
+    class NetworkFirewallMissingExpectedRTViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :current_route_table,
+      :expected_route_table)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violation details for AWS Network Firewall for a subnet that doesn't
+    # have a Firewall Manager managed firewall in its VPC.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource has this violation, if one is available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingFirewallViolation AWS API Documentation
+    #
+    class NetworkFirewallMissingFirewallViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violation details for AWS Network Firewall for an Availability Zone
+    # that's missing the expected Firewall Manager managed subnet.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a violating subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource has this violation, if one is available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingSubnetViolation AWS API Documentation
+    #
+    class NetworkFirewallMissingSubnetViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The definition of the AWS Network Firewall firewall policy.
+    #
+    # @!attribute [rw] stateless_rule_groups
+    #   The stateless rule groups that are used in the Network Firewall
+    #   firewall policy.
+    #   @return [Array<Types::StatelessRuleGroup>]
+    #
+    # @!attribute [rw] stateless_default_actions
+    #   The actions to take on packets that don't match any of the
+    #   stateless rule groups.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateless_fragment_default_actions
+    #   The actions to take on packet fragments that don't match any of the
+    #   stateless rule groups.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateless_custom_actions
+    #   Names of custom actions that are available for use in the stateless
+    #   default actions settings.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateful_rule_groups
+    #   The stateful rule groups that are used in the Network Firewall
+    #   firewall policy.
+    #   @return [Array<Types::StatefulRuleGroup>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyDescription AWS API Documentation
+    #
+    class NetworkFirewallPolicyDescription < Struct.new(
+      :stateless_rule_groups,
+      :stateless_default_actions,
+      :stateless_fragment_default_actions,
+      :stateless_custom_actions,
+      :stateful_rule_groups)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Violation details for AWS Network Firewall for a firewall policy that
+    # has a different NetworkFirewallPolicyDescription than is required by
+    # the Firewall Manager policy.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the AWS Network Firewall or VPC resource that's in
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_policy_description
+    #   The policy that's currently in use in the individual account.
+    #   @return [Types::NetworkFirewallPolicyDescription]
+    #
+    # @!attribute [rw] expected_policy_description
+    #   The policy that should be in use in the individual account in order
+    #   to be compliant.
+    #   @return [Types::NetworkFirewallPolicyDescription]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyModifiedViolation AWS API Documentation
+    #
+    class NetworkFirewallPolicyModifiedViolation < Struct.new(
+      :violation_target,
+      :current_policy_description,
+      :expected_policy_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # The reference rule that partially matches the `ViolationTarget` rule
     # and violation reason.
     #
@@ -1262,7 +1431,7 @@ module Aws::FMS
     #         policy_name: "ResourceName", # required
     #         policy_update_token: "PolicyUpdateToken",
     #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #           managed_service_data: "ManagedServiceData",
     #         },
     #         resource_type: "ResourceType", # required
@@ -1315,7 +1484,8 @@ module Aws::FMS
     #   valid values are `AWS::EC2::SecurityGroup`,
     #   `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
     #   security group usage audit policy, the value is
-    #   `AWS::EC2::SecurityGroup`.
+    #   `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
+    #   value is `AWS::EC2::VPC`.
     #
     #
     #
@@ -1550,7 +1720,8 @@ module Aws::FMS
     #   valid values are `AWS::EC2::SecurityGroup`,
     #   `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
     #   security group usage audit policy, the value is
-    #   `AWS::EC2::SecurityGroup`.
+    #   `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
+    #   value is `AWS::EC2::VPC`.
     #
     #
     #
@@ -1780,7 +1951,7 @@ module Aws::FMS
     #           policy_name: "ResourceName", # required
     #           policy_update_token: "PolicyUpdateToken",
     #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #             managed_service_data: "ManagedServiceData",
     #           },
     #           resource_type: "ResourceType", # required
@@ -1966,12 +2137,41 @@ module Aws::FMS
     #   Violation details for an EC2 instance.
     #   @return [Types::AwsEc2InstanceViolation]
     #
+    # @!attribute [rw] network_firewall_missing_firewall_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   a subnet has no Firewall Manager managed firewall in its VPC.
+    #   @return [Types::NetworkFirewallMissingFirewallViolation]
+    #
+    # @!attribute [rw] network_firewall_missing_subnet_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   an Availability Zone is missing the expected Firewall Manager
+    #   managed subnet.
+    #   @return [Types::NetworkFirewallMissingSubnetViolation]
+    #
+    # @!attribute [rw] network_firewall_missing_expected_rt_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   a subnet is not associated with the expected Firewall Manager
+    #   managed route table.
+    #   @return [Types::NetworkFirewallMissingExpectedRTViolation]
+    #
+    # @!attribute [rw] network_firewall_policy_modified_violation
+    #   Violation detail for an Network Firewall policy that indicates that
+    #   a firewall policy in an individual account has been modified in a
+    #   way that makes it noncompliant. For example, the individual account
+    #   owner might have deleted a rule group, changed the priority of a
+    #   stateless rule group, or changed a policy default action.
+    #   @return [Types::NetworkFirewallPolicyModifiedViolation]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
     #
     class ResourceViolation < Struct.new(
       :aws_vpc_security_group_violation,
       :aws_ec2_network_interface_violation,
-      :aws_ec2_instance_violation)
+      :aws_ec2_instance_violation,
+      :network_firewall_missing_firewall_violation,
+      :network_firewall_missing_subnet_violation,
+      :network_firewall_missing_expected_rt_violation,
+      :network_firewall_policy_modified_violation)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2055,7 +2255,7 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #       }
     #
@@ -2074,29 +2274,36 @@ module Aws::FMS
     #   JSON format. For service type `SHIELD_ADVANCED`, this is an empty
     #   string.
     #
+    #   * Example: `NETWORK_FIREWALL`
+    #
+    #     `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2","priority":10\}],"networkFirewallStatelessDefaultActions":["aws:pass","custom1"],"networkFirewallStatelessFragmentDefaultActions":["custom2","aws:pass"],"networkFirewallStatelessCustomActions":[\{"actionName":"custom1","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension1"\}]\}\}\},\{"actionName":"custom2","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension2"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":true,"allowedIPV4CidrList":["10.24.34.0/28"]\}
+    #     \}"`
+    #
     #   * Example: `WAFV2`
     #
-    #     `"ManagedServiceData":
-    #     "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludeRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendorName":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludeRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
+    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
+    #
+    #     In the `loggingConfiguration`, you can specify one
+    #     `logDestinationConfigs`, you can optionally provide up to 20
+    #     `redactedFields`, and the `RedactedFieldType` must be one of
+    #     `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
     #
     #   * Example: `WAF Classic`
     #
-    #     `"ManagedServiceData": "\{"type": "WAF", "ruleGroups":
-    #     [\{"id": "12345678-1bcd-9012-efga-0987654321ab",
+    #     `"\{"type": "WAF", "ruleGroups":
+    #     [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
     #     "overrideAction" : \{"type": "COUNT"\}\}],
-    #     "defaultAction": \{"type": "BLOCK"\}\}`
+    #     "defaultAction": \{"type": "BLOCK"\}\}"`
     #
     #   * Example: `SECURITY_GROUPS_COMMON`
     #
-    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
+    #     `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
     #     "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
-    #     sg-000e55995d61a06bd"\}]\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
+    #     sg-000e55995d61a06bd"\}]\}"`
     #
     #   * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
     #
-    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"
-    #     sg-000e55995d61a06bd
-    #     "\}],"securityGroupAction":\{"type":"ALLOW"\}\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
+    #     `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
     #
     #     The security group action for content audit can be `ALLOW` or
     #     `DENY`. For `ALLOW`, all in-scope security group rules must be
@@ -2107,8 +2314,7 @@ module Aws::FMS
     #
     #   * Example: `SECURITY_GROUPS_USAGE_AUDIT`
     #
-    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"\},"RemediationEnabled":false,"Resou
-    #     rceType":"AWS::EC2::SecurityGroup"\}`
+    #     `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityServicePolicyData AWS API Documentation
@@ -2120,6 +2326,53 @@ module Aws::FMS
       include Aws::Structure
     end
+    # AWS Network Firewall stateful rule group, used in a
+    # NetworkFirewallPolicyDescription.
+    #
+    # @!attribute [rw] rule_group_name
+    #   The name of the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The resource ID of the rule group.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
+    #
+    class StatefulRuleGroup < Struct.new(
+      :rule_group_name,
+      :resource_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # AWS Network Firewall stateless rule group, used in a
+    # NetworkFirewallPolicyDescription.
+    #
+    # @!attribute [rw] rule_group_name
+    #   The name of the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_id
+    #   The resource ID of the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] priority
+    #   The priority of the rule group. AWS Network Firewall evaluates the
+    #   stateless rule groups in a firewall policy starting from the lowest
+    #   priority setting.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatelessRuleGroup AWS API Documentation
+    #
+    class StatelessRuleGroup < Struct.new(
+      :rule_group_name,
+      :resource_id,
+      :priority)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # A collection of key:value pairs associated with an AWS resource. The
     # key:value pair can be anything you define. Typically, the tag key
     # represents a category (such as "environment") and the tag value

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.29.0
+  version: 1.34.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-20 00:00:00.000000000 Z
+date: 2021-02-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.112.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement