aws-sdk-fms 1.35.0 → 1.39.0

data/lib/aws-sdk-fms/client_api.rb

@@ -15,6 +15,7 @@ module Aws::FMS
 
     AWSAccountId = Shapes::StringShape.new(name: 'AWSAccountId')
     AccountRoleStatus = Shapes::StringShape.new(name: 'AccountRoleStatus')
+    ActionTarget = Shapes::StructureShape.new(name: 'ActionTarget')
     App = Shapes::StructureShape.new(name: 'App')
     AppsList = Shapes::ListShape.new(name: 'AppsList')
     AppsListData = Shapes::StructureShape.new(name: 'AppsListData')
@@ -25,6 +26,7 @@ module Aws::FMS
     AwsEc2NetworkInterfaceViolation = Shapes::StructureShape.new(name: 'AwsEc2NetworkInterfaceViolation')
     AwsEc2NetworkInterfaceViolations = Shapes::ListShape.new(name: 'AwsEc2NetworkInterfaceViolations')
     AwsVPCSecurityGroupViolation = Shapes::StructureShape.new(name: 'AwsVPCSecurityGroupViolation')
+    BasicInteger = Shapes::IntegerShape.new(name: 'BasicInteger')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CIDR = Shapes::StringShape.new(name: 'CIDR')
     ComplianceViolator = Shapes::StructureShape.new(name: 'ComplianceViolator')
@@ -38,11 +40,26 @@ module Aws::FMS
     DeletePolicyRequest = Shapes::StructureShape.new(name: 'DeletePolicyRequest')
     DeleteProtocolsListRequest = Shapes::StructureShape.new(name: 'DeleteProtocolsListRequest')
     DependentServiceName = Shapes::StringShape.new(name: 'DependentServiceName')
+    DestinationType = Shapes::StringShape.new(name: 'DestinationType')
     DetailedInfo = Shapes::StringShape.new(name: 'DetailedInfo')
     DisassociateAdminAccountRequest = Shapes::StructureShape.new(name: 'DisassociateAdminAccountRequest')
+    DnsDuplicateRuleGroupViolation = Shapes::StructureShape.new(name: 'DnsDuplicateRuleGroupViolation')
+    DnsRuleGroupLimitExceededViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupLimitExceededViolation')
+    DnsRuleGroupPriorities = Shapes::ListShape.new(name: 'DnsRuleGroupPriorities')
+    DnsRuleGroupPriority = Shapes::IntegerShape.new(name: 'DnsRuleGroupPriority')
+    DnsRuleGroupPriorityConflictViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupPriorityConflictViolation')
+    EC2AssociateRouteTableAction = Shapes::StructureShape.new(name: 'EC2AssociateRouteTableAction')
+    EC2CopyRouteTableAction = Shapes::StructureShape.new(name: 'EC2CopyRouteTableAction')
+    EC2CreateRouteAction = Shapes::StructureShape.new(name: 'EC2CreateRouteAction')
+    EC2CreateRouteTableAction = Shapes::StructureShape.new(name: 'EC2CreateRouteTableAction')
+    EC2DeleteRouteAction = Shapes::StructureShape.new(name: 'EC2DeleteRouteAction')
+    EC2ReplaceRouteAction = Shapes::StructureShape.new(name: 'EC2ReplaceRouteAction')
+    EC2ReplaceRouteTableAssociationAction = Shapes::StructureShape.new(name: 'EC2ReplaceRouteTableAssociationAction')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     EvaluationResult = Shapes::StructureShape.new(name: 'EvaluationResult')
     EvaluationResults = Shapes::ListShape.new(name: 'EvaluationResults')
+    ExpectedRoute = Shapes::StructureShape.new(name: 'ExpectedRoute')
+    ExpectedRoutes = Shapes::ListShape.new(name: 'ExpectedRoutes')
     GetAdminAccountRequest = Shapes::StructureShape.new(name: 'GetAdminAccountRequest')
     GetAdminAccountResponse = Shapes::StructureShape.new(name: 'GetAdminAccountResponse')
     GetAppsListRequest = Shapes::StructureShape.new(name: 'GetAppsListRequest')
@@ -66,6 +83,7 @@ module Aws::FMS
     InvalidTypeException = Shapes::StructureShape.new(name: 'InvalidTypeException')
     IssueInfoMap = Shapes::MapShape.new(name: 'IssueInfoMap')
     LengthBoundedString = Shapes::StringShape.new(name: 'LengthBoundedString')
+    LengthBoundedStringList = Shapes::ListShape.new(name: 'LengthBoundedStringList')
     LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
     ListAppsListsRequest = Shapes::StructureShape.new(name: 'ListAppsListsRequest')
     ListAppsListsResponse = Shapes::StructureShape.new(name: 'ListAppsListsResponse')
@@ -84,12 +102,19 @@ module Aws::FMS
     MemberAccounts = Shapes::ListShape.new(name: 'MemberAccounts')
     NetworkFirewallAction = Shapes::StringShape.new(name: 'NetworkFirewallAction')
     NetworkFirewallActionList = Shapes::ListShape.new(name: 'NetworkFirewallActionList')
+    NetworkFirewallBlackHoleRouteDetectedViolation = Shapes::StructureShape.new(name: 'NetworkFirewallBlackHoleRouteDetectedViolation')
+    NetworkFirewallInternetTrafficNotInspectedViolation = Shapes::StructureShape.new(name: 'NetworkFirewallInternetTrafficNotInspectedViolation')
+    NetworkFirewallInvalidRouteConfigurationViolation = Shapes::StructureShape.new(name: 'NetworkFirewallInvalidRouteConfigurationViolation')
     NetworkFirewallMissingExpectedRTViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingExpectedRTViolation')
+    NetworkFirewallMissingExpectedRoutesViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingExpectedRoutesViolation')
     NetworkFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingFirewallViolation')
     NetworkFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingSubnetViolation')
     NetworkFirewallPolicyDescription = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyDescription')
     NetworkFirewallPolicyModifiedViolation = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyModifiedViolation')
     NetworkFirewallResourceName = Shapes::StringShape.new(name: 'NetworkFirewallResourceName')
+    NetworkFirewallUnexpectedFirewallRoutesViolation = Shapes::StructureShape.new(name: 'NetworkFirewallUnexpectedFirewallRoutesViolation')
+    NetworkFirewallUnexpectedGatewayRoutesViolation = Shapes::StructureShape.new(name: 'NetworkFirewallUnexpectedGatewayRoutesViolation')
+    OrderedRemediationActions = Shapes::ListShape.new(name: 'OrderedRemediationActions')
     PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
     PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
     PartialMatch = Shapes::StructureShape.new(name: 'PartialMatch')
@@ -103,6 +128,9 @@ module Aws::FMS
     PolicySummary = Shapes::StructureShape.new(name: 'PolicySummary')
     PolicySummaryList = Shapes::ListShape.new(name: 'PolicySummaryList')
     PolicyUpdateToken = Shapes::StringShape.new(name: 'PolicyUpdateToken')
+    PossibleRemediationAction = Shapes::StructureShape.new(name: 'PossibleRemediationAction')
+    PossibleRemediationActionList = Shapes::ListShape.new(name: 'PossibleRemediationActionList')
+    PossibleRemediationActions = Shapes::StructureShape.new(name: 'PossibleRemediationActions')
     PreviousAppsList = Shapes::MapShape.new(name: 'PreviousAppsList')
     PreviousListVersion = Shapes::StringShape.new(name: 'PreviousListVersion')
     PreviousProtocolsList = Shapes::MapShape.new(name: 'PreviousProtocolsList')
@@ -120,8 +148,10 @@ module Aws::FMS
     PutProtocolsListRequest = Shapes::StructureShape.new(name: 'PutProtocolsListRequest')
     PutProtocolsListResponse = Shapes::StructureShape.new(name: 'PutProtocolsListResponse')
     ReferenceRule = Shapes::StringShape.new(name: 'ReferenceRule')
+    RemediationAction = Shapes::StructureShape.new(name: 'RemediationAction')
     RemediationActionDescription = Shapes::StringShape.new(name: 'RemediationActionDescription')
     RemediationActionType = Shapes::StringShape.new(name: 'RemediationActionType')
+    RemediationActionWithOrder = Shapes::StructureShape.new(name: 'RemediationActionWithOrder')
     ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
     ResourceCount = Shapes::IntegerShape.new(name: 'ResourceCount')
     ResourceId = Shapes::StringShape.new(name: 'ResourceId')
@@ -136,6 +166,8 @@ module Aws::FMS
     ResourceTypeList = Shapes::ListShape.new(name: 'ResourceTypeList')
     ResourceViolation = Shapes::StructureShape.new(name: 'ResourceViolation')
     ResourceViolations = Shapes::ListShape.new(name: 'ResourceViolations')
+    Route = Shapes::StructureShape.new(name: 'Route')
+    Routes = Shapes::ListShape.new(name: 'Routes')
     SecurityGroupRemediationAction = Shapes::StructureShape.new(name: 'SecurityGroupRemediationAction')
     SecurityGroupRemediationActions = Shapes::ListShape.new(name: 'SecurityGroupRemediationActions')
     SecurityGroupRuleDescription = Shapes::StructureShape.new(name: 'SecurityGroupRuleDescription')
@@ -153,6 +185,7 @@ module Aws::FMS
     TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
     TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
     TagValue = Shapes::StringShape.new(name: 'TagValue')
+    TargetType = Shapes::StringShape.new(name: 'TargetType')
     TargetViolationReason = Shapes::StringShape.new(name: 'TargetViolationReason')
     TargetViolationReasons = Shapes::ListShape.new(name: 'TargetViolationReasons')
     TimeStamp = Shapes::TimestampShape.new(name: 'TimeStamp')
@@ -163,6 +196,10 @@ module Aws::FMS
     ViolationReason = Shapes::StringShape.new(name: 'ViolationReason')
     ViolationTarget = Shapes::StringShape.new(name: 'ViolationTarget')
 
+    ActionTarget.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
+    ActionTarget.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    ActionTarget.struct_class = Types::ActionTarget
+
     App.add_member(:app_name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "AppName"))
     App.add_member(:protocol, Shapes::ShapeRef.new(shape: Protocol, required: true, location_name: "Protocol"))
     App.add_member(:port, Shapes::ShapeRef.new(shape: IPPortNumber, required: true, location_name: "Port"))
@@ -232,6 +269,68 @@ module Aws::FMS
 
     DisassociateAdminAccountRequest.struct_class = Types::DisassociateAdminAccountRequest
 
+    DnsDuplicateRuleGroupViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    DnsDuplicateRuleGroupViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
+    DnsDuplicateRuleGroupViolation.struct_class = Types::DnsDuplicateRuleGroupViolation
+
+    DnsRuleGroupLimitExceededViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    DnsRuleGroupLimitExceededViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
+    DnsRuleGroupLimitExceededViolation.add_member(:number_of_rule_groups_already_associated, Shapes::ShapeRef.new(shape: BasicInteger, location_name: "NumberOfRuleGroupsAlreadyAssociated"))
+    DnsRuleGroupLimitExceededViolation.struct_class = Types::DnsRuleGroupLimitExceededViolation
+
+    DnsRuleGroupPriorities.member = Shapes::ShapeRef.new(shape: DnsRuleGroupPriority)
+
+    DnsRuleGroupPriorityConflictViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:conflicting_priority, Shapes::ShapeRef.new(shape: DnsRuleGroupPriority, location_name: "ConflictingPriority"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:conflicting_policy_id, Shapes::ShapeRef.new(shape: PolicyId, location_name: "ConflictingPolicyId"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:unavailable_priorities, Shapes::ShapeRef.new(shape: DnsRuleGroupPriorities, location_name: "UnavailablePriorities"))
+    DnsRuleGroupPriorityConflictViolation.struct_class = Types::DnsRuleGroupPriorityConflictViolation
+
+    EC2AssociateRouteTableAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    EC2AssociateRouteTableAction.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "RouteTableId"))
+    EC2AssociateRouteTableAction.add_member(:subnet_id, Shapes::ShapeRef.new(shape: ActionTarget, location_name: "SubnetId"))
+    EC2AssociateRouteTableAction.add_member(:gateway_id, Shapes::ShapeRef.new(shape: ActionTarget, location_name: "GatewayId"))
+    EC2AssociateRouteTableAction.struct_class = Types::EC2AssociateRouteTableAction
+
+    EC2CopyRouteTableAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    EC2CopyRouteTableAction.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "VpcId"))
+    EC2CopyRouteTableAction.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "RouteTableId"))
+    EC2CopyRouteTableAction.struct_class = Types::EC2CopyRouteTableAction
+
+    EC2CreateRouteAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    EC2CreateRouteAction.add_member(:destination_cidr_block, Shapes::ShapeRef.new(shape: CIDR, location_name: "DestinationCidrBlock"))
+    EC2CreateRouteAction.add_member(:destination_prefix_list_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "DestinationPrefixListId"))
+    EC2CreateRouteAction.add_member(:destination_ipv_6_cidr_block, Shapes::ShapeRef.new(shape: CIDR, location_name: "DestinationIpv6CidrBlock"))
+    EC2CreateRouteAction.add_member(:vpc_endpoint_id, Shapes::ShapeRef.new(shape: ActionTarget, location_name: "VpcEndpointId"))
+    EC2CreateRouteAction.add_member(:gateway_id, Shapes::ShapeRef.new(shape: ActionTarget, location_name: "GatewayId"))
+    EC2CreateRouteAction.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "RouteTableId"))
+    EC2CreateRouteAction.struct_class = Types::EC2CreateRouteAction
+
+    EC2CreateRouteTableAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    EC2CreateRouteTableAction.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "VpcId"))
+    EC2CreateRouteTableAction.struct_class = Types::EC2CreateRouteTableAction
+
+    EC2DeleteRouteAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    EC2DeleteRouteAction.add_member(:destination_cidr_block, Shapes::ShapeRef.new(shape: CIDR, location_name: "DestinationCidrBlock"))
+    EC2DeleteRouteAction.add_member(:destination_prefix_list_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "DestinationPrefixListId"))
+    EC2DeleteRouteAction.add_member(:destination_ipv_6_cidr_block, Shapes::ShapeRef.new(shape: CIDR, location_name: "DestinationIpv6CidrBlock"))
+    EC2DeleteRouteAction.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "RouteTableId"))
+    EC2DeleteRouteAction.struct_class = Types::EC2DeleteRouteAction
+
+    EC2ReplaceRouteAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    EC2ReplaceRouteAction.add_member(:destination_cidr_block, Shapes::ShapeRef.new(shape: CIDR, location_name: "DestinationCidrBlock"))
+    EC2ReplaceRouteAction.add_member(:destination_prefix_list_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "DestinationPrefixListId"))
+    EC2ReplaceRouteAction.add_member(:destination_ipv_6_cidr_block, Shapes::ShapeRef.new(shape: CIDR, location_name: "DestinationIpv6CidrBlock"))
+    EC2ReplaceRouteAction.add_member(:gateway_id, Shapes::ShapeRef.new(shape: ActionTarget, location_name: "GatewayId"))
+    EC2ReplaceRouteAction.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "RouteTableId"))
+    EC2ReplaceRouteAction.struct_class = Types::EC2ReplaceRouteAction
+
+    EC2ReplaceRouteTableAssociationAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    EC2ReplaceRouteTableAssociationAction.add_member(:association_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "AssociationId"))
+    EC2ReplaceRouteTableAssociationAction.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ActionTarget, required: true, location_name: "RouteTableId"))
+    EC2ReplaceRouteTableAssociationAction.struct_class = Types::EC2ReplaceRouteTableAssociationAction
+
     EvaluationResult.add_member(:compliance_status, Shapes::ShapeRef.new(shape: PolicyComplianceStatusType, location_name: "ComplianceStatus"))
     EvaluationResult.add_member(:violator_count, Shapes::ShapeRef.new(shape: ResourceCount, location_name: "ViolatorCount"))
     EvaluationResult.add_member(:evaluation_limit_exceeded, Shapes::ShapeRef.new(shape: Boolean, location_name: "EvaluationLimitExceeded"))
@@ -239,6 +338,16 @@ module Aws::FMS
 
     EvaluationResults.member = Shapes::ShapeRef.new(shape: EvaluationResult)
 
+    ExpectedRoute.add_member(:ip_v4_cidr, Shapes::ShapeRef.new(shape: CIDR, location_name: "IpV4Cidr"))
+    ExpectedRoute.add_member(:prefix_list_id, Shapes::ShapeRef.new(shape: CIDR, location_name: "PrefixListId"))
+    ExpectedRoute.add_member(:ip_v6_cidr, Shapes::ShapeRef.new(shape: CIDR, location_name: "IpV6Cidr"))
+    ExpectedRoute.add_member(:contributing_subnets, Shapes::ShapeRef.new(shape: ResourceIdList, location_name: "ContributingSubnets"))
+    ExpectedRoute.add_member(:allowed_targets, Shapes::ShapeRef.new(shape: LengthBoundedStringList, location_name: "AllowedTargets"))
+    ExpectedRoute.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
+    ExpectedRoute.struct_class = Types::ExpectedRoute
+
+    ExpectedRoutes.member = Shapes::ShapeRef.new(shape: ExpectedRoute)
+
     GetAdminAccountRequest.struct_class = Types::GetAdminAccountRequest
 
     GetAdminAccountResponse.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AdminAccount"))
@@ -319,6 +428,8 @@ module Aws::FMS
     IssueInfoMap.key = Shapes::ShapeRef.new(shape: DependentServiceName)
     IssueInfoMap.value = Shapes::ShapeRef.new(shape: DetailedInfo)
 
+    LengthBoundedStringList.member = Shapes::ShapeRef.new(shape: LengthBoundedString)
+
     LimitExceededException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     LimitExceededException.struct_class = Types::LimitExceededException
 
@@ -375,6 +486,47 @@ module Aws::FMS
 
     NetworkFirewallActionList.member = Shapes::ShapeRef.new(shape: NetworkFirewallAction)
 
+    NetworkFirewallBlackHoleRouteDetectedViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    NetworkFirewallBlackHoleRouteDetectedViolation.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
+    NetworkFirewallBlackHoleRouteDetectedViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    NetworkFirewallBlackHoleRouteDetectedViolation.add_member(:violating_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ViolatingRoutes"))
+    NetworkFirewallBlackHoleRouteDetectedViolation.struct_class = Types::NetworkFirewallBlackHoleRouteDetectedViolation
+
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "SubnetId"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:subnet_availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZone"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:violating_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ViolatingRoutes"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:is_route_table_used_in_different_az, Shapes::ShapeRef.new(shape: Boolean, location_name: "IsRouteTableUsedInDifferentAZ"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:current_firewall_subnet_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentFirewallSubnetRouteTable"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:expected_firewall_endpoint, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedFirewallEndpoint"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:expected_firewall_subnet_routes, Shapes::ShapeRef.new(shape: ExpectedRoutes, location_name: "ExpectedFirewallSubnetRoutes"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:actual_firewall_subnet_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ActualFirewallSubnetRoutes"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:internet_gateway_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "InternetGatewayId"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:current_internet_gateway_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentInternetGatewayRouteTable"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:expected_internet_gateway_routes, Shapes::ShapeRef.new(shape: ExpectedRoutes, location_name: "ExpectedInternetGatewayRoutes"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:actual_internet_gateway_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ActualInternetGatewayRoutes"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    NetworkFirewallInternetTrafficNotInspectedViolation.struct_class = Types::NetworkFirewallInternetTrafficNotInspectedViolation
+
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:affected_subnets, Shapes::ShapeRef.new(shape: ResourceIdList, location_name: "AffectedSubnets"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:is_route_table_used_in_different_az, Shapes::ShapeRef.new(shape: Boolean, location_name: "IsRouteTableUsedInDifferentAZ"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:violating_route, Shapes::ShapeRef.new(shape: Route, location_name: "ViolatingRoute"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:current_firewall_subnet_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentFirewallSubnetRouteTable"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:expected_firewall_endpoint, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedFirewallEndpoint"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:actual_firewall_endpoint, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ActualFirewallEndpoint"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:expected_firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedFirewallSubnetId"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:actual_firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ActualFirewallSubnetId"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:expected_firewall_subnet_routes, Shapes::ShapeRef.new(shape: ExpectedRoutes, location_name: "ExpectedFirewallSubnetRoutes"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:actual_firewall_subnet_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ActualFirewallSubnetRoutes"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:internet_gateway_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "InternetGatewayId"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:current_internet_gateway_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentInternetGatewayRouteTable"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:expected_internet_gateway_routes, Shapes::ShapeRef.new(shape: ExpectedRoutes, location_name: "ExpectedInternetGatewayRoutes"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:actual_internet_gateway_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ActualInternetGatewayRoutes"))
+    NetworkFirewallInvalidRouteConfigurationViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    NetworkFirewallInvalidRouteConfigurationViolation.struct_class = Types::NetworkFirewallInvalidRouteConfigurationViolation
+
     NetworkFirewallMissingExpectedRTViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
     NetworkFirewallMissingExpectedRTViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
     NetworkFirewallMissingExpectedRTViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
@@ -382,6 +534,11 @@ module Aws::FMS
     NetworkFirewallMissingExpectedRTViolation.add_member(:expected_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedRouteTable"))
     NetworkFirewallMissingExpectedRTViolation.struct_class = Types::NetworkFirewallMissingExpectedRTViolation
 
+    NetworkFirewallMissingExpectedRoutesViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    NetworkFirewallMissingExpectedRoutesViolation.add_member(:expected_routes, Shapes::ShapeRef.new(shape: ExpectedRoutes, location_name: "ExpectedRoutes"))
+    NetworkFirewallMissingExpectedRoutesViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    NetworkFirewallMissingExpectedRoutesViolation.struct_class = Types::NetworkFirewallMissingExpectedRoutesViolation
+
     NetworkFirewallMissingFirewallViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
     NetworkFirewallMissingFirewallViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
     NetworkFirewallMissingFirewallViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
@@ -406,6 +563,21 @@ module Aws::FMS
     NetworkFirewallPolicyModifiedViolation.add_member(:expected_policy_description, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyDescription, location_name: "ExpectedPolicyDescription"))
     NetworkFirewallPolicyModifiedViolation.struct_class = Types::NetworkFirewallPolicyModifiedViolation
 
+    NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId"))
+    NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:violating_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ViolatingRoutes"))
+    NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
+    NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:firewall_endpoint, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallEndpoint"))
+    NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    NetworkFirewallUnexpectedFirewallRoutesViolation.struct_class = Types::NetworkFirewallUnexpectedFirewallRoutesViolation
+
+    NetworkFirewallUnexpectedGatewayRoutesViolation.add_member(:gateway_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "GatewayId"))
+    NetworkFirewallUnexpectedGatewayRoutesViolation.add_member(:violating_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ViolatingRoutes"))
+    NetworkFirewallUnexpectedGatewayRoutesViolation.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
+    NetworkFirewallUnexpectedGatewayRoutesViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    NetworkFirewallUnexpectedGatewayRoutesViolation.struct_class = Types::NetworkFirewallUnexpectedGatewayRoutesViolation
+
+    OrderedRemediationActions.member = Shapes::ShapeRef.new(shape: RemediationActionWithOrder)
+
     PartialMatch.add_member(:reference, Shapes::ShapeRef.new(shape: ReferenceRule, location_name: "Reference"))
     PartialMatch.add_member(:target_violation_reasons, Shapes::ShapeRef.new(shape: TargetViolationReasons, location_name: "TargetViolationReasons"))
     PartialMatch.struct_class = Types::PartialMatch
@@ -455,6 +627,17 @@ module Aws::FMS
 
     PolicySummaryList.member = Shapes::ShapeRef.new(shape: PolicySummary)
 
+    PossibleRemediationAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    PossibleRemediationAction.add_member(:ordered_remediation_actions, Shapes::ShapeRef.new(shape: OrderedRemediationActions, required: true, location_name: "OrderedRemediationActions"))
+    PossibleRemediationAction.add_member(:is_default_action, Shapes::ShapeRef.new(shape: Boolean, location_name: "IsDefaultAction"))
+    PossibleRemediationAction.struct_class = Types::PossibleRemediationAction
+
+    PossibleRemediationActionList.member = Shapes::ShapeRef.new(shape: PossibleRemediationAction)
+
+    PossibleRemediationActions.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    PossibleRemediationActions.add_member(:actions, Shapes::ShapeRef.new(shape: PossibleRemediationActionList, location_name: "Actions"))
+    PossibleRemediationActions.struct_class = Types::PossibleRemediationActions
+
     PreviousAppsList.key = Shapes::ShapeRef.new(shape: PreviousListVersion)
     PreviousAppsList.value = Shapes::ShapeRef.new(shape: AppsList)
 
@@ -508,6 +691,20 @@ module Aws::FMS
     PutProtocolsListResponse.add_member(:protocols_list_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "ProtocolsListArn"))
     PutProtocolsListResponse.struct_class = Types::PutProtocolsListResponse
 
+    RemediationAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
+    RemediationAction.add_member(:ec2_create_route_action, Shapes::ShapeRef.new(shape: EC2CreateRouteAction, location_name: "EC2CreateRouteAction"))
+    RemediationAction.add_member(:ec2_replace_route_action, Shapes::ShapeRef.new(shape: EC2ReplaceRouteAction, location_name: "EC2ReplaceRouteAction"))
+    RemediationAction.add_member(:ec2_delete_route_action, Shapes::ShapeRef.new(shape: EC2DeleteRouteAction, location_name: "EC2DeleteRouteAction"))
+    RemediationAction.add_member(:ec2_copy_route_table_action, Shapes::ShapeRef.new(shape: EC2CopyRouteTableAction, location_name: "EC2CopyRouteTableAction"))
+    RemediationAction.add_member(:ec2_replace_route_table_association_action, Shapes::ShapeRef.new(shape: EC2ReplaceRouteTableAssociationAction, location_name: "EC2ReplaceRouteTableAssociationAction"))
+    RemediationAction.add_member(:ec2_associate_route_table_action, Shapes::ShapeRef.new(shape: EC2AssociateRouteTableAction, location_name: "EC2AssociateRouteTableAction"))
+    RemediationAction.add_member(:ec2_create_route_table_action, Shapes::ShapeRef.new(shape: EC2CreateRouteTableAction, location_name: "EC2CreateRouteTableAction"))
+    RemediationAction.struct_class = Types::RemediationAction
+
+    RemediationActionWithOrder.add_member(:remediation_action, Shapes::ShapeRef.new(shape: RemediationAction, location_name: "RemediationAction"))
+    RemediationActionWithOrder.add_member(:order, Shapes::ShapeRef.new(shape: BasicInteger, location_name: "Order"))
+    RemediationActionWithOrder.struct_class = Types::RemediationActionWithOrder
+
     ResourceIdList.member = Shapes::ShapeRef.new(shape: ResourceId)
 
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
@@ -528,10 +725,28 @@ module Aws::FMS
     ResourceViolation.add_member(:network_firewall_missing_subnet_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingSubnetViolation, location_name: "NetworkFirewallMissingSubnetViolation"))
     ResourceViolation.add_member(:network_firewall_missing_expected_rt_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingExpectedRTViolation, location_name: "NetworkFirewallMissingExpectedRTViolation"))
     ResourceViolation.add_member(:network_firewall_policy_modified_violation, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyModifiedViolation, location_name: "NetworkFirewallPolicyModifiedViolation"))
+    ResourceViolation.add_member(:network_firewall_internet_traffic_not_inspected_violation, Shapes::ShapeRef.new(shape: NetworkFirewallInternetTrafficNotInspectedViolation, location_name: "NetworkFirewallInternetTrafficNotInspectedViolation"))
+    ResourceViolation.add_member(:network_firewall_invalid_route_configuration_violation, Shapes::ShapeRef.new(shape: NetworkFirewallInvalidRouteConfigurationViolation, location_name: "NetworkFirewallInvalidRouteConfigurationViolation"))
+    ResourceViolation.add_member(:network_firewall_black_hole_route_detected_violation, Shapes::ShapeRef.new(shape: NetworkFirewallBlackHoleRouteDetectedViolation, location_name: "NetworkFirewallBlackHoleRouteDetectedViolation"))
+    ResourceViolation.add_member(:network_firewall_unexpected_firewall_routes_violation, Shapes::ShapeRef.new(shape: NetworkFirewallUnexpectedFirewallRoutesViolation, location_name: "NetworkFirewallUnexpectedFirewallRoutesViolation"))
+    ResourceViolation.add_member(:network_firewall_unexpected_gateway_routes_violation, Shapes::ShapeRef.new(shape: NetworkFirewallUnexpectedGatewayRoutesViolation, location_name: "NetworkFirewallUnexpectedGatewayRoutesViolation"))
+    ResourceViolation.add_member(:network_firewall_missing_expected_routes_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingExpectedRoutesViolation, location_name: "NetworkFirewallMissingExpectedRoutesViolation"))
+    ResourceViolation.add_member(:dns_rule_group_priority_conflict_violation, Shapes::ShapeRef.new(shape: DnsRuleGroupPriorityConflictViolation, location_name: "DnsRuleGroupPriorityConflictViolation"))
+    ResourceViolation.add_member(:dns_duplicate_rule_group_violation, Shapes::ShapeRef.new(shape: DnsDuplicateRuleGroupViolation, location_name: "DnsDuplicateRuleGroupViolation"))
+    ResourceViolation.add_member(:dns_rule_group_limit_exceeded_violation, Shapes::ShapeRef.new(shape: DnsRuleGroupLimitExceededViolation, location_name: "DnsRuleGroupLimitExceededViolation"))
+    ResourceViolation.add_member(:possible_remediation_actions, Shapes::ShapeRef.new(shape: PossibleRemediationActions, location_name: "PossibleRemediationActions"))
     ResourceViolation.struct_class = Types::ResourceViolation
 
     ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
 
+    Route.add_member(:destination_type, Shapes::ShapeRef.new(shape: DestinationType, location_name: "DestinationType"))
+    Route.add_member(:target_type, Shapes::ShapeRef.new(shape: TargetType, location_name: "TargetType"))
+    Route.add_member(:destination, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Destination"))
+    Route.add_member(:target, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Target"))
+    Route.struct_class = Types::Route
+
+    Routes.member = Shapes::ShapeRef.new(shape: Route)
+
     SecurityGroupRemediationAction.add_member(:remediation_action_type, Shapes::ShapeRef.new(shape: RemediationActionType, location_name: "RemediationActionType"))
     SecurityGroupRemediationAction.add_member(:description, Shapes::ShapeRef.new(shape: RemediationActionDescription, location_name: "Description"))
     SecurityGroupRemediationAction.add_member(:remediation_result, Shapes::ShapeRef.new(shape: SecurityGroupRuleDescription, location_name: "RemediationResult"))
@@ -625,6 +840,7 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
 
       api.add_operation(:delete_apps_list, Seahorse::Model::Operation.new.tap do |o|
@@ -784,6 +1000,12 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
       end)
 
       api.add_operation(:list_compliance_status, Seahorse::Model::Operation.new.tap do |o|
@@ -845,6 +1067,12 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
       end)
 
       api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-fms/types.rb

@@ -10,7 +10,26 @@
 module Aws::FMS
   module Types
 
-    # An individual AWS Firewall Manager application.
+    # Describes a remediation action target.
+    #
+    # @!attribute [rw] resource_id
+    #   The ID of the remediation target.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the remediation action target.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ActionTarget AWS API Documentation
+    #
+    class ActionTarget < Struct.new(
+      :resource_id,
+      :description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An individual Firewall Manager application.
     #
     # @note When making an API call, you may pass App
     #   data as a hash:
@@ -49,7 +68,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # An AWS Firewall Manager applications list.
+    # An Firewall Manager applications list.
     #
     # @note When making an API call, you may pass AppsListData
     #   data as a hash:
@@ -79,11 +98,11 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] list_id
-    #   The ID of the AWS Firewall Manager applications list.
+    #   The ID of the Firewall Manager applications list.
     #   @return [String]
     #
     # @!attribute [rw] list_name
-    #   The name of the AWS Firewall Manager applications list.
+    #   The name of the Firewall Manager applications list.
     #   @return [String]
     #
     # @!attribute [rw] list_update_token
@@ -94,18 +113,16 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] create_time
-    #   The time that the AWS Firewall Manager applications list was
-    #   created.
+    #   The time that the Firewall Manager applications list was created.
     #   @return [Time]
     #
     # @!attribute [rw] last_update_time
-    #   The time that the AWS Firewall Manager applications list was last
+    #   The time that the Firewall Manager applications list was last
     #   updated.
     #   @return [Time]
     #
     # @!attribute [rw] apps_list
-    #   An array of applications in the AWS Firewall Manager applications
-    #   list.
+    #   An array of applications in the Firewall Manager applications list.
     #   @return [Array<Types::App>]
     #
     # @!attribute [rw] previous_apps_list
@@ -127,7 +144,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Details of the AWS Firewall Manager applications list.
+    # Details of the Firewall Manager applications list.
     #
     # @!attribute [rw] list_arn
     #   The Amazon Resource Name (ARN) of the applications list.
@@ -142,8 +159,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] apps_list
-    #   An array of `App` objects in the AWS Firewall Manager applications
-    #   list.
+    #   An array of `App` objects in the Firewall Manager applications list.
     #   @return [Array<Types::App>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListDataSummary AWS API Documentation
@@ -165,11 +181,11 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] admin_account
-    #   The AWS account ID to associate with AWS Firewall Manager as the AWS
-    #   Firewall Manager administrator account. This can be an AWS
-    #   Organizations master account or a member account. For more
-    #   information about AWS Organizations and master accounts, see
-    #   [Managing the AWS Accounts in Your Organization][1].
+    #   The Amazon Web Services account ID to associate with Firewall
+    #   Manager as the Firewall Manager administrator account. This must be
+    #   an Organizations member account. For more information about
+    #   Organizations, see [Managing the Amazon Web Services Accounts in
+    #   Your Organization][1].
     #
     #
     #
@@ -184,14 +200,15 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Violations for an EC2 instance resource.
+    # Violation detail for an EC2 instance resource.
     #
     # @!attribute [rw] violation_target
     #   The resource ID of the EC2 instance.
     #   @return [String]
     #
     # @!attribute [rw] aws_ec2_network_interface_violations
-    #   Violations for network interfaces associated with the EC2 instance.
+    #   Violation detail for network interfaces associated with the EC2
+    #   instance.
     #   @return [Array<Types::AwsEc2NetworkInterfaceViolation>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2InstanceViolation AWS API Documentation
@@ -203,7 +220,8 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Violations for network interfaces associated with an EC2 instance.
+    # Violation detail for network interfaces associated with an EC2
+    # instance.
     #
     # @!attribute [rw] violation_target
     #   The resource ID of the network interface.
@@ -211,7 +229,7 @@ module Aws::FMS
     #
     # @!attribute [rw] violating_security_groups
     #   List of security groups that violate the rules specified in the
-    #   master security group of the AWS Firewall Manager policy.
+    #   primary security group of the Firewall Manager policy.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2NetworkInterfaceViolation AWS API Documentation
@@ -223,8 +241,8 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Details of the rule violation in a security group when compared to the
-    # master security group of the AWS Firewall Manager policy.
+    # Violation detail for the rule violation in a security group when
+    # compared to the primary security group of the Firewall Manager policy.
     #
     # @!attribute [rw] violation_target
     #   The security group rule that is being evaluated.
@@ -235,7 +253,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] partial_matches
-    #   List of rules specified in the security group of the AWS Firewall
+    #   List of rules specified in the security group of the Firewall
     #   Manager policy that partially match the `ViolationTarget` rule.
     #   @return [Array<Types::PartialMatch>]
     #
@@ -265,8 +283,8 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] resource_type
-    #   The resource type. This is in the format shown in the [AWS Resource
-    #   Types Reference][1]. For example:
+    #   The resource type. This is in the format shown in the [Amazon Web
+    #   Services Resource Types Reference][1]. For example:
     #   `AWS::ElasticLoadBalancingV2::LoadBalancer`,
     #   `AWS::CloudFront::Distribution`, or
     #   `AWS::NetworkFirewall::FirewallPolicy`.
@@ -330,10 +348,10 @@ module Aws::FMS
     #   If `True`, the request performs cleanup according to the policy
     #   type.
     #
-    #   For AWS WAF and Shield Advanced policies, the cleanup does the
+    #   For WAF and Shield Advanced policies, the cleanup does the
     #   following:
     #
-    #   * Deletes rule groups created by AWS Firewall Manager
+    #   * Deletes rule groups created by Firewall Manager
     #
     #   * Removes web ACLs from in-scope resources
     #
@@ -394,19 +412,344 @@ module Aws::FMS
     #
     class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
 
+    # A DNS Firewall rule group that Firewall Manager tried to associate
+    # with a VPC is already associated with the VPC and can't be associated
+    # again.
+    #
+    # @!attribute [rw] violation_target
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the violation that specifies the rule group and
+    #   VPC.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsDuplicateRuleGroupViolation AWS API Documentation
+    #
+    class DnsDuplicateRuleGroupViolation < Struct.new(
+      :violation_target,
+      :violation_target_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The VPC that Firewall Manager was applying a DNS Fireall policy to
+    # reached the limit for associated DNS Firewall rule groups. Firewall
+    # Manager tried to associate another rule group with the VPC and failed
+    # due to the limit.
+    #
+    # @!attribute [rw] violation_target
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the violation that specifies the rule group and
+    #   VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] number_of_rule_groups_already_associated
+    #   The number of rule groups currently associated with the VPC.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupLimitExceededViolation AWS API Documentation
+    #
+    class DnsRuleGroupLimitExceededViolation < Struct.new(
+      :violation_target,
+      :violation_target_description,
+      :number_of_rule_groups_already_associated)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A rule group that Firewall Manager tried to associate with a VPC has
+    # the same priority as a rule group that's already associated.
+    #
+    # @!attribute [rw] violation_target
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the violation that specifies the VPC and the rule
+    #   group that's already associated with it.
+    #   @return [String]
+    #
+    # @!attribute [rw] conflicting_priority
+    #   The priority setting of the two conflicting rule groups.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] conflicting_policy_id
+    #   The ID of the Firewall Manager DNS Firewall policy that was already
+    #   applied to the VPC. This policy contains the rule group that's
+    #   already associated with the VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] unavailable_priorities
+    #   The priorities of rule groups that are already associated with the
+    #   VPC. To retry your operation, choose priority settings that aren't
+    #   in this list for the rule groups in your new DNS Firewall policy.
+    #   @return [Array<Integer>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupPriorityConflictViolation AWS API Documentation
+    #
+    class DnsRuleGroupPriorityConflictViolation < Struct.new(
+      :violation_target,
+      :violation_target_description,
+      :conflicting_priority,
+      :conflicting_policy_id,
+      :unavailable_priorities)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The action of associating an EC2 resource, such as a subnet or
+    # internet gateway, with a route table.
+    #
+    # @!attribute [rw] description
+    #   A description of the EC2 route table that is associated with the
+    #   remediation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] route_table_id
+    #   The ID of the EC2 route table that is associated with the
+    #   remediation action.
+    #   @return [Types::ActionTarget]
+    #
+    # @!attribute [rw] subnet_id
+    #   The ID of the subnet for the EC2 route table that is associated with
+    #   the remediation action.
+    #   @return [Types::ActionTarget]
+    #
+    # @!attribute [rw] gateway_id
+    #   The ID of the gateway to be used with the EC2 route table that is
+    #   associated with the remediation action.
+    #   @return [Types::ActionTarget]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2AssociateRouteTableAction AWS API Documentation
+    #
+    class EC2AssociateRouteTableAction < Struct.new(
+      :description,
+      :route_table_id,
+      :subnet_id,
+      :gateway_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An action that copies the EC2 route table for use in remediation.
+    #
+    # @!attribute [rw] description
+    #   A description of the copied EC2 route table that is associated with
+    #   the remediation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   The VPC ID of the copied EC2 route table that is associated with the
+    #   remediation action.
+    #   @return [Types::ActionTarget]
+    #
+    # @!attribute [rw] route_table_id
+    #   The ID of the copied EC2 route table that is associated with the
+    #   remediation action.
+    #   @return [Types::ActionTarget]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2CopyRouteTableAction AWS API Documentation
+    #
+    class EC2CopyRouteTableAction < Struct.new(
+      :description,
+      :vpc_id,
+      :route_table_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the CreateRoute action in Amazon EC2.
+    #
+    # @!attribute [rw] description
+    #   A description of CreateRoute action in Amazon EC2.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_cidr_block
+    #   Information about the IPv4 CIDR address block used for the
+    #   destination match.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_prefix_list_id
+    #   Information about the ID of a prefix list used for the destination
+    #   match.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_ipv_6_cidr_block
+    #   Information about the IPv6 CIDR block destination.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_endpoint_id
+    #   Information about the ID of a VPC endpoint. Supported for Gateway
+    #   Load Balancer endpoints only.
+    #   @return [Types::ActionTarget]
+    #
+    # @!attribute [rw] gateway_id
+    #   Information about the ID of an internet gateway or virtual private
+    #   gateway attached to your VPC.
+    #   @return [Types::ActionTarget]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the ID of the route table for the route.
+    #   @return [Types::ActionTarget]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2CreateRouteAction AWS API Documentation
+    #
+    class EC2CreateRouteAction < Struct.new(
+      :description,
+      :destination_cidr_block,
+      :destination_prefix_list_id,
+      :destination_ipv_6_cidr_block,
+      :vpc_endpoint_id,
+      :gateway_id,
+      :route_table_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the CreateRouteTable action in Amazon EC2.
+    #
+    # @!attribute [rw] description
+    #   A description of the CreateRouteTable action.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   Information about the ID of a VPC.
+    #   @return [Types::ActionTarget]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2CreateRouteTableAction AWS API Documentation
+    #
+    class EC2CreateRouteTableAction < Struct.new(
+      :description,
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the DeleteRoute action in Amazon EC2.
+    #
+    # @!attribute [rw] description
+    #   A description of the DeleteRoute action.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_cidr_block
+    #   Information about the IPv4 CIDR range for the route. The value you
+    #   specify must match the CIDR for the route exactly.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_prefix_list_id
+    #   Information about the ID of the prefix list for the route.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_ipv_6_cidr_block
+    #   Information about the IPv6 CIDR range for the route. The value you
+    #   specify must match the CIDR for the route exactly.
+    #   @return [String]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the ID of the route table.
+    #   @return [Types::ActionTarget]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2DeleteRouteAction AWS API Documentation
+    #
+    class EC2DeleteRouteAction < Struct.new(
+      :description,
+      :destination_cidr_block,
+      :destination_prefix_list_id,
+      :destination_ipv_6_cidr_block,
+      :route_table_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the ReplaceRoute action in Amazon EC2.
+    #
+    # @!attribute [rw] description
+    #   A description of the ReplaceRoute action in Amazon EC2.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_cidr_block
+    #   Information about the IPv4 CIDR address block used for the
+    #   destination match. The value that you provide must match the CIDR of
+    #   an existing route in the table.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_prefix_list_id
+    #   Information about the ID of the prefix list for the route.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_ipv_6_cidr_block
+    #   Information about the IPv6 CIDR address block used for the
+    #   destination match. The value that you provide must match the CIDR of
+    #   an existing route in the table.
+    #   @return [String]
+    #
+    # @!attribute [rw] gateway_id
+    #   Information about the ID of an internet gateway or virtual private
+    #   gateway.
+    #   @return [Types::ActionTarget]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the ID of the route table.
+    #   @return [Types::ActionTarget]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2ReplaceRouteAction AWS API Documentation
+    #
+    class EC2ReplaceRouteAction < Struct.new(
+      :description,
+      :destination_cidr_block,
+      :destination_prefix_list_id,
+      :destination_ipv_6_cidr_block,
+      :gateway_id,
+      :route_table_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about the ReplaceRouteTableAssociation action in Amazon
+    # EC2.
+    #
+    # @!attribute [rw] description
+    #   A description of the ReplaceRouteTableAssociation action in Amazon
+    #   EC2.
+    #   @return [String]
+    #
+    # @!attribute [rw] association_id
+    #   Information about the association ID.
+    #   @return [Types::ActionTarget]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the ID of the new route table to associate with
+    #   the subnet.
+    #   @return [Types::ActionTarget]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2ReplaceRouteTableAssociationAction AWS API Documentation
+    #
+    class EC2ReplaceRouteTableAssociationAction < Struct.new(
+      :description,
+      :association_id,
+      :route_table_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the compliance status for the account. An account is
     # considered noncompliant if it includes resources that are not
     # protected by the specified policy or that don't comply with the
     # policy.
     #
     # @!attribute [rw] compliance_status
-    #   Describes an AWS account's compliance with the AWS Firewall Manager
-    #   policy.
+    #   Describes an Amazon Web Services account's compliance with the
+    #   Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] violator_count
     #   The number of resources that are noncompliant with the specified
-    #   policy. For AWS WAF and Shield Advanced policies, a resource is
+    #   policy. For WAF and Shield Advanced policies, a resource is
     #   considered noncompliant if it is not associated with the policy. For
     #   security group policies, a resource is considered noncompliant if it
     #   doesn't comply with the rules of the policy and remediation is
@@ -414,8 +757,8 @@ module Aws::FMS
     #   @return [Integer]
     #
     # @!attribute [rw] evaluation_limit_exceeded
-    #   Indicates that over 100 resources are noncompliant with the AWS
-    #   Firewall Manager policy.
+    #   Indicates that over 100 resources are noncompliant with the Firewall
+    #   Manager policy.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EvaluationResult AWS API Documentation
@@ -428,6 +771,45 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # Information about the expected route in the route table.
+    #
+    # @!attribute [rw] ip_v4_cidr
+    #   Information about the IPv4 CIDR block.
+    #   @return [String]
+    #
+    # @!attribute [rw] prefix_list_id
+    #   Information about the ID of the prefix list for the route.
+    #   @return [String]
+    #
+    # @!attribute [rw] ip_v6_cidr
+    #   Information about the IPv6 CIDR block.
+    #   @return [String]
+    #
+    # @!attribute [rw] contributing_subnets
+    #   Information about the contributing subnets.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] allowed_targets
+    #   Information about the allowed targets.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the route table ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ExpectedRoute AWS API Documentation
+    #
+    class ExpectedRoute < Struct.new(
+      :ip_v4_cidr,
+      :prefix_list_id,
+      :ip_v6_cidr,
+      :contributing_subnets,
+      :allowed_targets,
+      :route_table_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountRequest AWS API Documentation
@@ -435,13 +817,13 @@ module Aws::FMS
     class GetAdminAccountRequest < Aws::EmptyStructure; end
 
     # @!attribute [rw] admin_account
-    #   The AWS account that is set as the AWS Firewall Manager
+    #   The Amazon Web Services account that is set as the Firewall Manager
     #   administrator.
     #   @return [String]
     #
     # @!attribute [rw] role_status
-    #   The status of the AWS account that you set as the AWS Firewall
-    #   Manager administrator.
+    #   The status of the Amazon Web Services account that you set as the
+    #   Firewall Manager administrator.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountResponse AWS API Documentation
@@ -462,13 +844,13 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] list_id
-    #   The ID of the AWS Firewall Manager applications list that you want
-    #   the details for.
+    #   The ID of the Firewall Manager applications list that you want the
+    #   details for.
     #   @return [String]
     #
     # @!attribute [rw] default_list
     #   Specifies whether the list to retrieve is a default list owned by
-    #   AWS Firewall Manager.
+    #   Firewall Manager.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListRequest AWS API Documentation
@@ -481,8 +863,7 @@ module Aws::FMS
     end
 
     # @!attribute [rw] apps_list
-    #   Information about the specified AWS Firewall Manager applications
-    #   list.
+    #   Information about the specified Firewall Manager applications list.
     #   @return [Types::AppsListData]
     #
     # @!attribute [rw] apps_list_arn
@@ -512,8 +893,8 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] member_account
-    #   The AWS account that owns the resources that you want to get the
-    #   details for.
+    #   The Amazon Web Services account that owns the resources that you
+    #   want to get the details for.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetComplianceDetailRequest AWS API Documentation
@@ -545,12 +926,12 @@ module Aws::FMS
     class GetNotificationChannelRequest < Aws::EmptyStructure; end
 
     # @!attribute [rw] sns_topic_arn
-    #   The SNS topic that records AWS Firewall Manager activity.
+    #   The SNS topic that records Firewall Manager activity.
     #   @return [String]
     #
     # @!attribute [rw] sns_role_name
-    #   The IAM role that is used by AWS Firewall Manager to record activity
-    #   to SNS.
+    #   The IAM role that is used by Firewall Manager to record activity to
+    #   SNS.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetNotificationChannelResponse AWS API Documentation
@@ -570,8 +951,7 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy_id
-    #   The ID of the AWS Firewall Manager policy that you want the details
-    #   for.
+    #   The ID of the Firewall Manager policy that you want the details for.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetPolicyRequest AWS API Documentation
@@ -583,7 +963,7 @@ module Aws::FMS
     end
 
     # @!attribute [rw] policy
-    #   Information about the specified AWS Firewall Manager policy.
+    #   Information about the specified Firewall Manager policy.
     #   @return [Types::Policy]
     #
     # @!attribute [rw] policy_arn
@@ -617,37 +997,37 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] member_account_id
-    #   The AWS account that is in scope of the policy that you want to get
-    #   the details for.
+    #   The Amazon Web Services account that is in scope of the policy that
+    #   you want to get the details for.
     #   @return [String]
     #
     # @!attribute [rw] start_time
     #   The start of the time period to query for the attacks. This is a
     #   `timestamp` type. The request syntax listing indicates a `number`
-    #   type because the default used by AWS Firewall Manager is Unix time
-    #   in seconds. However, any valid `timestamp` format is allowed.
+    #   type because the default used by Firewall Manager is Unix time in
+    #   seconds. However, any valid `timestamp` format is allowed.
     #   @return [Time]
     #
     # @!attribute [rw] end_time
     #   The end of the time period to query for the attacks. This is a
     #   `timestamp` type. The request syntax listing indicates a `number`
-    #   type because the default used by AWS Firewall Manager is Unix time
-    #   in seconds. However, any valid `timestamp` format is allowed.
+    #   type because the default used by Firewall Manager is Unix time in
+    #   seconds. However, any valid `timestamp` format is allowed.
     #   @return [Time]
     #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` and you have more objects
-    #   than the number that you specify for `MaxResults`, AWS Firewall
-    #   Manager returns a `NextToken` value in the response, which you can
-    #   use to retrieve another group of objects. For the second and
-    #   subsequent `GetProtectionStatus` requests, specify the value of
-    #   `NextToken` from the previous response to get information about
-    #   another batch of objects.
+    #   than the number that you specify for `MaxResults`, Firewall Manager
+    #   returns a `NextToken` value in the response, which you can use to
+    #   retrieve another group of objects. For the second and subsequent
+    #   `GetProtectionStatus` requests, specify the value of `NextToken`
+    #   from the previous response to get information about another batch of
+    #   objects.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   Specifies the number of objects that you want AWS Firewall Manager
-    #   to return for this request. If you have more objects than the number
+    #   Specifies the number of objects that you want Firewall Manager to
+    #   return for this request. If you have more objects than the number
     #   that you specify for `MaxResults`, the response includes a
     #   `NextToken` value that you can use to get another batch of objects.
     #   @return [Integer]
@@ -666,7 +1046,8 @@ module Aws::FMS
     end
 
     # @!attribute [rw] admin_account_id
-    #   The ID of the AWS Firewall administrator account for this policy.
+    #   The ID of the Firewall Manager administrator account for this
+    #   policy.
     #   @return [String]
     #
     # @!attribute [rw] service_type
@@ -697,10 +1078,10 @@ module Aws::FMS
     #   request, and specify the `NextToken` value from the response in the
     #   `NextToken` value in the next request.
     #
-    #   AWS SDKs provide auto-pagination that identify `NextToken` in a
-    #   response and make subsequent request calls automatically on your
-    #   behalf. However, this feature is not supported by
-    #   `GetProtectionStatus`. You must submit subsequent requests with
+    #   Amazon Web Services SDKs provide auto-pagination that identify
+    #   `NextToken` in a response and make subsequent request calls
+    #   automatically on your behalf. However, this feature is not supported
+    #   by `GetProtectionStatus`. You must submit subsequent requests with
     #   `NextToken` using your own processes.
     #   @return [String]
     #
@@ -724,13 +1105,13 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] list_id
-    #   The ID of the AWS Firewall Manager protocols list that you want the
+    #   The ID of the Firewall Manager protocols list that you want the
     #   details for.
     #   @return [String]
     #
     # @!attribute [rw] default_list
     #   Specifies whether the list to retrieve is a default list owned by
-    #   AWS Firewall Manager.
+    #   Firewall Manager.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListRequest AWS API Documentation
@@ -743,7 +1124,7 @@ module Aws::FMS
     end
 
     # @!attribute [rw] protocols_list
-    #   Information about the specified AWS Firewall Manager protocols list.
+    #   Information about the specified Firewall Manager protocols list.
     #   @return [Types::ProtocolsListData]
     #
     # @!attribute [rw] protocols_list_arn
@@ -770,13 +1151,12 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy_id
-    #   The ID of the AWS Firewall Manager policy that you want the details
-    #   for. This currently only supports security group content audit
-    #   policies.
+    #   The ID of the Firewall Manager policy that you want the details for.
+    #   This currently only supports security group content audit policies.
     #   @return [String]
     #
     # @!attribute [rw] member_account
-    #   The AWS account ID that you want the details for.
+    #   The Amazon Web Services account ID that you want the details for.
     #   @return [String]
     #
     # @!attribute [rw] resource_id
@@ -784,8 +1164,8 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] resource_type
-    #   The resource type. This is in the format shown in the [AWS Resource
-    #   Types Reference][1]. Supported resource types are:
+    #   The resource type. This is in the format shown in the [Amazon Web
+    #   Services Resource Types Reference][1]. Supported resource types are:
     #   `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
     #   `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`,
     #   and `AWS::EC2::Subnet`.
@@ -848,9 +1228,9 @@ module Aws::FMS
     # The operation failed because there was nothing to do or the operation
     # wasn't possible. For example, you might have submitted an
     # `AssociateAdminAccount` request for an account ID that was already set
-    # as the AWS Firewall Manager administrator. Or you might have tried to
+    # as the Firewall Manager administrator. Or you might have tried to
     # access a Region that's disabled by default, and that you need to
-    # enable for the Firewall Manager administrator account and for AWS
+    # enable for the Firewall Manager administrator account and for
     # Organizations before you can access it.
     #
     # @!attribute [rw] message
@@ -878,9 +1258,9 @@ module Aws::FMS
     end
 
     # The operation exceeds a resource limit, for example, the maximum
-    # number of `policy` objects that you can create for an AWS account. For
-    # more information, see [Firewall Manager Limits][1] in the *AWS WAF
-    # Developer Guide*.
+    # number of `policy` objects that you can create for an Amazon Web
+    # Services account. For more information, see [Firewall Manager
+    # Limits][1] in the *WAF Developer Guide*.
     #
     #
     #
@@ -908,25 +1288,25 @@ module Aws::FMS
     #
     # @!attribute [rw] default_lists
     #   Specifies whether the lists to retrieve are default lists owned by
-    #   AWS Firewall Manager.
+    #   Firewall Manager.
     #   @return [Boolean]
     #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` in your list request, and
-    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   you have more objects than the maximum, Firewall Manager returns
     #   this token in the response. For all but the first request, you
     #   provide the token returned by the prior request in the request
     #   parameters, to retrieve the next batch of objects.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   The maximum number of objects that you want Firewall Manager to
     #   return for this request. If more objects are available, in the
-    #   response, AWS Firewall Manager provides a `NextToken` value that you
-    #   can use in a subsequent call to get the next batch of objects.
+    #   response, Firewall Manager provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
     #
-    #   If you don't specify this, AWS Firewall Manager returns all
-    #   available objects.
+    #   If you don't specify this, Firewall Manager returns all available
+    #   objects.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsRequest AWS API Documentation
@@ -945,7 +1325,7 @@ module Aws::FMS
     #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` in your list request, and
-    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   you have more objects than the maximum, Firewall Manager returns
     #   this token in the response. You can use this token in subsequent
     #   requests to retrieve the next batch of objects.
     #   @return [String]
@@ -969,15 +1349,14 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy_id
-    #   The ID of the AWS Firewall Manager policy that you want the details
-    #   for.
+    #   The ID of the Firewall Manager policy that you want the details for.
     #   @return [String]
     #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` and you have more
     #   `PolicyComplianceStatus` objects than the number that you specify
-    #   for `MaxResults`, AWS Firewall Manager returns a `NextToken` value
-    #   in the response that allows you to list another group of
+    #   for `MaxResults`, Firewall Manager returns a `NextToken` value in
+    #   the response that allows you to list another group of
     #   `PolicyComplianceStatus` objects. For the second and subsequent
     #   `ListComplianceStatus` requests, specify the value of `NextToken`
     #   from the previous response to get information about another batch of
@@ -986,11 +1365,10 @@ module Aws::FMS
     #
     # @!attribute [rw] max_results
     #   Specifies the number of `PolicyComplianceStatus` objects that you
-    #   want AWS Firewall Manager to return for this request. If you have
-    #   more `PolicyComplianceStatus` objects than the number that you
-    #   specify for `MaxResults`, the response includes a `NextToken` value
-    #   that you can use to get another batch of `PolicyComplianceStatus`
-    #   objects.
+    #   want Firewall Manager to return for this request. If you have more
+    #   `PolicyComplianceStatus` objects than the number that you specify
+    #   for `MaxResults`, the response includes a `NextToken` value that you
+    #   can use to get another batch of `PolicyComplianceStatus` objects.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListComplianceStatusRequest AWS API Documentation
@@ -1035,7 +1413,7 @@ module Aws::FMS
     #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` and you have more account
-    #   IDs than the number that you specify for `MaxResults`, AWS Firewall
+    #   IDs than the number that you specify for `MaxResults`, Firewall
     #   Manager returns a `NextToken` value in the response that allows you
     #   to list another group of IDs. For the second and subsequent
     #   `ListMemberAccountsRequest` requests, specify the value of
@@ -1044,11 +1422,11 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   Specifies the number of member account IDs that you want AWS
-    #   Firewall Manager to return for this request. If you have more IDs
-    #   than the number that you specify for `MaxResults`, the response
-    #   includes a `NextToken` value that you can use to get another batch
-    #   of member account IDs.
+    #   Specifies the number of member account IDs that you want Firewall
+    #   Manager to return for this request. If you have more IDs than the
+    #   number that you specify for `MaxResults`, the response includes a
+    #   `NextToken` value that you can use to get another batch of member
+    #   account IDs.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListMemberAccountsRequest AWS API Documentation
@@ -1092,16 +1470,15 @@ module Aws::FMS
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` and you have more
     #   `PolicySummary` objects than the number that you specify for
-    #   `MaxResults`, AWS Firewall Manager returns a `NextToken` value in
-    #   the response that allows you to list another group of
-    #   `PolicySummary` objects. For the second and subsequent
-    #   `ListPolicies` requests, specify the value of `NextToken` from the
-    #   previous response to get information about another batch of
-    #   `PolicySummary` objects.
+    #   `MaxResults`, Firewall Manager returns a `NextToken` value in the
+    #   response that allows you to list another group of `PolicySummary`
+    #   objects. For the second and subsequent `ListPolicies` requests,
+    #   specify the value of `NextToken` from the previous response to get
+    #   information about another batch of `PolicySummary` objects.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   Specifies the number of `PolicySummary` objects that you want AWS
+    #   Specifies the number of `PolicySummary` objects that you want
     #   Firewall Manager to return for this request. If you have more
     #   `PolicySummary` objects than the number that you specify for
     #   `MaxResults`, the response includes a `NextToken` value that you can
@@ -1149,25 +1526,25 @@ module Aws::FMS
     #
     # @!attribute [rw] default_lists
     #   Specifies whether the lists to retrieve are default lists owned by
-    #   AWS Firewall Manager.
+    #   Firewall Manager.
     #   @return [Boolean]
     #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` in your list request, and
-    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   you have more objects than the maximum, Firewall Manager returns
     #   this token in the response. For all but the first request, you
     #   provide the token returned by the prior request in the request
     #   parameters, to retrieve the next batch of objects.
     #   @return [String]
     #
     # @!attribute [rw] max_results
-    #   The maximum number of objects that you want AWS Firewall Manager to
+    #   The maximum number of objects that you want Firewall Manager to
     #   return for this request. If more objects are available, in the
-    #   response, AWS Firewall Manager provides a `NextToken` value that you
-    #   can use in a subsequent call to get the next batch of objects.
+    #   response, Firewall Manager provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
     #
-    #   If you don't specify this, AWS Firewall Manager returns all
-    #   available objects.
+    #   If you don't specify this, Firewall Manager returns all available
+    #   objects.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsRequest AWS API Documentation
@@ -1186,7 +1563,7 @@ module Aws::FMS
     #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` in your list request, and
-    #   you have more objects than the maximum, AWS Firewall Manager returns
+    #   you have more objects than the maximum, Firewall Manager returns
     #   this token in the response. You can use this token in subsequent
     #   requests to retrieve the next batch of objects.
     #   @return [String]
@@ -1209,8 +1586,8 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
-    #   The AWS Firewall Manager resources that support tagging are
-    #   policies, applications lists, and protocols lists.
+    #   The Firewall Manager resources that support tagging are policies,
+    #   applications lists, and protocols lists.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceRequest AWS API Documentation
@@ -1233,12 +1610,220 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Violation details for AWS Network Firewall for a subnet that's not
+    # Violation detail for an internet gateway route with an inactive state
+    # in the customer subnet route table or Network Firewall subnet route
+    # table.
+    #
+    # @!attribute [rw] violation_target
+    #   The subnet that has an inactive state.
+    #   @return [String]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the route table ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] violating_routes
+    #   Information about the route or routes that are in violation.
+    #   @return [Array<Types::Route>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallBlackHoleRouteDetectedViolation AWS API Documentation
+    #
+    class NetworkFirewallBlackHoleRouteDetectedViolation < Struct.new(
+      :violation_target,
+      :route_table_id,
+      :vpc_id,
+      :violating_routes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violation detail for the subnet for which internet traffic that
+    # hasn't been inspected.
+    #
+    # @!attribute [rw] subnet_id
+    #   The subnet ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] subnet_availability_zone
+    #   The subnet Availability Zone.
+    #   @return [String]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the route table ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] violating_routes
+    #   The route or routes that are in violation.
+    #   @return [Array<Types::Route>]
+    #
+    # @!attribute [rw] is_route_table_used_in_different_az
+    #   Information about whether the route table is used in another
+    #   Availability Zone.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] current_firewall_subnet_route_table
+    #   Information about the subnet route table for the current firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_firewall_endpoint
+    #   The expected endpoint for the current firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_subnet_id
+    #   The firewall subnet ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_firewall_subnet_routes
+    #   The firewall subnet routes that are expected.
+    #   @return [Array<Types::ExpectedRoute>]
+    #
+    # @!attribute [rw] actual_firewall_subnet_routes
+    #   The actual firewall subnet routes.
+    #   @return [Array<Types::Route>]
+    #
+    # @!attribute [rw] internet_gateway_id
+    #   The internet gateway ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_internet_gateway_route_table
+    #   The current route table for the internet gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_internet_gateway_routes
+    #   The internet gateway routes that are expected.
+    #   @return [Array<Types::ExpectedRoute>]
+    #
+    # @!attribute [rw] actual_internet_gateway_routes
+    #   The actual internet gateway routes.
+    #   @return [Array<Types::Route>]
+    #
+    # @!attribute [rw] vpc_id
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallInternetTrafficNotInspectedViolation AWS API Documentation
+    #
+    class NetworkFirewallInternetTrafficNotInspectedViolation < Struct.new(
+      :subnet_id,
+      :subnet_availability_zone,
+      :route_table_id,
+      :violating_routes,
+      :is_route_table_used_in_different_az,
+      :current_firewall_subnet_route_table,
+      :expected_firewall_endpoint,
+      :firewall_subnet_id,
+      :expected_firewall_subnet_routes,
+      :actual_firewall_subnet_routes,
+      :internet_gateway_id,
+      :current_internet_gateway_route_table,
+      :expected_internet_gateway_routes,
+      :actual_internet_gateway_routes,
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violation detail for the improperly configured subnet route. It's
+    # possible there is a missing route table route, or a configuration that
+    # causes traffic to cross an Availability Zone boundary.
+    #
+    # @!attribute [rw] affected_subnets
+    #   The subnets that are affected.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] route_table_id
+    #   The route table ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] is_route_table_used_in_different_az
+    #   Information about whether the route table is used in another
+    #   Availability Zone.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] violating_route
+    #   The route that's in violation.
+    #   @return [Types::Route]
+    #
+    # @!attribute [rw] current_firewall_subnet_route_table
+    #   The subnet route table for the current firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_firewall_endpoint
+    #   The firewall endpoint that's expected.
+    #   @return [String]
+    #
+    # @!attribute [rw] actual_firewall_endpoint
+    #   The actual firewall endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_firewall_subnet_id
+    #   The expected subnet ID for the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] actual_firewall_subnet_id
+    #   The actual subnet ID for the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_firewall_subnet_routes
+    #   The firewall subnet routes that are expected.
+    #   @return [Array<Types::ExpectedRoute>]
+    #
+    # @!attribute [rw] actual_firewall_subnet_routes
+    #   The actual firewall subnet routes that are expected.
+    #   @return [Array<Types::Route>]
+    #
+    # @!attribute [rw] internet_gateway_id
+    #   The internet gateway ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_internet_gateway_route_table
+    #   The route table for the current internet gateway.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_internet_gateway_routes
+    #   The expected routes for the internet gateway.
+    #   @return [Array<Types::ExpectedRoute>]
+    #
+    # @!attribute [rw] actual_internet_gateway_routes
+    #   The actual internet gateway routes.
+    #   @return [Array<Types::Route>]
+    #
+    # @!attribute [rw] vpc_id
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallInvalidRouteConfigurationViolation AWS API Documentation
+    #
+    class NetworkFirewallInvalidRouteConfigurationViolation < Struct.new(
+      :affected_subnets,
+      :route_table_id,
+      :is_route_table_used_in_different_az,
+      :violating_route,
+      :current_firewall_subnet_route_table,
+      :expected_firewall_endpoint,
+      :actual_firewall_endpoint,
+      :expected_firewall_subnet_id,
+      :actual_firewall_subnet_id,
+      :expected_firewall_subnet_routes,
+      :actual_firewall_subnet_routes,
+      :internet_gateway_id,
+      :current_internet_gateway_route_table,
+      :expected_internet_gateway_routes,
+      :actual_internet_gateway_routes,
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violation detail for Network Firewall for a subnet that's not
     # associated to the expected Firewall Manager managed route table.
     #
     # @!attribute [rw] violation_target
-    #   The ID of the AWS Network Firewall or VPC resource that's in
-    #   violation.
+    #   The ID of the Network Firewall or VPC resource that's in violation.
     #   @return [String]
     #
     # @!attribute [rw] vpc
@@ -1271,12 +1856,35 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Violation details for AWS Network Firewall for a subnet that doesn't
-    # have a Firewall Manager managed firewall in its VPC.
+    # Violation detail for an expected route missing in Network Firewall.
     #
     # @!attribute [rw] violation_target
-    #   The ID of the AWS Network Firewall or VPC resource that's in
-    #   violation.
+    #   The target of the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_routes
+    #   The expected routes.
+    #   @return [Array<Types::ExpectedRoute>]
+    #
+    # @!attribute [rw] vpc_id
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingExpectedRoutesViolation AWS API Documentation
+    #
+    class NetworkFirewallMissingExpectedRoutesViolation < Struct.new(
+      :violation_target,
+      :expected_routes,
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violation detail for Network Firewall for a subnet that doesn't have
+    # a Firewall Manager managed firewall in its VPC.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the Network Firewall or VPC resource that's in violation.
     #   @return [String]
     #
     # @!attribute [rw] vpc
@@ -1302,12 +1910,11 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Violation details for AWS Network Firewall for an Availability Zone
-    # that's missing the expected Firewall Manager managed subnet.
+    # Violation detail for Network Firewall for an Availability Zone that's
+    # missing the expected Firewall Manager managed subnet.
     #
     # @!attribute [rw] violation_target
-    #   The ID of the AWS Network Firewall or VPC resource that's in
-    #   violation.
+    #   The ID of the Network Firewall or VPC resource that's in violation.
     #   @return [String]
     #
     # @!attribute [rw] vpc
@@ -1333,7 +1940,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # The definition of the AWS Network Firewall firewall policy.
+    # The definition of the Network Firewall firewall policy.
     #
     # @!attribute [rw] stateless_rule_groups
     #   The stateless rule groups that are used in the Network Firewall
@@ -1372,13 +1979,12 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Violation details for AWS Network Firewall for a firewall policy that
-    # has a different NetworkFirewallPolicyDescription than is required by
-    # the Firewall Manager policy.
+    # Violation detail for Network Firewall for a firewall policy that has a
+    # different NetworkFirewallPolicyDescription than is required by the
+    # Firewall Manager policy.
     #
     # @!attribute [rw] violation_target
-    #   The ID of the AWS Network Firewall or VPC resource that's in
-    #   violation.
+    #   The ID of the Network Firewall or VPC resource that's in violation.
     #   @return [String]
     #
     # @!attribute [rw] current_policy_description
@@ -1400,12 +2006,77 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # Violation detail for an unexpected route that's present in a route
+    # table.
+    #
+    # @!attribute [rw] firewall_subnet_id
+    #   The subnet ID for the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] violating_routes
+    #   The routes that are in violation.
+    #   @return [Array<Types::Route>]
+    #
+    # @!attribute [rw] route_table_id
+    #   The ID of the route table.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_endpoint
+    #   The endpoint of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallUnexpectedFirewallRoutesViolation AWS API Documentation
+    #
+    class NetworkFirewallUnexpectedFirewallRoutesViolation < Struct.new(
+      :firewall_subnet_id,
+      :violating_routes,
+      :route_table_id,
+      :firewall_endpoint,
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Violation detail for an unexpected gateway route that’s present in a
+    # route table.
+    #
+    # @!attribute [rw] gateway_id
+    #   Information about the gateway ID.
+    #   @return [String]
+    #
+    # @!attribute [rw] violating_routes
+    #   The routes that are in violation.
+    #   @return [Array<Types::Route>]
+    #
+    # @!attribute [rw] route_table_id
+    #   Information about the route table.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   Information about the VPC ID.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallUnexpectedGatewayRoutesViolation AWS API Documentation
+    #
+    class NetworkFirewallUnexpectedGatewayRoutesViolation < Struct.new(
+      :gateway_id,
+      :violating_routes,
+      :route_table_id,
+      :vpc_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The reference rule that partially matches the `ViolationTarget` rule
     # and violation reason.
     #
     # @!attribute [rw] reference
-    #   The reference rule from the master security group of the AWS
-    #   Firewall Manager policy.
+    #   The reference rule from the primary security group of the Firewall
+    #   Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] target_violation_reasons
@@ -1421,7 +2092,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # An AWS Firewall Manager policy.
+    # An Firewall Manager policy.
     #
     # @note When making an API call, you may pass Policy
     #   data as a hash:
@@ -1431,7 +2102,7 @@ module Aws::FMS
     #         policy_name: "ResourceName", # required
     #         policy_update_token: "PolicyUpdateToken",
     #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
+    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
     #           managed_service_data: "ManagedServiceData",
     #         },
     #         resource_type: "ResourceType", # required
@@ -1453,11 +2124,11 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy_id
-    #   The ID of the AWS Firewall Manager policy.
+    #   The ID of the Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The name of the AWS Firewall Manager policy.
+    #   The name of the Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_update_token
@@ -1475,8 +2146,12 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_type
     #   The type of resource protected by or in scope of the policy. This is
-    #   in the format shown in the [AWS Resource Types Reference][1]. For
-    #   AWS WAF and Shield Advanced, examples include
+    #   in the format shown in the [Amazon Web Services Resource Types
+    #   Reference][1]. To apply this policy to multiple resource types,
+    #   specify a resource type of `ResourceTypeList` and then specify the
+    #   resource types in a `ResourceTypeList`.
+    #
+    #   For WAF and Shield Advanced, example resource types include
     #   `AWS::ElasticLoadBalancingV2::LoadBalancer` and
     #   `AWS::CloudFront::Distribution`. For a security group common policy,
     #   valid values are `AWS::EC2::NetworkInterface` and
@@ -1484,8 +2159,8 @@ module Aws::FMS
     #   valid values are `AWS::EC2::SecurityGroup`,
     #   `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
     #   security group usage audit policy, the value is
-    #   `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
-    #   value is `AWS::EC2::VPC`.
+    #   `AWS::EC2::SecurityGroup`. For an Network Firewall policy or DNS
+    #   Firewall policy, the value is `AWS::EC2::VPC`.
     #
     #
     #
@@ -1493,7 +2168,9 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] resource_type_list
-    #   An array of `ResourceType`.
+    #   An array of `ResourceType` objects. Use this only to specify
+    #   multiple resource types. To specify a single resource type, use
+    #   `ResourceType`.
     #   @return [Array<String>]
     #
     # @!attribute [rw] resource_tags
@@ -1513,18 +2190,18 @@ module Aws::FMS
     #   @return [Boolean]
     #
     # @!attribute [rw] include_map
-    #   Specifies the AWS account IDs and AWS Organizations organizational
-    #   units (OUs) to include in the policy. Specifying an OU is the
-    #   equivalent of specifying all accounts in the OU and in any of its
-    #   child OUs, including any child OUs and accounts that are added at a
-    #   later time.
+    #   Specifies the Amazon Web Services account IDs and Organizations
+    #   organizational units (OUs) to include in the policy. Specifying an
+    #   OU is the equivalent of specifying all accounts in the OU and in any
+    #   of its child OUs, including any child OUs and accounts that are
+    #   added at a later time.
     #
     #   You can specify inclusions or exclusions, but not both. If you
-    #   specify an `IncludeMap`, AWS Firewall Manager applies the policy to
-    #   all accounts specified by the `IncludeMap`, and does not evaluate
-    #   any `ExcludeMap` specifications. If you do not specify an
-    #   `IncludeMap`, then Firewall Manager applies the policy to all
-    #   accounts except for those specified by the `ExcludeMap`.
+    #   specify an `IncludeMap`, Firewall Manager applies the policy to all
+    #   accounts specified by the `IncludeMap`, and does not evaluate any
+    #   `ExcludeMap` specifications. If you do not specify an `IncludeMap`,
+    #   then Firewall Manager applies the policy to all accounts except for
+    #   those specified by the `ExcludeMap`.
     #
     #   You can specify account IDs, OUs, or a combination:
     #
@@ -1543,18 +2220,18 @@ module Aws::FMS
     #   @return [Hash<String,Array<String>>]
     #
     # @!attribute [rw] exclude_map
-    #   Specifies the AWS account IDs and AWS Organizations organizational
-    #   units (OUs) to exclude from the policy. Specifying an OU is the
-    #   equivalent of specifying all accounts in the OU and in any of its
-    #   child OUs, including any child OUs and accounts that are added at a
-    #   later time.
+    #   Specifies the Amazon Web Services account IDs and Organizations
+    #   organizational units (OUs) to exclude from the policy. Specifying an
+    #   OU is the equivalent of specifying all accounts in the OU and in any
+    #   of its child OUs, including any child OUs and accounts that are
+    #   added at a later time.
     #
     #   You can specify inclusions or exclusions, but not both. If you
-    #   specify an `IncludeMap`, AWS Firewall Manager applies the policy to
-    #   all accounts specified by the `IncludeMap`, and does not evaluate
-    #   any `ExcludeMap` specifications. If you do not specify an
-    #   `IncludeMap`, then Firewall Manager applies the policy to all
-    #   accounts except for those specified by the `ExcludeMap`.
+    #   specify an `IncludeMap`, Firewall Manager applies the policy to all
+    #   accounts specified by the `IncludeMap`, and does not evaluate any
+    #   `ExcludeMap` specifications. If you do not specify an `IncludeMap`,
+    #   then Firewall Manager applies the policy to all accounts except for
+    #   those specified by the `ExcludeMap`.
     #
     #   You can specify account IDs, OUs, or a combination:
     #
@@ -1591,31 +2268,32 @@ module Aws::FMS
     end
 
     # Describes the noncompliant resources in a member account for a
-    # specific AWS Firewall Manager policy. A maximum of 100 entries are
+    # specific Firewall Manager policy. A maximum of 100 entries are
     # displayed. If more than 100 resources are noncompliant,
     # `EvaluationLimitExceeded` is set to `True`.
     #
     # @!attribute [rw] policy_owner
-    #   The AWS account that created the AWS Firewall Manager policy.
+    #   The Amazon Web Services account that created the Firewall Manager
+    #   policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_id
-    #   The ID of the AWS Firewall Manager policy.
+    #   The ID of the Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] member_account
-    #   The AWS account ID.
+    #   The Amazon Web Services account ID.
     #   @return [String]
     #
     # @!attribute [rw] violators
-    #   An array of resources that aren't protected by the AWS WAF or
-    #   Shield Advanced policy or that aren't in compliance with the
-    #   security group policy.
+    #   An array of resources that aren't protected by the WAF or Shield
+    #   Advanced policy or that aren't in compliance with the security
+    #   group policy.
     #   @return [Array<Types::ComplianceViolator>]
     #
     # @!attribute [rw] evaluation_limit_exceeded
-    #   Indicates if over 100 resources are noncompliant with the AWS
-    #   Firewall Manager policy.
+    #   Indicates if over 100 resources are noncompliant with the Firewall
+    #   Manager policy.
     #   @return [Boolean]
     #
     # @!attribute [rw] expired_at
@@ -1624,10 +2302,9 @@ module Aws::FMS
     #   @return [Time]
     #
     # @!attribute [rw] issue_info_map
-    #   Details about problems with dependent services, such as AWS WAF or
-    #   AWS Config, that are causing a resource to be noncompliant. The
-    #   details include the name of the dependent service and the error
-    #   message received that indicates the problem with the service.
+    #   Details about problems with dependent services, such as WAF or
+    #   Config, and the error message received that indicates the problem
+    #   with the service.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyComplianceDetail AWS API Documentation
@@ -1646,20 +2323,20 @@ module Aws::FMS
 
     # Indicates whether the account is compliant with the specified policy.
     # An account is considered noncompliant if it includes resources that
-    # are not protected by the policy, for AWS WAF and Shield Advanced
-    # policies, or that are noncompliant with the policy, for security group
-    # policies.
+    # are not protected by the policy, for WAF and Shield Advanced policies,
+    # or that are noncompliant with the policy, for security group policies.
     #
     # @!attribute [rw] policy_owner
-    #   The AWS account that created the AWS Firewall Manager policy.
+    #   The Amazon Web Services account that created the Firewall Manager
+    #   policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_id
-    #   The ID of the AWS Firewall Manager policy.
+    #   The ID of the Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_name
-    #   The name of the AWS Firewall Manager policy.
+    #   The name of the Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] member_account
@@ -1675,10 +2352,9 @@ module Aws::FMS
     #   @return [Time]
     #
     # @!attribute [rw] issue_info_map
-    #   Details about problems with dependent services, such as AWS WAF or
-    #   AWS Config, that are causing a resource to be noncompliant. The
-    #   details include the name of the dependent service and the error
-    #   message received that indicates the problem with the service.
+    #   Details about problems with dependent services, such as WAF or
+    #   Config, and the error message received that indicates the problem
+    #   with the service.
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyComplianceStatus AWS API Documentation
@@ -1695,7 +2371,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Details of the AWS Firewall Manager policy.
+    # Details of the Firewall Manager policy.
     #
     # @!attribute [rw] policy_arn
     #   The Amazon Resource Name (ARN) of the specified policy.
@@ -1711,8 +2387,8 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_type
     #   The type of resource protected by or in scope of the policy. This is
-    #   in the format shown in the [AWS Resource Types Reference][1]. For
-    #   AWS WAF and Shield Advanced, examples include
+    #   in the format shown in the [Amazon Web Services Resource Types
+    #   Reference][1]. For WAF and Shield Advanced, examples include
     #   `AWS::ElasticLoadBalancingV2::LoadBalancer` and
     #   `AWS::CloudFront::Distribution`. For a security group common policy,
     #   valid values are `AWS::EC2::NetworkInterface` and
@@ -1720,8 +2396,8 @@ module Aws::FMS
     #   valid values are `AWS::EC2::SecurityGroup`,
     #   `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
     #   security group usage audit policy, the value is
-    #   `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
-    #   value is `AWS::EC2::VPC`.
+    #   `AWS::EC2::SecurityGroup`. For an Network Firewall policy or DNS
+    #   Firewall policy, the value is `AWS::EC2::VPC`.
     #
     #
     #
@@ -1730,8 +2406,8 @@ module Aws::FMS
     #
     # @!attribute [rw] security_service_type
     #   The service that the policy is using to protect the resources. This
-    #   specifies the type of policy that is created, either an AWS WAF
-    #   policy, a Shield Advanced policy, or a security group policy.
+    #   specifies the type of policy that is created, either an WAF policy,
+    #   a Shield Advanced policy, or a security group policy.
     #   @return [String]
     #
     # @!attribute [rw] remediation_enabled
@@ -1752,7 +2428,51 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # An AWS Firewall Manager protocols list.
+    # A list of remediation actions.
+    #
+    # @!attribute [rw] description
+    #   A description of the list of remediation actions.
+    #   @return [String]
+    #
+    # @!attribute [rw] ordered_remediation_actions
+    #   The ordered list of remediation actions.
+    #   @return [Array<Types::RemediationActionWithOrder>]
+    #
+    # @!attribute [rw] is_default_action
+    #   Information about whether an action is taken by default.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PossibleRemediationAction AWS API Documentation
+    #
+    class PossibleRemediationAction < Struct.new(
+      :description,
+      :ordered_remediation_actions,
+      :is_default_action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A list of possible remediation action lists. Each individual possible
+    # remediation action is a list of individual remediation actions.
+    #
+    # @!attribute [rw] description
+    #   A description of the possible remediation actions list.
+    #   @return [String]
+    #
+    # @!attribute [rw] actions
+    #   Information about the actions.
+    #   @return [Array<Types::PossibleRemediationAction>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PossibleRemediationActions AWS API Documentation
+    #
+    class PossibleRemediationActions < Struct.new(
+      :description,
+      :actions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An Firewall Manager protocols list.
     #
     # @note When making an API call, you may pass ProtocolsListData
     #   data as a hash:
@@ -1770,11 +2490,11 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] list_id
-    #   The ID of the AWS Firewall Manager protocols list.
+    #   The ID of the Firewall Manager protocols list.
     #   @return [String]
     #
     # @!attribute [rw] list_name
-    #   The name of the AWS Firewall Manager protocols list.
+    #   The name of the Firewall Manager protocols list.
     #   @return [String]
     #
     # @!attribute [rw] list_update_token
@@ -1785,16 +2505,15 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] create_time
-    #   The time that the AWS Firewall Manager protocols list was created.
+    #   The time that the Firewall Manager protocols list was created.
     #   @return [Time]
     #
     # @!attribute [rw] last_update_time
-    #   The time that the AWS Firewall Manager protocols list was last
-    #   updated.
+    #   The time that the Firewall Manager protocols list was last updated.
     #   @return [Time]
     #
     # @!attribute [rw] protocols_list
-    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   An array of protocols in the Firewall Manager protocols list.
     #   @return [Array<String>]
     #
     # @!attribute [rw] previous_protocols_list
@@ -1816,7 +2535,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # Details of the AWS Firewall Manager protocols list.
+    # Details of the Firewall Manager protocols list.
     #
     # @!attribute [rw] list_arn
     #   The Amazon Resource Name (ARN) of the specified protocols list.
@@ -1831,7 +2550,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] protocols_list
-    #   An array of protocols in the AWS Firewall Manager protocols list.
+    #   An array of protocols in the Firewall Manager protocols list.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListDataSummary AWS API Documentation
@@ -1881,8 +2600,7 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] apps_list
-    #   The details of the AWS Firewall Manager applications list to be
-    #   created.
+    #   The details of the Firewall Manager applications list to be created.
     #   @return [Types::AppsListData]
     #
     # @!attribute [rw] tag_list
@@ -1899,7 +2617,7 @@ module Aws::FMS
     end
 
     # @!attribute [rw] apps_list
-    #   The details of the AWS Firewall Manager applications list.
+    #   The details of the Firewall Manager applications list.
     #   @return [Types::AppsListData]
     #
     # @!attribute [rw] apps_list_arn
@@ -1925,12 +2643,12 @@ module Aws::FMS
     #
     # @!attribute [rw] sns_topic_arn
     #   The Amazon Resource Name (ARN) of the SNS topic that collects
-    #   notifications from AWS Firewall Manager.
+    #   notifications from Firewall Manager.
     #   @return [String]
     #
     # @!attribute [rw] sns_role_name
     #   The Amazon Resource Name (ARN) of the IAM role that allows Amazon
-    #   SNS to record AWS Firewall Manager activity.
+    #   SNS to record Firewall Manager activity.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutNotificationChannelRequest AWS API Documentation
@@ -1951,7 +2669,7 @@ module Aws::FMS
     #           policy_name: "ResourceName", # required
     #           policy_update_token: "PolicyUpdateToken",
     #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
+    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
     #             managed_service_data: "ManagedServiceData",
     #           },
     #           resource_type: "ResourceType", # required
@@ -1980,11 +2698,11 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] policy
-    #   The details of the AWS Firewall Manager policy to be created.
+    #   The details of the Firewall Manager policy to be created.
     #   @return [Types::Policy]
     #
     # @!attribute [rw] tag_list
-    #   The tags to add to the AWS resource.
+    #   The tags to add to the Amazon Web Services resource.
     #   @return [Array<Types::Tag>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicyRequest AWS API Documentation
@@ -1997,7 +2715,7 @@ module Aws::FMS
     end
 
     # @!attribute [rw] policy
-    #   The details of the AWS Firewall Manager policy.
+    #   The details of the Firewall Manager policy.
     #   @return [Types::Policy]
     #
     # @!attribute [rw] policy_arn
@@ -2037,8 +2755,7 @@ module Aws::FMS
     #       }
     #
     # @!attribute [rw] protocols_list
-    #   The details of the AWS Firewall Manager protocols list to be
-    #   created.
+    #   The details of the Firewall Manager protocols list to be created.
     #   @return [Types::ProtocolsListData]
     #
     # @!attribute [rw] tag_list
@@ -2055,7 +2772,7 @@ module Aws::FMS
     end
 
     # @!attribute [rw] protocols_list
-    #   The details of the AWS Firewall Manager protocols list.
+    #   The details of the Firewall Manager protocols list.
     #   @return [Types::ProtocolsListData]
     #
     # @!attribute [rw] protocols_list_arn
@@ -2071,6 +2788,77 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # Information about an individual action you can take to remediate a
+    # violation.
+    #
+    # @!attribute [rw] description
+    #   A description of a remediation action.
+    #   @return [String]
+    #
+    # @!attribute [rw] ec2_create_route_action
+    #   Information about the CreateRoute action in the Amazon EC2 API.
+    #   @return [Types::EC2CreateRouteAction]
+    #
+    # @!attribute [rw] ec2_replace_route_action
+    #   Information about the ReplaceRoute action in the Amazon EC2 API.
+    #   @return [Types::EC2ReplaceRouteAction]
+    #
+    # @!attribute [rw] ec2_delete_route_action
+    #   Information about the DeleteRoute action in the Amazon EC2 API.
+    #   @return [Types::EC2DeleteRouteAction]
+    #
+    # @!attribute [rw] ec2_copy_route_table_action
+    #   Information about the CopyRouteTable action in the Amazon EC2 API.
+    #   @return [Types::EC2CopyRouteTableAction]
+    #
+    # @!attribute [rw] ec2_replace_route_table_association_action
+    #   Information about the ReplaceRouteTableAssociation action in the
+    #   Amazon EC2 API.
+    #   @return [Types::EC2ReplaceRouteTableAssociationAction]
+    #
+    # @!attribute [rw] ec2_associate_route_table_action
+    #   Information about the AssociateRouteTable action in the Amazon EC2
+    #   API.
+    #   @return [Types::EC2AssociateRouteTableAction]
+    #
+    # @!attribute [rw] ec2_create_route_table_action
+    #   Information about the CreateRouteTable action in the Amazon EC2 API.
+    #   @return [Types::EC2CreateRouteTableAction]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RemediationAction AWS API Documentation
+    #
+    class RemediationAction < Struct.new(
+      :description,
+      :ec2_create_route_action,
+      :ec2_replace_route_action,
+      :ec2_delete_route_action,
+      :ec2_copy_route_table_action,
+      :ec2_replace_route_table_association_action,
+      :ec2_associate_route_table_action,
+      :ec2_create_route_table_action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An ordered list of actions you can take to remediate a violation.
+    #
+    # @!attribute [rw] remediation_action
+    #   Information about an action you can take to remediate a violation.
+    #   @return [Types::RemediationAction]
+    #
+    # @!attribute [rw] order
+    #   The order of the remediation actions in the list.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RemediationActionWithOrder AWS API Documentation
+    #
+    class RemediationActionWithOrder < Struct.new(
+      :remediation_action,
+      :order)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The specified resource was not found.
     #
     # @!attribute [rw] message
@@ -2084,9 +2872,9 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # The resource tags that AWS Firewall Manager uses to determine if a
-    # particular resource should be included or excluded from the AWS
-    # Firewall Manager policy. Tags enable you to categorize your AWS
+    # The resource tags that Firewall Manager uses to determine if a
+    # particular resource should be included or excluded from the Firewall
+    # Manager policy. Tags enable you to categorize your Amazon Web Services
     # resources in different ways, for example, by purpose, owner, or
     # environment. Each tag consists of a key and an optional value.
     # Firewall Manager combines the tags with "AND" so that, if you add
@@ -2126,15 +2914,15 @@ module Aws::FMS
     # Violation detail based on resource type.
     #
     # @!attribute [rw] aws_vpc_security_group_violation
-    #   Violation details for security groups.
+    #   Violation detail for security groups.
     #   @return [Types::AwsVPCSecurityGroupViolation]
     #
     # @!attribute [rw] aws_ec2_network_interface_violation
-    #   Violation details for network interface.
+    #   Violation detail for a network interface.
     #   @return [Types::AwsEc2NetworkInterfaceViolation]
     #
     # @!attribute [rw] aws_ec2_instance_violation
-    #   Violation details for an EC2 instance.
+    #   Violation detail for an EC2 instance.
     #   @return [Types::AwsEc2InstanceViolation]
     #
     # @!attribute [rw] network_firewall_missing_firewall_violation
@@ -2162,6 +2950,58 @@ module Aws::FMS
     #   stateless rule group, or changed a policy default action.
     #   @return [Types::NetworkFirewallPolicyModifiedViolation]
     #
+    # @!attribute [rw] network_firewall_internet_traffic_not_inspected_violation
+    #   Violation detail for the subnet for which internet traffic hasn't
+    #   been inspected.
+    #   @return [Types::NetworkFirewallInternetTrafficNotInspectedViolation]
+    #
+    # @!attribute [rw] network_firewall_invalid_route_configuration_violation
+    #   The route configuration is invalid.
+    #   @return [Types::NetworkFirewallInvalidRouteConfigurationViolation]
+    #
+    # @!attribute [rw] network_firewall_black_hole_route_detected_violation
+    #   Violation detail for an internet gateway route with an inactive
+    #   state in the customer subnet route table or Network Firewall subnet
+    #   route table.
+    #   @return [Types::NetworkFirewallBlackHoleRouteDetectedViolation]
+    #
+    # @!attribute [rw] network_firewall_unexpected_firewall_routes_violation
+    #   There's an unexpected firewall route.
+    #   @return [Types::NetworkFirewallUnexpectedFirewallRoutesViolation]
+    #
+    # @!attribute [rw] network_firewall_unexpected_gateway_routes_violation
+    #   There's an unexpected gateway route.
+    #   @return [Types::NetworkFirewallUnexpectedGatewayRoutesViolation]
+    #
+    # @!attribute [rw] network_firewall_missing_expected_routes_violation
+    #   Expected routes are missing from Network Firewall.
+    #   @return [Types::NetworkFirewallMissingExpectedRoutesViolation]
+    #
+    # @!attribute [rw] dns_rule_group_priority_conflict_violation
+    #   Violation detail for a DNS Firewall policy that indicates that a
+    #   rule group that Firewall Manager tried to associate with a VPC has
+    #   the same priority as a rule group that's already associated.
+    #   @return [Types::DnsRuleGroupPriorityConflictViolation]
+    #
+    # @!attribute [rw] dns_duplicate_rule_group_violation
+    #   Violation detail for a DNS Firewall policy that indicates that a
+    #   rule group that Firewall Manager tried to associate with a VPC is
+    #   already associated with the VPC and can't be associated again.
+    #   @return [Types::DnsDuplicateRuleGroupViolation]
+    #
+    # @!attribute [rw] dns_rule_group_limit_exceeded_violation
+    #   Violation detail for a DNS Firewall policy that indicates that the
+    #   VPC reached the limit for associated DNS Firewall rule groups.
+    #   Firewall Manager tried to associate another rule group with the VPC
+    #   and failed.
+    #   @return [Types::DnsRuleGroupLimitExceededViolation]
+    #
+    # @!attribute [rw] possible_remediation_actions
+    #   A list of possible remediation action lists. Each individual
+    #   possible remediation action is a list of individual remediation
+    #   actions.
+    #   @return [Types::PossibleRemediationActions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
     #
     class ResourceViolation < Struct.new(
@@ -2171,7 +3011,46 @@ module Aws::FMS
       :network_firewall_missing_firewall_violation,
       :network_firewall_missing_subnet_violation,
       :network_firewall_missing_expected_rt_violation,
-      :network_firewall_policy_modified_violation)
+      :network_firewall_policy_modified_violation,
+      :network_firewall_internet_traffic_not_inspected_violation,
+      :network_firewall_invalid_route_configuration_violation,
+      :network_firewall_black_hole_route_detected_violation,
+      :network_firewall_unexpected_firewall_routes_violation,
+      :network_firewall_unexpected_gateway_routes_violation,
+      :network_firewall_missing_expected_routes_violation,
+      :dns_rule_group_priority_conflict_violation,
+      :dns_duplicate_rule_group_violation,
+      :dns_rule_group_limit_exceeded_violation,
+      :possible_remediation_actions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes a route in a route table.
+    #
+    # @!attribute [rw] destination_type
+    #   The type of destination for the route.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_type
+    #   The type of target for the route.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination
+    #   The destination of the route.
+    #   @return [String]
+    #
+    # @!attribute [rw] target
+    #   The route's target.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Route AWS API Documentation
+    #
+    class Route < Struct.new(
+      :destination_type,
+      :target_type,
+      :destination,
+      :target)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2255,18 +3134,18 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #       }
     #
     # @!attribute [rw] type
     #   The service that the policy is using to protect the resources. This
-    #   specifies the type of policy that is created, either an AWS WAF
-    #   policy, a Shield Advanced policy, or a security group policy. For
-    #   security group policies, Firewall Manager supports one security
-    #   group for each common policy and for each content audit policy. This
-    #   is an adjustable limit that you can increase by contacting AWS
-    #   Support.
+    #   specifies the type of policy that is created, either an WAF policy,
+    #   a Shield Advanced policy, or a security group policy. For security
+    #   group policies, Firewall Manager supports one security group for
+    #   each common policy and for each content audit policy. This is an
+    #   adjustable limit that you can increase by contacting Amazon Web
+    #   Services Support.
     #   @return [String]
     #
     # @!attribute [rw] managed_service_data
@@ -2274,6 +3153,10 @@ module Aws::FMS
     #   JSON format. For service type `SHIELD_ADVANCED`, this is an empty
     #   string.
     #
+    #   * Example: `DNS_FIREWALL`
+    #
+    #     `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
+    #
     #   * Example: `NETWORK_FIREWALL`
     #
     #     `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2","priority":10\}],"networkFirewallStatelessDefaultActions":["aws:pass","custom1"],"networkFirewallStatelessFragmentDefaultActions":["custom2","aws:pass"],"networkFirewallStatelessCustomActions":[\{"actionName":"custom1","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension1"\}]\}\}\},\{"actionName":"custom2","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension2"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":true,"allowedIPV4CidrList":["10.24.34.0/28"]\}
@@ -2301,6 +3184,13 @@ module Aws::FMS
     #     "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
     #     sg-000e55995d61a06bd"\}]\}"`
     #
+    #   * Example: Shared VPCs. Apply the preceding policy to resources in
+    #     shared VPCs as well as to those in VPCs that the account owns
+    #
+    #     `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
+    #     "applyToAllEC2InstanceENIs":false,"includeSharedVPC":true,"securityGroups":[\{"id":"
+    #     sg-000e55995d61a06bd"\}]\}"`
+    #
     #   * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
     #
     #     `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
@@ -2326,7 +3216,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # AWS Network Firewall stateful rule group, used in a
+    # Network Firewall stateful rule group, used in a
     # NetworkFirewallPolicyDescription.
     #
     # @!attribute [rw] rule_group_name
@@ -2346,7 +3236,7 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # AWS Network Firewall stateless rule group, used in a
+    # Network Firewall stateless rule group, used in a
     # NetworkFirewallPolicyDescription.
     #
     # @!attribute [rw] rule_group_name
@@ -2358,7 +3248,7 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] priority
-    #   The priority of the rule group. AWS Network Firewall evaluates the
+    #   The priority of the rule group. Network Firewall evaluates the
     #   stateless rule groups in a firewall policy starting from the lowest
     #   priority setting.
     #   @return [Integer]
@@ -2373,12 +3263,12 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # A collection of key:value pairs associated with an AWS resource. The
-    # key:value pair can be anything you define. Typically, the tag key
-    # represents a category (such as "environment") and the tag value
-    # represents a specific value within that category (such as "test,"
-    # "development," or "production"). You can add up to 50 tags to each
-    # AWS resource.
+    # A collection of key:value pairs associated with an Amazon Web Services
+    # resource. The key:value pair can be anything you define. Typically,
+    # the tag key represents a category (such as "environment") and the
+    # tag value represents a specific value within that category (such as
+    # "test," "development," or "production"). You can add up to 50
+    # tags to each Amazon Web Services resource.
     #
     # @note When making an API call, you may pass Tag
     #   data as a hash:
@@ -2424,8 +3314,8 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
-    #   The AWS Firewall Manager resources that support tagging are
-    #   policies, applications lists, and protocols lists.
+    #   The Firewall Manager resources that support tagging are policies,
+    #   applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_list
@@ -2455,8 +3345,8 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
-    #   The AWS Firewall Manager resources that support tagging are
-    #   policies, applications lists, and protocols lists.
+    #   The Firewall Manager resources that support tagging are policies,
+    #   applications lists, and protocols lists.
     #   @return [String]
     #
     # @!attribute [rw] tag_keys
@@ -2476,16 +3366,17 @@ module Aws::FMS
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
-    # Violations for a resource based on the specified AWS Firewall Manager
-    # policy and AWS account.
+    # Violations for a resource based on the specified Firewall Manager
+    # policy and Amazon Web Services account.
     #
     # @!attribute [rw] policy_id
-    #   The ID of the AWS Firewall Manager policy that the violation details
+    #   The ID of the Firewall Manager policy that the violation details
     #   were requested for.
     #   @return [String]
     #
     # @!attribute [rw] member_account
-    #   The AWS account that the violation details were requested for.
+    #   The Amazon Web Services account that the violation details were
+    #   requested for.
     #   @return [String]
     #
     # @!attribute [rw] resource_id