RubyGems - aws-sdk-fms - Versions diffs - 1.48.0 → 1.49.0 - Mend

aws-sdk-fms 1.48.0 → 1.49.0

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-fms/client.rb +182 -10
data/lib/aws-sdk-fms/client_api.rb +141 -0
data/lib/aws-sdk-fms/types.rb +467 -26
data/lib/aws-sdk-fms.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fe1856b2e7db71ec8c271606d37bf76353ca984e90989e79ff8b135c213ec108
-  data.tar.gz: 276edd6276e83d327b817785a38be6a3fde6899604fbd7530ed5ea99038092e0
+  metadata.gz: 16ed215f917debd6e77e26d7aa5c7cb99079aac3b1189cbdb39b10d0ab0dec9d
+  data.tar.gz: 358cf904a9452d3a0b5c0a8cc5de573b6c01e1c7f4429298fd8d85ba43e03092
 SHA512:
-  metadata.gz: e9781f9af09f7b87593143da3daae257adc24f9cdb28824f09faa3b0e110ae87fb7965897a7663848e7e841e6e51542078b0bc50d80923d9f89d185fefa5d7de
-  data.tar.gz: 2ef93a5e9c63b64ea4c8051deb6a1548a1dac2995468feb6e63349e556800cfd0c2ef0a4312033e4b5d8db36700a8739215d940188c032f09d61bf76fcb0afdd
+  metadata.gz: c03589c37e3610e2ff989687a357302d0dcebbbd8cea89bf3da2537ecf122a8187a853b25c706416ab9bd78dc6b16177e39173223ecab23155dd716ec5343d8b
+  data.tar.gz: 957c9504c4d7a4af2850d23587aa67c96b60c332fdcc51e22115ee4ab5bd79b0640c1c6e5f0c8c80efeeca1db8c71af551cbb5d6b9dee69ed75d4a6efff16a74

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.49.0 (2022-03-30)
+------------------
+* Feature - AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models.
 1.48.0 (2022-02-24)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.48.0
1	+ 1.49.0

data/lib/aws-sdk-fms/client.rb CHANGED Viewed

@@ -397,6 +397,37 @@ module Aws::FMS
       req.send_request(options)
     end
+    # Sets the Firewall Manager policy administrator as a tenant
+    # administrator of a third-party firewall service. A tenant is an
+    # instance of the third-party firewall service that's associated with
+    # your Amazon Web Services customer account.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @return [Types::AssociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_third_party_firewall({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewall AWS API Documentation
+    #
+    # @overload associate_third_party_firewall(params = {})
+    # @param [Hash] params ({})
+    def associate_third_party_firewall(params = {}, options = {})
+      req = build_request(:associate_third_party_firewall, params)
+      req.send_request(options)
+    end
     # Permanently deletes an Firewall Manager applications list.
     #
     # @option params [required, String] :list_id
@@ -528,6 +559,37 @@ module Aws::FMS
       req.send_request(options)
     end
+    # Disassociates a Firewall Manager policy administrator from a
+    # third-party firewall tenant. When you call
+    # `DisassociateThirdPartyFirewall`, the third-party firewall vendor
+    # deletes all of the firewalls that are associated with the account.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @return [Types::DisassociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisassociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_third_party_firewall({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewall AWS API Documentation
+    #
+    # @overload disassociate_third_party_firewall(params = {})
+    # @param [Hash] params ({})
+    def disassociate_third_party_firewall(params = {}, options = {})
+      req = build_request(:disassociate_third_party_firewall, params)
+      req.send_request(options)
+    end
     # Returns the Organizations account that is associated with Firewall
     # Manager as the Firewall Manager administrator.
     #
@@ -648,7 +710,7 @@ module Aws::FMS
     #   resp.policy_compliance_detail.member_account #=> String
     #   resp.policy_compliance_detail.violators #=> Array
     #   resp.policy_compliance_detail.violators[0].resource_id #=> String
-    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT"
+    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT"
     #   resp.policy_compliance_detail.violators[0].resource_type #=> String
     #   resp.policy_compliance_detail.violators[0].metadata #=> Hash
     #   resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String
@@ -709,9 +771,10 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
-    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED"
+    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
+    #   resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
     #   resp.policy.resource_type_list[0] #=> String
@@ -797,7 +860,7 @@ module Aws::FMS
     # @example Response structure
     #
     #   resp.admin_account_id #=> String
-    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.data #=> String
     #   resp.next_token #=> String
     #
@@ -856,6 +919,37 @@ module Aws::FMS
       req.send_request(options)
     end
+    # The onboarding status of a Firewall Manager admin account to
+    # third-party firewall vendor tenant.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @return [Types::GetThirdPartyFirewallAssociationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetThirdPartyFirewallAssociationStatusResponse#third_party_firewall_status #third_party_firewall_status} => String
+    #   * {Types::GetThirdPartyFirewallAssociationStatusResponse#marketplace_onboarding_status #marketplace_onboarding_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_third_party_firewall_association_status({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
+    #   resp.marketplace_onboarding_status #=> String, one of "NO_SUBSCRIPTION", "NOT_COMPLETE", "COMPLETE"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus AWS API Documentation
+    #
+    # @overload get_third_party_firewall_association_status(params = {})
+    # @param [Hash] params ({})
+    def get_third_party_firewall_association_status(params = {}, options = {})
+      req = build_request(:get_third_party_firewall_association_status, params)
+      req.send_request(options)
+    end
     # Retrieves violations for a resource based on the specified Firewall
     # Manager policy and Amazon Web Services account.
     #
@@ -1180,6 +1274,23 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
     #   resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination #=> String
     #   resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.current_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.expected_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.firewall_subnet_id #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.vpc_id #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone_id #=> String
     #   resp.violation_detail.resource_tags #=> Array
     #   resp.violation_detail.resource_tags[0].key #=> String
     #   resp.violation_detail.resource_tags[0].value #=> String
@@ -1406,7 +1517,7 @@ module Aws::FMS
     #   resp.policy_list[0].policy_id #=> String
     #   resp.policy_list[0].policy_name #=> String
     #   resp.policy_list[0].resource_type #=> String
-    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.policy_list[0].remediation_enabled #=> Boolean
     #   resp.policy_list[0].delete_unused_fm_managed_resources #=> Boolean
     #   resp.next_token #=> String
@@ -1509,6 +1620,63 @@ module Aws::FMS
       req.send_request(options)
     end
+    # Retrieves a list of all of the third-party firewall policies that are
+    # associated with the third-party firewall administrator's account.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @option params [String] :next_token
+    #   If the previous response included a `NextToken` element, the specified
+    #   third-party firewall vendor is associated with more third-party
+    #   firewall policies. To get more third-party firewall policies, submit
+    #   another `ListThirdPartyFirewallFirewallPoliciesRequest` request.
+    #
+    #   For the value of `NextToken`, specify the value of `NextToken` from
+    #   the previous response. If the previous response didn't include a
+    #   `NextToken` element, there are no more third-party firewall policies
+    #   to get.
+    #
+    # @option params [required, Integer] :max_results
+    #   The maximum number of third-party firewall policies that you want
+    #   Firewall Manager to return. If the specified third-party firewall
+    #   vendor is associated with more than `MaxResults` firewall policies,
+    #   the response includes a `NextToken` element. `NextToken` contains an
+    #   encrypted token that identifies the first third-party firewall
+    #   policies that Firewall Manager will return if you submit another
+    #   request.
+    #
+    # @return [Types::ListThirdPartyFirewallFirewallPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#third_party_firewall_firewall_policies #third_party_firewall_firewall_policies} => Array&lt;Types::ThirdPartyFirewallFirewallPolicy&gt;
+    #   * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_third_party_firewall_firewall_policies({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #     next_token: "PaginationToken",
+    #     max_results: 1, # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_firewall_policies #=> Array
+    #   resp.third_party_firewall_firewall_policies[0].firewall_policy_id #=> String
+    #   resp.third_party_firewall_firewall_policies[0].firewall_policy_name #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies AWS API Documentation
+    #
+    # @overload list_third_party_firewall_firewall_policies(params = {})
+    # @param [Hash] params ({})
+    def list_third_party_firewall_firewall_policies(params = {}, options = {})
+      req = build_request(:list_third_party_firewall_firewall_policies, params)
+      req.send_request(options)
+    end
     # Creates an Firewall Manager applications list.
     #
     # @option params [required, Types::AppsListData] :apps_list
@@ -1675,11 +1843,14 @@ module Aws::FMS
     #       policy_name: "ResourceName", # required
     #       policy_update_token: "PolicyUpdateToken",
     #       security_service_policy_data: { # required
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #         policy_option: {
     #           network_firewall_policy: {
-    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #           },
+    #           third_party_firewall_policy: {
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #           },
     #         },
     #       },
@@ -1714,9 +1885,10 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
-    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED"
+    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
+    #   resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
     #   resp.policy.resource_type_list[0] #=> String
@@ -1875,7 +2047,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.48.0'
+      context[:gem_version] = '1.49.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-fms/client_api.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module Aws::FMS
     AppsListDataSummary = Shapes::StructureShape.new(name: 'AppsListDataSummary')
     AppsListsData = Shapes::ListShape.new(name: 'AppsListsData')
     AssociateAdminAccountRequest = Shapes::StructureShape.new(name: 'AssociateAdminAccountRequest')
+    AssociateThirdPartyFirewallRequest = Shapes::StructureShape.new(name: 'AssociateThirdPartyFirewallRequest')
+    AssociateThirdPartyFirewallResponse = Shapes::StructureShape.new(name: 'AssociateThirdPartyFirewallResponse')
     AwsEc2InstanceViolation = Shapes::StructureShape.new(name: 'AwsEc2InstanceViolation')
     AwsEc2NetworkInterfaceViolation = Shapes::StructureShape.new(name: 'AwsEc2NetworkInterfaceViolation')
     AwsEc2NetworkInterfaceViolations = Shapes::ListShape.new(name: 'AwsEc2NetworkInterfaceViolations')
@@ -44,6 +46,8 @@ module Aws::FMS
     DestinationType = Shapes::StringShape.new(name: 'DestinationType')
     DetailedInfo = Shapes::StringShape.new(name: 'DetailedInfo')
     DisassociateAdminAccountRequest = Shapes::StructureShape.new(name: 'DisassociateAdminAccountRequest')
+    DisassociateThirdPartyFirewallRequest = Shapes::StructureShape.new(name: 'DisassociateThirdPartyFirewallRequest')
+    DisassociateThirdPartyFirewallResponse = Shapes::StructureShape.new(name: 'DisassociateThirdPartyFirewallResponse')
     DnsDuplicateRuleGroupViolation = Shapes::StructureShape.new(name: 'DnsDuplicateRuleGroupViolation')
     DnsRuleGroupLimitExceededViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupLimitExceededViolation')
     DnsRuleGroupPriorities = Shapes::ListShape.new(name: 'DnsRuleGroupPriorities')
@@ -63,7 +67,10 @@ module Aws::FMS
     ExpectedRoutes = Shapes::ListShape.new(name: 'ExpectedRoutes')
     FMSPolicyUpdateFirewallCreationConfigAction = Shapes::StructureShape.new(name: 'FMSPolicyUpdateFirewallCreationConfigAction')
     FirewallDeploymentModel = Shapes::StringShape.new(name: 'FirewallDeploymentModel')
+    FirewallPolicyId = Shapes::StringShape.new(name: 'FirewallPolicyId')
+    FirewallPolicyName = Shapes::StringShape.new(name: 'FirewallPolicyName')
     FirewallSubnetIsOutOfScopeViolation = Shapes::StructureShape.new(name: 'FirewallSubnetIsOutOfScopeViolation')
+    FirewallSubnetMissingVPCEndpointViolation = Shapes::StructureShape.new(name: 'FirewallSubnetMissingVPCEndpointViolation')
     GetAdminAccountRequest = Shapes::StructureShape.new(name: 'GetAdminAccountRequest')
     GetAdminAccountResponse = Shapes::StructureShape.new(name: 'GetAdminAccountResponse')
     GetAppsListRequest = Shapes::StructureShape.new(name: 'GetAppsListRequest')
@@ -78,6 +85,8 @@ module Aws::FMS
     GetProtectionStatusResponse = Shapes::StructureShape.new(name: 'GetProtectionStatusResponse')
     GetProtocolsListRequest = Shapes::StructureShape.new(name: 'GetProtocolsListRequest')
     GetProtocolsListResponse = Shapes::StructureShape.new(name: 'GetProtocolsListResponse')
+    GetThirdPartyFirewallAssociationStatusRequest = Shapes::StructureShape.new(name: 'GetThirdPartyFirewallAssociationStatusRequest')
+    GetThirdPartyFirewallAssociationStatusResponse = Shapes::StructureShape.new(name: 'GetThirdPartyFirewallAssociationStatusResponse')
     GetViolationDetailsRequest = Shapes::StructureShape.new(name: 'GetViolationDetailsRequest')
     GetViolationDetailsResponse = Shapes::StructureShape.new(name: 'GetViolationDetailsResponse')
     IPPortNumber = Shapes::IntegerShape.new(name: 'IPPortNumber')
@@ -102,7 +111,10 @@ module Aws::FMS
     ListProtocolsListsResponse = Shapes::StructureShape.new(name: 'ListProtocolsListsResponse')
     ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
+    ListThirdPartyFirewallFirewallPoliciesRequest = Shapes::StructureShape.new(name: 'ListThirdPartyFirewallFirewallPoliciesRequest')
+    ListThirdPartyFirewallFirewallPoliciesResponse = Shapes::StructureShape.new(name: 'ListThirdPartyFirewallFirewallPoliciesResponse')
     ManagedServiceData = Shapes::StringShape.new(name: 'ManagedServiceData')
+    MarketplaceSubscriptionOnboardingStatus = Shapes::StringShape.new(name: 'MarketplaceSubscriptionOnboardingStatus')
     MemberAccounts = Shapes::ListShape.new(name: 'MemberAccounts')
     NetworkFirewallAction = Shapes::StringShape.new(name: 'NetworkFirewallAction')
     NetworkFirewallActionList = Shapes::ListShape.new(name: 'NetworkFirewallActionList')
@@ -195,6 +207,14 @@ module Aws::FMS
     TargetType = Shapes::StringShape.new(name: 'TargetType')
     TargetViolationReason = Shapes::StringShape.new(name: 'TargetViolationReason')
     TargetViolationReasons = Shapes::ListShape.new(name: 'TargetViolationReasons')
+    ThirdPartyFirewall = Shapes::StringShape.new(name: 'ThirdPartyFirewall')
+    ThirdPartyFirewallAssociationStatus = Shapes::StringShape.new(name: 'ThirdPartyFirewallAssociationStatus')
+    ThirdPartyFirewallFirewallPolicies = Shapes::ListShape.new(name: 'ThirdPartyFirewallFirewallPolicies')
+    ThirdPartyFirewallFirewallPolicy = Shapes::StructureShape.new(name: 'ThirdPartyFirewallFirewallPolicy')
+    ThirdPartyFirewallMissingExpectedRouteTableViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingExpectedRouteTableViolation')
+    ThirdPartyFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingFirewallViolation')
+    ThirdPartyFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingSubnetViolation')
+    ThirdPartyFirewallPolicy = Shapes::StructureShape.new(name: 'ThirdPartyFirewallPolicy')
     TimeStamp = Shapes::TimestampShape.new(name: 'TimeStamp')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
@@ -234,6 +254,12 @@ module Aws::FMS
     AssociateAdminAccountRequest.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, required: true, location_name: "AdminAccount"))
     AssociateAdminAccountRequest.struct_class = Types::AssociateAdminAccountRequest
+    AssociateThirdPartyFirewallRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    AssociateThirdPartyFirewallRequest.struct_class = Types::AssociateThirdPartyFirewallRequest
+    AssociateThirdPartyFirewallResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus"))
+    AssociateThirdPartyFirewallResponse.struct_class = Types::AssociateThirdPartyFirewallResponse
     AwsEc2InstanceViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
     AwsEc2InstanceViolation.add_member(:aws_ec2_network_interface_violations, Shapes::ShapeRef.new(shape: AwsEc2NetworkInterfaceViolations, location_name: "AwsEc2NetworkInterfaceViolations"))
     AwsEc2InstanceViolation.struct_class = Types::AwsEc2InstanceViolation
@@ -280,6 +306,12 @@ module Aws::FMS
     DisassociateAdminAccountRequest.struct_class = Types::DisassociateAdminAccountRequest
+    DisassociateThirdPartyFirewallRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    DisassociateThirdPartyFirewallRequest.struct_class = Types::DisassociateThirdPartyFirewallRequest
+    DisassociateThirdPartyFirewallResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus"))
+    DisassociateThirdPartyFirewallResponse.struct_class = Types::DisassociateThirdPartyFirewallResponse
     DnsDuplicateRuleGroupViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
     DnsDuplicateRuleGroupViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
     DnsDuplicateRuleGroupViolation.struct_class = Types::DnsDuplicateRuleGroupViolation
@@ -370,6 +402,12 @@ module Aws::FMS
     FirewallSubnetIsOutOfScopeViolation.add_member(:vpc_endpoint_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcEndpointId"))
     FirewallSubnetIsOutOfScopeViolation.struct_class = Types::FirewallSubnetIsOutOfScopeViolation
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId"))
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:subnet_availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZone"))
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:subnet_availability_zone_id, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZoneId"))
+    FirewallSubnetMissingVPCEndpointViolation.struct_class = Types::FirewallSubnetMissingVPCEndpointViolation
     GetAdminAccountRequest.struct_class = Types::GetAdminAccountRequest
     GetAdminAccountResponse.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AdminAccount"))
@@ -426,6 +464,13 @@ module Aws::FMS
     GetProtocolsListResponse.add_member(:protocols_list_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "ProtocolsListArn"))
     GetProtocolsListResponse.struct_class = Types::GetProtocolsListResponse
+    GetThirdPartyFirewallAssociationStatusRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    GetThirdPartyFirewallAssociationStatusRequest.struct_class = Types::GetThirdPartyFirewallAssociationStatusRequest
+    GetThirdPartyFirewallAssociationStatusResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus"))
+    GetThirdPartyFirewallAssociationStatusResponse.add_member(:marketplace_onboarding_status, Shapes::ShapeRef.new(shape: MarketplaceSubscriptionOnboardingStatus, location_name: "MarketplaceOnboardingStatus"))
+    GetThirdPartyFirewallAssociationStatusResponse.struct_class = Types::GetThirdPartyFirewallAssociationStatusResponse
     GetViolationDetailsRequest.add_member(:policy_id, Shapes::ShapeRef.new(shape: PolicyId, required: true, location_name: "PolicyId"))
     GetViolationDetailsRequest.add_member(:member_account, Shapes::ShapeRef.new(shape: AWSAccountId, required: true, location_name: "MemberAccount"))
     GetViolationDetailsRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "ResourceId"))
@@ -504,6 +549,15 @@ module Aws::FMS
     ListTagsForResourceResponse.add_member(:tag_list, Shapes::ShapeRef.new(shape: TagList, location_name: "TagList"))
     ListTagsForResourceResponse.struct_class = Types::ListTagsForResourceResponse
+    ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PaginationMaxResults, required: true, location_name: "MaxResults"))
+    ListThirdPartyFirewallFirewallPoliciesRequest.struct_class = Types::ListThirdPartyFirewallFirewallPoliciesRequest
+    ListThirdPartyFirewallFirewallPoliciesResponse.add_member(:third_party_firewall_firewall_policies, Shapes::ShapeRef.new(shape: ThirdPartyFirewallFirewallPolicies, location_name: "ThirdPartyFirewallFirewallPolicies"))
+    ListThirdPartyFirewallFirewallPoliciesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    ListThirdPartyFirewallFirewallPoliciesResponse.struct_class = Types::ListThirdPartyFirewallFirewallPoliciesResponse
     MemberAccounts.member = Shapes::ShapeRef.new(shape: AWSAccountId)
     NetworkFirewallActionList.member = Shapes::ShapeRef.new(shape: NetworkFirewallAction)
@@ -644,6 +698,7 @@ module Aws::FMS
     PolicyComplianceStatusList.member = Shapes::ShapeRef.new(shape: PolicyComplianceStatus)
     PolicyOption.add_member(:network_firewall_policy, Shapes::ShapeRef.new(shape: NetworkFirewallPolicy, location_name: "NetworkFirewallPolicy"))
+    PolicyOption.add_member(:third_party_firewall_policy, Shapes::ShapeRef.new(shape: ThirdPartyFirewallPolicy, location_name: "ThirdPartyFirewallPolicy"))
     PolicyOption.struct_class = Types::PolicyOption
     PolicySummary.add_member(:policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "PolicyArn"))
@@ -768,6 +823,10 @@ module Aws::FMS
     ResourceViolation.add_member(:possible_remediation_actions, Shapes::ShapeRef.new(shape: PossibleRemediationActions, location_name: "PossibleRemediationActions"))
     ResourceViolation.add_member(:firewall_subnet_is_out_of_scope_violation, Shapes::ShapeRef.new(shape: FirewallSubnetIsOutOfScopeViolation, location_name: "FirewallSubnetIsOutOfScopeViolation"))
     ResourceViolation.add_member(:route_has_out_of_scope_endpoint_violation, Shapes::ShapeRef.new(shape: RouteHasOutOfScopeEndpointViolation, location_name: "RouteHasOutOfScopeEndpointViolation"))
+    ResourceViolation.add_member(:third_party_firewall_missing_firewall_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingFirewallViolation, location_name: "ThirdPartyFirewallMissingFirewallViolation"))
+    ResourceViolation.add_member(:third_party_firewall_missing_subnet_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingSubnetViolation, location_name: "ThirdPartyFirewallMissingSubnetViolation"))
+    ResourceViolation.add_member(:third_party_firewall_missing_expected_route_table_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingExpectedRouteTableViolation, location_name: "ThirdPartyFirewallMissingExpectedRouteTableViolation"))
+    ResourceViolation.add_member(:firewall_subnet_missing_vpc_endpoint_violation, Shapes::ShapeRef.new(shape: FirewallSubnetMissingVPCEndpointViolation, location_name: "FirewallSubnetMissingVPCEndpointViolation"))
     ResourceViolation.struct_class = Types::ResourceViolation
     ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
@@ -844,6 +903,34 @@ module Aws::FMS
     TargetViolationReasons.member = Shapes::ShapeRef.new(shape: TargetViolationReason)
+    ThirdPartyFirewallFirewallPolicies.member = Shapes::ShapeRef.new(shape: ThirdPartyFirewallFirewallPolicy)
+    ThirdPartyFirewallFirewallPolicy.add_member(:firewall_policy_id, Shapes::ShapeRef.new(shape: FirewallPolicyId, location_name: "FirewallPolicyId"))
+    ThirdPartyFirewallFirewallPolicy.add_member(:firewall_policy_name, Shapes::ShapeRef.new(shape: FirewallPolicyName, location_name: "FirewallPolicyName"))
+    ThirdPartyFirewallFirewallPolicy.struct_class = Types::ThirdPartyFirewallFirewallPolicy
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:current_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentRouteTable"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:expected_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedRouteTable"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.struct_class = Types::ThirdPartyFirewallMissingExpectedRouteTableViolation
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
+    ThirdPartyFirewallMissingFirewallViolation.struct_class = Types::ThirdPartyFirewallMissingFirewallViolation
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
+    ThirdPartyFirewallMissingSubnetViolation.struct_class = Types::ThirdPartyFirewallMissingSubnetViolation
+    ThirdPartyFirewallPolicy.add_member(:firewall_deployment_model, Shapes::ShapeRef.new(shape: FirewallDeploymentModel, location_name: "FirewallDeploymentModel"))
+    ThirdPartyFirewallPolicy.struct_class = Types::ThirdPartyFirewallPolicy
     UntagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
     UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeyList, required: true, location_name: "TagKeys"))
     UntagResourceRequest.struct_class = Types::UntagResourceRequest
@@ -891,6 +978,18 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
+      api.add_operation(:associate_third_party_firewall, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "AssociateThirdPartyFirewall"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: AssociateThirdPartyFirewallRequest)
+        o.output = Shapes::ShapeRef.new(shape: AssociateThirdPartyFirewallResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
       api.add_operation(:delete_apps_list, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteAppsList"
         o.http_method = "POST"
@@ -948,6 +1047,18 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
       end)
+      api.add_operation(:disassociate_third_party_firewall, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisassociateThirdPartyFirewall"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DisassociateThirdPartyFirewallRequest)
+        o.output = Shapes::ShapeRef.new(shape: DisassociateThirdPartyFirewallResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
       api.add_operation(:get_admin_account, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetAdminAccount"
         o.http_method = "POST"
@@ -1027,6 +1138,18 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
       end)
+      api.add_operation(:get_third_party_firewall_association_status, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetThirdPartyFirewallAssociationStatus"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetThirdPartyFirewallAssociationStatusRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetThirdPartyFirewallAssociationStatusResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
       api.add_operation(:get_violation_details, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetViolationDetails"
         o.http_method = "POST"
@@ -1135,6 +1258,24 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
       end)
+      api.add_operation(:list_third_party_firewall_firewall_policies, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListThirdPartyFirewallFirewallPolicies"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListThirdPartyFirewallFirewallPoliciesRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListThirdPartyFirewallFirewallPoliciesResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
       api.add_operation(:put_apps_list, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutAppsList"
         o.http_method = "POST"

data/lib/aws-sdk-fms/types.rb CHANGED Viewed

@@ -200,6 +200,54 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass AssociateThirdPartyFirewallRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallRequest AWS API Documentation
+    #
+    class AssociateThirdPartyFirewallRequest < Struct.new(
+      :third_party_firewall)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_status
+    #   The current status for setting a Firewall Manager policy
+    #   administrator's account as an administrator of the third-party
+    #   firewall tenant.
+    #
+    #   * `ONBOARDING` - The Firewall Manager policy administrator is being
+    #     designated as a tenant administrator.
+    #
+    #   * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is
+    #     designated as a tenant administrator.
+    #
+    #   * `OFFBOARDING` - The Firewall Manager policy administrator is being
+    #     removed as a tenant administrator.
+    #
+    #   * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator
+    #     has been removed as a tenant administrator.
+    #
+    #   * `NOT_EXIST` - The Firewall Manager policy administrator doesn't
+    #     exist as a tenant administrator.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallResponse AWS API Documentation
+    #
+    class AssociateThirdPartyFirewallResponse < Struct.new(
+      :third_party_firewall_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Violation detail for an EC2 instance resource.
     #
     # @!attribute [rw] violation_target
@@ -418,6 +466,38 @@ module Aws::FMS
     #
     class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
+    # @note When making an API call, you may pass DisassociateThirdPartyFirewallRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallRequest AWS API Documentation
+    #
+    class DisassociateThirdPartyFirewallRequest < Struct.new(
+      :third_party_firewall)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_status
+    #   The current status for the disassociation of a Firewall Manager
+    #   administrators account with a third-party firewall.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallResponse AWS API Documentation
+    #
+    class DisassociateThirdPartyFirewallResponse < Struct.new(
+      :third_party_firewall_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # A DNS Firewall rule group that Firewall Manager tried to associate
     # with a VPC is already associated with the VPC and can't be associated
     # again.
@@ -883,6 +963,36 @@ module Aws::FMS
       include Aws::Structure
     end
+    # The violation details for a firewall subnet's VPC endpoint that's
+    # deleted or missing.
+    #
+    # @!attribute [rw] firewall_subnet_id
+    #   The ID of the firewall that this VPC endpoint is associated with.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   The resource ID of the VPC associated with the deleted VPC subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] subnet_availability_zone
+    #   The name of the Availability Zone of the deleted VPC subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] subnet_availability_zone_id
+    #   The ID of the Availability Zone of the deleted VPC subnet.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FirewallSubnetMissingVPCEndpointViolation AWS API Documentation
+    #
+    class FirewallSubnetMissingVPCEndpointViolation < Struct.new(
+      :firewall_subnet_id,
+      :vpc_id,
+      :subnet_availability_zone,
+      :subnet_availability_zone_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountRequest AWS API Documentation
@@ -1213,6 +1323,73 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass GetThirdPartyFirewallAssociationStatusRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusRequest AWS API Documentation
+    #
+    class GetThirdPartyFirewallAssociationStatusRequest < Struct.new(
+      :third_party_firewall)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_status
+    #   The current status for setting a Firewall Manager policy
+    #   administrators account as an administrator of the third-party
+    #   firewall tenant.
+    #
+    #   * `ONBOARDING` - The Firewall Manager policy administrator is being
+    #     designated as a tenant administrator.
+    #
+    #   * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is
+    #     designated as a tenant administrator.
+    #
+    #   * `OFFBOARDING` - The Firewall Manager policy administrator is being
+    #     removed as a tenant administrator.
+    #
+    #   * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator
+    #     has been removed as a tenant administrator.
+    #
+    #   * `NOT_EXIST` - The Firewall Manager policy administrator doesn't
+    #     exist as a tenant administrator.
+    #   @return [String]
+    #
+    # @!attribute [rw] marketplace_onboarding_status
+    #   The status for subscribing to the third-party firewall vendor in the
+    #   AWS Marketplace.
+    #
+    #   * `NO_SUBSCRIPTION` - The Firewall Manager policy administrator
+    #     isn't subscribed to the third-party firewall service in the AWS
+    #     Marketplace.
+    #
+    #   * `NOT_COMPLETE` - The Firewall Manager policy administrator is in
+    #     the process of subscribing to the third-party firewall service in
+    #     the Amazon Web Services Marketplace, but doesn't yet have an
+    #     active subscription.
+    #
+    #   * `COMPLETE` - The Firewall Manager policy administrator has an
+    #     active subscription to the third-party firewall service in the
+    #     Amazon Web Services Marketplace.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusResponse AWS API Documentation
+    #
+    class GetThirdPartyFirewallAssociationStatusResponse < Struct.new(
+      :third_party_firewall_status,
+      :marketplace_onboarding_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass GetViolationDetailsRequest
     #   data as a hash:
     #
@@ -1683,6 +1860,74 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListThirdPartyFirewallFirewallPoliciesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   If the previous response included a `NextToken` element, the
+    #   specified third-party firewall vendor is associated with more
+    #   third-party firewall policies. To get more third-party firewall
+    #   policies, submit another
+    #   `ListThirdPartyFirewallFirewallPoliciesRequest` request.
+    #
+    #   For the value of `NextToken`, specify the value of `NextToken` from
+    #   the previous response. If the previous response didn't include a
+    #   `NextToken` element, there are no more third-party firewall policies
+    #   to get.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of third-party firewall policies that you want
+    #   Firewall Manager to return. If the specified third-party firewall
+    #   vendor is associated with more than `MaxResults` firewall policies,
+    #   the response includes a `NextToken` element. `NextToken` contains an
+    #   encrypted token that identifies the first third-party firewall
+    #   policies that Firewall Manager will return if you submit another
+    #   request.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesRequest AWS API Documentation
+    #
+    class ListThirdPartyFirewallFirewallPoliciesRequest < Struct.new(
+      :third_party_firewall,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_firewall_policies
+    #   A list that contains one `ThirdPartyFirewallFirewallPolicies`
+    #   element for each third-party firewall policies that the specified
+    #   third-party firewall vendor is associated with. Each
+    #   `ThirdPartyFirewallFirewallPolicies` element contains the firewall
+    #   policy name and ID.
+    #   @return [Array<Types::ThirdPartyFirewallFirewallPolicy>]
+    #
+    # @!attribute [rw] next_token
+    #   The value that you will use for `NextToken` in the next
+    #   `ListThirdPartyFirewallFirewallPolicies` request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesResponse AWS API Documentation
+    #
+    class ListThirdPartyFirewallFirewallPoliciesResponse < Struct.new(
+      :third_party_firewall_firewall_policies,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Violation detail for an internet gateway route with an inactive state
     # in the customer subnet route table or Network Firewall subnet route
     # table.
@@ -2026,7 +2271,7 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #       }
     #
     # @!attribute [rw] firewall_deployment_model
@@ -2208,11 +2453,14 @@ module Aws::FMS
     #         policy_name: "ResourceName", # required
     #         policy_update_token: "PolicyUpdateToken",
     #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #           managed_service_data: "ManagedServiceData",
     #           policy_option: {
     #             network_firewall_policy: {
-    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #             },
+    #             third_party_firewall_policy: {
+    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #             },
     #           },
     #         },
@@ -2295,9 +2543,6 @@ module Aws::FMS
     #   `ResourceTag` array are not in scope of the policy. If set to
     #   `False`, and the `ResourceTag` array is not null, only resources
     #   with the specified tags are in scope of the policy.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Boolean]
     #
     # @!attribute [rw] remediation_enabled
@@ -2348,9 +2593,6 @@ module Aws::FMS
     #     a comma. For example, the following is a valid map: `\{“ACCOUNT” :
     #     [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
     #     “ouid112”]\}`.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Hash<String,Array<String>>]
     #
     # @!attribute [rw] exclude_map
@@ -2381,9 +2623,6 @@ module Aws::FMS
     #     a comma. For example, the following is a valid map: `\{“ACCOUNT” :
     #     [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
     #     “ouid112”]\}`.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Hash<String,Array<String>>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
@@ -2517,7 +2756,10 @@ module Aws::FMS
     #
     #       {
     #         network_firewall_policy: {
-    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #         },
+    #         third_party_firewall_policy: {
+    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #         },
     #       }
     #
@@ -2525,10 +2767,15 @@ module Aws::FMS
     #   Defines the deployment model to use for the firewall policy.
     #   @return [Types::NetworkFirewallPolicy]
     #
+    # @!attribute [rw] third_party_firewall_policy
+    #   Defines the policy options for a third-party firewall policy.
+    #   @return [Types::ThirdPartyFirewallPolicy]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyOption AWS API Documentation
     #
     class PolicyOption < Struct.new(
-      :network_firewall_policy)
+      :network_firewall_policy,
+      :third_party_firewall_policy)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2847,11 +3094,14 @@ module Aws::FMS
     #           policy_name: "ResourceName", # required
     #           policy_update_token: "PolicyUpdateToken",
     #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #             managed_service_data: "ManagedServiceData",
     #             policy_option: {
     #               network_firewall_policy: {
-    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #               },
+    #               third_party_firewall_policy: {
+    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #               },
     #             },
     #           },
@@ -3201,6 +3451,27 @@ module Aws::FMS
     #   scope.
     #   @return [Types::RouteHasOutOfScopeEndpointViolation]
     #
+    # @!attribute [rw] third_party_firewall_missing_firewall_violation
+    #   The violation details for a third-party firewall that's been
+    #   deleted.
+    #   @return [Types::ThirdPartyFirewallMissingFirewallViolation]
+    #
+    # @!attribute [rw] third_party_firewall_missing_subnet_violation
+    #   The violation details for a third-party firewall's subnet that's
+    #   been deleted.
+    #   @return [Types::ThirdPartyFirewallMissingSubnetViolation]
+    #
+    # @!attribute [rw] third_party_firewall_missing_expected_route_table_violation
+    #   The violation details for a third-party firewall that has the
+    #   Firewall Manager managed route table that was associated with the
+    #   third-party firewall has been deleted.
+    #   @return [Types::ThirdPartyFirewallMissingExpectedRouteTableViolation]
+    #
+    # @!attribute [rw] firewall_subnet_missing_vpc_endpoint_violation
+    #   The violation details for a third-party firewall's VPC endpoint
+    #   subnet that was deleted.
+    #   @return [Types::FirewallSubnetMissingVPCEndpointViolation]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
     #
     class ResourceViolation < Struct.new(
@@ -3222,7 +3493,11 @@ module Aws::FMS
       :dns_rule_group_limit_exceeded_violation,
       :possible_remediation_actions,
       :firewall_subnet_is_out_of_scope_violation,
-      :route_has_out_of_scope_endpoint_violation)
+      :route_has_out_of_scope_endpoint_violation,
+      :third_party_firewall_missing_firewall_violation,
+      :third_party_firewall_missing_subnet_violation,
+      :third_party_firewall_missing_expected_route_table_violation,
+      :firewall_subnet_missing_vpc_endpoint_violation)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3406,11 +3681,14 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #         policy_option: {
     #           network_firewall_policy: {
-    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #           },
+    #           third_party_firewall_policy: {
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #           },
     #         },
     #       }
@@ -3439,12 +3717,15 @@ module Aws::FMS
     #
     #      </note>
     #
-    #   * Example: `NETWORK_FIREWALL` - Centralized deployment model.
+    #   * Example: `DNS_FIREWALL`
+    #
+    #     `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
     #
-    #     `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"`
+    #     <note markdown="1"> Valid values for `preProcessRuleGroups` are between 1 and 99.
+    #     Valid values for `postProcessRuleGroups` are between 9901 and
+    #     10000.
     #
-    #     To use the centralized deployment model, you must set
-    #     [PolicyOption][1] to `CENTRALIZED`.
+    #      </note>
     #
     #   * Example: `NETWORK_FIREWALL` - Distributed deployment model with
     #     automatic Availability Zone configuration. With automatic
@@ -3588,6 +3869,10 @@ module Aws::FMS
     #     "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
     #     "overrideExistingConfig":boolean \} \}"`
     #
+    #   * Example: `PARTNER_FIREWALL` for Firewall Manager
+    #
+    #     `"\{"type":"THIRD_PARTY_FIREWALL","thirdPartyrFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW","thirdPartyFirewallConfig":\{"thirdPartyFirewallPolicyList":["global-123456789012-1"],"networkFirewallLoggingConfiguration":null\},"firewallDeploymentModel":\{"distributedFirewallDeploymentModel":\{"distributedFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.1.0/28"]\}]\}\},"allowedIPV4CidrList":null\},"distributedRouteManagementConfig":null\},"centralizedFirewallDeploymentModel":null\}\}""`
+    #
     #   * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
     #     distributions
     #
@@ -3626,6 +3911,18 @@ module Aws::FMS
     #     "overrideAction" : \{"type": "COUNT"\}\}],
     #     "defaultAction": \{"type": "BLOCK"\}\}"`
     #
+    #   * Example: `WAFV2` - Firewall Manager support for WAF managed rule
+    #     group versioning
+    #
+    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
+    #
+    #     To use a specific version of a WAF managed rule group in your
+    #     Firewall Manager policy, you must set `versionEnabled` to `true`,
+    #     and set `version` to the version you'd like to use. If you don't
+    #     set `versionEnabled` to `true`, or if you omit `versionEnabled`,
+    #     then Firewall Manager uses the default version of the WAF managed
+    #     rule group.
+    #
     #   * Example: `SECURITY_GROUPS_COMMON`
     #
     #     `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
@@ -3793,6 +4090,153 @@ module Aws::FMS
     #
     class TagResourceResponse < Aws::EmptyStructure; end
+    # Configures the firewall policy deployment model for a third-party
+    # firewall. The deployment model can either be distributed or
+    # centralized.
+    #
+    # @!attribute [rw] firewall_policy_id
+    #   The ID of the specified firewall policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_policy_name
+    #   The name of the specified firewall policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallFirewallPolicy AWS API Documentation
+    #
+    class ThirdPartyFirewallFirewallPolicy < Struct.new(
+      :firewall_policy_id,
+      :firewall_policy_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The violation details for a third-party firewall that's not
+    # associated with an Firewall Manager managed route table.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the third-party firewall or VPC resource that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a fireawll subnet that's
+    #   causing the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of the firewall subnet that's causing the
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_route_table
+    #   The resource ID of the current route table that's associated with
+    #   the subnet, if one is available.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_route_table
+    #   The resource ID of the route table that should be associated with
+    #   the subnet.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingExpectedRouteTableViolation AWS API Documentation
+    #
+    class ThirdPartyFirewallMissingExpectedRouteTableViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :current_route_table,
+      :expected_route_table)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The violation details about a third-party firewall's subnet that
+    # doesn't have a Firewall Manager managed firewall in its VPC.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the third-party firewall that's causing the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a third-party firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of the third-party firewall that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource is causing this violation, if a reason is
+    #   available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingFirewallViolation AWS API Documentation
+    #
+    class ThirdPartyFirewallMissingFirewallViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The violation details for a third-party firewall for an Availability
+    # Zone that's missing the Firewall Manager managed subnet.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the third-party firewall or VPC resource that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a subnet that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a subnet that's causing the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource is causing the violation, if a reason is
+    #   available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingSubnetViolation AWS API Documentation
+    #
+    class ThirdPartyFirewallMissingSubnetViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Configures the policy for the third-party firewall.
+    #
+    # @note When making an API call, you may pass ThirdPartyFirewallPolicy
+    #   data as a hash:
+    #
+    #       {
+    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #       }
+    #
+    # @!attribute [rw] firewall_deployment_model
+    #   Defines the deployment model to use for the third-party firewall.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallPolicy AWS API Documentation
+    #
+    class ThirdPartyFirewallPolicy < Struct.new(
+      :firewall_deployment_model)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass UntagResourceRequest
     #   data as a hash:
     #
@@ -3851,9 +4295,6 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_tags
     #   The `ResourceTag` objects associated with the resource.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] resource_description

data/lib/aws-sdk-fms.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-fms/customizations'
 # @!group service
 module Aws::FMS
-  GEM_VERSION = '1.48.0'
+  GEM_VERSION = '1.49.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.48.0
+  version: 1.49.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-24 00:00:00.000000000 Z
+date: 2022-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core