RubyGems - aws-sdk-fms - Versions diffs - 1.48.0 → 1.49.0 - Mend

aws-sdk-fms 1.48.0 → 1.49.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-fms/client.rb +182 -10
data/lib/aws-sdk-fms/client_api.rb +141 -0
data/lib/aws-sdk-fms/types.rb +467 -26
data/lib/aws-sdk-fms.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fe1856b2e7db71ec8c271606d37bf76353ca984e90989e79ff8b135c213ec108
-  data.tar.gz: 276edd6276e83d327b817785a38be6a3fde6899604fbd7530ed5ea99038092e0
+  metadata.gz: 16ed215f917debd6e77e26d7aa5c7cb99079aac3b1189cbdb39b10d0ab0dec9d
+  data.tar.gz: 358cf904a9452d3a0b5c0a8cc5de573b6c01e1c7f4429298fd8d85ba43e03092
 SHA512:
-  metadata.gz: e9781f9af09f7b87593143da3daae257adc24f9cdb28824f09faa3b0e110ae87fb7965897a7663848e7e841e6e51542078b0bc50d80923d9f89d185fefa5d7de
-  data.tar.gz: 2ef93a5e9c63b64ea4c8051deb6a1548a1dac2995468feb6e63349e556800cfd0c2ef0a4312033e4b5d8db36700a8739215d940188c032f09d61bf76fcb0afdd
+  metadata.gz: c03589c37e3610e2ff989687a357302d0dcebbbd8cea89bf3da2537ecf122a8187a853b25c706416ab9bd78dc6b16177e39173223ecab23155dd716ec5343d8b
+  data.tar.gz: 957c9504c4d7a4af2850d23587aa67c96b60c332fdcc51e22115ee4ab5bd79b0640c1c6e5f0c8c80efeeca1db8c71af551cbb5d6b9dee69ed75d4a6efff16a74

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.49.0 (2022-03-30)
+------------------
+* Feature - AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models.
 1.48.0 (2022-02-24)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.48.0
1	+ 1.49.0

data/lib/aws-sdk-fms/client.rb CHANGED Viewed

@@ -397,6 +397,37 @@ module Aws::FMS
       req.send_request(options)
     end
+    # Sets the Firewall Manager policy administrator as a tenant
+    # administrator of a third-party firewall service. A tenant is an
+    # instance of the third-party firewall service that's associated with
+    # your Amazon Web Services customer account.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @return [Types::AssociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_third_party_firewall({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewall AWS API Documentation
+    #
+    # @overload associate_third_party_firewall(params = {})
+    # @param [Hash] params ({})
+    def associate_third_party_firewall(params = {}, options = {})
+      req = build_request(:associate_third_party_firewall, params)
+      req.send_request(options)
+    end
     # Permanently deletes an Firewall Manager applications list.
     #
     # @option params [required, String] :list_id
@@ -528,6 +559,37 @@ module Aws::FMS
       req.send_request(options)
     end
+    # Disassociates a Firewall Manager policy administrator from a
+    # third-party firewall tenant. When you call
+    # `DisassociateThirdPartyFirewall`, the third-party firewall vendor
+    # deletes all of the firewalls that are associated with the account.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @return [Types::DisassociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisassociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_third_party_firewall({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewall AWS API Documentation
+    #
+    # @overload disassociate_third_party_firewall(params = {})
+    # @param [Hash] params ({})
+    def disassociate_third_party_firewall(params = {}, options = {})
+      req = build_request(:disassociate_third_party_firewall, params)
+      req.send_request(options)
+    end
     # Returns the Organizations account that is associated with Firewall
     # Manager as the Firewall Manager administrator.
     #
@@ -648,7 +710,7 @@ module Aws::FMS
     #   resp.policy_compliance_detail.member_account #=> String
     #   resp.policy_compliance_detail.violators #=> Array
     #   resp.policy_compliance_detail.violators[0].resource_id #=> String
-    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT"
+    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT"
     #   resp.policy_compliance_detail.violators[0].resource_type #=> String
     #   resp.policy_compliance_detail.violators[0].metadata #=> Hash
     #   resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String
@@ -709,9 +771,10 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
-    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED"
+    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
+    #   resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
     #   resp.policy.resource_type_list[0] #=> String
@@ -797,7 +860,7 @@ module Aws::FMS
     # @example Response structure
     #
     #   resp.admin_account_id #=> String
-    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.data #=> String
     #   resp.next_token #=> String
     #
@@ -856,6 +919,37 @@ module Aws::FMS
       req.send_request(options)
     end
+    # The onboarding status of a Firewall Manager admin account to
+    # third-party firewall vendor tenant.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @return [Types::GetThirdPartyFirewallAssociationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetThirdPartyFirewallAssociationStatusResponse#third_party_firewall_status #third_party_firewall_status} => String
+    #   * {Types::GetThirdPartyFirewallAssociationStatusResponse#marketplace_onboarding_status #marketplace_onboarding_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_third_party_firewall_association_status({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
+    #   resp.marketplace_onboarding_status #=> String, one of "NO_SUBSCRIPTION", "NOT_COMPLETE", "COMPLETE"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus AWS API Documentation
+    #
+    # @overload get_third_party_firewall_association_status(params = {})
+    # @param [Hash] params ({})
+    def get_third_party_firewall_association_status(params = {}, options = {})
+      req = build_request(:get_third_party_firewall_association_status, params)
+      req.send_request(options)
+    end
     # Retrieves violations for a resource based on the specified Firewall
     # Manager policy and Amazon Web Services account.
     #
@@ -1180,6 +1274,23 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
     #   resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination #=> String
     #   resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.target_violation_reason #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.vpc #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.current_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.expected_route_table #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.firewall_subnet_id #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.vpc_id #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone #=> String
+    #   resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone_id #=> String
     #   resp.violation_detail.resource_tags #=> Array
     #   resp.violation_detail.resource_tags[0].key #=> String
     #   resp.violation_detail.resource_tags[0].value #=> String
@@ -1406,7 +1517,7 @@ module Aws::FMS
     #   resp.policy_list[0].policy_id #=> String
     #   resp.policy_list[0].policy_name #=> String
     #   resp.policy_list[0].resource_type #=> String
-    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.policy_list[0].remediation_enabled #=> Boolean
     #   resp.policy_list[0].delete_unused_fm_managed_resources #=> Boolean
     #   resp.next_token #=> String
@@ -1509,6 +1620,63 @@ module Aws::FMS
       req.send_request(options)
     end
+    # Retrieves a list of all of the third-party firewall policies that are
+    # associated with the third-party firewall administrator's account.
+    #
+    # @option params [required, String] :third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #
+    # @option params [String] :next_token
+    #   If the previous response included a `NextToken` element, the specified
+    #   third-party firewall vendor is associated with more third-party
+    #   firewall policies. To get more third-party firewall policies, submit
+    #   another `ListThirdPartyFirewallFirewallPoliciesRequest` request.
+    #
+    #   For the value of `NextToken`, specify the value of `NextToken` from
+    #   the previous response. If the previous response didn't include a
+    #   `NextToken` element, there are no more third-party firewall policies
+    #   to get.
+    #
+    # @option params [required, Integer] :max_results
+    #   The maximum number of third-party firewall policies that you want
+    #   Firewall Manager to return. If the specified third-party firewall
+    #   vendor is associated with more than `MaxResults` firewall policies,
+    #   the response includes a `NextToken` element. `NextToken` contains an
+    #   encrypted token that identifies the first third-party firewall
+    #   policies that Firewall Manager will return if you submit another
+    #   request.
+    #
+    # @return [Types::ListThirdPartyFirewallFirewallPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#third_party_firewall_firewall_policies #third_party_firewall_firewall_policies} => Array&lt;Types::ThirdPartyFirewallFirewallPolicy&gt;
+    #   * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_third_party_firewall_firewall_policies({
+    #     third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #     next_token: "PaginationToken",
+    #     max_results: 1, # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.third_party_firewall_firewall_policies #=> Array
+    #   resp.third_party_firewall_firewall_policies[0].firewall_policy_id #=> String
+    #   resp.third_party_firewall_firewall_policies[0].firewall_policy_name #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies AWS API Documentation
+    #
+    # @overload list_third_party_firewall_firewall_policies(params = {})
+    # @param [Hash] params ({})
+    def list_third_party_firewall_firewall_policies(params = {}, options = {})
+      req = build_request(:list_third_party_firewall_firewall_policies, params)
+      req.send_request(options)
+    end
     # Creates an Firewall Manager applications list.
     #
     # @option params [required, Types::AppsListData] :apps_list
@@ -1675,11 +1843,14 @@ module Aws::FMS
     #       policy_name: "ResourceName", # required
     #       policy_update_token: "PolicyUpdateToken",
     #       security_service_policy_data: { # required
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #         policy_option: {
     #           network_firewall_policy: {
-    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #           },
+    #           third_party_firewall_policy: {
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #           },
     #         },
     #       },
@@ -1714,9 +1885,10 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
-    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED"
+    #   resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
+    #   resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
     #   resp.policy.resource_type_list[0] #=> String
@@ -1875,7 +2047,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.48.0'
+      context[:gem_version] = '1.49.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-fms/client_api.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module Aws::FMS
     AppsListDataSummary = Shapes::StructureShape.new(name: 'AppsListDataSummary')
     AppsListsData = Shapes::ListShape.new(name: 'AppsListsData')
     AssociateAdminAccountRequest = Shapes::StructureShape.new(name: 'AssociateAdminAccountRequest')
+    AssociateThirdPartyFirewallRequest = Shapes::StructureShape.new(name: 'AssociateThirdPartyFirewallRequest')
+    AssociateThirdPartyFirewallResponse = Shapes::StructureShape.new(name: 'AssociateThirdPartyFirewallResponse')
     AwsEc2InstanceViolation = Shapes::StructureShape.new(name: 'AwsEc2InstanceViolation')
     AwsEc2NetworkInterfaceViolation = Shapes::StructureShape.new(name: 'AwsEc2NetworkInterfaceViolation')
     AwsEc2NetworkInterfaceViolations = Shapes::ListShape.new(name: 'AwsEc2NetworkInterfaceViolations')
@@ -44,6 +46,8 @@ module Aws::FMS
     DestinationType = Shapes::StringShape.new(name: 'DestinationType')
     DetailedInfo = Shapes::StringShape.new(name: 'DetailedInfo')
     DisassociateAdminAccountRequest = Shapes::StructureShape.new(name: 'DisassociateAdminAccountRequest')
+    DisassociateThirdPartyFirewallRequest = Shapes::StructureShape.new(name: 'DisassociateThirdPartyFirewallRequest')
+    DisassociateThirdPartyFirewallResponse = Shapes::StructureShape.new(name: 'DisassociateThirdPartyFirewallResponse')
     DnsDuplicateRuleGroupViolation = Shapes::StructureShape.new(name: 'DnsDuplicateRuleGroupViolation')
     DnsRuleGroupLimitExceededViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupLimitExceededViolation')
     DnsRuleGroupPriorities = Shapes::ListShape.new(name: 'DnsRuleGroupPriorities')
@@ -63,7 +67,10 @@ module Aws::FMS
     ExpectedRoutes = Shapes::ListShape.new(name: 'ExpectedRoutes')
     FMSPolicyUpdateFirewallCreationConfigAction = Shapes::StructureShape.new(name: 'FMSPolicyUpdateFirewallCreationConfigAction')
     FirewallDeploymentModel = Shapes::StringShape.new(name: 'FirewallDeploymentModel')
+    FirewallPolicyId = Shapes::StringShape.new(name: 'FirewallPolicyId')
+    FirewallPolicyName = Shapes::StringShape.new(name: 'FirewallPolicyName')
     FirewallSubnetIsOutOfScopeViolation = Shapes::StructureShape.new(name: 'FirewallSubnetIsOutOfScopeViolation')
+    FirewallSubnetMissingVPCEndpointViolation = Shapes::StructureShape.new(name: 'FirewallSubnetMissingVPCEndpointViolation')
     GetAdminAccountRequest = Shapes::StructureShape.new(name: 'GetAdminAccountRequest')
     GetAdminAccountResponse = Shapes::StructureShape.new(name: 'GetAdminAccountResponse')
     GetAppsListRequest = Shapes::StructureShape.new(name: 'GetAppsListRequest')
@@ -78,6 +85,8 @@ module Aws::FMS
     GetProtectionStatusResponse = Shapes::StructureShape.new(name: 'GetProtectionStatusResponse')
     GetProtocolsListRequest = Shapes::StructureShape.new(name: 'GetProtocolsListRequest')
     GetProtocolsListResponse = Shapes::StructureShape.new(name: 'GetProtocolsListResponse')
+    GetThirdPartyFirewallAssociationStatusRequest = Shapes::StructureShape.new(name: 'GetThirdPartyFirewallAssociationStatusRequest')
+    GetThirdPartyFirewallAssociationStatusResponse = Shapes::StructureShape.new(name: 'GetThirdPartyFirewallAssociationStatusResponse')
     GetViolationDetailsRequest = Shapes::StructureShape.new(name: 'GetViolationDetailsRequest')
     GetViolationDetailsResponse = Shapes::StructureShape.new(name: 'GetViolationDetailsResponse')
     IPPortNumber = Shapes::IntegerShape.new(name: 'IPPortNumber')
@@ -102,7 +111,10 @@ module Aws::FMS
     ListProtocolsListsResponse = Shapes::StructureShape.new(name: 'ListProtocolsListsResponse')
     ListTagsForResourceRequest = Shapes::StructureShape.new(name: 'ListTagsForResourceRequest')
     ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
+    ListThirdPartyFirewallFirewallPoliciesRequest = Shapes::StructureShape.new(name: 'ListThirdPartyFirewallFirewallPoliciesRequest')
+    ListThirdPartyFirewallFirewallPoliciesResponse = Shapes::StructureShape.new(name: 'ListThirdPartyFirewallFirewallPoliciesResponse')
     ManagedServiceData = Shapes::StringShape.new(name: 'ManagedServiceData')
+    MarketplaceSubscriptionOnboardingStatus = Shapes::StringShape.new(name: 'MarketplaceSubscriptionOnboardingStatus')
     MemberAccounts = Shapes::ListShape.new(name: 'MemberAccounts')
     NetworkFirewallAction = Shapes::StringShape.new(name: 'NetworkFirewallAction')
     NetworkFirewallActionList = Shapes::ListShape.new(name: 'NetworkFirewallActionList')
@@ -195,6 +207,14 @@ module Aws::FMS
     TargetType = Shapes::StringShape.new(name: 'TargetType')
     TargetViolationReason = Shapes::StringShape.new(name: 'TargetViolationReason')
     TargetViolationReasons = Shapes::ListShape.new(name: 'TargetViolationReasons')
+    ThirdPartyFirewall = Shapes::StringShape.new(name: 'ThirdPartyFirewall')
+    ThirdPartyFirewallAssociationStatus = Shapes::StringShape.new(name: 'ThirdPartyFirewallAssociationStatus')
+    ThirdPartyFirewallFirewallPolicies = Shapes::ListShape.new(name: 'ThirdPartyFirewallFirewallPolicies')
+    ThirdPartyFirewallFirewallPolicy = Shapes::StructureShape.new(name: 'ThirdPartyFirewallFirewallPolicy')
+    ThirdPartyFirewallMissingExpectedRouteTableViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingExpectedRouteTableViolation')
+    ThirdPartyFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingFirewallViolation')
+    ThirdPartyFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'ThirdPartyFirewallMissingSubnetViolation')
+    ThirdPartyFirewallPolicy = Shapes::StructureShape.new(name: 'ThirdPartyFirewallPolicy')
     TimeStamp = Shapes::TimestampShape.new(name: 'TimeStamp')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
@@ -234,6 +254,12 @@ module Aws::FMS
     AssociateAdminAccountRequest.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, required: true, location_name: "AdminAccount"))
     AssociateAdminAccountRequest.struct_class = Types::AssociateAdminAccountRequest
+    AssociateThirdPartyFirewallRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    AssociateThirdPartyFirewallRequest.struct_class = Types::AssociateThirdPartyFirewallRequest
+    AssociateThirdPartyFirewallResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus"))
+    AssociateThirdPartyFirewallResponse.struct_class = Types::AssociateThirdPartyFirewallResponse
     AwsEc2InstanceViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
     AwsEc2InstanceViolation.add_member(:aws_ec2_network_interface_violations, Shapes::ShapeRef.new(shape: AwsEc2NetworkInterfaceViolations, location_name: "AwsEc2NetworkInterfaceViolations"))
     AwsEc2InstanceViolation.struct_class = Types::AwsEc2InstanceViolation
@@ -280,6 +306,12 @@ module Aws::FMS
     DisassociateAdminAccountRequest.struct_class = Types::DisassociateAdminAccountRequest
+    DisassociateThirdPartyFirewallRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    DisassociateThirdPartyFirewallRequest.struct_class = Types::DisassociateThirdPartyFirewallRequest
+    DisassociateThirdPartyFirewallResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus"))
+    DisassociateThirdPartyFirewallResponse.struct_class = Types::DisassociateThirdPartyFirewallResponse
     DnsDuplicateRuleGroupViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
     DnsDuplicateRuleGroupViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
     DnsDuplicateRuleGroupViolation.struct_class = Types::DnsDuplicateRuleGroupViolation
@@ -370,6 +402,12 @@ module Aws::FMS
     FirewallSubnetIsOutOfScopeViolation.add_member(:vpc_endpoint_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcEndpointId"))
     FirewallSubnetIsOutOfScopeViolation.struct_class = Types::FirewallSubnetIsOutOfScopeViolation
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId"))
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:subnet_availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZone"))
+    FirewallSubnetMissingVPCEndpointViolation.add_member(:subnet_availability_zone_id, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZoneId"))
+    FirewallSubnetMissingVPCEndpointViolation.struct_class = Types::FirewallSubnetMissingVPCEndpointViolation
     GetAdminAccountRequest.struct_class = Types::GetAdminAccountRequest
     GetAdminAccountResponse.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AdminAccount"))
@@ -426,6 +464,13 @@ module Aws::FMS
     GetProtocolsListResponse.add_member(:protocols_list_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "ProtocolsListArn"))
     GetProtocolsListResponse.struct_class = Types::GetProtocolsListResponse
+    GetThirdPartyFirewallAssociationStatusRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    GetThirdPartyFirewallAssociationStatusRequest.struct_class = Types::GetThirdPartyFirewallAssociationStatusRequest
+    GetThirdPartyFirewallAssociationStatusResponse.add_member(:third_party_firewall_status, Shapes::ShapeRef.new(shape: ThirdPartyFirewallAssociationStatus, location_name: "ThirdPartyFirewallStatus"))
+    GetThirdPartyFirewallAssociationStatusResponse.add_member(:marketplace_onboarding_status, Shapes::ShapeRef.new(shape: MarketplaceSubscriptionOnboardingStatus, location_name: "MarketplaceOnboardingStatus"))
+    GetThirdPartyFirewallAssociationStatusResponse.struct_class = Types::GetThirdPartyFirewallAssociationStatusResponse
     GetViolationDetailsRequest.add_member(:policy_id, Shapes::ShapeRef.new(shape: PolicyId, required: true, location_name: "PolicyId"))
     GetViolationDetailsRequest.add_member(:member_account, Shapes::ShapeRef.new(shape: AWSAccountId, required: true, location_name: "MemberAccount"))
     GetViolationDetailsRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "ResourceId"))
@@ -504,6 +549,15 @@ module Aws::FMS
     ListTagsForResourceResponse.add_member(:tag_list, Shapes::ShapeRef.new(shape: TagList, location_name: "TagList"))
     ListTagsForResourceResponse.struct_class = Types::ListTagsForResourceResponse
+    ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:third_party_firewall, Shapes::ShapeRef.new(shape: ThirdPartyFirewall, required: true, location_name: "ThirdPartyFirewall"))
+    ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    ListThirdPartyFirewallFirewallPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PaginationMaxResults, required: true, location_name: "MaxResults"))
+    ListThirdPartyFirewallFirewallPoliciesRequest.struct_class = Types::ListThirdPartyFirewallFirewallPoliciesRequest
+    ListThirdPartyFirewallFirewallPoliciesResponse.add_member(:third_party_firewall_firewall_policies, Shapes::ShapeRef.new(shape: ThirdPartyFirewallFirewallPolicies, location_name: "ThirdPartyFirewallFirewallPolicies"))
+    ListThirdPartyFirewallFirewallPoliciesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
+    ListThirdPartyFirewallFirewallPoliciesResponse.struct_class = Types::ListThirdPartyFirewallFirewallPoliciesResponse
     MemberAccounts.member = Shapes::ShapeRef.new(shape: AWSAccountId)
     NetworkFirewallActionList.member = Shapes::ShapeRef.new(shape: NetworkFirewallAction)
@@ -644,6 +698,7 @@ module Aws::FMS
     PolicyComplianceStatusList.member = Shapes::ShapeRef.new(shape: PolicyComplianceStatus)
     PolicyOption.add_member(:network_firewall_policy, Shapes::ShapeRef.new(shape: NetworkFirewallPolicy, location_name: "NetworkFirewallPolicy"))
+    PolicyOption.add_member(:third_party_firewall_policy, Shapes::ShapeRef.new(shape: ThirdPartyFirewallPolicy, location_name: "ThirdPartyFirewallPolicy"))
     PolicyOption.struct_class = Types::PolicyOption
     PolicySummary.add_member(:policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "PolicyArn"))
@@ -768,6 +823,10 @@ module Aws::FMS
     ResourceViolation.add_member(:possible_remediation_actions, Shapes::ShapeRef.new(shape: PossibleRemediationActions, location_name: "PossibleRemediationActions"))
     ResourceViolation.add_member(:firewall_subnet_is_out_of_scope_violation, Shapes::ShapeRef.new(shape: FirewallSubnetIsOutOfScopeViolation, location_name: "FirewallSubnetIsOutOfScopeViolation"))
     ResourceViolation.add_member(:route_has_out_of_scope_endpoint_violation, Shapes::ShapeRef.new(shape: RouteHasOutOfScopeEndpointViolation, location_name: "RouteHasOutOfScopeEndpointViolation"))
+    ResourceViolation.add_member(:third_party_firewall_missing_firewall_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingFirewallViolation, location_name: "ThirdPartyFirewallMissingFirewallViolation"))
+    ResourceViolation.add_member(:third_party_firewall_missing_subnet_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingSubnetViolation, location_name: "ThirdPartyFirewallMissingSubnetViolation"))
+    ResourceViolation.add_member(:third_party_firewall_missing_expected_route_table_violation, Shapes::ShapeRef.new(shape: ThirdPartyFirewallMissingExpectedRouteTableViolation, location_name: "ThirdPartyFirewallMissingExpectedRouteTableViolation"))
+    ResourceViolation.add_member(:firewall_subnet_missing_vpc_endpoint_violation, Shapes::ShapeRef.new(shape: FirewallSubnetMissingVPCEndpointViolation, location_name: "FirewallSubnetMissingVPCEndpointViolation"))
     ResourceViolation.struct_class = Types::ResourceViolation
     ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
@@ -844,6 +903,34 @@ module Aws::FMS
     TargetViolationReasons.member = Shapes::ShapeRef.new(shape: TargetViolationReason)
+    ThirdPartyFirewallFirewallPolicies.member = Shapes::ShapeRef.new(shape: ThirdPartyFirewallFirewallPolicy)
+    ThirdPartyFirewallFirewallPolicy.add_member(:firewall_policy_id, Shapes::ShapeRef.new(shape: FirewallPolicyId, location_name: "FirewallPolicyId"))
+    ThirdPartyFirewallFirewallPolicy.add_member(:firewall_policy_name, Shapes::ShapeRef.new(shape: FirewallPolicyName, location_name: "FirewallPolicyName"))
+    ThirdPartyFirewallFirewallPolicy.struct_class = Types::ThirdPartyFirewallFirewallPolicy
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:current_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentRouteTable"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.add_member(:expected_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedRouteTable"))
+    ThirdPartyFirewallMissingExpectedRouteTableViolation.struct_class = Types::ThirdPartyFirewallMissingExpectedRouteTableViolation
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    ThirdPartyFirewallMissingFirewallViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
+    ThirdPartyFirewallMissingFirewallViolation.struct_class = Types::ThirdPartyFirewallMissingFirewallViolation
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
+    ThirdPartyFirewallMissingSubnetViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
+    ThirdPartyFirewallMissingSubnetViolation.struct_class = Types::ThirdPartyFirewallMissingSubnetViolation
+    ThirdPartyFirewallPolicy.add_member(:firewall_deployment_model, Shapes::ShapeRef.new(shape: FirewallDeploymentModel, location_name: "FirewallDeploymentModel"))
+    ThirdPartyFirewallPolicy.struct_class = Types::ThirdPartyFirewallPolicy
     UntagResourceRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
     UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeyList, required: true, location_name: "TagKeys"))
     UntagResourceRequest.struct_class = Types::UntagResourceRequest
@@ -891,6 +978,18 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
+      api.add_operation(:associate_third_party_firewall, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "AssociateThirdPartyFirewall"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: AssociateThirdPartyFirewallRequest)
+        o.output = Shapes::ShapeRef.new(shape: AssociateThirdPartyFirewallResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
       api.add_operation(:delete_apps_list, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteAppsList"
         o.http_method = "POST"
@@ -948,6 +1047,18 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
       end)
+      api.add_operation(:disassociate_third_party_firewall, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DisassociateThirdPartyFirewall"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DisassociateThirdPartyFirewallRequest)
+        o.output = Shapes::ShapeRef.new(shape: DisassociateThirdPartyFirewallResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
       api.add_operation(:get_admin_account, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetAdminAccount"
         o.http_method = "POST"
@@ -1027,6 +1138,18 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
       end)
+      api.add_operation(:get_third_party_firewall_association_status, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetThirdPartyFirewallAssociationStatus"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetThirdPartyFirewallAssociationStatusRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetThirdPartyFirewallAssociationStatusResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
       api.add_operation(:get_violation_details, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetViolationDetails"
         o.http_method = "POST"
@@ -1135,6 +1258,24 @@ module Aws::FMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
       end)
+      api.add_operation(:list_third_party_firewall_firewall_policies, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListThirdPartyFirewallFirewallPolicies"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListThirdPartyFirewallFirewallPoliciesRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListThirdPartyFirewallFirewallPoliciesResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_results",
+          tokens: {
+            "next_token" => "next_token"
+          }
+        )
+      end)
       api.add_operation(:put_apps_list, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutAppsList"
         o.http_method = "POST"

data/lib/aws-sdk-fms/types.rb CHANGED Viewed

@@ -200,6 +200,54 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass AssociateThirdPartyFirewallRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallRequest AWS API Documentation
+    #
+    class AssociateThirdPartyFirewallRequest < Struct.new(
+      :third_party_firewall)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_status
+    #   The current status for setting a Firewall Manager policy
+    #   administrator's account as an administrator of the third-party
+    #   firewall tenant.
+    #
+    #   * `ONBOARDING` - The Firewall Manager policy administrator is being
+    #     designated as a tenant administrator.
+    #
+    #   * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is
+    #     designated as a tenant administrator.
+    #
+    #   * `OFFBOARDING` - The Firewall Manager policy administrator is being
+    #     removed as a tenant administrator.
+    #
+    #   * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator
+    #     has been removed as a tenant administrator.
+    #
+    #   * `NOT_EXIST` - The Firewall Manager policy administrator doesn't
+    #     exist as a tenant administrator.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallResponse AWS API Documentation
+    #
+    class AssociateThirdPartyFirewallResponse < Struct.new(
+      :third_party_firewall_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Violation detail for an EC2 instance resource.
     #
     # @!attribute [rw] violation_target
@@ -418,6 +466,38 @@ module Aws::FMS
     #
     class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
+    # @note When making an API call, you may pass DisassociateThirdPartyFirewallRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallRequest AWS API Documentation
+    #
+    class DisassociateThirdPartyFirewallRequest < Struct.new(
+      :third_party_firewall)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_status
+    #   The current status for the disassociation of a Firewall Manager
+    #   administrators account with a third-party firewall.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallResponse AWS API Documentation
+    #
+    class DisassociateThirdPartyFirewallResponse < Struct.new(
+      :third_party_firewall_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # A DNS Firewall rule group that Firewall Manager tried to associate
     # with a VPC is already associated with the VPC and can't be associated
     # again.
@@ -883,6 +963,36 @@ module Aws::FMS
       include Aws::Structure
     end
+    # The violation details for a firewall subnet's VPC endpoint that's
+    # deleted or missing.
+    #
+    # @!attribute [rw] firewall_subnet_id
+    #   The ID of the firewall that this VPC endpoint is associated with.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc_id
+    #   The resource ID of the VPC associated with the deleted VPC subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] subnet_availability_zone
+    #   The name of the Availability Zone of the deleted VPC subnet.
+    #   @return [String]
+    #
+    # @!attribute [rw] subnet_availability_zone_id
+    #   The ID of the Availability Zone of the deleted VPC subnet.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FirewallSubnetMissingVPCEndpointViolation AWS API Documentation
+    #
+    class FirewallSubnetMissingVPCEndpointViolation < Struct.new(
+      :firewall_subnet_id,
+      :vpc_id,
+      :subnet_availability_zone,
+      :subnet_availability_zone_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountRequest AWS API Documentation
@@ -1213,6 +1323,73 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass GetThirdPartyFirewallAssociationStatusRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusRequest AWS API Documentation
+    #
+    class GetThirdPartyFirewallAssociationStatusRequest < Struct.new(
+      :third_party_firewall)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_status
+    #   The current status for setting a Firewall Manager policy
+    #   administrators account as an administrator of the third-party
+    #   firewall tenant.
+    #
+    #   * `ONBOARDING` - The Firewall Manager policy administrator is being
+    #     designated as a tenant administrator.
+    #
+    #   * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is
+    #     designated as a tenant administrator.
+    #
+    #   * `OFFBOARDING` - The Firewall Manager policy administrator is being
+    #     removed as a tenant administrator.
+    #
+    #   * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator
+    #     has been removed as a tenant administrator.
+    #
+    #   * `NOT_EXIST` - The Firewall Manager policy administrator doesn't
+    #     exist as a tenant administrator.
+    #   @return [String]
+    #
+    # @!attribute [rw] marketplace_onboarding_status
+    #   The status for subscribing to the third-party firewall vendor in the
+    #   AWS Marketplace.
+    #
+    #   * `NO_SUBSCRIPTION` - The Firewall Manager policy administrator
+    #     isn't subscribed to the third-party firewall service in the AWS
+    #     Marketplace.
+    #
+    #   * `NOT_COMPLETE` - The Firewall Manager policy administrator is in
+    #     the process of subscribing to the third-party firewall service in
+    #     the Amazon Web Services Marketplace, but doesn't yet have an
+    #     active subscription.
+    #
+    #   * `COMPLETE` - The Firewall Manager policy administrator has an
+    #     active subscription to the third-party firewall service in the
+    #     Amazon Web Services Marketplace.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusResponse AWS API Documentation
+    #
+    class GetThirdPartyFirewallAssociationStatusResponse < Struct.new(
+      :third_party_firewall_status,
+      :marketplace_onboarding_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass GetViolationDetailsRequest
     #   data as a hash:
     #
@@ -1683,6 +1860,74 @@ module Aws::FMS
       include Aws::Structure
     end
+    # @note When making an API call, you may pass ListThirdPartyFirewallFirewallPoliciesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
+    #         next_token: "PaginationToken",
+    #         max_results: 1, # required
+    #       }
+    #
+    # @!attribute [rw] third_party_firewall
+    #   The name of the third-party firewall vendor.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   If the previous response included a `NextToken` element, the
+    #   specified third-party firewall vendor is associated with more
+    #   third-party firewall policies. To get more third-party firewall
+    #   policies, submit another
+    #   `ListThirdPartyFirewallFirewallPoliciesRequest` request.
+    #
+    #   For the value of `NextToken`, specify the value of `NextToken` from
+    #   the previous response. If the previous response didn't include a
+    #   `NextToken` element, there are no more third-party firewall policies
+    #   to get.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of third-party firewall policies that you want
+    #   Firewall Manager to return. If the specified third-party firewall
+    #   vendor is associated with more than `MaxResults` firewall policies,
+    #   the response includes a `NextToken` element. `NextToken` contains an
+    #   encrypted token that identifies the first third-party firewall
+    #   policies that Firewall Manager will return if you submit another
+    #   request.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesRequest AWS API Documentation
+    #
+    class ListThirdPartyFirewallFirewallPoliciesRequest < Struct.new(
+      :third_party_firewall,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] third_party_firewall_firewall_policies
+    #   A list that contains one `ThirdPartyFirewallFirewallPolicies`
+    #   element for each third-party firewall policies that the specified
+    #   third-party firewall vendor is associated with. Each
+    #   `ThirdPartyFirewallFirewallPolicies` element contains the firewall
+    #   policy name and ID.
+    #   @return [Array<Types::ThirdPartyFirewallFirewallPolicy>]
+    #
+    # @!attribute [rw] next_token
+    #   The value that you will use for `NextToken` in the next
+    #   `ListThirdPartyFirewallFirewallPolicies` request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesResponse AWS API Documentation
+    #
+    class ListThirdPartyFirewallFirewallPoliciesResponse < Struct.new(
+      :third_party_firewall_firewall_policies,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # Violation detail for an internet gateway route with an inactive state
     # in the customer subnet route table or Network Firewall subnet route
     # table.
@@ -2026,7 +2271,7 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #       }
     #
     # @!attribute [rw] firewall_deployment_model
@@ -2208,11 +2453,14 @@ module Aws::FMS
     #         policy_name: "ResourceName", # required
     #         policy_update_token: "PolicyUpdateToken",
     #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #           managed_service_data: "ManagedServiceData",
     #           policy_option: {
     #             network_firewall_policy: {
-    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #             },
+    #             third_party_firewall_policy: {
+    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #             },
     #           },
     #         },
@@ -2295,9 +2543,6 @@ module Aws::FMS
     #   `ResourceTag` array are not in scope of the policy. If set to
     #   `False`, and the `ResourceTag` array is not null, only resources
     #   with the specified tags are in scope of the policy.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Boolean]
     #
     # @!attribute [rw] remediation_enabled
@@ -2348,9 +2593,6 @@ module Aws::FMS
     #     a comma. For example, the following is a valid map: `\{“ACCOUNT” :
     #     [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
     #     “ouid112”]\}`.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Hash<String,Array<String>>]
     #
     # @!attribute [rw] exclude_map
@@ -2381,9 +2623,6 @@ module Aws::FMS
     #     a comma. For example, the following is a valid map: `\{“ACCOUNT” :
     #     [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
     #     “ouid112”]\}`.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Hash<String,Array<String>>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
@@ -2517,7 +2756,10 @@ module Aws::FMS
     #
     #       {
     #         network_firewall_policy: {
-    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #         },
+    #         third_party_firewall_policy: {
+    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #         },
     #       }
     #
@@ -2525,10 +2767,15 @@ module Aws::FMS
     #   Defines the deployment model to use for the firewall policy.
     #   @return [Types::NetworkFirewallPolicy]
     #
+    # @!attribute [rw] third_party_firewall_policy
+    #   Defines the policy options for a third-party firewall policy.
+    #   @return [Types::ThirdPartyFirewallPolicy]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyOption AWS API Documentation
     #
     class PolicyOption < Struct.new(
-      :network_firewall_policy)
+      :network_firewall_policy,
+      :third_party_firewall_policy)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2847,11 +3094,14 @@ module Aws::FMS
     #           policy_name: "ResourceName", # required
     #           policy_update_token: "PolicyUpdateToken",
     #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #             managed_service_data: "ManagedServiceData",
     #             policy_option: {
     #               network_firewall_policy: {
-    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #               },
+    #               third_party_firewall_policy: {
+    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #               },
     #             },
     #           },
@@ -3201,6 +3451,27 @@ module Aws::FMS
     #   scope.
     #   @return [Types::RouteHasOutOfScopeEndpointViolation]
     #
+    # @!attribute [rw] third_party_firewall_missing_firewall_violation
+    #   The violation details for a third-party firewall that's been
+    #   deleted.
+    #   @return [Types::ThirdPartyFirewallMissingFirewallViolation]
+    #
+    # @!attribute [rw] third_party_firewall_missing_subnet_violation
+    #   The violation details for a third-party firewall's subnet that's
+    #   been deleted.
+    #   @return [Types::ThirdPartyFirewallMissingSubnetViolation]
+    #
+    # @!attribute [rw] third_party_firewall_missing_expected_route_table_violation
+    #   The violation details for a third-party firewall that has the
+    #   Firewall Manager managed route table that was associated with the
+    #   third-party firewall has been deleted.
+    #   @return [Types::ThirdPartyFirewallMissingExpectedRouteTableViolation]
+    #
+    # @!attribute [rw] firewall_subnet_missing_vpc_endpoint_violation
+    #   The violation details for a third-party firewall's VPC endpoint
+    #   subnet that was deleted.
+    #   @return [Types::FirewallSubnetMissingVPCEndpointViolation]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
     #
     class ResourceViolation < Struct.new(
@@ -3222,7 +3493,11 @@ module Aws::FMS
       :dns_rule_group_limit_exceeded_violation,
       :possible_remediation_actions,
       :firewall_subnet_is_out_of_scope_violation,
-      :route_has_out_of_scope_endpoint_violation)
+      :route_has_out_of_scope_endpoint_violation,
+      :third_party_firewall_missing_firewall_violation,
+      :third_party_firewall_missing_subnet_violation,
+      :third_party_firewall_missing_expected_route_table_violation,
+      :firewall_subnet_missing_vpc_endpoint_violation)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3406,11 +3681,14 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #         policy_option: {
     #           network_firewall_policy: {
-    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #           },
+    #           third_party_firewall_policy: {
+    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
     #           },
     #         },
     #       }
@@ -3439,12 +3717,15 @@ module Aws::FMS
     #
     #      </note>
     #
-    #   * Example: `NETWORK_FIREWALL` - Centralized deployment model.
+    #   * Example: `DNS_FIREWALL`
+    #
+    #     `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
     #
-    #     `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"`
+    #     <note markdown="1"> Valid values for `preProcessRuleGroups` are between 1 and 99.
+    #     Valid values for `postProcessRuleGroups` are between 9901 and
+    #     10000.
     #
-    #     To use the centralized deployment model, you must set
-    #     [PolicyOption][1] to `CENTRALIZED`.
+    #      </note>
     #
     #   * Example: `NETWORK_FIREWALL` - Distributed deployment model with
     #     automatic Availability Zone configuration. With automatic
@@ -3588,6 +3869,10 @@ module Aws::FMS
     #     "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
     #     "overrideExistingConfig":boolean \} \}"`
     #
+    #   * Example: `PARTNER_FIREWALL` for Firewall Manager
+    #
+    #     `"\{"type":"THIRD_PARTY_FIREWALL","thirdPartyrFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW","thirdPartyFirewallConfig":\{"thirdPartyFirewallPolicyList":["global-123456789012-1"],"networkFirewallLoggingConfiguration":null\},"firewallDeploymentModel":\{"distributedFirewallDeploymentModel":\{"distributedFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.1.0/28"]\}]\}\},"allowedIPV4CidrList":null\},"distributedRouteManagementConfig":null\},"centralizedFirewallDeploymentModel":null\}\}""`
+    #
     #   * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
     #     distributions
     #
@@ -3626,6 +3911,18 @@ module Aws::FMS
     #     "overrideAction" : \{"type": "COUNT"\}\}],
     #     "defaultAction": \{"type": "BLOCK"\}\}"`
     #
+    #   * Example: `WAFV2` - Firewall Manager support for WAF managed rule
+    #     group versioning
+    #
+    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
+    #
+    #     To use a specific version of a WAF managed rule group in your
+    #     Firewall Manager policy, you must set `versionEnabled` to `true`,
+    #     and set `version` to the version you'd like to use. If you don't
+    #     set `versionEnabled` to `true`, or if you omit `versionEnabled`,
+    #     then Firewall Manager uses the default version of the WAF managed
+    #     rule group.
+    #
     #   * Example: `SECURITY_GROUPS_COMMON`
     #
     #     `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
@@ -3793,6 +4090,153 @@ module Aws::FMS
     #
     class TagResourceResponse < Aws::EmptyStructure; end
+    # Configures the firewall policy deployment model for a third-party
+    # firewall. The deployment model can either be distributed or
+    # centralized.
+    #
+    # @!attribute [rw] firewall_policy_id
+    #   The ID of the specified firewall policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_policy_name
+    #   The name of the specified firewall policy.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallFirewallPolicy AWS API Documentation
+    #
+    class ThirdPartyFirewallFirewallPolicy < Struct.new(
+      :firewall_policy_id,
+      :firewall_policy_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The violation details for a third-party firewall that's not
+    # associated with an Firewall Manager managed route table.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the third-party firewall or VPC resource that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a fireawll subnet that's
+    #   causing the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of the firewall subnet that's causing the
+    #   violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] current_route_table
+    #   The resource ID of the current route table that's associated with
+    #   the subnet, if one is available.
+    #   @return [String]
+    #
+    # @!attribute [rw] expected_route_table
+    #   The resource ID of the route table that should be associated with
+    #   the subnet.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingExpectedRouteTableViolation AWS API Documentation
+    #
+    class ThirdPartyFirewallMissingExpectedRouteTableViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :current_route_table,
+      :expected_route_table)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The violation details about a third-party firewall's subnet that
+    # doesn't have a Firewall Manager managed firewall in its VPC.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the third-party firewall that's causing the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a third-party firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of the third-party firewall that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource is causing this violation, if a reason is
+    #   available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingFirewallViolation AWS API Documentation
+    #
+    class ThirdPartyFirewallMissingFirewallViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # The violation details for a third-party firewall for an Availability
+    # Zone that's missing the Firewall Manager managed subnet.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the third-party firewall or VPC resource that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] vpc
+    #   The resource ID of the VPC associated with a subnet that's causing
+    #   the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The Availability Zone of a subnet that's causing the violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_violation_reason
+    #   The reason the resource is causing the violation, if a reason is
+    #   available.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingSubnetViolation AWS API Documentation
+    #
+    class ThirdPartyFirewallMissingSubnetViolation < Struct.new(
+      :violation_target,
+      :vpc,
+      :availability_zone,
+      :target_violation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # Configures the policy for the third-party firewall.
+    #
+    # @note When making an API call, you may pass ThirdPartyFirewallPolicy
+    #   data as a hash:
+    #
+    #       {
+    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
+    #       }
+    #
+    # @!attribute [rw] firewall_deployment_model
+    #   Defines the deployment model to use for the third-party firewall.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallPolicy AWS API Documentation
+    #
+    class ThirdPartyFirewallPolicy < Struct.new(
+      :firewall_deployment_model)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # @note When making an API call, you may pass UntagResourceRequest
     #   data as a hash:
     #
@@ -3851,9 +4295,6 @@ module Aws::FMS
     #
     # @!attribute [rw] resource_tags
     #   The `ResourceTag` objects associated with the resource.
-    #
-    #   This option isn't available for the centralized deployment model
-    #   when creating policies to configure Network Firewall.
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] resource_description

data/lib/aws-sdk-fms.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-fms/customizations'
 # @!group service
 module Aws::FMS
-  GEM_VERSION = '1.48.0'
+  GEM_VERSION = '1.49.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.48.0
+  version: 1.49.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-24 00:00:00.000000000 Z
+date: 2022-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core