aws-sdk-fms 1.52.0 → 1.54.0

data/lib/aws-sdk-fms/types.rb

@@ -31,15 +31,6 @@ module Aws::FMS
 
     # An individual Firewall Manager application.
     #
-    # @note When making an API call, you may pass App
-    #   data as a hash:
-    #
-    #       {
-    #         app_name: "ResourceName", # required
-    #         protocol: "Protocol", # required
-    #         port: 1, # required
-    #       }
-    #
     # @!attribute [rw] app_name
     #   The application's name.
     #   @return [String]
@@ -70,33 +61,6 @@ module Aws::FMS
 
     # An Firewall Manager applications list.
     #
-    # @note When making an API call, you may pass AppsListData
-    #   data as a hash:
-    #
-    #       {
-    #         list_id: "ListId",
-    #         list_name: "ResourceName", # required
-    #         list_update_token: "UpdateToken",
-    #         create_time: Time.now,
-    #         last_update_time: Time.now,
-    #         apps_list: [ # required
-    #           {
-    #             app_name: "ResourceName", # required
-    #             protocol: "Protocol", # required
-    #             port: 1, # required
-    #           },
-    #         ],
-    #         previous_apps_list: {
-    #           "PreviousListVersion" => [
-    #             {
-    #               app_name: "ResourceName", # required
-    #               protocol: "Protocol", # required
-    #               port: 1, # required
-    #             },
-    #           ],
-    #         },
-    #       }
-    #
     # @!attribute [rw] list_id
     #   The ID of the Firewall Manager applications list.
     #   @return [String]
@@ -173,13 +137,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass AssociateAdminAccountRequest
-    #   data as a hash:
-    #
-    #       {
-    #         admin_account: "AWSAccountId", # required
-    #       }
-    #
     # @!attribute [rw] admin_account
     #   The Amazon Web Services account ID to associate with Firewall
     #   Manager as the Firewall Manager administrator account. This must be
@@ -200,13 +157,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass AssociateThirdPartyFirewallRequest
-    #   data as a hash:
-    #
-    #       {
-    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
-    #       }
-    #
     # @!attribute [rw] third_party_firewall
     #   The name of the third-party firewall vendor.
     #   @return [String]
@@ -320,6 +270,82 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_set_identifier
+    #   A unique identifier for the resource set, used in a TODO to refer to
+    #   the resource set.
+    #   @return [String]
+    #
+    # @!attribute [rw] items
+    #   The uniform resource identifiers (URIs) of resources that should be
+    #   associated to the resource set. The URIs must be Amazon Resource
+    #   Names (ARNs).
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchAssociateResourceRequest AWS API Documentation
+    #
+    class BatchAssociateResourceRequest < Struct.new(
+      :resource_set_identifier,
+      :items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_set_identifier
+    #   A unique identifier for the resource set, used in a TODO to refer to
+    #   the resource set.
+    #   @return [String]
+    #
+    # @!attribute [rw] failed_items
+    #   The resources that failed to associate to the resource set.
+    #   @return [Array<Types::FailedItem>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchAssociateResourceResponse AWS API Documentation
+    #
+    class BatchAssociateResourceResponse < Struct.new(
+      :resource_set_identifier,
+      :failed_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_set_identifier
+    #   A unique identifier for the resource set, used in a TODO to refer to
+    #   the resource set.
+    #   @return [String]
+    #
+    # @!attribute [rw] items
+    #   The uniform resource identifiers (URI) of resources that should be
+    #   disassociated from the resource set. The URIs must be Amazon
+    #   Resource Names (ARNs).
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchDisassociateResourceRequest AWS API Documentation
+    #
+    class BatchDisassociateResourceRequest < Struct.new(
+      :resource_set_identifier,
+      :items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_set_identifier
+    #   A unique identifier for the resource set, used in a TODO to refer to
+    #   the resource set.
+    #   @return [String]
+    #
+    # @!attribute [rw] failed_items
+    #   The resources that failed to disassociate from the resource set.
+    #   @return [Array<Types::FailedItem>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchDisassociateResourceResponse AWS API Documentation
+    #
+    class BatchDisassociateResourceResponse < Struct.new(
+      :resource_set_identifier,
+      :failed_items)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details of the resource that is not protected by the policy.
     #
     # @!attribute [rw] resource_id
@@ -358,13 +384,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteAppsListRequest
-    #   data as a hash:
-    #
-    #       {
-    #         list_id: "ListId", # required
-    #       }
-    #
     # @!attribute [rw] list_id
     #   The ID of the applications list that you want to delete. You can
     #   retrieve this ID from `PutAppsList`, `ListAppsLists`, and
@@ -385,14 +404,6 @@ module Aws::FMS
     #
     class DeleteNotificationChannelRequest < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass DeletePolicyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy_id: "PolicyId", # required
-    #         delete_all_policy_resources: false,
-    #       }
-    #
     # @!attribute [rw] policy_id
     #   The ID of the policy that you want to delete. You can retrieve this
     #   ID from `PutPolicy` and `ListPolicies`.
@@ -439,13 +450,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteProtocolsListRequest
-    #   data as a hash:
-    #
-    #       {
-    #         list_id: "ListId", # required
-    #       }
-    #
     # @!attribute [rw] list_id
     #   The ID of the protocols list that you want to delete. You can
     #   retrieve this ID from `PutProtocolsList`, `ListProtocolsLists`, and
@@ -460,19 +464,25 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # @!attribute [rw] identifier
+    #   A unique identifier for the resource set, used in a TODO to refer to
+    #   the resource set.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteResourceSetRequest AWS API Documentation
+    #
+    class DeleteResourceSetRequest < Struct.new(
+      :identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateAdminAccountRequest AWS API Documentation
     #
     class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass DisassociateThirdPartyFirewallRequest
-    #   data as a hash:
-    #
-    #       {
-    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
-    #       }
-    #
     # @!attribute [rw] third_party_firewall
     #   The name of the third-party firewall vendor.
     #   @return [String]
@@ -498,6 +508,37 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # A resource in the organization that's available to be associated with
+    # a Firewall Manager resource set.
+    #
+    # @!attribute [rw] uri
+    #   The universal resource identifier (URI) of the discovered resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The Amazon Web Services account ID associated with the discovered
+    #   resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of the discovered resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the discovered resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DiscoveredResource AWS API Documentation
+    #
+    class DiscoveredResource < Struct.new(
+      :uri,
+      :account_id,
+      :type,
+      :name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A DNS Firewall rule group that Firewall Manager tried to associate
     # with a VPC is already associated with the VPC and can't be associated
     # again.
@@ -925,6 +966,26 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # Details of a resource that failed when trying to update it's
+    # association to a resource set.
+    #
+    # @!attribute [rw] uri
+    #   The univeral resource indicator (URI) of the resource that failed.
+    #   @return [String]
+    #
+    # @!attribute [rw] reason
+    #   The reason the resource's association could not be updated.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FailedItem AWS API Documentation
+    #
+    class FailedItem < Struct.new(
+      :uri,
+      :reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains details about the firewall subnet that violates the policy
     # scope.
     #
@@ -1018,14 +1079,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetAppsListRequest
-    #   data as a hash:
-    #
-    #       {
-    #         list_id: "ListId", # required
-    #         default_list: false,
-    #       }
-    #
     # @!attribute [rw] list_id
     #   The ID of the Firewall Manager applications list that you want the
     #   details for.
@@ -1062,14 +1115,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetComplianceDetailRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy_id: "PolicyId", # required
-    #         member_account: "AWSAccountId", # required
-    #       }
-    #
     # @!attribute [rw] policy_id
     #   The ID of the policy that you want to get the details for.
     #   `PolicyId` is returned by `PutPolicy` and by `ListPolicies`.
@@ -1126,13 +1171,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetPolicyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy_id: "PolicyId", # required
-    #       }
-    #
     # @!attribute [rw] policy_id
     #   The ID of the Firewall Manager policy that you want the details for.
     #   @return [String]
@@ -1162,18 +1200,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetProtectionStatusRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy_id: "PolicyId", # required
-    #         member_account_id: "AWSAccountId",
-    #         start_time: Time.now,
-    #         end_time: Time.now,
-    #         next_token: "PaginationToken",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] policy_id
     #   The ID of the policy for which you want to get the attack
     #   information.
@@ -1279,14 +1305,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetProtocolsListRequest
-    #   data as a hash:
-    #
-    #       {
-    #         list_id: "ListId", # required
-    #         default_list: false,
-    #       }
-    #
     # @!attribute [rw] list_id
     #   The ID of the Firewall Manager protocols list that you want the
     #   details for.
@@ -1323,13 +1341,36 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetThirdPartyFirewallAssociationStatusRequest
-    #   data as a hash:
+    # @!attribute [rw] identifier
+    #   A unique identifier for the resource set, used in a TODO to refer to
+    #   the resource set.
+    #   @return [String]
     #
-    #       {
-    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
-    #       }
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetResourceSetRequest AWS API Documentation
     #
+    class GetResourceSetRequest < Struct.new(
+      :identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_set
+    #   Information about the specified resource set.
+    #   @return [Types::ResourceSet]
+    #
+    # @!attribute [rw] resource_set_arn
+    #   The Amazon Resource Name (ARN) of the resource set.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetResourceSetResponse AWS API Documentation
+    #
+    class GetResourceSetResponse < Struct.new(
+      :resource_set,
+      :resource_set_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] third_party_firewall
     #   The name of the third-party firewall vendor.
     #   @return [String]
@@ -1390,16 +1431,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetViolationDetailsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy_id: "PolicyId", # required
-    #         member_account: "AWSAccountId", # required
-    #         resource_id: "ResourceId", # required
-    #         resource_type: "ResourceType", # required
-    #       }
-    #
     # @!attribute [rw] policy_id
     #   The ID of the Firewall Manager policy that you want the details for.
     #   This currently only supports security group content audit policies.
@@ -1527,15 +1558,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListAppsListsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         default_lists: false,
-    #         next_token: "PaginationToken",
-    #         max_results: 1, # required
-    #       }
-    #
     # @!attribute [rw] default_lists
     #   Specifies whether the lists to retrieve are default lists owned by
     #   Firewall Manager.
@@ -1589,15 +1611,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListComplianceStatusRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy_id: "PolicyId", # required
-    #         next_token: "PaginationToken",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] policy_id
     #   The ID of the Firewall Manager policy that you want the details for.
     #   @return [String]
@@ -1653,14 +1666,63 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListMemberAccountsRequest
-    #   data as a hash:
+    # @!attribute [rw] member_account_ids
+    #   The Amazon Web Services account IDs to discover resources in. Only
+    #   one account is supported per request. The account must be a member
+    #   of your organization.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] resource_type
+    #   The type of resources to discover.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, Firewall Manager provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Firewall Manager returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListDiscoveredResourcesRequest AWS API Documentation
+    #
+    class ListDiscoveredResourcesRequest < Struct.new(
+      :member_account_ids,
+      :resource_type,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] items
+    #   Details of the resources that were discovered.
+    #   @return [Array<Types::DiscoveredResource>]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Firewall Manager returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
     #
-    #       {
-    #         next_token: "PaginationToken",
-    #         max_results: 1,
-    #       }
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListDiscoveredResourcesResponse AWS API Documentation
     #
+    class ListDiscoveredResourcesResponse < Struct.new(
+      :items,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` and you have more account
     #   IDs than the number that you specify for `MaxResults`, Firewall
@@ -1709,14 +1771,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListPoliciesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         next_token: "PaginationToken",
-    #         max_results: 1,
-    #       }
-    #
     # @!attribute [rw] next_token
     #   If you specify a value for `MaxResults` and you have more
     #   `PolicySummary` objects than the number that you specify for
@@ -1765,15 +1819,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListProtocolsListsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         default_lists: false,
-    #         next_token: "PaginationToken",
-    #         max_results: 1, # required
-    #       }
-    #
     # @!attribute [rw] default_lists
     #   Specifies whether the lists to retrieve are default lists owned by
     #   Firewall Manager.
@@ -1827,13 +1872,103 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListTagsForResourceRequest
-    #   data as a hash:
+    # @!attribute [rw] identifier
+    #   A unique identifier for the resource set, used in a TODO to refer to
+    #   the resource set.
+    #   @return [String]
     #
-    #       {
-    #         resource_arn: "ResourceArn", # required
-    #       }
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, Firewall Manager provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Firewall Manager returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetResourcesRequest AWS API Documentation
+    #
+    class ListResourceSetResourcesRequest < Struct.new(
+      :identifier,
+      :max_results,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] items
+    #   An array of the associated resources' uniform resource identifiers
+    #   (URI).
+    #   @return [Array<Types::Resource>]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Firewall Manager returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetResourcesResponse AWS API Documentation
+    #
+    class ListResourceSetResourcesResponse < Struct.new(
+      :items,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Firewall Manager returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want Firewall Manager to
+    #   return for this request. If more objects are available, in the
+    #   response, Firewall Manager provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetsRequest AWS API Documentation
+    #
+    class ListResourceSetsRequest < Struct.new(
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_sets
+    #   An array of `ResourceSetSummary` objects.
+    #   @return [Array<Types::ResourceSetSummary>]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Firewall Manager returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetsResponse AWS API Documentation
     #
+    class ListResourceSetsResponse < Struct.new(
+      :resource_sets,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
     #   The Firewall Manager resources that support tagging are policies,
@@ -1860,15 +1995,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListThirdPartyFirewallFirewallPoliciesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
-    #         next_token: "PaginationToken",
-    #         max_results: 1, # required
-    #       }
-    #
     # @!attribute [rw] third_party_firewall
     #   The name of the third-party firewall vendor.
     #   @return [String]
@@ -2267,13 +2393,6 @@ module Aws::FMS
     #
     # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/architectures.html
     #
-    # @note When making an API call, you may pass NetworkFirewallPolicy
-    #   data as a hash:
-    #
-    #       {
-    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #       }
-    #
     # @!attribute [rw] firewall_deployment_model
     #   Defines the deployment model to use for the firewall policy. To use
     #   a distributed model, set [PolicyOption][1] to `NULL`.
@@ -2486,44 +2605,6 @@ module Aws::FMS
 
     # An Firewall Manager policy.
     #
-    # @note When making an API call, you may pass Policy
-    #   data as a hash:
-    #
-    #       {
-    #         policy_id: "PolicyId",
-    #         policy_name: "ResourceName", # required
-    #         policy_update_token: "PolicyUpdateToken",
-    #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
-    #           managed_service_data: "ManagedServiceData",
-    #           policy_option: {
-    #             network_firewall_policy: {
-    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #             },
-    #             third_party_firewall_policy: {
-    #               firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #             },
-    #           },
-    #         },
-    #         resource_type: "ResourceType", # required
-    #         resource_type_list: ["ResourceType"],
-    #         resource_tags: [
-    #           {
-    #             key: "ResourceTagKey", # required
-    #             value: "ResourceTagValue",
-    #           },
-    #         ],
-    #         exclude_resource_tags: false, # required
-    #         remediation_enabled: false, # required
-    #         delete_unused_fm_managed_resources: false,
-    #         include_map: {
-    #           "ACCOUNT" => ["CustomerPolicyScopeId"],
-    #         },
-    #         exclude_map: {
-    #           "ACCOUNT" => ["CustomerPolicyScopeId"],
-    #         },
-    #       }
-    #
     # @!attribute [rw] policy_id
     #   The ID of the Firewall Manager policy.
     #   @return [String]
@@ -2666,6 +2747,14 @@ module Aws::FMS
     #     “ouid112”]\}`.
     #   @return [Hash<String,Array<String>>]
     #
+    # @!attribute [rw] resource_set_ids
+    #   The unique identifiers of the resource sets used by the policy.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] policy_description
+    #   The definition of the Network Firewall firewall policy.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
     #
     class Policy < Struct.new(
@@ -2680,7 +2769,9 @@ module Aws::FMS
       :remediation_enabled,
       :delete_unused_fm_managed_resources,
       :include_map,
-      :exclude_map)
+      :exclude_map,
+      :resource_set_ids,
+      :policy_description)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2792,18 +2883,6 @@ module Aws::FMS
     # Contains the Network Firewall firewall policy options to configure the
     # policy's deployment model and third-party firewall policy settings.
     #
-    # @note When making an API call, you may pass PolicyOption
-    #   data as a hash:
-    #
-    #       {
-    #         network_firewall_policy: {
-    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #         },
-    #         third_party_firewall_policy: {
-    #           firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #         },
-    #       }
-    #
     # @!attribute [rw] network_firewall_policy
     #   Defines the deployment model to use for the firewall policy.
     #   @return [Types::NetworkFirewallPolicy]
@@ -2940,21 +3019,6 @@ module Aws::FMS
 
     # An Firewall Manager protocols list.
     #
-    # @note When making an API call, you may pass ProtocolsListData
-    #   data as a hash:
-    #
-    #       {
-    #         list_id: "ListId",
-    #         list_name: "ResourceName", # required
-    #         list_update_token: "UpdateToken",
-    #         create_time: Time.now,
-    #         last_update_time: Time.now,
-    #         protocols_list: ["Protocol"], # required
-    #         previous_protocols_list: {
-    #           "PreviousListVersion" => ["Protocol"],
-    #         },
-    #       }
-    #
     # @!attribute [rw] list_id
     #   The ID of the Firewall Manager protocols list.
     #   @return [String]
@@ -3030,41 +3094,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutAppsListRequest
-    #   data as a hash:
-    #
-    #       {
-    #         apps_list: { # required
-    #           list_id: "ListId",
-    #           list_name: "ResourceName", # required
-    #           list_update_token: "UpdateToken",
-    #           create_time: Time.now,
-    #           last_update_time: Time.now,
-    #           apps_list: [ # required
-    #             {
-    #               app_name: "ResourceName", # required
-    #               protocol: "Protocol", # required
-    #               port: 1, # required
-    #             },
-    #           ],
-    #           previous_apps_list: {
-    #             "PreviousListVersion" => [
-    #               {
-    #                 app_name: "ResourceName", # required
-    #                 protocol: "Protocol", # required
-    #                 port: 1, # required
-    #               },
-    #             ],
-    #           },
-    #         },
-    #         tag_list: [
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue", # required
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] apps_list
     #   The details of the Firewall Manager applications list to be created.
     #   @return [Types::AppsListData]
@@ -3099,14 +3128,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutNotificationChannelRequest
-    #   data as a hash:
-    #
-    #       {
-    #         sns_topic_arn: "ResourceArn", # required
-    #         sns_role_name: "ResourceArn", # required
-    #       }
-    #
     # @!attribute [rw] sns_topic_arn
     #   The Amazon Resource Name (ARN) of the SNS topic that collects
     #   notifications from Firewall Manager.
@@ -3126,52 +3147,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutPolicyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy: { # required
-    #           policy_id: "PolicyId",
-    #           policy_name: "ResourceName", # required
-    #           policy_update_token: "PolicyUpdateToken",
-    #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
-    #             managed_service_data: "ManagedServiceData",
-    #             policy_option: {
-    #               network_firewall_policy: {
-    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #               },
-    #               third_party_firewall_policy: {
-    #                 firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #               },
-    #             },
-    #           },
-    #           resource_type: "ResourceType", # required
-    #           resource_type_list: ["ResourceType"],
-    #           resource_tags: [
-    #             {
-    #               key: "ResourceTagKey", # required
-    #               value: "ResourceTagValue",
-    #             },
-    #           ],
-    #           exclude_resource_tags: false, # required
-    #           remediation_enabled: false, # required
-    #           delete_unused_fm_managed_resources: false,
-    #           include_map: {
-    #             "ACCOUNT" => ["CustomerPolicyScopeId"],
-    #           },
-    #           exclude_map: {
-    #             "ACCOUNT" => ["CustomerPolicyScopeId"],
-    #           },
-    #         },
-    #         tag_list: [
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue", # required
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] policy
     #   The details of the Firewall Manager policy to be created.
     #   @return [Types::Policy]
@@ -3206,29 +3181,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutProtocolsListRequest
-    #   data as a hash:
-    #
-    #       {
-    #         protocols_list: { # required
-    #           list_id: "ListId",
-    #           list_name: "ResourceName", # required
-    #           list_update_token: "UpdateToken",
-    #           create_time: Time.now,
-    #           last_update_time: Time.now,
-    #           protocols_list: ["Protocol"], # required
-    #           previous_protocols_list: {
-    #             "PreviousListVersion" => ["Protocol"],
-    #           },
-    #         },
-    #         tag_list: [
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue", # required
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] protocols_list
     #   The details of the Firewall Manager protocols list to be created.
     #   @return [Types::ProtocolsListData]
@@ -3263,6 +3215,45 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_set
+    #   Details about the resource set to be created or updated.&gt;
+    #   @return [Types::ResourceSet]
+    #
+    # @!attribute [rw] tag_list
+    #   Retrieves the tags associated with the specified resource set. Tags
+    #   are key:value pairs that you can use to categorize and manage your
+    #   resources, for purposes like billing. For example, you might set the
+    #   tag key to "customer" and the value to the customer name or ID.
+    #   You can specify one or more tags to add to each Amazon Web Services
+    #   resource, up to 50 tags for a resource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutResourceSetRequest AWS API Documentation
+    #
+    class PutResourceSetRequest < Struct.new(
+      :resource_set,
+      :tag_list)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_set
+    #   Details about the resource set.
+    #   @return [Types::ResourceSet]
+    #
+    # @!attribute [rw] resource_set_arn
+    #   The Amazon Resource Name (ARN) of the resource set.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutResourceSetResponse AWS API Documentation
+    #
+    class PutResourceSetResponse < Struct.new(
+      :resource_set,
+      :resource_set_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about an individual action you can take to remediate a
     # violation.
     #
@@ -3339,6 +3330,27 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # Details of a resource that is associated to an Firewall Manager
+    # resource set.
+    #
+    # @!attribute [rw] uri
+    #   The resource's universal resource indicator (URI).
+    #   @return [String]
+    #
+    # @!attribute [rw] account_id
+    #   The Amazon Web Services account ID that the associated resource
+    #   belongs to.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Resource AWS API Documentation
+    #
+    class Resource < Struct.new(
+      :uri,
+      :account_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The specified resource was not found.
     #
     # @!attribute [rw] message
@@ -3352,6 +3364,100 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # A set of resources to include in a policy.
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the resource set. This ID is returned in the
+    #   responses to create and list commands. You provide it to operations
+    #   like update and delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The descriptive name of the resource set. You can't change the name
+    #   of a resource set after you create it.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the resource set.
+    #   @return [String]
+    #
+    # @!attribute [rw] update_token
+    #   An optional token that you can use for optimistic locking. Firewall
+    #   Manager returns a token to your requests that access the resource
+    #   set. The token marks the state of the resource set resource at the
+    #   time of the request. Update tokens are not allowed when creating a
+    #   resource set. After creation, each subsequent update call to the
+    #   resource set requires the update token.
+    #
+    #   To make an unconditional change to the resource set, omit the token
+    #   in your update request. Without the token, Firewall Manager performs
+    #   your updates regardless of whether the resource set has changed
+    #   since you last retrieved it.
+    #
+    #   To make a conditional change to the resource set, provide the token
+    #   in your update request. Firewall Manager uses the token to ensure
+    #   that the resource set hasn't changed since you last retrieved it.
+    #   If it has changed, the operation fails with an
+    #   `InvalidTokenException`. If this happens, retrieve the resource set
+    #   again to get a current copy of it with a new token. Reapply your
+    #   changes as needed, then try the operation again using the new token.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_type_list
+    #   Determines the resources that can be associated to the resource set.
+    #   Depending on your setting for max results and the number of resource
+    #   sets, a single call might not return the full list.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] last_update_time
+    #   The last time that the resource set was changed.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSet AWS API Documentation
+    #
+    class ResourceSet < Struct.new(
+      :id,
+      :name,
+      :description,
+      :update_token,
+      :resource_type_list,
+      :last_update_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Summarizes the resource sets used in a policy.
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the resource set. This ID is returned in the
+    #   responses to create and list commands. You provide it to operations
+    #   like update and delete.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The descriptive name of the resource set. You can't change the name
+    #   of a resource set after you create it.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the resource set.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_update_time
+    #   The last time that the resource set was changed.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSetSummary AWS API Documentation
+    #
+    class ResourceSetSummary < Struct.new(
+      :id,
+      :name,
+      :description,
+      :last_update_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The resource tags that Firewall Manager uses to determine if a
     # particular resource should be included or excluded from the Firewall
     # Manager policy. Tags enable you to categorize your Amazon Web Services
@@ -3366,14 +3472,6 @@ module Aws::FMS
     #
     # [1]: https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/tag-editor.html
     #
-    # @note When making an API call, you may pass ResourceTag
-    #   data as a hash:
-    #
-    #       {
-    #         key: "ResourceTagKey", # required
-    #         value: "ResourceTagValue",
-    #       }
-    #
     # @!attribute [rw] key
     #   The resource tag key.
     #   @return [String]
@@ -3718,22 +3816,6 @@ module Aws::FMS
     # Details about the security service that is being used to protect the
     # resources.
     #
-    # @note When making an API call, you may pass SecurityServicePolicyData
-    #   data as a hash:
-    #
-    #       {
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
-    #         managed_service_data: "ManagedServiceData",
-    #         policy_option: {
-    #           network_firewall_policy: {
-    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #           },
-    #           third_party_firewall_policy: {
-    #             firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #           },
-    #         },
-    #       }
-    #
     # @!attribute [rw] type
     #   The service that the policy is using to protect the resources. This
     #   specifies the type of policy that is created, either an WAF policy,
@@ -4049,14 +4131,6 @@ module Aws::FMS
     # "test," "development," or "production"). You can add up to 50
     # tags to each Amazon Web Services resource.
     #
-    # @note When making an API call, you may pass Tag
-    #   data as a hash:
-    #
-    #       {
-    #         key: "TagKey", # required
-    #         value: "TagValue", # required
-    #       }
-    #
     # @!attribute [rw] key
     #   Part of the key:value pair that defines a tag. You can use a tag key
     #   to describe a category of information, such as "customer." Tag
@@ -4078,19 +4152,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass TagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "ResourceArn", # required
-    #         tag_list: [ # required
-    #           {
-    #             key: "TagKey", # required
-    #             value: "TagValue", # required
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
     #   The Firewall Manager resources that support tagging are policies,
@@ -4240,13 +4301,6 @@ module Aws::FMS
 
     # Configures the deployment model for the third-party firewall.
     #
-    # @note When making an API call, you may pass ThirdPartyFirewallPolicy
-    #   data as a hash:
-    #
-    #       {
-    #         firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
-    #       }
-    #
     # @!attribute [rw] firewall_deployment_model
     #   Defines the deployment model to use for the third-party firewall
     #   policy.
@@ -4260,14 +4314,6 @@ module Aws::FMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UntagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         resource_arn: "ResourceArn", # required
-    #         tag_keys: ["TagKey"], # required
-    #       }
-    #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the resource to return tags for.
     #   The Firewall Manager resources that support tagging are policies,