aws-sdk-fms 1.35.0 → 1.36.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20a32ea3dfe057e35c1ce5d8e0ebb2e91f2a7abe83b19c0360579b2ed2791575
-  data.tar.gz: f667f1c9906d5b841ab2a51ce5763f7dd6c8437919677e563977e7cd7abd72c9
+  metadata.gz: 3c8a99fc75ac8e720319d7d845aa3c487189e179ecce7084ecf84ec12774b1a3
+  data.tar.gz: f875444f4cb29409f92afa7780b806d1633f09b5fe4ee93568a250570fc8fafd
 SHA512:
-  metadata.gz: a74b46fc030d341f85615458259a61d4805522feefa426c43e2564b859841c5e5bb699244d5bb581527a7929d052373fa86021501181fe6dfffc96fefd79092f
-  data.tar.gz: eea92677dde6c45c4a66819f8003e3e2bdacf331f0bc6ac7976128d5c9a5290eedfcaf51c33da8f3359aa6ef7d7f354cf1b59f86d45ff2ce420880396ed7aa10
+  metadata.gz: b16b3ca3cac3486704fcb1d15120f9e51368f8d0684bee65e53f2e4243bd0fe4dda1bb18e98914ab33d19fa3885ddb185306445e25e5dd99625b9927dd0f1197
+  data.tar.gz: ddb957f7fd595f37f5966f27d4064668695998185fe4d7c5813f2efe3772907a5f0c0acf4011dd64dc4048609e1e7ed1fdcc153e64a6f3df72c3601ccbadb9be

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.36.0 (2021-04-01)
+------------------
+
+* Feature - Added Firewall Manager policy support for AWS Route 53 Resolver DNS Firewall.
+
 1.35.0 (2021-03-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.35.0
+1.36.0

data/lib/aws-sdk-fms.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-fms/customizations'
 # @!group service
 module Aws::FMS
 
-  GEM_VERSION = '1.35.0'
+  GEM_VERSION = '1.36.0'
 
 end

data/lib/aws-sdk-fms/client.rb

@@ -620,7 +620,7 @@ module Aws::FMS
     #   resp.policy_compliance_detail.member_account #=> String
     #   resp.policy_compliance_detail.violators #=> Array
     #   resp.policy_compliance_detail.violators[0].resource_id #=> String
-    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED"
+    #   resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "RESOURCE_MISSING_DNS_FIREWALL"
     #   resp.policy_compliance_detail.violators[0].resource_type #=> String
     #   resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
     #   resp.policy_compliance_detail.expired_at #=> Time
@@ -680,7 +680,7 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
@@ -766,7 +766,7 @@ module Aws::FMS
     # @example Response structure
     #
     #   resp.admin_account_id #=> String
-    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
+    #   resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
     #   resp.data #=> String
     #   resp.next_token #=> String
     #
@@ -934,6 +934,17 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.violation_target_description #=> String
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.conflicting_priority #=> Integer
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.conflicting_policy_id #=> String
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.unavailable_priorities #=> Array
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.unavailable_priorities[0] #=> Integer
+    #   resp.violation_detail.resource_violations[0].dns_duplicate_rule_group_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].dns_duplicate_rule_group_violation.violation_target_description #=> String
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target #=> String
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target_description #=> String
+    #   resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.number_of_rule_groups_already_associated #=> Integer
     #   resp.violation_detail.resource_tags #=> Array
     #   resp.violation_detail.resource_tags[0].key #=> String
     #   resp.violation_detail.resource_tags[0].value #=> String
@@ -1159,7 +1170,7 @@ module Aws::FMS
     #   resp.policy_list[0].policy_id #=> String
     #   resp.policy_list[0].policy_name #=> String
     #   resp.policy_list[0].resource_type #=> String
-    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
+    #   resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
     #   resp.policy_list[0].remediation_enabled #=> Boolean
     #   resp.next_token #=> String
     #
@@ -1422,7 +1433,7 @@ module Aws::FMS
     #       policy_name: "ResourceName", # required
     #       policy_update_token: "PolicyUpdateToken",
     #       security_service_policy_data: { # required
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #       },
     #       resource_type: "ResourceType", # required
@@ -1455,7 +1466,7 @@ module Aws::FMS
     #   resp.policy.policy_id #=> String
     #   resp.policy.policy_name #=> String
     #   resp.policy.policy_update_token #=> String
-    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL"
+    #   resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
     #   resp.policy.security_service_policy_data.managed_service_data #=> String
     #   resp.policy.resource_type #=> String
     #   resp.policy.resource_type_list #=> Array
@@ -1614,7 +1625,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.35.0'
+      context[:gem_version] = '1.36.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-fms/client_api.rb

@@ -25,6 +25,7 @@ module Aws::FMS
     AwsEc2NetworkInterfaceViolation = Shapes::StructureShape.new(name: 'AwsEc2NetworkInterfaceViolation')
     AwsEc2NetworkInterfaceViolations = Shapes::ListShape.new(name: 'AwsEc2NetworkInterfaceViolations')
     AwsVPCSecurityGroupViolation = Shapes::StructureShape.new(name: 'AwsVPCSecurityGroupViolation')
+    BasicInteger = Shapes::IntegerShape.new(name: 'BasicInteger')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CIDR = Shapes::StringShape.new(name: 'CIDR')
     ComplianceViolator = Shapes::StructureShape.new(name: 'ComplianceViolator')
@@ -40,6 +41,11 @@ module Aws::FMS
     DependentServiceName = Shapes::StringShape.new(name: 'DependentServiceName')
     DetailedInfo = Shapes::StringShape.new(name: 'DetailedInfo')
     DisassociateAdminAccountRequest = Shapes::StructureShape.new(name: 'DisassociateAdminAccountRequest')
+    DnsDuplicateRuleGroupViolation = Shapes::StructureShape.new(name: 'DnsDuplicateRuleGroupViolation')
+    DnsRuleGroupLimitExceededViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupLimitExceededViolation')
+    DnsRuleGroupPriorities = Shapes::ListShape.new(name: 'DnsRuleGroupPriorities')
+    DnsRuleGroupPriority = Shapes::IntegerShape.new(name: 'DnsRuleGroupPriority')
+    DnsRuleGroupPriorityConflictViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupPriorityConflictViolation')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     EvaluationResult = Shapes::StructureShape.new(name: 'EvaluationResult')
     EvaluationResults = Shapes::ListShape.new(name: 'EvaluationResults')
@@ -232,6 +238,24 @@ module Aws::FMS
 
     DisassociateAdminAccountRequest.struct_class = Types::DisassociateAdminAccountRequest
 
+    DnsDuplicateRuleGroupViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    DnsDuplicateRuleGroupViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
+    DnsDuplicateRuleGroupViolation.struct_class = Types::DnsDuplicateRuleGroupViolation
+
+    DnsRuleGroupLimitExceededViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    DnsRuleGroupLimitExceededViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
+    DnsRuleGroupLimitExceededViolation.add_member(:number_of_rule_groups_already_associated, Shapes::ShapeRef.new(shape: BasicInteger, location_name: "NumberOfRuleGroupsAlreadyAssociated"))
+    DnsRuleGroupLimitExceededViolation.struct_class = Types::DnsRuleGroupLimitExceededViolation
+
+    DnsRuleGroupPriorities.member = Shapes::ShapeRef.new(shape: DnsRuleGroupPriority)
+
+    DnsRuleGroupPriorityConflictViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:conflicting_priority, Shapes::ShapeRef.new(shape: DnsRuleGroupPriority, location_name: "ConflictingPriority"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:conflicting_policy_id, Shapes::ShapeRef.new(shape: PolicyId, location_name: "ConflictingPolicyId"))
+    DnsRuleGroupPriorityConflictViolation.add_member(:unavailable_priorities, Shapes::ShapeRef.new(shape: DnsRuleGroupPriorities, location_name: "UnavailablePriorities"))
+    DnsRuleGroupPriorityConflictViolation.struct_class = Types::DnsRuleGroupPriorityConflictViolation
+
     EvaluationResult.add_member(:compliance_status, Shapes::ShapeRef.new(shape: PolicyComplianceStatusType, location_name: "ComplianceStatus"))
     EvaluationResult.add_member(:violator_count, Shapes::ShapeRef.new(shape: ResourceCount, location_name: "ViolatorCount"))
     EvaluationResult.add_member(:evaluation_limit_exceeded, Shapes::ShapeRef.new(shape: Boolean, location_name: "EvaluationLimitExceeded"))
@@ -528,6 +552,9 @@ module Aws::FMS
     ResourceViolation.add_member(:network_firewall_missing_subnet_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingSubnetViolation, location_name: "NetworkFirewallMissingSubnetViolation"))
     ResourceViolation.add_member(:network_firewall_missing_expected_rt_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingExpectedRTViolation, location_name: "NetworkFirewallMissingExpectedRTViolation"))
     ResourceViolation.add_member(:network_firewall_policy_modified_violation, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyModifiedViolation, location_name: "NetworkFirewallPolicyModifiedViolation"))
+    ResourceViolation.add_member(:dns_rule_group_priority_conflict_violation, Shapes::ShapeRef.new(shape: DnsRuleGroupPriorityConflictViolation, location_name: "DnsRuleGroupPriorityConflictViolation"))
+    ResourceViolation.add_member(:dns_duplicate_rule_group_violation, Shapes::ShapeRef.new(shape: DnsDuplicateRuleGroupViolation, location_name: "DnsDuplicateRuleGroupViolation"))
+    ResourceViolation.add_member(:dns_rule_group_limit_exceeded_violation, Shapes::ShapeRef.new(shape: DnsRuleGroupLimitExceededViolation, location_name: "DnsRuleGroupLimitExceededViolation"))
     ResourceViolation.struct_class = Types::ResourceViolation
 
     ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)

data/lib/aws-sdk-fms/types.rb

@@ -394,6 +394,96 @@ module Aws::FMS
     #
     class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
 
+    # A DNS Firewall rule group that Firewall Manager tried to associate
+    # with a VPC is already associated with the VPC and can't be associated
+    # again.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the violation that specifies the rule group and
+    #   VPC.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsDuplicateRuleGroupViolation AWS API Documentation
+    #
+    class DnsDuplicateRuleGroupViolation < Struct.new(
+      :violation_target,
+      :violation_target_description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The VPC that Firewall Manager was applying a DNS Fireall policy to
+    # reached the limit for associated DNS Firewall rule groups. Firewall
+    # Manager tried to associate another rule group with the VPC and failed
+    # due to the limit.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the violation that specifies the rule group and
+    #   VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] number_of_rule_groups_already_associated
+    #   The number of rule groups currently associated with the VPC.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupLimitExceededViolation AWS API Documentation
+    #
+    class DnsRuleGroupLimitExceededViolation < Struct.new(
+      :violation_target,
+      :violation_target_description,
+      :number_of_rule_groups_already_associated)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A rule group that Firewall Manager tried to associate with a VPC has
+    # the same priority as a rule group that's already associated.
+    #
+    # @!attribute [rw] violation_target
+    #   The ID of the VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] violation_target_description
+    #   A description of the violation that specifies the VPC and the rule
+    #   group that's already associated with it.
+    #   @return [String]
+    #
+    # @!attribute [rw] conflicting_priority
+    #   The priority setting of the two conflicting rule groups.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] conflicting_policy_id
+    #   The ID of the Firewall Manager DNS Firewall policy that was already
+    #   applied to the VPC. This policy contains the rule group that's
+    #   already associated with the VPC.
+    #   @return [String]
+    #
+    # @!attribute [rw] unavailable_priorities
+    #   The priorities of rule groups that are already associated with the
+    #   VPC. To retry your operation, choose priority settings that aren't
+    #   in this list for the rule groups in your new DNS Firewall policy.
+    #   @return [Array<Integer>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupPriorityConflictViolation AWS API Documentation
+    #
+    class DnsRuleGroupPriorityConflictViolation < Struct.new(
+      :violation_target,
+      :violation_target_description,
+      :conflicting_priority,
+      :conflicting_policy_id,
+      :unavailable_priorities)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the compliance status for the account. An account is
     # considered noncompliant if it includes resources that are not
     # protected by the specified policy or that don't comply with the
@@ -1431,7 +1521,7 @@ module Aws::FMS
     #         policy_name: "ResourceName", # required
     #         policy_update_token: "PolicyUpdateToken",
     #         security_service_policy_data: { # required
-    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
+    #           type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
     #           managed_service_data: "ManagedServiceData",
     #         },
     #         resource_type: "ResourceType", # required
@@ -1951,7 +2041,7 @@ module Aws::FMS
     #           policy_name: "ResourceName", # required
     #           policy_update_token: "PolicyUpdateToken",
     #           security_service_policy_data: { # required
-    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
+    #             type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
     #             managed_service_data: "ManagedServiceData",
     #           },
     #           resource_type: "ResourceType", # required
@@ -2162,6 +2252,25 @@ module Aws::FMS
     #   stateless rule group, or changed a policy default action.
     #   @return [Types::NetworkFirewallPolicyModifiedViolation]
     #
+    # @!attribute [rw] dns_rule_group_priority_conflict_violation
+    #   Violation detail for a DNS Firewall policy that indicates that a
+    #   rule group that Firewall Manager tried to associate with a VPC has
+    #   the same priority as a rule group that's already associated.
+    #   @return [Types::DnsRuleGroupPriorityConflictViolation]
+    #
+    # @!attribute [rw] dns_duplicate_rule_group_violation
+    #   Violation detail for a DNS Firewall policy that indicates that a
+    #   rule group that Firewall Manager tried to associate with a VPC is
+    #   already associated with the VPC and can't be associated again.
+    #   @return [Types::DnsDuplicateRuleGroupViolation]
+    #
+    # @!attribute [rw] dns_rule_group_limit_exceeded_violation
+    #   Violation details for a DNS Firewall policy that indicates that the
+    #   VPC reached the limit for associated DNS Firewall rule groups.
+    #   Firewall Manager tried to associate another rule group with the VPC
+    #   and failed.
+    #   @return [Types::DnsRuleGroupLimitExceededViolation]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
     #
     class ResourceViolation < Struct.new(
@@ -2171,7 +2280,10 @@ module Aws::FMS
       :network_firewall_missing_firewall_violation,
       :network_firewall_missing_subnet_violation,
       :network_firewall_missing_expected_rt_violation,
-      :network_firewall_policy_modified_violation)
+      :network_firewall_policy_modified_violation,
+      :dns_rule_group_priority_conflict_violation,
+      :dns_duplicate_rule_group_violation,
+      :dns_rule_group_limit_exceeded_violation)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2255,7 +2367,7 @@ module Aws::FMS
     #   data as a hash:
     #
     #       {
-    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL
+    #         type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
     #         managed_service_data: "ManagedServiceData",
     #       }
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.35.0
+  version: 1.36.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -66,8 +66,8 @@ homepage: https://github.com/aws/aws-sdk-ruby
 licenses:
 - Apache-2.0
 metadata:
-  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-fms
-  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-fms/CHANGELOG.md
+  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-fms
+  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-fms/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths: