aws-sdk-route53resolver 1.100.0 → 1.101.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: efd6430dbae6c2ba036f0a1bc4338544e840d4fdc2e9659755deca283b2b8cf3
-  data.tar.gz: 3d4649de55d4e6136fa98a7de1a2d6794cb66ff4027537816937dad3b82b3b19
+  metadata.gz: 83def7e84e7a26e21459ab69aa76314865727965f30b8ef4f4833bd2053fd4f8
+  data.tar.gz: 0675b70291c19e819bee1271928582077fab82f5c0c18b9db7ba0791f7033af5
 SHA512:
-  metadata.gz: c035131029f92c2ab3f356e45a6eea11c716c54ce4399e07614bb2b944dd0b67086ecf0ee8b32fbd52712f048023def461e3e9aae40db970eac93c3c5a8d5132
-  data.tar.gz: 5dedd76c17cb7045fe41cbbc1426ae6347a4763d8692faa36738b931dd375fcbeaa33388e541b43ebca3c5a342c7974e2cd708a6d85d6766124bd1ced3f7b800
+  metadata.gz: d1d20a4e0dcb1736051cb5e0dd5e08a234c3ba7a7cb10fd2bca951a5f023c4335b56776b108ff12528e1029893b5d58585bab296715898b88554201bccbc5b34
+  data.tar.gz: 9f2306b56ef6b28d14a8719a6f800865632729359f513a2bab908b7a163a145c414a1649fe8138e2cf8f7a66bbcc2fa0d0f0d5bf4fcbbdcbd5c47533782ca2d0

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.101.0 (2026-06-16)
+------------------
+
+* Feature - Adds supports for PartnerManagedRules
+
 1.100.0 (2026-05-29)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.100.0
+1.101.0

data/lib/aws-sdk-route53resolver/client.rb

@@ -484,6 +484,11 @@ module Aws::Route53Resolver
     # Associates a FirewallRuleGroup with a VPC, to provide DNS filtering
     # for the VPC.
     #
+    # If the rule group contains any rule configured with the
+    # `PartnerThreatProtection` rule type, the calling account must hold an
+    # active AWS Marketplace subscription to the named partner. If the
+    # subscription is missing, the association request is rejected.
+    #
     # @option params [required, String] :creator_request_id
     #   A unique string that identifies the request and that allows failed
     #   requests to be retried without the risk of running the operation
@@ -794,6 +799,9 @@ module Aws::Route53Resolver
     #         dns_threat_protection: "DGA", # accepts DGA, DNS_TUNNELING, DICTIONARY_DGA
     #         confidence_threshold: "LOW", # accepts LOW, MEDIUM, HIGH
     #         firewall_rule_type: {
+    #           partner_threat_protection: {
+    #             partner: "PartnerValue", # required
+    #           },
     #           firewall_advanced_content_category: {
     #             category: "FirewallAdvancedContentCategoryValue", # required
     #           },
@@ -829,10 +837,13 @@ module Aws::Route53Resolver
     #   resp.created_firewall_rules[0].qtype #=> String
     #   resp.created_firewall_rules[0].dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.created_firewall_rules[0].confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.created_firewall_rules[0].firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.created_firewall_rules[0].firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.created_firewall_rules[0].firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.created_firewall_rules[0].firewall_rule_type.dns_threat_protection.value #=> String
     #   resp.created_firewall_rules[0].firewall_rule_type.dns_threat_protection.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.created_firewall_rules[0].status #=> String
+    #   resp.created_firewall_rules[0].status_message #=> String
     #   resp.create_errors #=> Array
     #   resp.create_errors[0].firewall_rule.creator_request_id #=> String
     #   resp.create_errors[0].firewall_rule.firewall_rule_group_id #=> String
@@ -848,6 +859,7 @@ module Aws::Route53Resolver
     #   resp.create_errors[0].firewall_rule.qtype #=> String
     #   resp.create_errors[0].firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.create_errors[0].firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.create_errors[0].firewall_rule.firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.create_errors[0].firewall_rule.firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.create_errors[0].firewall_rule.firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.create_errors[0].firewall_rule.firewall_rule_type.dns_threat_protection.value #=> String
@@ -907,10 +919,13 @@ module Aws::Route53Resolver
     #   resp.deleted_firewall_rules[0].qtype #=> String
     #   resp.deleted_firewall_rules[0].dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.deleted_firewall_rules[0].confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.deleted_firewall_rules[0].firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.deleted_firewall_rules[0].firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.deleted_firewall_rules[0].firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.deleted_firewall_rules[0].firewall_rule_type.dns_threat_protection.value #=> String
     #   resp.deleted_firewall_rules[0].firewall_rule_type.dns_threat_protection.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.deleted_firewall_rules[0].status #=> String
+    #   resp.deleted_firewall_rules[0].status_message #=> String
     #   resp.delete_errors #=> Array
     #   resp.delete_errors[0].firewall_rule.firewall_rule_group_id #=> String
     #   resp.delete_errors[0].firewall_rule.firewall_domain_list_id #=> String
@@ -958,6 +973,9 @@ module Aws::Route53Resolver
     #         dns_threat_protection: "DGA", # accepts DGA, DNS_TUNNELING, DICTIONARY_DGA
     #         confidence_threshold: "LOW", # accepts LOW, MEDIUM, HIGH
     #         firewall_rule_type: {
+    #           partner_threat_protection: {
+    #             partner: "PartnerValue", # required
+    #           },
     #           firewall_advanced_content_category: {
     #             category: "FirewallAdvancedContentCategoryValue", # required
     #           },
@@ -993,10 +1011,13 @@ module Aws::Route53Resolver
     #   resp.updated_firewall_rules[0].qtype #=> String
     #   resp.updated_firewall_rules[0].dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.updated_firewall_rules[0].confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.updated_firewall_rules[0].firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.updated_firewall_rules[0].firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.updated_firewall_rules[0].firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.updated_firewall_rules[0].firewall_rule_type.dns_threat_protection.value #=> String
     #   resp.updated_firewall_rules[0].firewall_rule_type.dns_threat_protection.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.updated_firewall_rules[0].status #=> String
+    #   resp.updated_firewall_rules[0].status_message #=> String
     #   resp.update_errors #=> Array
     #   resp.update_errors[0].firewall_rule.firewall_rule_group_id #=> String
     #   resp.update_errors[0].firewall_rule.firewall_domain_list_id #=> String
@@ -1012,6 +1033,7 @@ module Aws::Route53Resolver
     #   resp.update_errors[0].firewall_rule.qtype #=> String
     #   resp.update_errors[0].firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.update_errors[0].firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.update_errors[0].firewall_rule.firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.update_errors[0].firewall_rule.firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.update_errors[0].firewall_rule.firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.update_errors[0].firewall_rule.firewall_rule_type.dns_threat_protection.value #=> String
@@ -1090,8 +1112,31 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Creates a single DNS Firewall rule in the specified rule group, using
-    # the specified domain list.
+    # Creates a single DNS Firewall rule in the specified rule group. The
+    # rule can use any one of the following match sources, and the chosen
+    # source must be supplied through the matching request field — they are
+    # mutually exclusive:
+    #
+    # * `FirewallDomainListId` — match a customer-managed or AWS-managed
+    #   domain list.
+    #
+    # * `DnsThreatProtection` — match a built-in DNS Firewall Advanced
+    #   threat detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    # * `FirewallRuleType` — match one of the rule-type variants returned by
+    #   ListFirewallRuleTypes: `FirewallAdvancedContentCategory`,
+    #   `FirewallAdvancedThreatCategory`, `DnsThreatProtection`, or
+    #   `PartnerThreatProtection`. The `PartnerThreatProtection` variant
+    #   requires an active AWS Marketplace subscription to the named partner
+    #   product.
+    #
+    # For rules that require asynchronous provisioning (today, the
+    # `PartnerThreatProtection` rule type), the rule's `Status` begins at
+    # `CREATING` and transitions to `COMPLETE` once the rule is provisioned
+    # and the marketplace entitlement is verified. If provisioning fails,
+    # `Status` becomes `CREATION_FAILED` and `StatusMessage` contains a
+    # human-readable reason; the rule is then immutable and must be removed
+    # with DeleteFirewallRule.
     #
     # @option params [required, String] :creator_request_id
     #   A unique string that identifies the request and that allows you to
@@ -1226,7 +1271,22 @@ module Aws::Route53Resolver
     #   [1]: https://en.wikipedia.org/wiki/List_of_DNS_record_types
     #
     # @option params [String] :dns_threat_protection
-    #   Use to create a DNS Firewall Advanced rule.
+    #   The type of the DNS Firewall Advanced rule. This setting is mutually
+    #   exclusive with `FirewallDomainListId` and `FirewallRuleType`. Valid
+    #   values are:
+    #
+    #   * `DGA`: Domain generation algorithms detection. DGAs are used by
+    #     attackers to generate a large number of domains to launch malware
+    #     attacks.
+    #
+    #   * `DNS_TUNNELING`: DNS tunneling detection. DNS tunneling is used by
+    #     attackers to exfiltrate data from the client by using the DNS tunnel
+    #     without making a network connection to the client.
+    #
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
+    #     detection. Dictionary DGAs use wordlists to generate domains that
+    #     appear more legitimate, making them harder to detect than
+    #     traditional DGAs.
     #
     # @option params [String] :confidence_threshold
     #   The confidence threshold for DNS Firewall Advanced. You must provide
@@ -1243,9 +1303,26 @@ module Aws::Route53Resolver
     #     rate of false positives.
     #
     # @option params [Types::FirewallRuleType] :firewall_rule_type
-    #   The rule type configuration for the firewall rule. This setting is
-    #   mutually exclusive with the top-level `FirewallDomainListId` and
-    #   `DnsThreatProtection` fields.
+    #   The rule type configuration for the firewall rule. This is a tagged
+    #   union — set exactly one of its members. This setting is mutually
+    #   exclusive with the top-level `FirewallDomainListId` and
+    #   `DnsThreatProtection` fields. Use one of:
+    #
+    #   * `FirewallAdvancedContentCategory` — match an AWS-managed content
+    #     category (for example, `VIOLENCE_AND_HATE_SPEECH`).
+    #
+    #   * `FirewallAdvancedThreatCategory` — match an AWS-managed advanced
+    #     threat category (for example, `PHISHING`).
+    #
+    #   * `DnsThreatProtection` — match a built-in DNS Firewall Advanced
+    #     threat detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    #   * `PartnerThreatProtection` — match a third-party threat feed
+    #     delivered through AWS Marketplace. The selected partner must be an
+    #     active subscription on the calling account.
+    #
+    #   To enumerate the values supported in your account, call
+    #   ListFirewallRuleTypes.
     #
     # @return [Types::CreateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1269,6 +1346,9 @@ module Aws::Route53Resolver
     #     dns_threat_protection: "DGA", # accepts DGA, DNS_TUNNELING, DICTIONARY_DGA
     #     confidence_threshold: "LOW", # accepts LOW, MEDIUM, HIGH
     #     firewall_rule_type: {
+    #       partner_threat_protection: {
+    #         partner: "PartnerValue", # required
+    #       },
     #       firewall_advanced_content_category: {
     #         category: "FirewallAdvancedContentCategoryValue", # required
     #       },
@@ -1301,10 +1381,13 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.qtype #=> String
     #   resp.firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rule.firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.firewall_rule.firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.firewall_rule.firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.firewall_rule.firewall_rule_type.dns_threat_protection.value #=> String
     #   resp.firewall_rule.firewall_rule_type.dns_threat_protection.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rule.status #=> String
+    #   resp.firewall_rule.status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRule AWS API Documentation
     #
@@ -1953,7 +2036,13 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Deletes the specified firewall rule.
+    # Deletes the specified firewall rule. Identify the rule using either
+    # `FirewallDomainListId` (for domain-list and DNS Firewall Advanced
+    # rules) or `FirewallThreatProtectionId` (for partner-managed and DNS
+    # Firewall Advanced rules) — together with `FirewallRuleGroupId`.
+    #
+    # `DeleteFirewallRule` is the only operation that succeeds against a
+    # rule whose `Status` is `CREATION_FAILED`.
     #
     # @option params [required, String] :firewall_rule_group_id
     #   The unique identifier of the firewall rule group that you want to
@@ -2038,10 +2127,13 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.qtype #=> String
     #   resp.firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rule.firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.firewall_rule.firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.firewall_rule.firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.firewall_rule.firewall_rule_type.dns_threat_protection.value #=> String
     #   resp.firewall_rule.firewall_rule_type.dns_threat_protection.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rule.status #=> String
+    #   resp.firewall_rule.status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRule AWS API Documentation
     #
@@ -3457,12 +3549,28 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Retrieves the available rule types that can be used in DNS Firewall
-    # rules.
+    # Retrieves the rule-type variants that can be used in the
+    # `FirewallRuleType` field of CreateFirewallRule and UpdateFirewallRule.
+    # Each returned FirewallRuleTypeDefinition identifies one variant +
+    # value combination — for example, `FirewallAdvancedContentCategory` +
+    # `VIOLENCE_AND_HATE_SPEECH`, or `PartnerThreatProtection` + a
+    # partner-managed feed.
+    #
+    # The supported `RuleType` filter values are
+    # `FirewallAdvancedContentCategory`, `FirewallAdvancedThreatCategory`,
+    # `DnsThreatProtection`, and `PartnerThreatProtection`. When a returned
+    # definition's variant requires an external subscription (currently
+    # only `PartnerThreatProtection`), the response also includes a
+    # SubscriptionInfo identifying the AWS Marketplace product that backs
+    # it; absence of `SubscriptionInfo` means the variant is fully managed
+    # by AWS and requires no separate subscription.
     #
     # @option params [String] :rule_type
-    #   The rule type to filter by. If specified, only rule types matching
-    #   this value are returned.
+    #   An optional filter that restricts the response to a single
+    #   FirewallRuleType variant. Supported values:
+    #   `FirewallAdvancedContentCategory`, `FirewallAdvancedThreatCategory`,
+    #   `DnsThreatProtection`, and `PartnerThreatProtection`. If omitted,
+    #   definitions across all variants are returned.
     #
     # @option params [Integer] :max_results
     #   The maximum number of objects that you want Resolver to return for
@@ -3500,6 +3608,8 @@ module Aws::Route53Resolver
     #   resp.firewall_rule_types[0].value #=> String
     #   resp.firewall_rule_types[0].display_name #=> String
     #   resp.firewall_rule_types[0].description #=> String
+    #   resp.firewall_rule_types[0].subscription_info.vendor_name #=> String
+    #   resp.firewall_rule_types[0].subscription_info.product_id #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRuleTypes AWS API Documentation
@@ -3518,6 +3628,10 @@ module Aws::Route53Resolver
     # A single call might return only a partial list of the rules. For
     # information, see `MaxResults`.
     #
+    # For rules that require asynchronous provisioning, the response
+    # includes `Status` (see FirewallRuleStatus) and, on failure,
+    # `StatusMessage` with the reason.
+    #
     # @option params [required, String] :firewall_rule_group_id
     #   The unique identifier of the firewall rule group that you want to
     #   retrieve the rules for.
@@ -3602,10 +3716,13 @@ module Aws::Route53Resolver
     #   resp.firewall_rules[0].qtype #=> String
     #   resp.firewall_rules[0].dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.firewall_rules[0].confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rules[0].firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.firewall_rules[0].firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.firewall_rules[0].firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.firewall_rules[0].firewall_rule_type.dns_threat_protection.value #=> String
     #   resp.firewall_rules[0].firewall_rule_type.dns_threat_protection.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rules[0].status #=> String
+    #   resp.firewall_rules[0].status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRules AWS API Documentation
     #
@@ -3830,7 +3947,7 @@ module Aws::Route53Resolver
     #   resp.ip_addresses[0].subnet_id #=> String
     #   resp.ip_addresses[0].ip #=> String
     #   resp.ip_addresses[0].ipv_6 #=> String
-    #   resp.ip_addresses[0].status #=> String, one of "CREATING", "FAILED_CREATION", "ATTACHING", "ATTACHED", "REMAP_DETACHING", "REMAP_ATTACHING", "DETACHING", "FAILED_RESOURCE_GONE", "DELETING", "DELETE_FAILED_FAS_EXPIRED", "UPDATING", "UPDATE_FAILED", "ISOLATED"
+    #   resp.ip_addresses[0].status #=> String, one of "CREATING", "FAILED_CREATION", "FAILED_CREATION_INSUFFICIENT_EC2_CAPACITY_IN_OUTPOST", "ATTACHING", "ATTACHED", "REMAP_DETACHING", "REMAP_ATTACHING", "DETACHING", "FAILED_RESOURCE_GONE", "DELETING", "DELETE_FAILED_FAS_EXPIRED", "UPDATING", "UPDATE_FAILED", "ISOLATED"
     #   resp.ip_addresses[0].status_message #=> String
     #   resp.ip_addresses[0].creation_time #=> String
     #   resp.ip_addresses[0].modification_time #=> String
@@ -4775,7 +4892,11 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Updates the specified firewall rule.
+    # Updates the specified firewall rule. The rule's `FirewallRuleType`,
+    # `FirewallDomainListId`, and top-level `DnsThreatProtection` match
+    # source cannot be changed after creation. Rules whose `Status` is
+    # `CREATING` or `CREATION_FAILED` cannot be updated; remove a failed
+    # rule with DeleteFirewallRule.
     #
     # @option params [required, String] :firewall_rule_group_id
     #   The unique identifier of the firewall rule group for the rule.
@@ -4900,16 +5021,23 @@ module Aws::Route53Resolver
     #   [1]: https://en.wikipedia.org/wiki/List_of_DNS_record_types
     #
     # @option params [String] :dns_threat_protection
-    #   The type of the DNS Firewall Advanced rule. Valid values are:
+    #   The type of the DNS Firewall Advanced rule. This setting is mutually
+    #   exclusive with `FirewallDomainListId` and `FirewallRuleType`. Valid
+    #   values are:
     #
     #   * `DGA`: Domain generation algorithms detection. DGAs are used by
-    #     attackers to generate a large number of domains to to launch malware
+    #     attackers to generate a large number of domains to launch malware
     #     attacks.
     #
     #   * `DNS_TUNNELING`: DNS tunneling detection. DNS tunneling is used by
     #     attackers to exfiltrate data from the client by using the DNS tunnel
     #     without making a network connection to the client.
     #
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
+    #     detection. Dictionary DGAs use wordlists to generate domains that
+    #     appear more legitimate, making them harder to detect than
+    #     traditional DGAs.
+    #
     # @option params [String] :confidence_threshold
     #   The confidence threshold for DNS Firewall Advanced. You must provide
     #   this value when you create a DNS Firewall Advanced rule. The
@@ -4925,9 +5053,26 @@ module Aws::Route53Resolver
     #     rate of false positives.
     #
     # @option params [Types::FirewallRuleType] :firewall_rule_type
-    #   The rule type configuration for the firewall rule. This setting is
-    #   mutually exclusive with the top-level `FirewallDomainListId` and
-    #   `DnsThreatProtection` fields.
+    #   The rule type configuration for the firewall rule. This is a tagged
+    #   union — set exactly one of its members. This setting is mutually
+    #   exclusive with the top-level `FirewallDomainListId` and
+    #   `DnsThreatProtection` fields. Use one of:
+    #
+    #   * `FirewallAdvancedContentCategory` — match an AWS-managed content
+    #     category (for example, `VIOLENCE_AND_HATE_SPEECH`).
+    #
+    #   * `FirewallAdvancedThreatCategory` — match an AWS-managed advanced
+    #     threat category (for example, `PHISHING`).
+    #
+    #   * `DnsThreatProtection` — match a built-in DNS Firewall Advanced
+    #     threat detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    #   * `PartnerThreatProtection` — match a third-party threat feed
+    #     delivered through AWS Marketplace. The selected partner must be an
+    #     active subscription on the calling account.
+    #
+    #   To enumerate the values supported in your account, call
+    #   ListFirewallRuleTypes.
     #
     # @return [Types::UpdateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -4951,6 +5096,9 @@ module Aws::Route53Resolver
     #     dns_threat_protection: "DGA", # accepts DGA, DNS_TUNNELING, DICTIONARY_DGA
     #     confidence_threshold: "LOW", # accepts LOW, MEDIUM, HIGH
     #     firewall_rule_type: {
+    #       partner_threat_protection: {
+    #         partner: "PartnerValue", # required
+    #       },
     #       firewall_advanced_content_category: {
     #         category: "FirewallAdvancedContentCategoryValue", # required
     #       },
@@ -4983,10 +5131,13 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.qtype #=> String
     #   resp.firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING", "DICTIONARY_DGA"
     #   resp.firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rule.firewall_rule_type.partner_threat_protection.partner #=> String
     #   resp.firewall_rule.firewall_rule_type.firewall_advanced_content_category.category #=> String
     #   resp.firewall_rule.firewall_rule_type.firewall_advanced_threat_category.category #=> String
     #   resp.firewall_rule.firewall_rule_type.dns_threat_protection.value #=> String
     #   resp.firewall_rule.firewall_rule_type.dns_threat_protection.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.firewall_rule.status #=> String
+    #   resp.firewall_rule.status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRule AWS API Documentation
     #
@@ -5467,7 +5618,7 @@ module Aws::Route53Resolver
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-route53resolver'
-      context[:gem_version] = '1.100.0'
+      context[:gem_version] = '1.101.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-route53resolver/client_api.rb

@@ -130,6 +130,8 @@ module Aws::Route53Resolver
     FirewallRuleGroupMetadataList = Shapes::ListShape.new(name: 'FirewallRuleGroupMetadataList')
     FirewallRuleGroupPolicy = Shapes::StringShape.new(name: 'FirewallRuleGroupPolicy')
     FirewallRuleGroupStatus = Shapes::StringShape.new(name: 'FirewallRuleGroupStatus')
+    FirewallRuleStatus = Shapes::StringShape.new(name: 'FirewallRuleStatus')
+    FirewallRuleStatusMessage = Shapes::StringShape.new(name: 'FirewallRuleStatusMessage')
     FirewallRuleType = Shapes::StructureShape.new(name: 'FirewallRuleType')
     FirewallRuleTypeDefinition = Shapes::StructureShape.new(name: 'FirewallRuleTypeDefinition')
     FirewallRuleTypeDefinitions = Shapes::ListShape.new(name: 'FirewallRuleTypeDefinitions')
@@ -232,8 +234,11 @@ module Aws::Route53Resolver
     OutpostResolverName = Shapes::StringShape.new(name: 'OutpostResolverName')
     OutpostResolverStatus = Shapes::StringShape.new(name: 'OutpostResolverStatus')
     OutpostResolverStatusMessage = Shapes::StringShape.new(name: 'OutpostResolverStatusMessage')
+    PartnerThreatProtectionConfig = Shapes::StructureShape.new(name: 'PartnerThreatProtectionConfig')
+    PartnerValue = Shapes::StringShape.new(name: 'PartnerValue')
     Port = Shapes::IntegerShape.new(name: 'Port')
     Priority = Shapes::IntegerShape.new(name: 'Priority')
+    ProductId = Shapes::StringShape.new(name: 'ProductId')
     Protocol = Shapes::StringShape.new(name: 'Protocol')
     ProtocolList = Shapes::ListShape.new(name: 'ProtocolList')
     PutFirewallRuleGroupPolicyRequest = Shapes::StructureShape.new(name: 'PutFirewallRuleGroupPolicyRequest')
@@ -293,6 +298,7 @@ module Aws::Route53Resolver
     StatusMessage = Shapes::StringShape.new(name: 'StatusMessage')
     String = Shapes::StringShape.new(name: 'String')
     SubnetId = Shapes::StringShape.new(name: 'SubnetId')
+    SubscriptionInfo = Shapes::StructureShape.new(name: 'SubscriptionInfo')
     Tag = Shapes::StructureShape.new(name: 'Tag')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
     TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
@@ -332,6 +338,7 @@ module Aws::Route53Resolver
     UpdateResolverRuleResponse = Shapes::StructureShape.new(name: 'UpdateResolverRuleResponse')
     Validation = Shapes::StringShape.new(name: 'Validation')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
+    VendorName = Shapes::StringShape.new(name: 'VendorName')
 
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "Message"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
@@ -673,6 +680,8 @@ module Aws::Route53Resolver
     FirewallRule.add_member(:dns_threat_protection, Shapes::ShapeRef.new(shape: DnsThreatProtection, location_name: "DnsThreatProtection"))
     FirewallRule.add_member(:confidence_threshold, Shapes::ShapeRef.new(shape: ConfidenceThreshold, location_name: "ConfidenceThreshold"))
     FirewallRule.add_member(:firewall_rule_type, Shapes::ShapeRef.new(shape: FirewallRuleType, location_name: "FirewallRuleType"))
+    FirewallRule.add_member(:status, Shapes::ShapeRef.new(shape: FirewallRuleStatus, location_name: "Status"))
+    FirewallRule.add_member(:status_message, Shapes::ShapeRef.new(shape: FirewallRuleStatusMessage, location_name: "StatusMessage"))
     FirewallRule.struct_class = Types::FirewallRule
 
     FirewallRuleGroup.add_member(:id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "Id"))
@@ -715,6 +724,7 @@ module Aws::Route53Resolver
 
     FirewallRuleGroupMetadataList.member = Shapes::ShapeRef.new(shape: FirewallRuleGroupMetadata)
 
+    FirewallRuleType.add_member(:partner_threat_protection, Shapes::ShapeRef.new(shape: PartnerThreatProtectionConfig, location_name: "PartnerThreatProtection", metadata: {"box" => true}))
     FirewallRuleType.add_member(:firewall_advanced_content_category, Shapes::ShapeRef.new(shape: FirewallAdvancedContentCategoryConfig, location_name: "FirewallAdvancedContentCategory", metadata: {"box" => true}))
     FirewallRuleType.add_member(:firewall_advanced_threat_category, Shapes::ShapeRef.new(shape: FirewallAdvancedThreatCategoryConfig, location_name: "FirewallAdvancedThreatCategory", metadata: {"box" => true}))
     FirewallRuleType.add_member(:dns_threat_protection, Shapes::ShapeRef.new(shape: DnsThreatProtectionRuleTypeConfig, location_name: "DnsThreatProtection", metadata: {"box" => true}))
@@ -724,6 +734,7 @@ module Aws::Route53Resolver
     FirewallRuleTypeDefinition.add_member(:value, Shapes::ShapeRef.new(shape: RuleTypeValue, location_name: "Value"))
     FirewallRuleTypeDefinition.add_member(:display_name, Shapes::ShapeRef.new(shape: DisplayName, location_name: "DisplayName"))
     FirewallRuleTypeDefinition.add_member(:description, Shapes::ShapeRef.new(shape: RuleTypeDescription, location_name: "Description"))
+    FirewallRuleTypeDefinition.add_member(:subscription_info, Shapes::ShapeRef.new(shape: SubscriptionInfo, location_name: "SubscriptionInfo", metadata: {"box" => true}))
     FirewallRuleTypeDefinition.struct_class = Types::FirewallRuleTypeDefinition
 
     FirewallRuleTypeDefinitions.member = Shapes::ShapeRef.new(shape: FirewallRuleTypeDefinition)
@@ -1060,6 +1071,9 @@ module Aws::Route53Resolver
 
     OutpostResolverList.member = Shapes::ShapeRef.new(shape: OutpostResolver)
 
+    PartnerThreatProtectionConfig.add_member(:partner, Shapes::ShapeRef.new(shape: PartnerValue, required: true, location_name: "Partner"))
+    PartnerThreatProtectionConfig.struct_class = Types::PartnerThreatProtectionConfig
+
     ProtocolList.member = Shapes::ShapeRef.new(shape: Protocol)
 
     PutFirewallRuleGroupPolicyRequest.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
@@ -1203,6 +1217,10 @@ module Aws::Route53Resolver
     ServiceQuotaExceededException.add_member(:message, Shapes::ShapeRef.new(shape: ExceptionMessage, location_name: "Message"))
     ServiceQuotaExceededException.struct_class = Types::ServiceQuotaExceededException
 
+    SubscriptionInfo.add_member(:vendor_name, Shapes::ShapeRef.new(shape: VendorName, location_name: "VendorName"))
+    SubscriptionInfo.add_member(:product_id, Shapes::ShapeRef.new(shape: ProductId, location_name: "ProductId"))
+    SubscriptionInfo.struct_class = Types::SubscriptionInfo
+
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKey, required: true, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValue, required: true, location_name: "Value"))
     Tag.struct_class = Types::Tag

data/lib/aws-sdk-route53resolver/types.rb

@@ -587,7 +587,7 @@ module Aws::Route53Resolver
     #     attackers to exfiltrate data from the client by using the DNS
     #     tunnel without making a network connection to the client.
     #
-    #   * `DICT_DGA`: Dictionary-based domain generation algorithms
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
     #     detection. Dictionary DGAs use wordlists to generate domains that
     #     appear more legitimate, making them harder to detect than
     #     traditional DGAs.
@@ -609,9 +609,26 @@ module Aws::Route53Resolver
     #   @return [String]
     #
     # @!attribute [rw] firewall_rule_type
-    #   The rule type configuration for the firewall rule. This setting is
-    #   mutually exclusive with the top-level `FirewallDomainListId` and
-    #   `DnsThreatProtection` fields.
+    #   The rule type configuration for the firewall rule. This is a tagged
+    #   union — set exactly one of its members. This setting is mutually
+    #   exclusive with the top-level `FirewallDomainListId` and
+    #   `DnsThreatProtection` fields. Use one of:
+    #
+    #   * `FirewallAdvancedContentCategory` — match an AWS-managed content
+    #     category (for example, `VIOLENCE_AND_HATE_SPEECH`).
+    #
+    #   * `FirewallAdvancedThreatCategory` — match an AWS-managed advanced
+    #     threat category (for example, `PHISHING`).
+    #
+    #   * `DnsThreatProtection` — match a built-in DNS Firewall Advanced
+    #     threat detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    #   * `PartnerThreatProtection` — match a third-party threat feed
+    #     delivered through AWS Marketplace. The selected partner must be an
+    #     active subscription on the calling account.
+    #
+    #   To enumerate the values supported in your account, call
+    #   ListFirewallRuleTypes.
     #   @return [Types::FirewallRuleType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRuleEntry AWS API Documentation
@@ -827,7 +844,22 @@ module Aws::Route53Resolver
     #   @return [String]
     #
     # @!attribute [rw] dns_threat_protection
-    #   Use to create a DNS Firewall Advanced rule.
+    #   The type of the DNS Firewall Advanced rule. This setting is mutually
+    #   exclusive with `FirewallDomainListId` and `FirewallRuleType`. Valid
+    #   values are:
+    #
+    #   * `DGA`: Domain generation algorithms detection. DGAs are used by
+    #     attackers to generate a large number of domains to launch malware
+    #     attacks.
+    #
+    #   * `DNS_TUNNELING`: DNS tunneling detection. DNS tunneling is used by
+    #     attackers to exfiltrate data from the client by using the DNS
+    #     tunnel without making a network connection to the client.
+    #
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
+    #     detection. Dictionary DGAs use wordlists to generate domains that
+    #     appear more legitimate, making them harder to detect than
+    #     traditional DGAs.
     #   @return [String]
     #
     # @!attribute [rw] confidence_threshold
@@ -846,9 +878,26 @@ module Aws::Route53Resolver
     #   @return [String]
     #
     # @!attribute [rw] firewall_rule_type
-    #   The rule type configuration for the firewall rule. This setting is
-    #   mutually exclusive with the top-level `FirewallDomainListId` and
-    #   `DnsThreatProtection` fields.
+    #   The rule type configuration for the firewall rule. This is a tagged
+    #   union — set exactly one of its members. This setting is mutually
+    #   exclusive with the top-level `FirewallDomainListId` and
+    #   `DnsThreatProtection` fields. Use one of:
+    #
+    #   * `FirewallAdvancedContentCategory` — match an AWS-managed content
+    #     category (for example, `VIOLENCE_AND_HATE_SPEECH`).
+    #
+    #   * `FirewallAdvancedThreatCategory` — match an AWS-managed advanced
+    #     threat category (for example, `PHISHING`).
+    #
+    #   * `DnsThreatProtection` — match a built-in DNS Firewall Advanced
+    #     threat detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    #   * `PartnerThreatProtection` — match a third-party threat feed
+    #     delivered through AWS Marketplace. The selected partner must be an
+    #     active subscription on the calling account.
+    #
+    #   To enumerate the values supported in your account, call
+    #   ListFirewallRuleTypes.
     #   @return [Types::FirewallRuleType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRuleRequest AWS API Documentation
@@ -1713,7 +1762,7 @@ module Aws::Route53Resolver
     #     attackers to exfiltrate data from the client by using the DNS
     #     tunnel without making a network connection to the client.
     #
-    #   * `DICT_DGA`: Dictionary-based domain generation algorithms
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
     #     detection. Dictionary DGAs use wordlists to generate domains that
     #     appear more legitimate, making them harder to detect than
     #     traditional DGAs.
@@ -2327,12 +2376,17 @@ module Aws::Route53Resolver
     #   The type of the DNS Firewall Advanced rule. Valid values are:
     #
     #   * `DGA`: Domain generation algorithms detection. DGAs are used by
-    #     attackers to generate a large number of domains to to launch
-    #     malware attacks.
+    #     attackers to generate a large number of domains to launch malware
+    #     attacks.
     #
     #   * `DNS_TUNNELING`: DNS tunneling detection. DNS tunneling is used by
     #     attackers to exfiltrate data from the client by using the DNS
     #     tunnel without making a network connection to the client.
+    #
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
+    #     detection. Dictionary DGAs use wordlists to generate domains that
+    #     appear more legitimate, making them harder to detect than
+    #     traditional DGAs.
     #   @return [String]
     #
     # @!attribute [rw] confidence_threshold
@@ -2351,10 +2405,51 @@ module Aws::Route53Resolver
     #   @return [String]
     #
     # @!attribute [rw] firewall_rule_type
-    #   The rule type configuration for the firewall rule. Exactly one
-    #   member of this union should be set.
+    #   The rule type configuration for the firewall rule. This is a tagged
+    #   union — exactly one of its members will be populated. Possible
+    #   members are:
+    #
+    #   * `FirewallAdvancedContentCategory` — an AWS-managed content
+    #     category (for example, `VIOLENCE_AND_HATE_SPEECH`).
+    #
+    #   * `FirewallAdvancedThreatCategory` — an AWS-managed advanced threat
+    #     category (for example, `PHISHING`).
+    #
+    #   * `DnsThreatProtection` — a built-in DNS Firewall Advanced threat
+    #     detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    #   * `PartnerThreatProtection` — a third-party threat feed delivered
+    #     through AWS Marketplace.
+    #
+    #   To enumerate the values supported in your account, call
+    #   ListFirewallRuleTypes.
     #   @return [Types::FirewallRuleType]
     #
+    # @!attribute [rw] status
+    #   The lifecycle state of the firewall rule. Possible values:
+    #
+    #   * `CREATING` — DNS Firewall is provisioning the rule. Rules created
+    #     with the `PartnerThreatProtection` rule type begin in this state
+    #     while DNS Firewall verifies the calling account's AWS Marketplace
+    #     entitlement.
+    #
+    #   * `COMPLETE` — The rule is provisioned and enforcing matches.
+    #
+    #   * `CREATION_FAILED` — Provisioning failed. `StatusMessage` contains
+    #     a human-readable reason. A rule in this state is immutable:
+    #     UpdateFirewallRule rejects the request, and the rule must be
+    #     removed with DeleteFirewallRule.
+    #
+    #   For rules that do not require asynchronous provisioning, this field
+    #   may be absent.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   An additional message about the rule's lifecycle state. Populated
+    #   when `Status` is `CREATION_FAILED` to describe why provisioning
+    #   failed.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/FirewallRule AWS API Documentation
     #
     class FirewallRule < Struct.new(
@@ -2375,7 +2470,9 @@ module Aws::Route53Resolver
       :qtype,
       :dns_threat_protection,
       :confidence_threshold,
-      :firewall_rule_type)
+      :firewall_rule_type,
+      :status,
+      :status_message)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2599,25 +2696,47 @@ module Aws::Route53Resolver
       include Aws::Structure
     end
 
-    # The configuration for a rule type in a DNS Firewall rule. This is a
-    # union type — exactly one member should be set.
+    # The rule-type configuration for a DNS Firewall rule.
+    # `FirewallRuleType` is a tagged union — exactly one member must be set
+    # per rule, and the member determines what the rule matches against.
+    # This shape is mutually exclusive with the top-level
+    # `FirewallDomainListId` and `DnsThreatProtection` fields on
+    # CreateFirewallRule and UpdateFirewallRule.
+    #
+    # Call ListFirewallRuleTypes to discover which rule-type variants and
+    # which values within each variant are available in your account and
+    # Region.
+    #
+    # @!attribute [rw] partner_threat_protection
+    #   Configures the rule to match a third-party threat feed delivered
+    #   through AWS Marketplace. The calling account must hold an active
+    #   subscription to the partner product named in `Partner`; if the
+    #   subscription is missing or revoked, the rule is created with
+    #   `Status` `CREATION_FAILED` and cannot be modified — only deleted.
+    #   See PartnerThreatProtectionConfig.
+    #   @return [Types::PartnerThreatProtectionConfig]
     #
     # @!attribute [rw] firewall_advanced_content_category
-    #   The configuration for a content category-based filtering rule.
+    #   Configures the rule to match an AWS-managed content category (for
+    #   example, `VIOLENCE_AND_HATE_SPEECH`). See
+    #   FirewallAdvancedContentCategoryConfig.
     #   @return [Types::FirewallAdvancedContentCategoryConfig]
     #
     # @!attribute [rw] firewall_advanced_threat_category
-    #   The configuration for a threat category-based filtering rule.
+    #   Configures the rule to match an AWS-managed advanced threat category
+    #   (for example, `PHISHING`). See FirewallAdvancedThreatCategoryConfig.
     #   @return [Types::FirewallAdvancedThreatCategoryConfig]
     #
     # @!attribute [rw] dns_threat_protection
-    #   The configuration for a DNS threat protection rule type, such as DGA
-    #   or DNS tunneling detection.
+    #   Configures the rule to match a built-in DNS Firewall Advanced threat
+    #   detector — `DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`. See
+    #   DnsThreatProtectionRuleTypeConfig.
     #   @return [Types::DnsThreatProtectionRuleTypeConfig]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/FirewallRuleType AWS API Documentation
     #
     class FirewallRuleType < Struct.new(
+      :partner_threat_protection,
       :firewall_advanced_content_category,
       :firewall_advanced_threat_category,
       :dns_threat_protection)
@@ -2647,13 +2766,22 @@ module Aws::Route53Resolver
     #   A description of the rule type.
     #   @return [String]
     #
+    # @!attribute [rw] subscription_info
+    #   For rule types that require an external subscription (today, only
+    #   the `PartnerThreatProtection` variant), describes the AWS
+    #   Marketplace product that backs the rule type. Absent for rule types
+    #   that are managed by AWS and do not require a separate subscription.
+    #   See SubscriptionInfo.
+    #   @return [Types::SubscriptionInfo]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/FirewallRuleTypeDefinition AWS API Documentation
     #
     class FirewallRuleTypeDefinition < Struct.new(
       :rule_type,
       :value,
       :display_name,
-      :description)
+      :description,
+      :subscription_info)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3625,8 +3753,11 @@ module Aws::Route53Resolver
     end
 
     # @!attribute [rw] rule_type
-    #   The rule type to filter by. If specified, only rule types matching
-    #   this value are returned.
+    #   An optional filter that restricts the response to a single
+    #   FirewallRuleType variant. Supported values:
+    #   `FirewallAdvancedContentCategory`, `FirewallAdvancedThreatCategory`,
+    #   `DnsThreatProtection`, and `PartnerThreatProtection`. If omitted,
+    #   definitions across all variants are returned.
     #   @return [String]
     #
     # @!attribute [rw] max_results
@@ -4601,6 +4732,27 @@ module Aws::Route53Resolver
       include Aws::Structure
     end
 
+    # The configuration for a partner threat-protection rule. To enumerate
+    # the partners available in your account, call ListFirewallRuleTypes
+    # with `RuleType` set to `PartnerThreatProtection` — each returned
+    # FirewallRuleTypeDefinition includes a SubscriptionInfo identifying the
+    # AWS Marketplace product that backs it.
+    #
+    # @!attribute [rw] partner
+    #   The identifier of the partner threat-protection product, exactly as
+    #   returned in the `Value` field of a FirewallRuleTypeDefinition with
+    #   `RuleType` set to `PartnerThreatProtection`. The calling account
+    #   must hold an active AWS Marketplace subscription to this product.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/PartnerThreatProtectionConfig AWS API Documentation
+    #
+    class PartnerThreatProtectionConfig < Struct.new(
+      :partner)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] arn
     #   The ARN (Amazon Resource Name) for the rule group that you want to
     #   share.
@@ -5544,6 +5696,32 @@ module Aws::Route53Resolver
       include Aws::Structure
     end
 
+    # Identifies the AWS Marketplace product that backs a partner-managed
+    # rule type. Returned as part of FirewallRuleTypeDefinition when the
+    # rule type variant requires an active customer subscription to the
+    # named product.
+    #
+    # @!attribute [rw] vendor_name
+    #   The name of the AWS Marketplace seller (vendor) that publishes the
+    #   partner threat-protection product (for example, `Palo Alto
+    #   Networks`).
+    #   @return [String]
+    #
+    # @!attribute [rw] product_id
+    #   The AWS Marketplace product identifier of the partner
+    #   threat-protection product. Use this value to verify or manage the
+    #   calling account's subscription in AWS Marketplace.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/SubscriptionInfo AWS API Documentation
+    #
+    class SubscriptionInfo < Struct.new(
+      :vendor_name,
+      :product_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # One tag that you want to add to the specified resource. A tag consists
     # of a `Key` (a name for the tag) and a `Value`.
     #
@@ -5984,7 +6162,7 @@ module Aws::Route53Resolver
     #     attackers to exfiltrate data from the client by using the DNS
     #     tunnel without making a network connection to the client.
     #
-    #   * `DICT_DGA`: Dictionary-based domain generation algorithms
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
     #     detection. Dictionary DGAs use wordlists to generate domains that
     #     appear more legitimate, making them harder to detect than
     #     traditional DGAs.
@@ -6006,9 +6184,26 @@ module Aws::Route53Resolver
     #   @return [String]
     #
     # @!attribute [rw] firewall_rule_type
-    #   The rule type configuration for the firewall rule. This setting is
-    #   mutually exclusive with the top-level `FirewallDomainListId` and
-    #   `DnsThreatProtection` fields.
+    #   The rule type configuration for the firewall rule. This is a tagged
+    #   union — set exactly one of its members. This setting is mutually
+    #   exclusive with the top-level `FirewallDomainListId` and
+    #   `DnsThreatProtection` fields. Use one of:
+    #
+    #   * `FirewallAdvancedContentCategory` — match an AWS-managed content
+    #     category (for example, `VIOLENCE_AND_HATE_SPEECH`).
+    #
+    #   * `FirewallAdvancedThreatCategory` — match an AWS-managed advanced
+    #     threat category (for example, `PHISHING`).
+    #
+    #   * `DnsThreatProtection` — match a built-in DNS Firewall Advanced
+    #     threat detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    #   * `PartnerThreatProtection` — match a third-party threat feed
+    #     delivered through AWS Marketplace. The selected partner must be an
+    #     active subscription on the calling account.
+    #
+    #   To enumerate the values supported in your account, call
+    #   ListFirewallRuleTypes.
     #   @return [Types::FirewallRuleType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRuleEntry AWS API Documentation
@@ -6220,15 +6415,22 @@ module Aws::Route53Resolver
     #   @return [String]
     #
     # @!attribute [rw] dns_threat_protection
-    #   The type of the DNS Firewall Advanced rule. Valid values are:
+    #   The type of the DNS Firewall Advanced rule. This setting is mutually
+    #   exclusive with `FirewallDomainListId` and `FirewallRuleType`. Valid
+    #   values are:
     #
     #   * `DGA`: Domain generation algorithms detection. DGAs are used by
-    #     attackers to generate a large number of domains to to launch
-    #     malware attacks.
+    #     attackers to generate a large number of domains to launch malware
+    #     attacks.
     #
     #   * `DNS_TUNNELING`: DNS tunneling detection. DNS tunneling is used by
     #     attackers to exfiltrate data from the client by using the DNS
     #     tunnel without making a network connection to the client.
+    #
+    #   * `DICTIONARY_DGA`: Dictionary-based domain generation algorithms
+    #     detection. Dictionary DGAs use wordlists to generate domains that
+    #     appear more legitimate, making them harder to detect than
+    #     traditional DGAs.
     #   @return [String]
     #
     # @!attribute [rw] confidence_threshold
@@ -6247,9 +6449,26 @@ module Aws::Route53Resolver
     #   @return [String]
     #
     # @!attribute [rw] firewall_rule_type
-    #   The rule type configuration for the firewall rule. This setting is
-    #   mutually exclusive with the top-level `FirewallDomainListId` and
-    #   `DnsThreatProtection` fields.
+    #   The rule type configuration for the firewall rule. This is a tagged
+    #   union — set exactly one of its members. This setting is mutually
+    #   exclusive with the top-level `FirewallDomainListId` and
+    #   `DnsThreatProtection` fields. Use one of:
+    #
+    #   * `FirewallAdvancedContentCategory` — match an AWS-managed content
+    #     category (for example, `VIOLENCE_AND_HATE_SPEECH`).
+    #
+    #   * `FirewallAdvancedThreatCategory` — match an AWS-managed advanced
+    #     threat category (for example, `PHISHING`).
+    #
+    #   * `DnsThreatProtection` — match a built-in DNS Firewall Advanced
+    #     threat detector (`DGA`, `DNS_TUNNELING`, or `DICTIONARY_DGA`).
+    #
+    #   * `PartnerThreatProtection` — match a third-party threat feed
+    #     delivered through AWS Marketplace. The selected partner must be an
+    #     active subscription on the calling account.
+    #
+    #   To enumerate the values supported in your account, call
+    #   ListFirewallRuleTypes.
     #   @return [Types::FirewallRuleType]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRuleRequest AWS API Documentation

data/lib/aws-sdk-route53resolver.rb

@@ -54,7 +54,7 @@ module Aws::Route53Resolver
   autoload :EndpointProvider, 'aws-sdk-route53resolver/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-route53resolver/endpoints'
 
-  GEM_VERSION = '1.100.0'
+  GEM_VERSION = '1.101.0'
 
 end
 

data/sig/params.rbs

@@ -9,6 +9,9 @@ module Aws
   module Route53Resolver
     module Params
       type firewall_rule_type = {
+      partner_threat_protection: {
+        partner: ::String
+      }?,
       firewall_advanced_content_category: {
         category: ::String
       }?,

data/sig/types.rbs

@@ -457,6 +457,8 @@ module Aws::Route53Resolver
       attr_accessor dns_threat_protection: ("DGA" | "DNS_TUNNELING" | "DICTIONARY_DGA")
       attr_accessor confidence_threshold: ("LOW" | "MEDIUM" | "HIGH")
       attr_accessor firewall_rule_type: Types::FirewallRuleType
+      attr_accessor status: ::String
+      attr_accessor status_message: ::String
       SENSITIVE: []
     end
 
@@ -503,6 +505,7 @@ module Aws::Route53Resolver
     end
 
     class FirewallRuleType
+      attr_accessor partner_threat_protection: Types::PartnerThreatProtectionConfig
       attr_accessor firewall_advanced_content_category: Types::FirewallAdvancedContentCategoryConfig
       attr_accessor firewall_advanced_threat_category: Types::FirewallAdvancedThreatCategoryConfig
       attr_accessor dns_threat_protection: Types::DnsThreatProtectionRuleTypeConfig
@@ -514,6 +517,7 @@ module Aws::Route53Resolver
       attr_accessor value: ::String
       attr_accessor display_name: ::String
       attr_accessor description: ::String
+      attr_accessor subscription_info: Types::SubscriptionInfo
       SENSITIVE: []
     end
 
@@ -725,7 +729,7 @@ module Aws::Route53Resolver
       attr_accessor subnet_id: ::String
       attr_accessor ip: ::String
       attr_accessor ipv_6: ::String
-      attr_accessor status: ("CREATING" | "FAILED_CREATION" | "ATTACHING" | "ATTACHED" | "REMAP_DETACHING" | "REMAP_ATTACHING" | "DETACHING" | "FAILED_RESOURCE_GONE" | "DELETING" | "DELETE_FAILED_FAS_EXPIRED" | "UPDATING" | "UPDATE_FAILED" | "ISOLATED")
+      attr_accessor status: ("CREATING" | "FAILED_CREATION" | "FAILED_CREATION_INSUFFICIENT_EC2_CAPACITY_IN_OUTPOST" | "ATTACHING" | "ATTACHED" | "REMAP_DETACHING" | "REMAP_ATTACHING" | "DETACHING" | "FAILED_RESOURCE_GONE" | "DELETING" | "DELETE_FAILED_FAS_EXPIRED" | "UPDATING" | "UPDATE_FAILED" | "ISOLATED")
       attr_accessor status_message: ::String
       attr_accessor creation_time: ::String
       attr_accessor modification_time: ::String
@@ -995,6 +999,11 @@ module Aws::Route53Resolver
       SENSITIVE: []
     end
 
+    class PartnerThreatProtectionConfig
+      attr_accessor partner: ::String
+      SENSITIVE: []
+    end
+
     class PutFirewallRuleGroupPolicyRequest
       attr_accessor arn: ::String
       attr_accessor firewall_rule_group_policy: ::String
@@ -1158,6 +1167,12 @@ module Aws::Route53Resolver
       SENSITIVE: []
     end
 
+    class SubscriptionInfo
+      attr_accessor vendor_name: ::String
+      attr_accessor product_id: ::String
+      SENSITIVE: []
+    end
+
     class Tag
       attr_accessor key: ::String
       attr_accessor value: ::String

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-route53resolver
 version: !ruby/object:Gem::Version
-  version: 1.100.0
+  version: 1.101.0
 platform: ruby
 authors:
 - Amazon Web Services