aws-sdk-route53resolver 1.20.0 → 1.25.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4c63f7fc46b3df0c4fc9ba472b2ac7a9e701b80d3613587926dedfa673a8e364
-  data.tar.gz: b19ea4b086db1b7f2e67c9710be456a0b73e14dc3aca403c3693b3c25ed0c30d
+  metadata.gz: a4ef65852d1c79407730fd644a4d3bb1e13053f99addd945f4e2e416bbb3da4b
+  data.tar.gz: 98139c3b4a46b1149edf6c773a25dc6c64bc6fd455abf6bffbe5e4e3b7284342
 SHA512:
-  metadata.gz: 23bc67b92f1f6bb8e97ad1c71928dda1d661abba1f6d443dab5c5c1878c7a91de9e68db1c757c36198c71145a953463adca05801a828a9260cdfbc890d39070d
-  data.tar.gz: 0154ec3b61557548c9d0084d8e4fd715b0299f0a34c070b04fca85e921787275f5613420dde0622ae60ba216fea43fe1291bdaea3c266506e79bc30b93de7443
+  metadata.gz: de1651f0de718b3708603a83d2f10be31846585d27d3d07e046667a16e56c52c43bcee835d4278296d6cb7c7a34328afdc9698c58dd74625ed1aedc9919c1e6b
+  data.tar.gz: 2646eb6e60eafc7d22ab60f7361bad9e09a2160b18176e60403f4371b20c7f8054415048c5b33c441705e4927a94ad52bb61ce72cf86c5d7c60950ce0b01e7b8

data/CHANGELOG.md

@@ -0,0 +1,143 @@
+Unreleased Changes
+------------------
+
+1.25.0 (2021-04-01)
+------------------
+
+* Feature - Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs.
+
+1.24.0 (2021-03-10)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.23.0 (2021-02-02)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.22.0 (2020-12-17)
+------------------
+
+* Feature - Route 53 Resolver adds support for enabling resolver DNSSEC validation in virtual private cloud (VPC).
+
+1.21.0 (2020-09-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.20.0 (2020-09-15)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.19.0 (2020-08-26)
+------------------
+
+* Feature - Route 53 Resolver adds support for resolver query logs
+
+1.18.0 (2020-08-25)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.17.0 (2020-07-02)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.16.0 (2020-06-23)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.15.1 (2020-06-11)
+------------------
+
+* Issue - Republish previous version with correct dependency on `aws-sdk-core`.
+
+1.15.0 (2020-06-10)
+------------------
+
+* Issue - This version has been yanked. (#2327).
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.14.0 (2020-05-28)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.13.0 (2020-05-07)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.12.0 (2020-03-09)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.11.0 (2019-10-23)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.10.0 (2019-07-25)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.9.0 (2019-07-01)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.8.0 (2019-06-17)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.7.0 (2019-05-21)
+------------------
+
+* Feature - API update.
+
+1.6.0 (2019-05-15)
+------------------
+
+* Feature - API update.
+
+1.5.0 (2019-05-14)
+------------------
+
+* Feature - API update.
+
+1.4.0 (2019-03-21)
+------------------
+
+* Feature - API update.
+
+1.3.0 (2019-03-18)
+------------------
+
+* Feature - API update.
+
+1.2.0 (2019-03-14)
+------------------
+
+* Feature - API update.
+
+1.1.0 (2018-11-20)
+------------------
+
+* Feature - API update.
+
+1.0.1 (2018-11-16)
+------------------
+
+* Issue - Update version dependency on `aws-sdk-core` to support endpoint discovery.
+
+1.0.0 (2018-11-15)
+------------------
+
+* Feature - Initial release of `aws-sdk-route53resolver`.

data/LICENSE.txt

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/VERSION

@@ -0,0 +1 @@
+1.25.0

data/lib/aws-sdk-route53resolver.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -28,7 +28,7 @@ require_relative 'aws-sdk-route53resolver/customizations'
 # structure.
 #
 #     route_53_resolver = Aws::Route53Resolver::Client.new
-#     resp = route_53_resolver.associate_resolver_endpoint_ip_address(params)
+#     resp = route_53_resolver.associate_firewall_rule_group(params)
 #
 # See {Client} for more information.
 #
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-route53resolver/customizations'
 # @!group service
 module Aws::Route53Resolver
 
-  GEM_VERSION = '1.20.0'
+  GEM_VERSION = '1.25.0'
 
 end

data/lib/aws-sdk-route53resolver/client.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -337,6 +337,96 @@ module Aws::Route53Resolver
 
     # @!group API Operations
 
+    # Associates a FirewallRuleGroup with a VPC, to provide DNS filtering
+    # for the VPC.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string that identifies the request and that allows failed
+    #   requests to be retried without the risk of executing the operation
+    #   twice. `CreatorRequestId` can be any unique string, for example, a
+    #   date/time stamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group.
+    #
+    # @option params [required, String] :vpc_id
+    #   The unique identifier of the VPC that you want to associate with the
+    #   rule group.
+    #
+    # @option params [required, Integer] :priority
+    #   The setting that determines the processing order of the rule group
+    #   among the rule groups that you associate with the specified VPC. DNS
+    #   Firewall filters VPC traffic starting from rule group with the lowest
+    #   numeric priority setting.
+    #
+    #   You must specify a unique priority for each rule group that you
+    #   associate with a single VPC. To make it easier to insert rule groups
+    #   later, leave space between the numbers, for example, use 100, 200, and
+    #   so on. You can change the priority setting for a rule group
+    #   association after you create it.
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the association, to manage and use it.
+    #
+    # @option params [String] :mutation_protection
+    #   If enabled, this setting disallows modification or removal of the
+    #   association, to help prevent against accidentally altering DNS
+    #   firewall protections. When you create the association, the default
+    #   setting is `DISABLED`.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of the tag keys and values that you want to associate with the
+    #   rule group association.
+    #
+    # @return [Types::AssociateFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssociateFirewallRuleGroupResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_firewall_rule_group({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     vpc_id: "ResourceId", # required
+    #     priority: 1, # required
+    #     name: "Name", # required
+    #     mutation_protection: "ENABLED", # accepts ENABLED, DISABLED
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/AssociateFirewallRuleGroup AWS API Documentation
+    #
+    # @overload associate_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def associate_firewall_rule_group(params = {}, options = {})
+      req = build_request(:associate_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Adds IP addresses to an inbound or an outbound Resolver endpoint. If
     # you want to add more than one IP address, submit one
     # `AssociateResolverEndpointIpAddress` request for each IP address.
@@ -514,6 +604,249 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Creates an empty firewall domain list for use in DNS Firewall rules.
+    # You can populate the domains for the new list with a file, using
+    # ImportFirewallDomains, or with domain strings, using
+    # UpdateFirewallDomains.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string that identifies the request and that allows you to
+    #   retry failed requests without the risk of executing the operation
+    #   twice. `CreatorRequestId` can be any unique string, for example, a
+    #   date/time stamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the domain list to manage and use it.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of the tag keys and values that you want to associate with the
+    #   domain list.
+    #
+    # @return [Types::CreateFirewallDomainListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFirewallDomainListResponse#firewall_domain_list #firewall_domain_list} => Types::FirewallDomainList
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_firewall_domain_list({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     name: "Name", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_domain_list.id #=> String
+    #   resp.firewall_domain_list.arn #=> String
+    #   resp.firewall_domain_list.name #=> String
+    #   resp.firewall_domain_list.domain_count #=> Integer
+    #   resp.firewall_domain_list.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.firewall_domain_list.status_message #=> String
+    #   resp.firewall_domain_list.managed_owner_name #=> String
+    #   resp.firewall_domain_list.creator_request_id #=> String
+    #   resp.firewall_domain_list.creation_time #=> String
+    #   resp.firewall_domain_list.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallDomainList AWS API Documentation
+    #
+    # @overload create_firewall_domain_list(params = {})
+    # @param [Hash] params ({})
+    def create_firewall_domain_list(params = {}, options = {})
+      req = build_request(:create_firewall_domain_list, params)
+      req.send_request(options)
+    end
+
+    # Creates a single DNS Firewall rule in the specified rule group, using
+    # the specified domain list.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string that identifies the request and that allows you to
+    #   retry failed requests without the risk of executing the operation
+    #   twice. `CreatorRequestId` can be any unique string, for example, a
+    #   date/time stamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group where you want to
+    #   create the rule.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that you want to use in the rule.
+    #
+    # @option params [required, Integer] :priority
+    #   The setting that determines the processing order of the rule in the
+    #   rule group. DNS Firewall processes the rules in a rule group by order
+    #   of priority, starting from the lowest setting.
+    #
+    #   You must specify a unique priority for each rule in a rule group. To
+    #   make it easier to insert rules later, leave space between the numbers,
+    #   for example, use 100, 200, and so on. You can change the priority
+    #   setting for the rules in a rule group at any time.
+    #
+    # @option params [required, String] :action
+    #   The action that DNS Firewall should take on a DNS query when it
+    #   matches one of the domains in the rule's domain list:
+    #
+    #   * `ALLOW` - Permit the request to go through.
+    #
+    #   * `ALERT` - Permit the request and send metrics and log to Cloud
+    #     Watch.
+    #
+    #   * `BLOCK` - Disallow the request. This option requires additional
+    #     details in the rule's `BlockResponse`.
+    #
+    # @option params [String] :block_response
+    #   The way that you want DNS Firewall to block the request, used with the
+    #   rule aciton setting `BLOCK`.
+    #
+    #   * `NODATA` - Respond indicating that the query was successful, but no
+    #     response is available for it.
+    #
+    #   * `NXDOMAIN` - Respond indicating that the domain name that's in the
+    #     query doesn't exist.
+    #
+    #   * `OVERRIDE` - Provide a custom override in the response. This option
+    #     requires custom handling details in the rule's `BlockOverride*`
+    #     settings.
+    #
+    #   This setting is required if the rule action setting is `BLOCK`.
+    #
+    # @option params [String] :block_override_domain
+    #   The custom DNS record to send back in response to the query. Used for
+    #   the rule action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    #   This setting is required if the `BlockResponse` setting is `OVERRIDE`.
+    #
+    # @option params [String] :block_override_dns_type
+    #   The DNS record's type. This determines the format of the record value
+    #   that you provided in `BlockOverrideDomain`. Used for the rule action
+    #   `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    #   This setting is required if the `BlockResponse` setting is `OVERRIDE`.
+    #
+    # @option params [Integer] :block_override_ttl
+    #   The recommended amount of time, in seconds, for the DNS resolver or
+    #   web browser to cache the provided override record. Used for the rule
+    #   action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    #   This setting is required if the `BlockResponse` setting is `OVERRIDE`.
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the rule in the rule group.
+    #
+    # @return [Types::CreateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_firewall_rule({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     priority: 1, # required
+    #     action: "ALLOW", # required, accepts ALLOW, BLOCK, ALERT
+    #     block_response: "NODATA", # accepts NODATA, NXDOMAIN, OVERRIDE
+    #     block_override_domain: "BlockOverrideDomain",
+    #     block_override_dns_type: "CNAME", # accepts CNAME
+    #     block_override_ttl: 1,
+    #     name: "Name", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule.firewall_rule_group_id #=> String
+    #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.name #=> String
+    #   resp.firewall_rule.priority #=> Integer
+    #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rule.block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rule.block_override_domain #=> String
+    #   resp.firewall_rule.block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rule.block_override_ttl #=> Integer
+    #   resp.firewall_rule.creator_request_id #=> String
+    #   resp.firewall_rule.creation_time #=> String
+    #   resp.firewall_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRule AWS API Documentation
+    #
+    # @overload create_firewall_rule(params = {})
+    # @param [Hash] params ({})
+    def create_firewall_rule(params = {}, options = {})
+      req = build_request(:create_firewall_rule, params)
+      req.send_request(options)
+    end
+
+    # Creates an empty DNS Firewall rule group for filtering DNS network
+    # traffic in a VPC. You can add rules to the new rule group by calling
+    # CreateFirewallRule.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string defined by you to identify the request. This allows
+    #   you to retry failed requests without the risk of executing the
+    #   operation twice. This can be any unique string, for example, a
+    #   timestamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the rule group, to manage and use it.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of the tag keys and values that you want to associate with the
+    #   rule group.
+    #
+    # @return [Types::CreateFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFirewallRuleGroupResponse#firewall_rule_group #firewall_rule_group} => Types::FirewallRuleGroup
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_firewall_rule_group({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     name: "Name", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group.id #=> String
+    #   resp.firewall_rule_group.arn #=> String
+    #   resp.firewall_rule_group.name #=> String
+    #   resp.firewall_rule_group.rule_count #=> Integer
+    #   resp.firewall_rule_group.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group.status_message #=> String
+    #   resp.firewall_rule_group.owner_id #=> String
+    #   resp.firewall_rule_group.creator_request_id #=> String
+    #   resp.firewall_rule_group.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.firewall_rule_group.creation_time #=> String
+    #   resp.firewall_rule_group.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRuleGroup AWS API Documentation
+    #
+    # @overload create_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def create_firewall_rule_group(params = {}, options = {})
+      req = build_request(:create_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Creates a Resolver endpoint. There are two types of Resolver
     # endpoints, inbound and outbound:
     #
@@ -814,6 +1147,126 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Deletes the specified domain list.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that you want to delete.
+    #
+    # @return [Types::DeleteFirewallDomainListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteFirewallDomainListResponse#firewall_domain_list #firewall_domain_list} => Types::FirewallDomainList
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_firewall_domain_list({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_domain_list.id #=> String
+    #   resp.firewall_domain_list.arn #=> String
+    #   resp.firewall_domain_list.name #=> String
+    #   resp.firewall_domain_list.domain_count #=> Integer
+    #   resp.firewall_domain_list.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.firewall_domain_list.status_message #=> String
+    #   resp.firewall_domain_list.managed_owner_name #=> String
+    #   resp.firewall_domain_list.creator_request_id #=> String
+    #   resp.firewall_domain_list.creation_time #=> String
+    #   resp.firewall_domain_list.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallDomainList AWS API Documentation
+    #
+    # @overload delete_firewall_domain_list(params = {})
+    # @param [Hash] params ({})
+    def delete_firewall_domain_list(params = {}, options = {})
+      req = build_request(:delete_firewall_domain_list, params)
+      req.send_request(options)
+    end
+
+    # Deletes the specified firewall rule.
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   delete the rule from.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that's used in the rule.
+    #
+    # @return [Types::DeleteFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_firewall_rule({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule.firewall_rule_group_id #=> String
+    #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.name #=> String
+    #   resp.firewall_rule.priority #=> Integer
+    #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rule.block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rule.block_override_domain #=> String
+    #   resp.firewall_rule.block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rule.block_override_ttl #=> Integer
+    #   resp.firewall_rule.creator_request_id #=> String
+    #   resp.firewall_rule.creation_time #=> String
+    #   resp.firewall_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRule AWS API Documentation
+    #
+    # @overload delete_firewall_rule(params = {})
+    # @param [Hash] params ({})
+    def delete_firewall_rule(params = {}, options = {})
+      req = build_request(:delete_firewall_rule, params)
+      req.send_request(options)
+    end
+
+    # Deletes the specified firewall rule group.
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   delete.
+    #
+    # @return [Types::DeleteFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteFirewallRuleGroupResponse#firewall_rule_group #firewall_rule_group} => Types::FirewallRuleGroup
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_firewall_rule_group({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group.id #=> String
+    #   resp.firewall_rule_group.arn #=> String
+    #   resp.firewall_rule_group.name #=> String
+    #   resp.firewall_rule_group.rule_count #=> Integer
+    #   resp.firewall_rule_group.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group.status_message #=> String
+    #   resp.firewall_rule_group.owner_id #=> String
+    #   resp.firewall_rule_group.creator_request_id #=> String
+    #   resp.firewall_rule_group.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.firewall_rule_group.creation_time #=> String
+    #   resp.firewall_rule_group.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRuleGroup AWS API Documentation
+    #
+    # @overload delete_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def delete_firewall_rule_group(params = {}, options = {})
+      req = build_request(:delete_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Deletes a Resolver endpoint. The effect of deleting a Resolver
     # endpoint depends on whether it's an inbound or an outbound Resolver
     # endpoint:
@@ -970,6 +1423,47 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering
+    # from the VPC.
+    #
+    # @option params [required, String] :firewall_rule_group_association_id
+    #   The identifier of the FirewallRuleGroupAssociation.
+    #
+    # @return [Types::DisassociateFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisassociateFirewallRuleGroupResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_firewall_rule_group({
+    #     firewall_rule_group_association_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DisassociateFirewallRuleGroup AWS API Documentation
+    #
+    # @overload disassociate_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def disassociate_firewall_rule_group(params = {}, options = {})
+      req = build_request(:disassociate_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Removes IP addresses from an inbound or an outbound Resolver endpoint.
     # If you want to remove more than one IP address, submit one
     # `DisassociateResolverEndpointIpAddress` request for each IP address.
@@ -1125,81 +1619,294 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Gets information about a specified Resolver endpoint, such as whether
-    # it's an inbound or an outbound Resolver endpoint, and the current
-    # status of the endpoint.
+    # Retrieves the configuration of the firewall behavior provided by DNS
+    # Firewall for a single Amazon virtual private cloud (VPC).
     #
-    # @option params [required, String] :resolver_endpoint_id
-    #   The ID of the Resolver endpoint that you want to get information
-    #   about.
+    # @option params [required, String] :resource_id
+    #   The ID of the Amazon virtual private cloud (VPC) that the
+    #   configuration is for.
     #
-    # @return [Types::GetResolverEndpointResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::GetFirewallConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::GetResolverEndpointResponse#resolver_endpoint #resolver_endpoint} => Types::ResolverEndpoint
+    #   * {Types::GetFirewallConfigResponse#firewall_config #firewall_config} => Types::FirewallConfig
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_endpoint({
-    #     resolver_endpoint_id: "ResourceId", # required
+    #   resp = client.get_firewall_config({
+    #     resource_id: "ResourceId", # required
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_endpoint.id #=> String
-    #   resp.resolver_endpoint.creator_request_id #=> String
-    #   resp.resolver_endpoint.arn #=> String
-    #   resp.resolver_endpoint.name #=> String
-    #   resp.resolver_endpoint.security_group_ids #=> Array
-    #   resp.resolver_endpoint.security_group_ids[0] #=> String
-    #   resp.resolver_endpoint.direction #=> String, one of "INBOUND", "OUTBOUND"
-    #   resp.resolver_endpoint.ip_address_count #=> Integer
-    #   resp.resolver_endpoint.host_vpc_id #=> String
-    #   resp.resolver_endpoint.status #=> String, one of "CREATING", "OPERATIONAL", "UPDATING", "AUTO_RECOVERING", "ACTION_NEEDED", "DELETING"
-    #   resp.resolver_endpoint.status_message #=> String
-    #   resp.resolver_endpoint.creation_time #=> String
-    #   resp.resolver_endpoint.modification_time #=> String
+    #   resp.firewall_config.id #=> String
+    #   resp.firewall_config.resource_id #=> String
+    #   resp.firewall_config.owner_id #=> String
+    #   resp.firewall_config.firewall_fail_open #=> String, one of "ENABLED", "DISABLED"
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverEndpoint AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallConfig AWS API Documentation
     #
-    # @overload get_resolver_endpoint(params = {})
+    # @overload get_firewall_config(params = {})
     # @param [Hash] params ({})
-    def get_resolver_endpoint(params = {}, options = {})
-      req = build_request(:get_resolver_endpoint, params)
+    def get_firewall_config(params = {}, options = {})
+      req = build_request(:get_firewall_config, params)
       req.send_request(options)
     end
 
-    # Gets information about a specified Resolver query logging
-    # configuration, such as the number of VPCs that the configuration is
-    # logging queries for and the location that logs are sent to.
+    # Retrieves the specified firewall domain list.
     #
-    # @option params [required, String] :resolver_query_log_config_id
-    #   The ID of the Resolver query logging configuration that you want to
-    #   get information about.
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list.
     #
-    # @return [Types::GetResolverQueryLogConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::GetFirewallDomainListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::GetResolverQueryLogConfigResponse#resolver_query_log_config #resolver_query_log_config} => Types::ResolverQueryLogConfig
+    #   * {Types::GetFirewallDomainListResponse#firewall_domain_list #firewall_domain_list} => Types::FirewallDomainList
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_query_log_config({
-    #     resolver_query_log_config_id: "ResourceId", # required
+    #   resp = client.get_firewall_domain_list({
+    #     firewall_domain_list_id: "ResourceId", # required
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_query_log_config.id #=> String
-    #   resp.resolver_query_log_config.owner_id #=> String
-    #   resp.resolver_query_log_config.status #=> String, one of "CREATING", "CREATED", "DELETING", "FAILED"
-    #   resp.resolver_query_log_config.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
-    #   resp.resolver_query_log_config.association_count #=> Integer
-    #   resp.resolver_query_log_config.arn #=> String
-    #   resp.resolver_query_log_config.name #=> String
-    #   resp.resolver_query_log_config.destination_arn #=> String
-    #   resp.resolver_query_log_config.creator_request_id #=> String
-    #   resp.resolver_query_log_config.creation_time #=> String
+    #   resp.firewall_domain_list.id #=> String
+    #   resp.firewall_domain_list.arn #=> String
+    #   resp.firewall_domain_list.name #=> String
+    #   resp.firewall_domain_list.domain_count #=> Integer
+    #   resp.firewall_domain_list.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.firewall_domain_list.status_message #=> String
+    #   resp.firewall_domain_list.managed_owner_name #=> String
+    #   resp.firewall_domain_list.creator_request_id #=> String
+    #   resp.firewall_domain_list.creation_time #=> String
+    #   resp.firewall_domain_list.modification_time #=> String
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfig AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallDomainList AWS API Documentation
+    #
+    # @overload get_firewall_domain_list(params = {})
+    # @param [Hash] params ({})
+    def get_firewall_domain_list(params = {}, options = {})
+      req = build_request(:get_firewall_domain_list, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the specified firewall rule group.
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group.
+    #
+    # @return [Types::GetFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetFirewallRuleGroupResponse#firewall_rule_group #firewall_rule_group} => Types::FirewallRuleGroup
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_firewall_rule_group({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group.id #=> String
+    #   resp.firewall_rule_group.arn #=> String
+    #   resp.firewall_rule_group.name #=> String
+    #   resp.firewall_rule_group.rule_count #=> Integer
+    #   resp.firewall_rule_group.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group.status_message #=> String
+    #   resp.firewall_rule_group.owner_id #=> String
+    #   resp.firewall_rule_group.creator_request_id #=> String
+    #   resp.firewall_rule_group.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.firewall_rule_group.creation_time #=> String
+    #   resp.firewall_rule_group.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallRuleGroup AWS API Documentation
+    #
+    # @overload get_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def get_firewall_rule_group(params = {}, options = {})
+      req = build_request(:get_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
+    # Retrieves a firewall rule group association, which enables DNS
+    # filtering for a VPC with one rule group. A VPC can have more than one
+    # firewall rule group association, and a rule group can be associated
+    # with more than one VPC.
+    #
+    # @option params [required, String] :firewall_rule_group_association_id
+    #   The identifier of the FirewallRuleGroupAssociation.
+    #
+    # @return [Types::GetFirewallRuleGroupAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetFirewallRuleGroupAssociationResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_firewall_rule_group_association({
+    #     firewall_rule_group_association_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallRuleGroupAssociation AWS API Documentation
+    #
+    # @overload get_firewall_rule_group_association(params = {})
+    # @param [Hash] params ({})
+    def get_firewall_rule_group_association(params = {}, options = {})
+      req = build_request(:get_firewall_rule_group_association, params)
+      req.send_request(options)
+    end
+
+    # Returns the AWS Identity and Access Management (AWS IAM) policy for
+    # sharing the specified rule group. You can use the policy to share the
+    # rule group using AWS Resource Access Manager (RAM).
+    #
+    # @option params [required, String] :arn
+    #   The ARN (Amazon Resource Name) for the rule group.
+    #
+    # @return [Types::GetFirewallRuleGroupPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetFirewallRuleGroupPolicyResponse#firewall_rule_group_policy #firewall_rule_group_policy} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_firewall_rule_group_policy({
+    #     arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_policy #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallRuleGroupPolicy AWS API Documentation
+    #
+    # @overload get_firewall_rule_group_policy(params = {})
+    # @param [Hash] params ({})
+    def get_firewall_rule_group_policy(params = {}, options = {})
+      req = build_request(:get_firewall_rule_group_policy, params)
+      req.send_request(options)
+    end
+
+    # Gets DNSSEC validation information for a specified resource.
+    #
+    # @option params [required, String] :resource_id
+    #   The ID of the virtual private cloud (VPC) for the DNSSEC validation
+    #   status.
+    #
+    # @return [Types::GetResolverDnssecConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverDnssecConfigResponse#resolver_dnssec_config #resolver_dnssec_config} => Types::ResolverDnssecConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_dnssec_config({
+    #     resource_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_dnssec_config.id #=> String
+    #   resp.resolver_dnssec_config.owner_id #=> String
+    #   resp.resolver_dnssec_config.resource_id #=> String
+    #   resp.resolver_dnssec_config.validation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverDnssecConfig AWS API Documentation
+    #
+    # @overload get_resolver_dnssec_config(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_dnssec_config(params = {}, options = {})
+      req = build_request(:get_resolver_dnssec_config, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a specified Resolver endpoint, such as whether
+    # it's an inbound or an outbound Resolver endpoint, and the current
+    # status of the endpoint.
+    #
+    # @option params [required, String] :resolver_endpoint_id
+    #   The ID of the Resolver endpoint that you want to get information
+    #   about.
+    #
+    # @return [Types::GetResolverEndpointResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverEndpointResponse#resolver_endpoint #resolver_endpoint} => Types::ResolverEndpoint
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_endpoint({
+    #     resolver_endpoint_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_endpoint.id #=> String
+    #   resp.resolver_endpoint.creator_request_id #=> String
+    #   resp.resolver_endpoint.arn #=> String
+    #   resp.resolver_endpoint.name #=> String
+    #   resp.resolver_endpoint.security_group_ids #=> Array
+    #   resp.resolver_endpoint.security_group_ids[0] #=> String
+    #   resp.resolver_endpoint.direction #=> String, one of "INBOUND", "OUTBOUND"
+    #   resp.resolver_endpoint.ip_address_count #=> Integer
+    #   resp.resolver_endpoint.host_vpc_id #=> String
+    #   resp.resolver_endpoint.status #=> String, one of "CREATING", "OPERATIONAL", "UPDATING", "AUTO_RECOVERING", "ACTION_NEEDED", "DELETING"
+    #   resp.resolver_endpoint.status_message #=> String
+    #   resp.resolver_endpoint.creation_time #=> String
+    #   resp.resolver_endpoint.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverEndpoint AWS API Documentation
+    #
+    # @overload get_resolver_endpoint(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_endpoint(params = {}, options = {})
+      req = build_request(:get_resolver_endpoint, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a specified Resolver query logging
+    # configuration, such as the number of VPCs that the configuration is
+    # logging queries for and the location that logs are sent to.
+    #
+    # @option params [required, String] :resolver_query_log_config_id
+    #   The ID of the Resolver query logging configuration that you want to
+    #   get information about.
+    #
+    # @return [Types::GetResolverQueryLogConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverQueryLogConfigResponse#resolver_query_log_config #resolver_query_log_config} => Types::ResolverQueryLogConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_query_log_config({
+    #     resolver_query_log_config_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_query_log_config.id #=> String
+    #   resp.resolver_query_log_config.owner_id #=> String
+    #   resp.resolver_query_log_config.status #=> String, one of "CREATING", "CREATED", "DELETING", "FAILED"
+    #   resp.resolver_query_log_config.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.resolver_query_log_config.association_count #=> Integer
+    #   resp.resolver_query_log_config.arn #=> String
+    #   resp.resolver_query_log_config.name #=> String
+    #   resp.resolver_query_log_config.destination_arn #=> String
+    #   resp.resolver_query_log_config.creator_request_id #=> String
+    #   resp.resolver_query_log_config.creation_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfig AWS API Documentation
     #
     # @overload get_resolver_query_log_config(params = {})
     # @param [Hash] params ({})
@@ -1250,146 +1957,683 @@ module Aws::Route53Resolver
     # specifies the Resolver query logging operations and resources that you
     # want to allow another AWS account to be able to use.
     #
-    # @option params [required, String] :arn
-    #   The ARN of the query logging configuration that you want to get the
-    #   query logging policy for.
+    # @option params [required, String] :arn
+    #   The ARN of the query logging configuration that you want to get the
+    #   query logging policy for.
+    #
+    # @return [Types::GetResolverQueryLogConfigPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverQueryLogConfigPolicyResponse#resolver_query_log_config_policy #resolver_query_log_config_policy} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_query_log_config_policy({
+    #     arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_query_log_config_policy #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfigPolicy AWS API Documentation
+    #
+    # @overload get_resolver_query_log_config_policy(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_query_log_config_policy(params = {}, options = {})
+      req = build_request(:get_resolver_query_log_config_policy, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a specified Resolver rule, such as the domain
+    # name that the rule forwards DNS queries for and the ID of the outbound
+    # Resolver endpoint that the rule is associated with.
+    #
+    # @option params [required, String] :resolver_rule_id
+    #   The ID of the Resolver rule that you want to get information about.
+    #
+    # @return [Types::GetResolverRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverRuleResponse#resolver_rule #resolver_rule} => Types::ResolverRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_rule({
+    #     resolver_rule_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_rule.id #=> String
+    #   resp.resolver_rule.creator_request_id #=> String
+    #   resp.resolver_rule.arn #=> String
+    #   resp.resolver_rule.domain_name #=> String
+    #   resp.resolver_rule.status #=> String, one of "COMPLETE", "DELETING", "UPDATING", "FAILED"
+    #   resp.resolver_rule.status_message #=> String
+    #   resp.resolver_rule.rule_type #=> String, one of "FORWARD", "SYSTEM", "RECURSIVE"
+    #   resp.resolver_rule.name #=> String
+    #   resp.resolver_rule.target_ips #=> Array
+    #   resp.resolver_rule.target_ips[0].ip #=> String
+    #   resp.resolver_rule.target_ips[0].port #=> Integer
+    #   resp.resolver_rule.resolver_endpoint_id #=> String
+    #   resp.resolver_rule.owner_id #=> String
+    #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.resolver_rule.creation_time #=> String
+    #   resp.resolver_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRule AWS API Documentation
+    #
+    # @overload get_resolver_rule(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_rule(params = {}, options = {})
+      req = build_request(:get_resolver_rule, params)
+      req.send_request(options)
+    end
+
+    # Gets information about an association between a specified Resolver
+    # rule and a VPC. You associate a Resolver rule and a VPC using
+    # [AssociateResolverRule][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html
+    #
+    # @option params [required, String] :resolver_rule_association_id
+    #   The ID of the Resolver rule association that you want to get
+    #   information about.
+    #
+    # @return [Types::GetResolverRuleAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverRuleAssociationResponse#resolver_rule_association #resolver_rule_association} => Types::ResolverRuleAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_rule_association({
+    #     resolver_rule_association_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_rule_association.id #=> String
+    #   resp.resolver_rule_association.resolver_rule_id #=> String
+    #   resp.resolver_rule_association.name #=> String
+    #   resp.resolver_rule_association.vpc_id #=> String
+    #   resp.resolver_rule_association.status #=> String, one of "CREATING", "COMPLETE", "DELETING", "FAILED", "OVERRIDDEN"
+    #   resp.resolver_rule_association.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRuleAssociation AWS API Documentation
+    #
+    # @overload get_resolver_rule_association(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_rule_association(params = {}, options = {})
+      req = build_request(:get_resolver_rule_association, params)
+      req.send_request(options)
+    end
+
+    # Gets information about the Resolver rule policy for a specified rule.
+    # A Resolver rule policy includes the rule that you want to share with
+    # another account, the account that you want to share the rule with, and
+    # the Resolver operations that you want to allow the account to use.
+    #
+    # @option params [required, String] :arn
+    #   The ID of the Resolver rule that you want to get the Resolver rule
+    #   policy for.
+    #
+    # @return [Types::GetResolverRulePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverRulePolicyResponse#resolver_rule_policy #resolver_rule_policy} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_rule_policy({
+    #     arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_rule_policy #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRulePolicy AWS API Documentation
+    #
+    # @overload get_resolver_rule_policy(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_rule_policy(params = {}, options = {})
+      req = build_request(:get_resolver_rule_policy, params)
+      req.send_request(options)
+    end
+
+    # Imports domain names from a file into a domain list, for use in a DNS
+    # firewall rule group.
+    #
+    # Each domain specification in your domain list must satisfy the
+    # following requirements:
+    #
+    # * It can optionally start with `*` (asterisk).
+    #
+    # * With the exception of the optional starting asterisk, it must only
+    #   contain the following characters: `A-Z`, `a-z`, `0-9`, `-` (hyphen).
+    #
+    # * It must be from 1-255 characters in length.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that you want to modify with the import
+    #   operation.
+    #
+    # @option params [required, String] :operation
+    #   What you want DNS Firewall to do with the domains that are listed in
+    #   the file. This must be set to `REPLACE`, which updates the domain list
+    #   to exactly match the list in the file.
+    #
+    # @option params [required, String] :domain_file_url
+    #   The fully qualified URL or URI of the file stored in Amazon Simple
+    #   Storage Service (S3) that contains the list of domains to import.
+    #
+    #   The file must be in an S3 bucket that's in the same Region as your
+    #   DNS Firewall. The file must be a text file and must contain a single
+    #   domain per line.
+    #
+    # @return [Types::ImportFirewallDomainsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ImportFirewallDomainsResponse#id #id} => String
+    #   * {Types::ImportFirewallDomainsResponse#name #name} => String
+    #   * {Types::ImportFirewallDomainsResponse#status #status} => String
+    #   * {Types::ImportFirewallDomainsResponse#status_message #status_message} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.import_firewall_domains({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     operation: "REPLACE", # required, accepts REPLACE
+    #     domain_file_url: "DomainListFileUrl", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.id #=> String
+    #   resp.name #=> String
+    #   resp.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ImportFirewallDomains AWS API Documentation
+    #
+    # @overload import_firewall_domains(params = {})
+    # @param [Hash] params ({})
+    def import_firewall_domains(params = {}, options = {})
+      req = build_request(:import_firewall_domains, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the firewall configurations that you have defined. DNS
+    # Firewall uses the configurations to manage firewall behavior for your
+    # VPCs.
+    #
+    # A single call might return only a partial list of the configurations.
+    # For information, see `MaxResults`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallConfigsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallConfigsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallConfigsResponse#firewall_configs #firewall_configs} => Array&lt;Types::FirewallConfig&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_firewall_configs({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.firewall_configs #=> Array
+    #   resp.firewall_configs[0].id #=> String
+    #   resp.firewall_configs[0].resource_id #=> String
+    #   resp.firewall_configs[0].owner_id #=> String
+    #   resp.firewall_configs[0].firewall_fail_open #=> String, one of "ENABLED", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallConfigs AWS API Documentation
+    #
+    # @overload list_firewall_configs(params = {})
+    # @param [Hash] params ({})
+    def list_firewall_configs(params = {}, options = {})
+      req = build_request(:list_firewall_configs, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the firewall domain lists that you have defined. For each
+    # firewall domain list, you can retrieve the domains that are defined
+    # for a list by calling ListFirewallDomains.
+    #
+    # A single call to this list operation might return only a partial list
+    # of the domain lists. For information, see `MaxResults`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallDomainListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallDomainListsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallDomainListsResponse#firewall_domain_lists #firewall_domain_lists} => Array&lt;Types::FirewallDomainListMetadata&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_firewall_domain_lists({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.firewall_domain_lists #=> Array
+    #   resp.firewall_domain_lists[0].id #=> String
+    #   resp.firewall_domain_lists[0].arn #=> String
+    #   resp.firewall_domain_lists[0].name #=> String
+    #   resp.firewall_domain_lists[0].creator_request_id #=> String
+    #   resp.firewall_domain_lists[0].managed_owner_name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallDomainLists AWS API Documentation
+    #
+    # @overload list_firewall_domain_lists(params = {})
+    # @param [Hash] params ({})
+    def list_firewall_domain_lists(params = {}, options = {})
+      req = build_request(:list_firewall_domain_lists, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the domains that you have defined for the specified firewall
+    # domain list.
+    #
+    # A single call might return only a partial list of the domains. For
+    # information, see `MaxResults`.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list whose domains you want to retrieve.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallDomainsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallDomainsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallDomainsResponse#domains #domains} => Array&lt;String&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_firewall_domains({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.domains #=> Array
+    #   resp.domains[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallDomains AWS API Documentation
+    #
+    # @overload list_firewall_domains(params = {})
+    # @param [Hash] params ({})
+    def list_firewall_domains(params = {}, options = {})
+      req = build_request(:list_firewall_domains, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the firewall rule group associations that you have defined.
+    # Each association enables DNS filtering for a VPC with one rule group.
+    #
+    # A single call might return only a partial list of the associations.
+    # For information, see `MaxResults`.
+    #
+    # @option params [String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   retrieve the associations for. Leave this blank to retrieve
+    #   associations for any rule group.
+    #
+    # @option params [String] :vpc_id
+    #   The unique identifier of the VPC that you want to retrieve the
+    #   associations for. Leave this blank to retrieve associations for any
+    #   VPC.
+    #
+    # @option params [Integer] :priority
+    #   The setting that determines the processing order of the rule group
+    #   among the rule groups that are associated with a single VPC. DNS
+    #   Firewall filters VPC traffic starting from rule group with the lowest
+    #   numeric priority setting.
+    #
+    # @option params [String] :status
+    #   The association `Status` setting that you want DNS Firewall to filter
+    #   on for the list. If you don't specify this, then DNS Firewall returns
+    #   all associations, regardless of status.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallRuleGroupAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallRuleGroupAssociationsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallRuleGroupAssociationsResponse#firewall_rule_group_associations #firewall_rule_group_associations} => Array&lt;Types::FirewallRuleGroupAssociation&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_firewall_rule_group_associations({
+    #     firewall_rule_group_id: "ResourceId",
+    #     vpc_id: "ResourceId",
+    #     priority: 1,
+    #     status: "COMPLETE", # accepts COMPLETE, DELETING, UPDATING
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.firewall_rule_group_associations #=> Array
+    #   resp.firewall_rule_group_associations[0].id #=> String
+    #   resp.firewall_rule_group_associations[0].arn #=> String
+    #   resp.firewall_rule_group_associations[0].firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_associations[0].vpc_id #=> String
+    #   resp.firewall_rule_group_associations[0].name #=> String
+    #   resp.firewall_rule_group_associations[0].priority #=> Integer
+    #   resp.firewall_rule_group_associations[0].mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_associations[0].managed_owner_name #=> String
+    #   resp.firewall_rule_group_associations[0].status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_associations[0].status_message #=> String
+    #   resp.firewall_rule_group_associations[0].creator_request_id #=> String
+    #   resp.firewall_rule_group_associations[0].creation_time #=> String
+    #   resp.firewall_rule_group_associations[0].modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRuleGroupAssociations AWS API Documentation
+    #
+    # @overload list_firewall_rule_group_associations(params = {})
+    # @param [Hash] params ({})
+    def list_firewall_rule_group_associations(params = {}, options = {})
+      req = build_request(:list_firewall_rule_group_associations, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the minimal high-level information for the rule groups that
+    # you have defined.
+    #
+    # A single call might return only a partial list of the rule groups. For
+    # information, see `MaxResults`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
     #
-    # @return [Types::GetResolverQueryLogConfigPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
     #
-    #   * {Types::GetResolverQueryLogConfigPolicyResponse#resolver_query_log_config_policy #resolver_query_log_config_policy} => String
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallRuleGroupsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallRuleGroupsResponse#firewall_rule_groups #firewall_rule_groups} => Array&lt;Types::FirewallRuleGroupMetadata&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_query_log_config_policy({
-    #     arn: "Arn", # required
+    #   resp = client.list_firewall_rule_groups({
+    #     max_results: 1,
+    #     next_token: "NextToken",
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_query_log_config_policy #=> String
+    #   resp.next_token #=> String
+    #   resp.firewall_rule_groups #=> Array
+    #   resp.firewall_rule_groups[0].id #=> String
+    #   resp.firewall_rule_groups[0].arn #=> String
+    #   resp.firewall_rule_groups[0].name #=> String
+    #   resp.firewall_rule_groups[0].owner_id #=> String
+    #   resp.firewall_rule_groups[0].creator_request_id #=> String
+    #   resp.firewall_rule_groups[0].share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfigPolicy AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRuleGroups AWS API Documentation
     #
-    # @overload get_resolver_query_log_config_policy(params = {})
+    # @overload list_firewall_rule_groups(params = {})
     # @param [Hash] params ({})
-    def get_resolver_query_log_config_policy(params = {}, options = {})
-      req = build_request(:get_resolver_query_log_config_policy, params)
+    def list_firewall_rule_groups(params = {}, options = {})
+      req = build_request(:list_firewall_rule_groups, params)
       req.send_request(options)
     end
 
-    # Gets information about a specified Resolver rule, such as the domain
-    # name that the rule forwards DNS queries for and the ID of the outbound
-    # Resolver endpoint that the rule is associated with.
+    # Retrieves the firewall rules that you have defined for the specified
+    # firewall rule group. DNS Firewall uses the rules in a rule group to
+    # filter DNS network traffic for a VPC.
     #
-    # @option params [required, String] :resolver_rule_id
-    #   The ID of the Resolver rule that you want to get information about.
+    # A single call might return only a partial list of the rules. For
+    # information, see `MaxResults`.
     #
-    # @return [Types::GetResolverRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   retrieve the rules for.
     #
-    #   * {Types::GetResolverRuleResponse#resolver_rule #resolver_rule} => Types::ResolverRule
+    # @option params [Integer] :priority
+    #   Optional additional filter for the rules to retrieve.
     #
-    # @example Request syntax with placeholder values
+    #   The setting that determines the processing order of the rules in a
+    #   rule group. DNS Firewall processes the rules in a rule group by order
+    #   of priority, starting from the lowest setting.
     #
-    #   resp = client.get_resolver_rule({
-    #     resolver_rule_id: "ResourceId", # required
-    #   })
+    # @option params [String] :action
+    #   Optional additional filter for the rules to retrieve.
     #
-    # @example Response structure
+    #   The action that DNS Firewall should take on a DNS query when it
+    #   matches one of the domains in the rule's domain list:
     #
-    #   resp.resolver_rule.id #=> String
-    #   resp.resolver_rule.creator_request_id #=> String
-    #   resp.resolver_rule.arn #=> String
-    #   resp.resolver_rule.domain_name #=> String
-    #   resp.resolver_rule.status #=> String, one of "COMPLETE", "DELETING", "UPDATING", "FAILED"
-    #   resp.resolver_rule.status_message #=> String
-    #   resp.resolver_rule.rule_type #=> String, one of "FORWARD", "SYSTEM", "RECURSIVE"
-    #   resp.resolver_rule.name #=> String
-    #   resp.resolver_rule.target_ips #=> Array
-    #   resp.resolver_rule.target_ips[0].ip #=> String
-    #   resp.resolver_rule.target_ips[0].port #=> Integer
-    #   resp.resolver_rule.resolver_endpoint_id #=> String
-    #   resp.resolver_rule.owner_id #=> String
-    #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
-    #   resp.resolver_rule.creation_time #=> String
-    #   resp.resolver_rule.modification_time #=> String
+    #   * `ALLOW` - Permit the request to go through.
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRule AWS API Documentation
+    #   * `ALERT` - Permit the request to go through but send an alert to the
+    #     logs.
     #
-    # @overload get_resolver_rule(params = {})
-    # @param [Hash] params ({})
-    def get_resolver_rule(params = {}, options = {})
-      req = build_request(:get_resolver_rule, params)
-      req.send_request(options)
-    end
-
-    # Gets information about an association between a specified Resolver
-    # rule and a VPC. You associate a Resolver rule and a VPC using
-    # [AssociateResolverRule][1].
+    #   * `BLOCK` - Disallow the request. If this is specified, additional
+    #     handling details are provided in the rule's `BlockResponse`
+    #     setting.
     #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
     #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
     #
-    # [1]: https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
     #
-    # @option params [required, String] :resolver_rule_association_id
-    #   The ID of the Resolver rule association that you want to get
-    #   information about.
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
     #
-    # @return [Types::GetResolverRuleAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::ListFirewallRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::GetResolverRuleAssociationResponse#resolver_rule_association #resolver_rule_association} => Types::ResolverRuleAssociation
+    #   * {Types::ListFirewallRulesResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallRulesResponse#firewall_rules #firewall_rules} => Array&lt;Types::FirewallRule&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_rule_association({
-    #     resolver_rule_association_id: "ResourceId", # required
+    #   resp = client.list_firewall_rules({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     priority: 1,
+    #     action: "ALLOW", # accepts ALLOW, BLOCK, ALERT
+    #     max_results: 1,
+    #     next_token: "NextToken",
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_rule_association.id #=> String
-    #   resp.resolver_rule_association.resolver_rule_id #=> String
-    #   resp.resolver_rule_association.name #=> String
-    #   resp.resolver_rule_association.vpc_id #=> String
-    #   resp.resolver_rule_association.status #=> String, one of "CREATING", "COMPLETE", "DELETING", "FAILED", "OVERRIDDEN"
-    #   resp.resolver_rule_association.status_message #=> String
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRuleAssociation AWS API Documentation
-    #
-    # @overload get_resolver_rule_association(params = {})
+    #   resp.next_token #=> String
+    #   resp.firewall_rules #=> Array
+    #   resp.firewall_rules[0].firewall_rule_group_id #=> String
+    #   resp.firewall_rules[0].firewall_domain_list_id #=> String
+    #   resp.firewall_rules[0].name #=> String
+    #   resp.firewall_rules[0].priority #=> Integer
+    #   resp.firewall_rules[0].action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rules[0].block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rules[0].block_override_domain #=> String
+    #   resp.firewall_rules[0].block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rules[0].block_override_ttl #=> Integer
+    #   resp.firewall_rules[0].creator_request_id #=> String
+    #   resp.firewall_rules[0].creation_time #=> String
+    #   resp.firewall_rules[0].modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRules AWS API Documentation
+    #
+    # @overload list_firewall_rules(params = {})
     # @param [Hash] params ({})
-    def get_resolver_rule_association(params = {}, options = {})
-      req = build_request(:get_resolver_rule_association, params)
+    def list_firewall_rules(params = {}, options = {})
+      req = build_request(:list_firewall_rules, params)
       req.send_request(options)
     end
 
-    # Gets information about a Resolver rule policy. A Resolver rule policy
-    # specifies the Resolver operations and resources that you want to allow
-    # another AWS account to be able to use.
+    # Lists the configurations for DNSSEC validation that are associated
+    # with the current AWS account.
     #
-    # @option params [required, String] :arn
-    #   The ID of the Resolver rule policy that you want to get information
-    #   about.
+    # @option params [Integer] :max_results
+    #   *Optional*\: An integer that specifies the maximum number of DNSSEC
+    #   configuration results that you want Amazon Route 53 to return. If you
+    #   don't specify a value for `MaxResults`, Route 53 returns up to 100
+    #   configuration per page.
     #
-    # @return [Types::GetResolverRulePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [String] :next_token
+    #   (Optional) If the current AWS account has more than `MaxResults`
+    #   DNSSEC configurations, use `NextToken` to get the second and
+    #   subsequent pages of results.
     #
-    #   * {Types::GetResolverRulePolicyResponse#resolver_rule_policy #resolver_rule_policy} => String
+    #   For the first `ListResolverDnssecConfigs` request, omit this value.
+    #
+    #   For the second and subsequent requests, get the value of `NextToken`
+    #   from the previous response and specify that value for `NextToken` in
+    #   the request.
+    #
+    # @option params [Array<Types::Filter>] :filters
+    #   An optional specification to return a subset of objects.
+    #
+    # @return [Types::ListResolverDnssecConfigsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListResolverDnssecConfigsResponse#next_token #next_token} => String
+    #   * {Types::ListResolverDnssecConfigsResponse#resolver_dnssec_configs #resolver_dnssec_configs} => Array&lt;Types::ResolverDnssecConfig&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_rule_policy({
-    #     arn: "Arn", # required
+    #   resp = client.list_resolver_dnssec_configs({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #     filters: [
+    #       {
+    #         name: "FilterName",
+    #         values: ["FilterValue"],
+    #       },
+    #     ],
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_rule_policy #=> String
+    #   resp.next_token #=> String
+    #   resp.resolver_dnssec_configs #=> Array
+    #   resp.resolver_dnssec_configs[0].id #=> String
+    #   resp.resolver_dnssec_configs[0].owner_id #=> String
+    #   resp.resolver_dnssec_configs[0].resource_id #=> String
+    #   resp.resolver_dnssec_configs[0].validation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRulePolicy AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListResolverDnssecConfigs AWS API Documentation
     #
-    # @overload get_resolver_rule_policy(params = {})
+    # @overload list_resolver_dnssec_configs(params = {})
     # @param [Hash] params ({})
-    def get_resolver_rule_policy(params = {}, options = {})
-      req = build_request(:get_resolver_rule_policy, params)
+    def list_resolver_dnssec_configs(params = {}, options = {})
+      req = build_request(:list_resolver_dnssec_configs, params)
       req.send_request(options)
     end
 
@@ -2012,6 +3256,42 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Attaches an AWS Identity and Access Management (AWS IAM) policy for
+    # sharing the rule group. You can use the policy to share the rule group
+    # using AWS Resource Access Manager (RAM).
+    #
+    # @option params [required, String] :arn
+    #   The ARN (Amazon Resource Name) for the rule group that you want to
+    #   share.
+    #
+    # @option params [required, String] :firewall_rule_group_policy
+    #   The AWS Identity and Access Management (AWS IAM) policy to attach to
+    #   the rule group.
+    #
+    # @return [Types::PutFirewallRuleGroupPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutFirewallRuleGroupPolicyResponse#return_value #return_value} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_firewall_rule_group_policy({
+    #     arn: "Arn", # required
+    #     firewall_rule_group_policy: "FirewallRuleGroupPolicy", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.return_value #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/PutFirewallRuleGroupPolicy AWS API Documentation
+    #
+    # @overload put_firewall_rule_group_policy(params = {})
+    # @param [Hash] params ({})
+    def put_firewall_rule_group_policy(params = {}, options = {})
+      req = build_request(:put_firewall_rule_group_policy, params)
+      req.send_request(options)
+    end
+
     # Specifies an AWS account that you want to share a query logging
     # configuration with, the query logging configuration that you want to
     # share, and the operations that you want the account to be able to
@@ -2064,19 +3344,19 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Specifies an AWS account that you want to share rules with, the
-    # Resolver rules that you want to share, and the operations that you
-    # want the account to be able to perform on those rules.
+    # Specifies an AWS rule that you want to share with another account, the
+    # account that you want to share the rule with, and the operations that
+    # you want the account to be able to perform on the rule.
     #
     # @option params [required, String] :arn
-    #   The Amazon Resource Name (ARN) of the account that you want to share
-    #   rules with.
+    #   The Amazon Resource Name (ARN) of the rule that you want to share with
+    #   another account.
     #
     # @option params [required, String] :resolver_rule_policy
     #   An AWS Identity and Access Management policy statement that lists the
     #   rules that you want to share with another AWS account and the
     #   operations that you want the account to be able to perform. You can
-    #   specify the following operations in the `Actions` section of the
+    #   specify the following operations in the `Action` section of the
     #   statement:
     #
     #   * `route53resolver:GetResolverRule`
@@ -2089,9 +3369,9 @@ module Aws::Route53Resolver
     #
     #   * `route53resolver:ListResolverRuleAssociations`
     #
-    #   In the `Resource` section of the statement, you specify the ARNs for
-    #   the rules that you want to share with the account that you specified
-    #   in `Arn`.
+    #   In the `Resource` section of the statement, specify the ARN for the
+    #   rule that you want to share with another account. Specify the same ARN
+    #   that you specified in `Arn`.
     #
     # @return [Types::PutResolverRulePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2220,6 +3500,325 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Updates the configuration of the firewall behavior provided by DNS
+    # Firewall for a single Amazon virtual private cloud (VPC).
+    #
+    # @option params [required, String] :resource_id
+    #   The ID of the Amazon virtual private cloud (VPC) that the
+    #   configuration is for.
+    #
+    # @option params [required, String] :firewall_fail_open
+    #   Determines how Route 53 Resolver handles queries during failures, for
+    #   example when all traffic that is sent to DNS Firewall fails to receive
+    #   a reply.
+    #
+    #   * By default, fail open is disabled, which means the failure mode is
+    #     closed. This approach favors security over availability. DNS
+    #     Firewall blocks queries that it is unable to evaluate properly.
+    #
+    #   * If you enable this option, the failure mode is open. This approach
+    #     favors availability over security. DNS Firewall allows queries to
+    #     proceed if it is unable to properly evaluate them.
+    #
+    #   This behavior is only enforced for VPCs that have at least one DNS
+    #   Firewall rule group association.
+    #
+    # @return [Types::UpdateFirewallConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallConfigResponse#firewall_config #firewall_config} => Types::FirewallConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_config({
+    #     resource_id: "ResourceId", # required
+    #     firewall_fail_open: "ENABLED", # required, accepts ENABLED, DISABLED
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_config.id #=> String
+    #   resp.firewall_config.resource_id #=> String
+    #   resp.firewall_config.owner_id #=> String
+    #   resp.firewall_config.firewall_fail_open #=> String, one of "ENABLED", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallConfig AWS API Documentation
+    #
+    # @overload update_firewall_config(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_config(params = {}, options = {})
+      req = build_request(:update_firewall_config, params)
+      req.send_request(options)
+    end
+
+    # Updates the firewall domain list from an array of domain
+    # specifications.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list whose domains you want to update.
+    #
+    # @option params [required, String] :operation
+    #   What you want DNS Firewall to do with the domains that you are
+    #   providing:
+    #
+    #   * `ADD` - Add the domains to the ones that are already in the domain
+    #     list.
+    #
+    #   * `REMOVE` - Search the domain list for the domains and remove them
+    #     from the list.
+    #
+    #   * `REPLACE` - Update the domain list to exactly match the list that
+    #     you are providing.
+    #
+    # @option params [required, Array<String>] :domains
+    #   A list of domains to use in the update operation.
+    #
+    #   Each domain specification in your domain list must satisfy the
+    #   following requirements:
+    #
+    #   * It can optionally start with `*` (asterisk).
+    #
+    #   * With the exception of the optional starting asterisk, it must only
+    #     contain the following characters: `A-Z`, `a-z`, `0-9`, `-` (hyphen).
+    #
+    #   * It must be from 1-255 characters in length.
+    #
+    # @return [Types::UpdateFirewallDomainsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallDomainsResponse#id #id} => String
+    #   * {Types::UpdateFirewallDomainsResponse#name #name} => String
+    #   * {Types::UpdateFirewallDomainsResponse#status #status} => String
+    #   * {Types::UpdateFirewallDomainsResponse#status_message #status_message} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_domains({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     operation: "ADD", # required, accepts ADD, REMOVE, REPLACE
+    #     domains: ["FirewallDomainName"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.id #=> String
+    #   resp.name #=> String
+    #   resp.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallDomains AWS API Documentation
+    #
+    # @overload update_firewall_domains(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_domains(params = {}, options = {})
+      req = build_request(:update_firewall_domains, params)
+      req.send_request(options)
+    end
+
+    # Updates the specified firewall rule.
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group for the rule.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list to use in the rule.
+    #
+    # @option params [Integer] :priority
+    #   The setting that determines the processing order of the rule in the
+    #   rule group. DNS Firewall processes the rules in a rule group by order
+    #   of priority, starting from the lowest setting.
+    #
+    #   You must specify a unique priority for each rule in a rule group. To
+    #   make it easier to insert rules later, leave space between the numbers,
+    #   for example, use 100, 200, and so on. You can change the priority
+    #   setting for the rules in a rule group at any time.
+    #
+    # @option params [String] :action
+    #   The action that DNS Firewall should take on a DNS query when it
+    #   matches one of the domains in the rule's domain list:
+    #
+    #   * `ALLOW` - Permit the request to go through.
+    #
+    #   * `ALERT` - Permit the request to go through but send an alert to the
+    #     logs.
+    #
+    #   * `BLOCK` - Disallow the request. This option requires additional
+    #     details in the rule's `BlockResponse`.
+    #
+    # @option params [String] :block_response
+    #   The way that you want DNS Firewall to block the request. Used for the
+    #   rule action setting `BLOCK`.
+    #
+    #   * `NODATA` - Respond indicating that the query was successful, but no
+    #     response is available for it.
+    #
+    #   * `NXDOMAIN` - Respond indicating that the domain name that's in the
+    #     query doesn't exist.
+    #
+    #   * `OVERRIDE` - Provide a custom override in the response. This option
+    #     requires custom handling details in the rule's `BlockOverride*`
+    #     settings.
+    #
+    # @option params [String] :block_override_domain
+    #   The custom DNS record to send back in response to the query. Used for
+    #   the rule action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    # @option params [String] :block_override_dns_type
+    #   The DNS record's type. This determines the format of the record value
+    #   that you provided in `BlockOverrideDomain`. Used for the rule action
+    #   `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    # @option params [Integer] :block_override_ttl
+    #   The recommended amount of time, in seconds, for the DNS resolver or
+    #   web browser to cache the provided override record. Used for the rule
+    #   action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    # @option params [String] :name
+    #   The name of the rule.
+    #
+    # @return [Types::UpdateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_rule({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     priority: 1,
+    #     action: "ALLOW", # accepts ALLOW, BLOCK, ALERT
+    #     block_response: "NODATA", # accepts NODATA, NXDOMAIN, OVERRIDE
+    #     block_override_domain: "BlockOverrideDomain",
+    #     block_override_dns_type: "CNAME", # accepts CNAME
+    #     block_override_ttl: 1,
+    #     name: "Name",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule.firewall_rule_group_id #=> String
+    #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.name #=> String
+    #   resp.firewall_rule.priority #=> Integer
+    #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rule.block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rule.block_override_domain #=> String
+    #   resp.firewall_rule.block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rule.block_override_ttl #=> Integer
+    #   resp.firewall_rule.creator_request_id #=> String
+    #   resp.firewall_rule.creation_time #=> String
+    #   resp.firewall_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRule AWS API Documentation
+    #
+    # @overload update_firewall_rule(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_rule(params = {}, options = {})
+      req = build_request(:update_firewall_rule, params)
+      req.send_request(options)
+    end
+
+    # Changes the association of a FirewallRuleGroup with a VPC. The
+    # association enables DNS filtering for the VPC.
+    #
+    # @option params [required, String] :firewall_rule_group_association_id
+    #   The identifier of the FirewallRuleGroupAssociation.
+    #
+    # @option params [Integer] :priority
+    #   The setting that determines the processing order of the rule group
+    #   among the rule groups that you associate with the specified VPC. DNS
+    #   Firewall filters VPC traffic starting from rule group with the lowest
+    #   numeric priority setting.
+    #
+    #   You must specify a unique priority for each rule group that you
+    #   associate with a single VPC. To make it easier to insert rule groups
+    #   later, leave space between the numbers, for example, use 100, 200, and
+    #   so on. You can change the priority setting for a rule group
+    #   association after you create it.
+    #
+    # @option params [String] :mutation_protection
+    #   If enabled, this setting disallows modification or removal of the
+    #   association, to help prevent against accidentally altering DNS
+    #   firewall protections.
+    #
+    # @option params [String] :name
+    #   The name of the rule group association.
+    #
+    # @return [Types::UpdateFirewallRuleGroupAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallRuleGroupAssociationResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_rule_group_association({
+    #     firewall_rule_group_association_id: "ResourceId", # required
+    #     priority: 1,
+    #     mutation_protection: "ENABLED", # accepts ENABLED, DISABLED
+    #     name: "Name",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRuleGroupAssociation AWS API Documentation
+    #
+    # @overload update_firewall_rule_group_association(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_rule_group_association(params = {}, options = {})
+      req = build_request(:update_firewall_rule_group_association, params)
+      req.send_request(options)
+    end
+
+    # Updates an existing DNSSEC validation configuration. If there is no
+    # existing DNSSEC validation configuration, one is created.
+    #
+    # @option params [required, String] :resource_id
+    #   The ID of the virtual private cloud (VPC) that you're updating the
+    #   DNSSEC validation status for.
+    #
+    # @option params [required, String] :validation
+    #   The new value that you are specifying for DNSSEC validation for the
+    #   VPC. The value can be `ENABLE` or `DISABLE`. Be aware that it can take
+    #   time for a validation status change to be completed.
+    #
+    # @return [Types::UpdateResolverDnssecConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateResolverDnssecConfigResponse#resolver_dnssec_config #resolver_dnssec_config} => Types::ResolverDnssecConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_resolver_dnssec_config({
+    #     resource_id: "ResourceId", # required
+    #     validation: "ENABLE", # required, accepts ENABLE, DISABLE
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_dnssec_config.id #=> String
+    #   resp.resolver_dnssec_config.owner_id #=> String
+    #   resp.resolver_dnssec_config.resource_id #=> String
+    #   resp.resolver_dnssec_config.validation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateResolverDnssecConfig AWS API Documentation
+    #
+    # @overload update_resolver_dnssec_config(params = {})
+    # @param [Hash] params ({})
+    def update_resolver_dnssec_config(params = {}, options = {})
+      req = build_request(:update_resolver_dnssec_config, params)
+      req.send_request(options)
+    end
+
     # Updates the name of an inbound or an outbound Resolver endpoint.
     #
     # @option params [required, String] :resolver_endpoint_id
@@ -2335,7 +3934,7 @@ module Aws::Route53Resolver
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-route53resolver'
-      context[:gem_version] = '1.20.0'
+      context[:gem_version] = '1.25.0'
       Seahorse::Client::Request.new(handlers, context)
     end