aws-sdk-route53resolver 1.24.0 → 1.25.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c7ab15f200166ec0058aeef68883431ae265414363d5659ce103b0719aca6a9
-  data.tar.gz: d53e916cc9b1bbfe4a51cdf2d3f40a8269f1e6b325a30bf8b4a79faf7ce1f18a
+  metadata.gz: a4ef65852d1c79407730fd644a4d3bb1e13053f99addd945f4e2e416bbb3da4b
+  data.tar.gz: 98139c3b4a46b1149edf6c773a25dc6c64bc6fd455abf6bffbe5e4e3b7284342
 SHA512:
-  metadata.gz: 4f717a87c6167cb9c5b608d7591a8a4f42a180291556b7f6c56e9ee0747a3d46a7af0e59f3ba801649ad743f7782c859f5623340f908cb6d8461eb045d532bcf
-  data.tar.gz: 92ea7bf7a26b01d40348cb17ee8257921b9c3a01dd9c1100738244718edb0a95e3f6d4ad059b2c04faa56e811292187f7554ea6b82e0ff57402f0f1f6e0654f1
+  metadata.gz: de1651f0de718b3708603a83d2f10be31846585d27d3d07e046667a16e56c52c43bcee835d4278296d6cb7c7a34328afdc9698c58dd74625ed1aedc9919c1e6b
+  data.tar.gz: 2646eb6e60eafc7d22ab60f7361bad9e09a2160b18176e60403f4371b20c7f8054415048c5b33c441705e4927a94ad52bb61ce72cf86c5d7c60950ce0b01e7b8

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.25.0 (2021-04-01)
+------------------
+
+* Feature - Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs.
+
 1.24.0 (2021-03-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.24.0
+1.25.0

data/lib/aws-sdk-route53resolver.rb

@@ -28,7 +28,7 @@ require_relative 'aws-sdk-route53resolver/customizations'
 # structure.
 #
 #     route_53_resolver = Aws::Route53Resolver::Client.new
-#     resp = route_53_resolver.associate_resolver_endpoint_ip_address(params)
+#     resp = route_53_resolver.associate_firewall_rule_group(params)
 #
 # See {Client} for more information.
 #
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-route53resolver/customizations'
 # @!group service
 module Aws::Route53Resolver
 
-  GEM_VERSION = '1.24.0'
+  GEM_VERSION = '1.25.0'
 
 end

data/lib/aws-sdk-route53resolver/client.rb

@@ -337,6 +337,96 @@ module Aws::Route53Resolver
 
     # @!group API Operations
 
+    # Associates a FirewallRuleGroup with a VPC, to provide DNS filtering
+    # for the VPC.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string that identifies the request and that allows failed
+    #   requests to be retried without the risk of executing the operation
+    #   twice. `CreatorRequestId` can be any unique string, for example, a
+    #   date/time stamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group.
+    #
+    # @option params [required, String] :vpc_id
+    #   The unique identifier of the VPC that you want to associate with the
+    #   rule group.
+    #
+    # @option params [required, Integer] :priority
+    #   The setting that determines the processing order of the rule group
+    #   among the rule groups that you associate with the specified VPC. DNS
+    #   Firewall filters VPC traffic starting from rule group with the lowest
+    #   numeric priority setting.
+    #
+    #   You must specify a unique priority for each rule group that you
+    #   associate with a single VPC. To make it easier to insert rule groups
+    #   later, leave space between the numbers, for example, use 100, 200, and
+    #   so on. You can change the priority setting for a rule group
+    #   association after you create it.
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the association, to manage and use it.
+    #
+    # @option params [String] :mutation_protection
+    #   If enabled, this setting disallows modification or removal of the
+    #   association, to help prevent against accidentally altering DNS
+    #   firewall protections. When you create the association, the default
+    #   setting is `DISABLED`.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of the tag keys and values that you want to associate with the
+    #   rule group association.
+    #
+    # @return [Types::AssociateFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::AssociateFirewallRuleGroupResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.associate_firewall_rule_group({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     vpc_id: "ResourceId", # required
+    #     priority: 1, # required
+    #     name: "Name", # required
+    #     mutation_protection: "ENABLED", # accepts ENABLED, DISABLED
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/AssociateFirewallRuleGroup AWS API Documentation
+    #
+    # @overload associate_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def associate_firewall_rule_group(params = {}, options = {})
+      req = build_request(:associate_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Adds IP addresses to an inbound or an outbound Resolver endpoint. If
     # you want to add more than one IP address, submit one
     # `AssociateResolverEndpointIpAddress` request for each IP address.
@@ -514,6 +604,249 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Creates an empty firewall domain list for use in DNS Firewall rules.
+    # You can populate the domains for the new list with a file, using
+    # ImportFirewallDomains, or with domain strings, using
+    # UpdateFirewallDomains.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string that identifies the request and that allows you to
+    #   retry failed requests without the risk of executing the operation
+    #   twice. `CreatorRequestId` can be any unique string, for example, a
+    #   date/time stamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the domain list to manage and use it.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of the tag keys and values that you want to associate with the
+    #   domain list.
+    #
+    # @return [Types::CreateFirewallDomainListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFirewallDomainListResponse#firewall_domain_list #firewall_domain_list} => Types::FirewallDomainList
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_firewall_domain_list({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     name: "Name", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_domain_list.id #=> String
+    #   resp.firewall_domain_list.arn #=> String
+    #   resp.firewall_domain_list.name #=> String
+    #   resp.firewall_domain_list.domain_count #=> Integer
+    #   resp.firewall_domain_list.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.firewall_domain_list.status_message #=> String
+    #   resp.firewall_domain_list.managed_owner_name #=> String
+    #   resp.firewall_domain_list.creator_request_id #=> String
+    #   resp.firewall_domain_list.creation_time #=> String
+    #   resp.firewall_domain_list.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallDomainList AWS API Documentation
+    #
+    # @overload create_firewall_domain_list(params = {})
+    # @param [Hash] params ({})
+    def create_firewall_domain_list(params = {}, options = {})
+      req = build_request(:create_firewall_domain_list, params)
+      req.send_request(options)
+    end
+
+    # Creates a single DNS Firewall rule in the specified rule group, using
+    # the specified domain list.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string that identifies the request and that allows you to
+    #   retry failed requests without the risk of executing the operation
+    #   twice. `CreatorRequestId` can be any unique string, for example, a
+    #   date/time stamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group where you want to
+    #   create the rule.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that you want to use in the rule.
+    #
+    # @option params [required, Integer] :priority
+    #   The setting that determines the processing order of the rule in the
+    #   rule group. DNS Firewall processes the rules in a rule group by order
+    #   of priority, starting from the lowest setting.
+    #
+    #   You must specify a unique priority for each rule in a rule group. To
+    #   make it easier to insert rules later, leave space between the numbers,
+    #   for example, use 100, 200, and so on. You can change the priority
+    #   setting for the rules in a rule group at any time.
+    #
+    # @option params [required, String] :action
+    #   The action that DNS Firewall should take on a DNS query when it
+    #   matches one of the domains in the rule's domain list:
+    #
+    #   * `ALLOW` - Permit the request to go through.
+    #
+    #   * `ALERT` - Permit the request and send metrics and log to Cloud
+    #     Watch.
+    #
+    #   * `BLOCK` - Disallow the request. This option requires additional
+    #     details in the rule's `BlockResponse`.
+    #
+    # @option params [String] :block_response
+    #   The way that you want DNS Firewall to block the request, used with the
+    #   rule aciton setting `BLOCK`.
+    #
+    #   * `NODATA` - Respond indicating that the query was successful, but no
+    #     response is available for it.
+    #
+    #   * `NXDOMAIN` - Respond indicating that the domain name that's in the
+    #     query doesn't exist.
+    #
+    #   * `OVERRIDE` - Provide a custom override in the response. This option
+    #     requires custom handling details in the rule's `BlockOverride*`
+    #     settings.
+    #
+    #   This setting is required if the rule action setting is `BLOCK`.
+    #
+    # @option params [String] :block_override_domain
+    #   The custom DNS record to send back in response to the query. Used for
+    #   the rule action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    #   This setting is required if the `BlockResponse` setting is `OVERRIDE`.
+    #
+    # @option params [String] :block_override_dns_type
+    #   The DNS record's type. This determines the format of the record value
+    #   that you provided in `BlockOverrideDomain`. Used for the rule action
+    #   `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    #   This setting is required if the `BlockResponse` setting is `OVERRIDE`.
+    #
+    # @option params [Integer] :block_override_ttl
+    #   The recommended amount of time, in seconds, for the DNS resolver or
+    #   web browser to cache the provided override record. Used for the rule
+    #   action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    #   This setting is required if the `BlockResponse` setting is `OVERRIDE`.
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the rule in the rule group.
+    #
+    # @return [Types::CreateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_firewall_rule({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     priority: 1, # required
+    #     action: "ALLOW", # required, accepts ALLOW, BLOCK, ALERT
+    #     block_response: "NODATA", # accepts NODATA, NXDOMAIN, OVERRIDE
+    #     block_override_domain: "BlockOverrideDomain",
+    #     block_override_dns_type: "CNAME", # accepts CNAME
+    #     block_override_ttl: 1,
+    #     name: "Name", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule.firewall_rule_group_id #=> String
+    #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.name #=> String
+    #   resp.firewall_rule.priority #=> Integer
+    #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rule.block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rule.block_override_domain #=> String
+    #   resp.firewall_rule.block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rule.block_override_ttl #=> Integer
+    #   resp.firewall_rule.creator_request_id #=> String
+    #   resp.firewall_rule.creation_time #=> String
+    #   resp.firewall_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRule AWS API Documentation
+    #
+    # @overload create_firewall_rule(params = {})
+    # @param [Hash] params ({})
+    def create_firewall_rule(params = {}, options = {})
+      req = build_request(:create_firewall_rule, params)
+      req.send_request(options)
+    end
+
+    # Creates an empty DNS Firewall rule group for filtering DNS network
+    # traffic in a VPC. You can add rules to the new rule group by calling
+    # CreateFirewallRule.
+    #
+    # @option params [required, String] :creator_request_id
+    #   A unique string defined by you to identify the request. This allows
+    #   you to retry failed requests without the risk of executing the
+    #   operation twice. This can be any unique string, for example, a
+    #   timestamp.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.**
+    #
+    # @option params [required, String] :name
+    #   A name that lets you identify the rule group, to manage and use it.
+    #
+    # @option params [Array<Types::Tag>] :tags
+    #   A list of the tag keys and values that you want to associate with the
+    #   rule group.
+    #
+    # @return [Types::CreateFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateFirewallRuleGroupResponse#firewall_rule_group #firewall_rule_group} => Types::FirewallRuleGroup
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_firewall_rule_group({
+    #     creator_request_id: "CreatorRequestId", # required
+    #     name: "Name", # required
+    #     tags: [
+    #       {
+    #         key: "TagKey", # required
+    #         value: "TagValue", # required
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group.id #=> String
+    #   resp.firewall_rule_group.arn #=> String
+    #   resp.firewall_rule_group.name #=> String
+    #   resp.firewall_rule_group.rule_count #=> Integer
+    #   resp.firewall_rule_group.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group.status_message #=> String
+    #   resp.firewall_rule_group.owner_id #=> String
+    #   resp.firewall_rule_group.creator_request_id #=> String
+    #   resp.firewall_rule_group.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.firewall_rule_group.creation_time #=> String
+    #   resp.firewall_rule_group.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRuleGroup AWS API Documentation
+    #
+    # @overload create_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def create_firewall_rule_group(params = {}, options = {})
+      req = build_request(:create_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Creates a Resolver endpoint. There are two types of Resolver
     # endpoints, inbound and outbound:
     #
@@ -814,6 +1147,126 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Deletes the specified domain list.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that you want to delete.
+    #
+    # @return [Types::DeleteFirewallDomainListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteFirewallDomainListResponse#firewall_domain_list #firewall_domain_list} => Types::FirewallDomainList
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_firewall_domain_list({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_domain_list.id #=> String
+    #   resp.firewall_domain_list.arn #=> String
+    #   resp.firewall_domain_list.name #=> String
+    #   resp.firewall_domain_list.domain_count #=> Integer
+    #   resp.firewall_domain_list.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.firewall_domain_list.status_message #=> String
+    #   resp.firewall_domain_list.managed_owner_name #=> String
+    #   resp.firewall_domain_list.creator_request_id #=> String
+    #   resp.firewall_domain_list.creation_time #=> String
+    #   resp.firewall_domain_list.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallDomainList AWS API Documentation
+    #
+    # @overload delete_firewall_domain_list(params = {})
+    # @param [Hash] params ({})
+    def delete_firewall_domain_list(params = {}, options = {})
+      req = build_request(:delete_firewall_domain_list, params)
+      req.send_request(options)
+    end
+
+    # Deletes the specified firewall rule.
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   delete the rule from.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that's used in the rule.
+    #
+    # @return [Types::DeleteFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_firewall_rule({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule.firewall_rule_group_id #=> String
+    #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.name #=> String
+    #   resp.firewall_rule.priority #=> Integer
+    #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rule.block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rule.block_override_domain #=> String
+    #   resp.firewall_rule.block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rule.block_override_ttl #=> Integer
+    #   resp.firewall_rule.creator_request_id #=> String
+    #   resp.firewall_rule.creation_time #=> String
+    #   resp.firewall_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRule AWS API Documentation
+    #
+    # @overload delete_firewall_rule(params = {})
+    # @param [Hash] params ({})
+    def delete_firewall_rule(params = {}, options = {})
+      req = build_request(:delete_firewall_rule, params)
+      req.send_request(options)
+    end
+
+    # Deletes the specified firewall rule group.
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   delete.
+    #
+    # @return [Types::DeleteFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteFirewallRuleGroupResponse#firewall_rule_group #firewall_rule_group} => Types::FirewallRuleGroup
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_firewall_rule_group({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group.id #=> String
+    #   resp.firewall_rule_group.arn #=> String
+    #   resp.firewall_rule_group.name #=> String
+    #   resp.firewall_rule_group.rule_count #=> Integer
+    #   resp.firewall_rule_group.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group.status_message #=> String
+    #   resp.firewall_rule_group.owner_id #=> String
+    #   resp.firewall_rule_group.creator_request_id #=> String
+    #   resp.firewall_rule_group.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.firewall_rule_group.creation_time #=> String
+    #   resp.firewall_rule_group.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRuleGroup AWS API Documentation
+    #
+    # @overload delete_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def delete_firewall_rule_group(params = {}, options = {})
+      req = build_request(:delete_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Deletes a Resolver endpoint. The effect of deleting a Resolver
     # endpoint depends on whether it's an inbound or an outbound Resolver
     # endpoint:
@@ -970,6 +1423,47 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering
+    # from the VPC.
+    #
+    # @option params [required, String] :firewall_rule_group_association_id
+    #   The identifier of the FirewallRuleGroupAssociation.
+    #
+    # @return [Types::DisassociateFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DisassociateFirewallRuleGroupResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disassociate_firewall_rule_group({
+    #     firewall_rule_group_association_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DisassociateFirewallRuleGroup AWS API Documentation
+    #
+    # @overload disassociate_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def disassociate_firewall_rule_group(params = {}, options = {})
+      req = build_request(:disassociate_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
     # Removes IP addresses from an inbound or an outbound Resolver endpoint.
     # If you want to remove more than one IP address, submit one
     # `DisassociateResolverEndpointIpAddress` request for each IP address.
@@ -1125,96 +1619,277 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Gets DNSSEC validation information for a specified resource.
+    # Retrieves the configuration of the firewall behavior provided by DNS
+    # Firewall for a single Amazon virtual private cloud (VPC).
     #
     # @option params [required, String] :resource_id
-    #   The ID of the virtual private cloud (VPC) for the DNSSEC validation
-    #   status.
+    #   The ID of the Amazon virtual private cloud (VPC) that the
+    #   configuration is for.
     #
-    # @return [Types::GetResolverDnssecConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::GetFirewallConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::GetResolverDnssecConfigResponse#resolver_dnssec_config #resolver_dnssec_config} => Types::ResolverDnssecConfig
+    #   * {Types::GetFirewallConfigResponse#firewall_config #firewall_config} => Types::FirewallConfig
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_dnssec_config({
+    #   resp = client.get_firewall_config({
     #     resource_id: "ResourceId", # required
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_dnssec_config.id #=> String
-    #   resp.resolver_dnssec_config.owner_id #=> String
-    #   resp.resolver_dnssec_config.resource_id #=> String
-    #   resp.resolver_dnssec_config.validation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #   resp.firewall_config.id #=> String
+    #   resp.firewall_config.resource_id #=> String
+    #   resp.firewall_config.owner_id #=> String
+    #   resp.firewall_config.firewall_fail_open #=> String, one of "ENABLED", "DISABLED"
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverDnssecConfig AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallConfig AWS API Documentation
     #
-    # @overload get_resolver_dnssec_config(params = {})
+    # @overload get_firewall_config(params = {})
     # @param [Hash] params ({})
-    def get_resolver_dnssec_config(params = {}, options = {})
-      req = build_request(:get_resolver_dnssec_config, params)
+    def get_firewall_config(params = {}, options = {})
+      req = build_request(:get_firewall_config, params)
       req.send_request(options)
     end
 
-    # Gets information about a specified Resolver endpoint, such as whether
-    # it's an inbound or an outbound Resolver endpoint, and the current
-    # status of the endpoint.
+    # Retrieves the specified firewall domain list.
     #
-    # @option params [required, String] :resolver_endpoint_id
-    #   The ID of the Resolver endpoint that you want to get information
-    #   about.
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list.
     #
-    # @return [Types::GetResolverEndpointResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::GetFirewallDomainListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::GetResolverEndpointResponse#resolver_endpoint #resolver_endpoint} => Types::ResolverEndpoint
+    #   * {Types::GetFirewallDomainListResponse#firewall_domain_list #firewall_domain_list} => Types::FirewallDomainList
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_endpoint({
-    #     resolver_endpoint_id: "ResourceId", # required
+    #   resp = client.get_firewall_domain_list({
+    #     firewall_domain_list_id: "ResourceId", # required
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_endpoint.id #=> String
-    #   resp.resolver_endpoint.creator_request_id #=> String
-    #   resp.resolver_endpoint.arn #=> String
-    #   resp.resolver_endpoint.name #=> String
-    #   resp.resolver_endpoint.security_group_ids #=> Array
-    #   resp.resolver_endpoint.security_group_ids[0] #=> String
-    #   resp.resolver_endpoint.direction #=> String, one of "INBOUND", "OUTBOUND"
-    #   resp.resolver_endpoint.ip_address_count #=> Integer
-    #   resp.resolver_endpoint.host_vpc_id #=> String
-    #   resp.resolver_endpoint.status #=> String, one of "CREATING", "OPERATIONAL", "UPDATING", "AUTO_RECOVERING", "ACTION_NEEDED", "DELETING"
-    #   resp.resolver_endpoint.status_message #=> String
-    #   resp.resolver_endpoint.creation_time #=> String
-    #   resp.resolver_endpoint.modification_time #=> String
+    #   resp.firewall_domain_list.id #=> String
+    #   resp.firewall_domain_list.arn #=> String
+    #   resp.firewall_domain_list.name #=> String
+    #   resp.firewall_domain_list.domain_count #=> Integer
+    #   resp.firewall_domain_list.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.firewall_domain_list.status_message #=> String
+    #   resp.firewall_domain_list.managed_owner_name #=> String
+    #   resp.firewall_domain_list.creator_request_id #=> String
+    #   resp.firewall_domain_list.creation_time #=> String
+    #   resp.firewall_domain_list.modification_time #=> String
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverEndpoint AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallDomainList AWS API Documentation
     #
-    # @overload get_resolver_endpoint(params = {})
+    # @overload get_firewall_domain_list(params = {})
     # @param [Hash] params ({})
-    def get_resolver_endpoint(params = {}, options = {})
-      req = build_request(:get_resolver_endpoint, params)
+    def get_firewall_domain_list(params = {}, options = {})
+      req = build_request(:get_firewall_domain_list, params)
       req.send_request(options)
     end
 
-    # Gets information about a specified Resolver query logging
-    # configuration, such as the number of VPCs that the configuration is
-    # logging queries for and the location that logs are sent to.
+    # Retrieves the specified firewall rule group.
     #
-    # @option params [required, String] :resolver_query_log_config_id
-    #   The ID of the Resolver query logging configuration that you want to
-    #   get information about.
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group.
     #
-    # @return [Types::GetResolverQueryLogConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @return [Types::GetFirewallRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    #   * {Types::GetResolverQueryLogConfigResponse#resolver_query_log_config #resolver_query_log_config} => Types::ResolverQueryLogConfig
+    #   * {Types::GetFirewallRuleGroupResponse#firewall_rule_group #firewall_rule_group} => Types::FirewallRuleGroup
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_query_log_config({
+    #   resp = client.get_firewall_rule_group({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group.id #=> String
+    #   resp.firewall_rule_group.arn #=> String
+    #   resp.firewall_rule_group.name #=> String
+    #   resp.firewall_rule_group.rule_count #=> Integer
+    #   resp.firewall_rule_group.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group.status_message #=> String
+    #   resp.firewall_rule_group.owner_id #=> String
+    #   resp.firewall_rule_group.creator_request_id #=> String
+    #   resp.firewall_rule_group.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.firewall_rule_group.creation_time #=> String
+    #   resp.firewall_rule_group.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallRuleGroup AWS API Documentation
+    #
+    # @overload get_firewall_rule_group(params = {})
+    # @param [Hash] params ({})
+    def get_firewall_rule_group(params = {}, options = {})
+      req = build_request(:get_firewall_rule_group, params)
+      req.send_request(options)
+    end
+
+    # Retrieves a firewall rule group association, which enables DNS
+    # filtering for a VPC with one rule group. A VPC can have more than one
+    # firewall rule group association, and a rule group can be associated
+    # with more than one VPC.
+    #
+    # @option params [required, String] :firewall_rule_group_association_id
+    #   The identifier of the FirewallRuleGroupAssociation.
+    #
+    # @return [Types::GetFirewallRuleGroupAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetFirewallRuleGroupAssociationResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_firewall_rule_group_association({
+    #     firewall_rule_group_association_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallRuleGroupAssociation AWS API Documentation
+    #
+    # @overload get_firewall_rule_group_association(params = {})
+    # @param [Hash] params ({})
+    def get_firewall_rule_group_association(params = {}, options = {})
+      req = build_request(:get_firewall_rule_group_association, params)
+      req.send_request(options)
+    end
+
+    # Returns the AWS Identity and Access Management (AWS IAM) policy for
+    # sharing the specified rule group. You can use the policy to share the
+    # rule group using AWS Resource Access Manager (RAM).
+    #
+    # @option params [required, String] :arn
+    #   The ARN (Amazon Resource Name) for the rule group.
+    #
+    # @return [Types::GetFirewallRuleGroupPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetFirewallRuleGroupPolicyResponse#firewall_rule_group_policy #firewall_rule_group_policy} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_firewall_rule_group_policy({
+    #     arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_policy #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetFirewallRuleGroupPolicy AWS API Documentation
+    #
+    # @overload get_firewall_rule_group_policy(params = {})
+    # @param [Hash] params ({})
+    def get_firewall_rule_group_policy(params = {}, options = {})
+      req = build_request(:get_firewall_rule_group_policy, params)
+      req.send_request(options)
+    end
+
+    # Gets DNSSEC validation information for a specified resource.
+    #
+    # @option params [required, String] :resource_id
+    #   The ID of the virtual private cloud (VPC) for the DNSSEC validation
+    #   status.
+    #
+    # @return [Types::GetResolverDnssecConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverDnssecConfigResponse#resolver_dnssec_config #resolver_dnssec_config} => Types::ResolverDnssecConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_dnssec_config({
+    #     resource_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_dnssec_config.id #=> String
+    #   resp.resolver_dnssec_config.owner_id #=> String
+    #   resp.resolver_dnssec_config.resource_id #=> String
+    #   resp.resolver_dnssec_config.validation_status #=> String, one of "ENABLING", "ENABLED", "DISABLING", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverDnssecConfig AWS API Documentation
+    #
+    # @overload get_resolver_dnssec_config(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_dnssec_config(params = {}, options = {})
+      req = build_request(:get_resolver_dnssec_config, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a specified Resolver endpoint, such as whether
+    # it's an inbound or an outbound Resolver endpoint, and the current
+    # status of the endpoint.
+    #
+    # @option params [required, String] :resolver_endpoint_id
+    #   The ID of the Resolver endpoint that you want to get information
+    #   about.
+    #
+    # @return [Types::GetResolverEndpointResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverEndpointResponse#resolver_endpoint #resolver_endpoint} => Types::ResolverEndpoint
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_endpoint({
+    #     resolver_endpoint_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_endpoint.id #=> String
+    #   resp.resolver_endpoint.creator_request_id #=> String
+    #   resp.resolver_endpoint.arn #=> String
+    #   resp.resolver_endpoint.name #=> String
+    #   resp.resolver_endpoint.security_group_ids #=> Array
+    #   resp.resolver_endpoint.security_group_ids[0] #=> String
+    #   resp.resolver_endpoint.direction #=> String, one of "INBOUND", "OUTBOUND"
+    #   resp.resolver_endpoint.ip_address_count #=> Integer
+    #   resp.resolver_endpoint.host_vpc_id #=> String
+    #   resp.resolver_endpoint.status #=> String, one of "CREATING", "OPERATIONAL", "UPDATING", "AUTO_RECOVERING", "ACTION_NEEDED", "DELETING"
+    #   resp.resolver_endpoint.status_message #=> String
+    #   resp.resolver_endpoint.creation_time #=> String
+    #   resp.resolver_endpoint.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverEndpoint AWS API Documentation
+    #
+    # @overload get_resolver_endpoint(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_endpoint(params = {}, options = {})
+      req = build_request(:get_resolver_endpoint, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a specified Resolver query logging
+    # configuration, such as the number of VPCs that the configuration is
+    # logging queries for and the location that logs are sent to.
+    #
+    # @option params [required, String] :resolver_query_log_config_id
+    #   The ID of the Resolver query logging configuration that you want to
+    #   get information about.
+    #
+    # @return [Types::GetResolverQueryLogConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverQueryLogConfigResponse#resolver_query_log_config #resolver_query_log_config} => Types::ResolverQueryLogConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_query_log_config({
     #     resolver_query_log_config_id: "ResourceId", # required
     #   })
     #
@@ -1261,168 +1936,643 @@ module Aws::Route53Resolver
     #
     # @example Response structure
     #
-    #   resp.resolver_query_log_config_association.id #=> String
-    #   resp.resolver_query_log_config_association.resolver_query_log_config_id #=> String
-    #   resp.resolver_query_log_config_association.resource_id #=> String
-    #   resp.resolver_query_log_config_association.status #=> String, one of "CREATING", "ACTIVE", "ACTION_NEEDED", "DELETING", "FAILED"
-    #   resp.resolver_query_log_config_association.error #=> String, one of "NONE", "DESTINATION_NOT_FOUND", "ACCESS_DENIED", "INTERNAL_SERVICE_ERROR"
-    #   resp.resolver_query_log_config_association.error_message #=> String
-    #   resp.resolver_query_log_config_association.creation_time #=> String
+    #   resp.resolver_query_log_config_association.id #=> String
+    #   resp.resolver_query_log_config_association.resolver_query_log_config_id #=> String
+    #   resp.resolver_query_log_config_association.resource_id #=> String
+    #   resp.resolver_query_log_config_association.status #=> String, one of "CREATING", "ACTIVE", "ACTION_NEEDED", "DELETING", "FAILED"
+    #   resp.resolver_query_log_config_association.error #=> String, one of "NONE", "DESTINATION_NOT_FOUND", "ACCESS_DENIED", "INTERNAL_SERVICE_ERROR"
+    #   resp.resolver_query_log_config_association.error_message #=> String
+    #   resp.resolver_query_log_config_association.creation_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfigAssociation AWS API Documentation
+    #
+    # @overload get_resolver_query_log_config_association(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_query_log_config_association(params = {}, options = {})
+      req = build_request(:get_resolver_query_log_config_association, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a query logging policy. A query logging policy
+    # specifies the Resolver query logging operations and resources that you
+    # want to allow another AWS account to be able to use.
+    #
+    # @option params [required, String] :arn
+    #   The ARN of the query logging configuration that you want to get the
+    #   query logging policy for.
+    #
+    # @return [Types::GetResolverQueryLogConfigPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverQueryLogConfigPolicyResponse#resolver_query_log_config_policy #resolver_query_log_config_policy} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_query_log_config_policy({
+    #     arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_query_log_config_policy #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfigPolicy AWS API Documentation
+    #
+    # @overload get_resolver_query_log_config_policy(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_query_log_config_policy(params = {}, options = {})
+      req = build_request(:get_resolver_query_log_config_policy, params)
+      req.send_request(options)
+    end
+
+    # Gets information about a specified Resolver rule, such as the domain
+    # name that the rule forwards DNS queries for and the ID of the outbound
+    # Resolver endpoint that the rule is associated with.
+    #
+    # @option params [required, String] :resolver_rule_id
+    #   The ID of the Resolver rule that you want to get information about.
+    #
+    # @return [Types::GetResolverRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverRuleResponse#resolver_rule #resolver_rule} => Types::ResolverRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_rule({
+    #     resolver_rule_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_rule.id #=> String
+    #   resp.resolver_rule.creator_request_id #=> String
+    #   resp.resolver_rule.arn #=> String
+    #   resp.resolver_rule.domain_name #=> String
+    #   resp.resolver_rule.status #=> String, one of "COMPLETE", "DELETING", "UPDATING", "FAILED"
+    #   resp.resolver_rule.status_message #=> String
+    #   resp.resolver_rule.rule_type #=> String, one of "FORWARD", "SYSTEM", "RECURSIVE"
+    #   resp.resolver_rule.name #=> String
+    #   resp.resolver_rule.target_ips #=> Array
+    #   resp.resolver_rule.target_ips[0].ip #=> String
+    #   resp.resolver_rule.target_ips[0].port #=> Integer
+    #   resp.resolver_rule.resolver_endpoint_id #=> String
+    #   resp.resolver_rule.owner_id #=> String
+    #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
+    #   resp.resolver_rule.creation_time #=> String
+    #   resp.resolver_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRule AWS API Documentation
+    #
+    # @overload get_resolver_rule(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_rule(params = {}, options = {})
+      req = build_request(:get_resolver_rule, params)
+      req.send_request(options)
+    end
+
+    # Gets information about an association between a specified Resolver
+    # rule and a VPC. You associate a Resolver rule and a VPC using
+    # [AssociateResolverRule][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html
+    #
+    # @option params [required, String] :resolver_rule_association_id
+    #   The ID of the Resolver rule association that you want to get
+    #   information about.
+    #
+    # @return [Types::GetResolverRuleAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverRuleAssociationResponse#resolver_rule_association #resolver_rule_association} => Types::ResolverRuleAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_rule_association({
+    #     resolver_rule_association_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_rule_association.id #=> String
+    #   resp.resolver_rule_association.resolver_rule_id #=> String
+    #   resp.resolver_rule_association.name #=> String
+    #   resp.resolver_rule_association.vpc_id #=> String
+    #   resp.resolver_rule_association.status #=> String, one of "CREATING", "COMPLETE", "DELETING", "FAILED", "OVERRIDDEN"
+    #   resp.resolver_rule_association.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRuleAssociation AWS API Documentation
+    #
+    # @overload get_resolver_rule_association(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_rule_association(params = {}, options = {})
+      req = build_request(:get_resolver_rule_association, params)
+      req.send_request(options)
+    end
+
+    # Gets information about the Resolver rule policy for a specified rule.
+    # A Resolver rule policy includes the rule that you want to share with
+    # another account, the account that you want to share the rule with, and
+    # the Resolver operations that you want to allow the account to use.
+    #
+    # @option params [required, String] :arn
+    #   The ID of the Resolver rule that you want to get the Resolver rule
+    #   policy for.
+    #
+    # @return [Types::GetResolverRulePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetResolverRulePolicyResponse#resolver_rule_policy #resolver_rule_policy} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_resolver_rule_policy({
+    #     arn: "Arn", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.resolver_rule_policy #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRulePolicy AWS API Documentation
+    #
+    # @overload get_resolver_rule_policy(params = {})
+    # @param [Hash] params ({})
+    def get_resolver_rule_policy(params = {}, options = {})
+      req = build_request(:get_resolver_rule_policy, params)
+      req.send_request(options)
+    end
+
+    # Imports domain names from a file into a domain list, for use in a DNS
+    # firewall rule group.
+    #
+    # Each domain specification in your domain list must satisfy the
+    # following requirements:
+    #
+    # * It can optionally start with `*` (asterisk).
+    #
+    # * With the exception of the optional starting asterisk, it must only
+    #   contain the following characters: `A-Z`, `a-z`, `0-9`, `-` (hyphen).
+    #
+    # * It must be from 1-255 characters in length.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list that you want to modify with the import
+    #   operation.
+    #
+    # @option params [required, String] :operation
+    #   What you want DNS Firewall to do with the domains that are listed in
+    #   the file. This must be set to `REPLACE`, which updates the domain list
+    #   to exactly match the list in the file.
+    #
+    # @option params [required, String] :domain_file_url
+    #   The fully qualified URL or URI of the file stored in Amazon Simple
+    #   Storage Service (S3) that contains the list of domains to import.
+    #
+    #   The file must be in an S3 bucket that's in the same Region as your
+    #   DNS Firewall. The file must be a text file and must contain a single
+    #   domain per line.
+    #
+    # @return [Types::ImportFirewallDomainsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ImportFirewallDomainsResponse#id #id} => String
+    #   * {Types::ImportFirewallDomainsResponse#name #name} => String
+    #   * {Types::ImportFirewallDomainsResponse#status #status} => String
+    #   * {Types::ImportFirewallDomainsResponse#status_message #status_message} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.import_firewall_domains({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     operation: "REPLACE", # required, accepts REPLACE
+    #     domain_file_url: "DomainListFileUrl", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.id #=> String
+    #   resp.name #=> String
+    #   resp.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ImportFirewallDomains AWS API Documentation
+    #
+    # @overload import_firewall_domains(params = {})
+    # @param [Hash] params ({})
+    def import_firewall_domains(params = {}, options = {})
+      req = build_request(:import_firewall_domains, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the firewall configurations that you have defined. DNS
+    # Firewall uses the configurations to manage firewall behavior for your
+    # VPCs.
+    #
+    # A single call might return only a partial list of the configurations.
+    # For information, see `MaxResults`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallConfigsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallConfigsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallConfigsResponse#firewall_configs #firewall_configs} => Array&lt;Types::FirewallConfig&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_firewall_configs({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.firewall_configs #=> Array
+    #   resp.firewall_configs[0].id #=> String
+    #   resp.firewall_configs[0].resource_id #=> String
+    #   resp.firewall_configs[0].owner_id #=> String
+    #   resp.firewall_configs[0].firewall_fail_open #=> String, one of "ENABLED", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallConfigs AWS API Documentation
+    #
+    # @overload list_firewall_configs(params = {})
+    # @param [Hash] params ({})
+    def list_firewall_configs(params = {}, options = {})
+      req = build_request(:list_firewall_configs, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the firewall domain lists that you have defined. For each
+    # firewall domain list, you can retrieve the domains that are defined
+    # for a list by calling ListFirewallDomains.
+    #
+    # A single call to this list operation might return only a partial list
+    # of the domain lists. For information, see `MaxResults`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallDomainListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallDomainListsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallDomainListsResponse#firewall_domain_lists #firewall_domain_lists} => Array&lt;Types::FirewallDomainListMetadata&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_firewall_domain_lists({
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.firewall_domain_lists #=> Array
+    #   resp.firewall_domain_lists[0].id #=> String
+    #   resp.firewall_domain_lists[0].arn #=> String
+    #   resp.firewall_domain_lists[0].name #=> String
+    #   resp.firewall_domain_lists[0].creator_request_id #=> String
+    #   resp.firewall_domain_lists[0].managed_owner_name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallDomainLists AWS API Documentation
+    #
+    # @overload list_firewall_domain_lists(params = {})
+    # @param [Hash] params ({})
+    def list_firewall_domain_lists(params = {}, options = {})
+      req = build_request(:list_firewall_domain_lists, params)
+      req.send_request(options)
+    end
+
+    # Retrieves the domains that you have defined for the specified firewall
+    # domain list.
+    #
+    # A single call might return only a partial list of the domains. For
+    # information, see `MaxResults`.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list whose domains you want to retrieve.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallDomainsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallDomainsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallDomainsResponse#domains #domains} => Array&lt;String&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_firewall_domains({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     max_results: 1,
+    #     next_token: "NextToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_token #=> String
+    #   resp.domains #=> Array
+    #   resp.domains[0] #=> String
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfigAssociation AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallDomains AWS API Documentation
     #
-    # @overload get_resolver_query_log_config_association(params = {})
+    # @overload list_firewall_domains(params = {})
     # @param [Hash] params ({})
-    def get_resolver_query_log_config_association(params = {}, options = {})
-      req = build_request(:get_resolver_query_log_config_association, params)
+    def list_firewall_domains(params = {}, options = {})
+      req = build_request(:list_firewall_domains, params)
       req.send_request(options)
     end
 
-    # Gets information about a query logging policy. A query logging policy
-    # specifies the Resolver query logging operations and resources that you
-    # want to allow another AWS account to be able to use.
+    # Retrieves the firewall rule group associations that you have defined.
+    # Each association enables DNS filtering for a VPC with one rule group.
     #
-    # @option params [required, String] :arn
-    #   The ARN of the query logging configuration that you want to get the
-    #   query logging policy for.
+    # A single call might return only a partial list of the associations.
+    # For information, see `MaxResults`.
     #
-    # @return [Types::GetResolverQueryLogConfigPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   retrieve the associations for. Leave this blank to retrieve
+    #   associations for any rule group.
     #
-    #   * {Types::GetResolverQueryLogConfigPolicyResponse#resolver_query_log_config_policy #resolver_query_log_config_policy} => String
+    # @option params [String] :vpc_id
+    #   The unique identifier of the VPC that you want to retrieve the
+    #   associations for. Leave this blank to retrieve associations for any
+    #   VPC.
     #
-    # @example Request syntax with placeholder values
+    # @option params [Integer] :priority
+    #   The setting that determines the processing order of the rule group
+    #   among the rule groups that are associated with a single VPC. DNS
+    #   Firewall filters VPC traffic starting from rule group with the lowest
+    #   numeric priority setting.
     #
-    #   resp = client.get_resolver_query_log_config_policy({
-    #     arn: "Arn", # required
-    #   })
+    # @option params [String] :status
+    #   The association `Status` setting that you want DNS Firewall to filter
+    #   on for the list. If you don't specify this, then DNS Firewall returns
+    #   all associations, regardless of status.
     #
-    # @example Response structure
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
     #
-    #   resp.resolver_query_log_config_policy #=> String
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverQueryLogConfigPolicy AWS API Documentation
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
     #
-    # @overload get_resolver_query_log_config_policy(params = {})
-    # @param [Hash] params ({})
-    def get_resolver_query_log_config_policy(params = {}, options = {})
-      req = build_request(:get_resolver_query_log_config_policy, params)
-      req.send_request(options)
-    end
-
-    # Gets information about a specified Resolver rule, such as the domain
-    # name that the rule forwards DNS queries for and the ID of the outbound
-    # Resolver endpoint that the rule is associated with.
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
     #
-    # @option params [required, String] :resolver_rule_id
-    #   The ID of the Resolver rule that you want to get information about.
+    # @return [Types::ListFirewallRuleGroupAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
-    # @return [Types::GetResolverRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #   * {Types::ListFirewallRuleGroupAssociationsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallRuleGroupAssociationsResponse#firewall_rule_group_associations #firewall_rule_group_associations} => Array&lt;Types::FirewallRuleGroupAssociation&gt;
     #
-    #   * {Types::GetResolverRuleResponse#resolver_rule #resolver_rule} => Types::ResolverRule
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_rule({
-    #     resolver_rule_id: "ResourceId", # required
+    #   resp = client.list_firewall_rule_group_associations({
+    #     firewall_rule_group_id: "ResourceId",
+    #     vpc_id: "ResourceId",
+    #     priority: 1,
+    #     status: "COMPLETE", # accepts COMPLETE, DELETING, UPDATING
+    #     max_results: 1,
+    #     next_token: "NextToken",
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_rule.id #=> String
-    #   resp.resolver_rule.creator_request_id #=> String
-    #   resp.resolver_rule.arn #=> String
-    #   resp.resolver_rule.domain_name #=> String
-    #   resp.resolver_rule.status #=> String, one of "COMPLETE", "DELETING", "UPDATING", "FAILED"
-    #   resp.resolver_rule.status_message #=> String
-    #   resp.resolver_rule.rule_type #=> String, one of "FORWARD", "SYSTEM", "RECURSIVE"
-    #   resp.resolver_rule.name #=> String
-    #   resp.resolver_rule.target_ips #=> Array
-    #   resp.resolver_rule.target_ips[0].ip #=> String
-    #   resp.resolver_rule.target_ips[0].port #=> Integer
-    #   resp.resolver_rule.resolver_endpoint_id #=> String
-    #   resp.resolver_rule.owner_id #=> String
-    #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
-    #   resp.resolver_rule.creation_time #=> String
-    #   resp.resolver_rule.modification_time #=> String
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRule AWS API Documentation
-    #
-    # @overload get_resolver_rule(params = {})
+    #   resp.next_token #=> String
+    #   resp.firewall_rule_group_associations #=> Array
+    #   resp.firewall_rule_group_associations[0].id #=> String
+    #   resp.firewall_rule_group_associations[0].arn #=> String
+    #   resp.firewall_rule_group_associations[0].firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_associations[0].vpc_id #=> String
+    #   resp.firewall_rule_group_associations[0].name #=> String
+    #   resp.firewall_rule_group_associations[0].priority #=> Integer
+    #   resp.firewall_rule_group_associations[0].mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_associations[0].managed_owner_name #=> String
+    #   resp.firewall_rule_group_associations[0].status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_associations[0].status_message #=> String
+    #   resp.firewall_rule_group_associations[0].creator_request_id #=> String
+    #   resp.firewall_rule_group_associations[0].creation_time #=> String
+    #   resp.firewall_rule_group_associations[0].modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRuleGroupAssociations AWS API Documentation
+    #
+    # @overload list_firewall_rule_group_associations(params = {})
     # @param [Hash] params ({})
-    def get_resolver_rule(params = {}, options = {})
-      req = build_request(:get_resolver_rule, params)
+    def list_firewall_rule_group_associations(params = {}, options = {})
+      req = build_request(:list_firewall_rule_group_associations, params)
       req.send_request(options)
     end
 
-    # Gets information about an association between a specified Resolver
-    # rule and a VPC. You associate a Resolver rule and a VPC using
-    # [AssociateResolverRule][1].
+    # Retrieves the minimal high-level information for the rule groups that
+    # you have defined.
     #
+    # A single call might return only a partial list of the rule groups. For
+    # information, see `MaxResults`.
     #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
     #
-    # [1]: https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
     #
-    # @option params [required, String] :resolver_rule_association_id
-    #   The ID of the Resolver rule association that you want to get
-    #   information about.
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
     #
-    # @return [Types::GetResolverRuleAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
     #
-    #   * {Types::GetResolverRuleAssociationResponse#resolver_rule_association #resolver_rule_association} => Types::ResolverRuleAssociation
+    # @return [Types::ListFirewallRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallRuleGroupsResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallRuleGroupsResponse#firewall_rule_groups #firewall_rule_groups} => Array&lt;Types::FirewallRuleGroupMetadata&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_rule_association({
-    #     resolver_rule_association_id: "ResourceId", # required
+    #   resp = client.list_firewall_rule_groups({
+    #     max_results: 1,
+    #     next_token: "NextToken",
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_rule_association.id #=> String
-    #   resp.resolver_rule_association.resolver_rule_id #=> String
-    #   resp.resolver_rule_association.name #=> String
-    #   resp.resolver_rule_association.vpc_id #=> String
-    #   resp.resolver_rule_association.status #=> String, one of "CREATING", "COMPLETE", "DELETING", "FAILED", "OVERRIDDEN"
-    #   resp.resolver_rule_association.status_message #=> String
+    #   resp.next_token #=> String
+    #   resp.firewall_rule_groups #=> Array
+    #   resp.firewall_rule_groups[0].id #=> String
+    #   resp.firewall_rule_groups[0].arn #=> String
+    #   resp.firewall_rule_groups[0].name #=> String
+    #   resp.firewall_rule_groups[0].owner_id #=> String
+    #   resp.firewall_rule_groups[0].creator_request_id #=> String
+    #   resp.firewall_rule_groups[0].share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRuleAssociation AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRuleGroups AWS API Documentation
     #
-    # @overload get_resolver_rule_association(params = {})
+    # @overload list_firewall_rule_groups(params = {})
     # @param [Hash] params ({})
-    def get_resolver_rule_association(params = {}, options = {})
-      req = build_request(:get_resolver_rule_association, params)
+    def list_firewall_rule_groups(params = {}, options = {})
+      req = build_request(:list_firewall_rule_groups, params)
       req.send_request(options)
     end
 
-    # Gets information about the Resolver rule policy for a specified rule.
-    # A Resolver rule policy includes the rule that you want to share with
-    # another account, the account that you want to share the rule with, and
-    # the Resolver operations that you want to allow the account to use.
+    # Retrieves the firewall rules that you have defined for the specified
+    # firewall rule group. DNS Firewall uses the rules in a rule group to
+    # filter DNS network traffic for a VPC.
     #
-    # @option params [required, String] :arn
-    #   The ID of the Resolver rule that you want to get the Resolver rule
-    #   policy for.
+    # A single call might return only a partial list of the rules. For
+    # information, see `MaxResults`.
     #
-    # @return [Types::GetResolverRulePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group that you want to
+    #   retrieve the rules for.
     #
-    #   * {Types::GetResolverRulePolicyResponse#resolver_rule_policy #resolver_rule_policy} => String
+    # @option params [Integer] :priority
+    #   Optional additional filter for the rules to retrieve.
+    #
+    #   The setting that determines the processing order of the rules in a
+    #   rule group. DNS Firewall processes the rules in a rule group by order
+    #   of priority, starting from the lowest setting.
+    #
+    # @option params [String] :action
+    #   Optional additional filter for the rules to retrieve.
+    #
+    #   The action that DNS Firewall should take on a DNS query when it
+    #   matches one of the domains in the rule's domain list:
+    #
+    #   * `ALLOW` - Permit the request to go through.
+    #
+    #   * `ALERT` - Permit the request to go through but send an alert to the
+    #     logs.
+    #
+    #   * `BLOCK` - Disallow the request. If this is specified, additional
+    #     handling details are provided in the rule's `BlockResponse`
+    #     setting.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Resolver to return for
+    #   this request. If more objects are available, in the response, Resolver
+    #   provides a `NextToken` value that you can use in a subsequent call to
+    #   get the next batch of objects.
+    #
+    #   If you don't specify a value for `MaxResults`, Resolver returns up to
+    #   100 objects.
+    #
+    # @option params [String] :next_token
+    #   For the first call to this list request, omit this value.
+    #
+    #   When you request a list of objects, Resolver returns at most the
+    #   number of objects specified in `MaxResults`. If more objects are
+    #   available for retrieval, Resolver returns a `NextToken` value in the
+    #   response. To retrieve the next batch of objects, use the token that
+    #   was returned for the prior request in your next request.
+    #
+    # @return [Types::ListFirewallRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFirewallRulesResponse#next_token #next_token} => String
+    #   * {Types::ListFirewallRulesResponse#firewall_rules #firewall_rules} => Array&lt;Types::FirewallRule&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
     #
     # @example Request syntax with placeholder values
     #
-    #   resp = client.get_resolver_rule_policy({
-    #     arn: "Arn", # required
+    #   resp = client.list_firewall_rules({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     priority: 1,
+    #     action: "ALLOW", # accepts ALLOW, BLOCK, ALERT
+    #     max_results: 1,
+    #     next_token: "NextToken",
     #   })
     #
     # @example Response structure
     #
-    #   resp.resolver_rule_policy #=> String
-    #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverRulePolicy AWS API Documentation
-    #
-    # @overload get_resolver_rule_policy(params = {})
+    #   resp.next_token #=> String
+    #   resp.firewall_rules #=> Array
+    #   resp.firewall_rules[0].firewall_rule_group_id #=> String
+    #   resp.firewall_rules[0].firewall_domain_list_id #=> String
+    #   resp.firewall_rules[0].name #=> String
+    #   resp.firewall_rules[0].priority #=> Integer
+    #   resp.firewall_rules[0].action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rules[0].block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rules[0].block_override_domain #=> String
+    #   resp.firewall_rules[0].block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rules[0].block_override_ttl #=> Integer
+    #   resp.firewall_rules[0].creator_request_id #=> String
+    #   resp.firewall_rules[0].creation_time #=> String
+    #   resp.firewall_rules[0].modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRules AWS API Documentation
+    #
+    # @overload list_firewall_rules(params = {})
     # @param [Hash] params ({})
-    def get_resolver_rule_policy(params = {}, options = {})
-      req = build_request(:get_resolver_rule_policy, params)
+    def list_firewall_rules(params = {}, options = {})
+      req = build_request(:list_firewall_rules, params)
       req.send_request(options)
     end
 
@@ -2106,6 +3256,42 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Attaches an AWS Identity and Access Management (AWS IAM) policy for
+    # sharing the rule group. You can use the policy to share the rule group
+    # using AWS Resource Access Manager (RAM).
+    #
+    # @option params [required, String] :arn
+    #   The ARN (Amazon Resource Name) for the rule group that you want to
+    #   share.
+    #
+    # @option params [required, String] :firewall_rule_group_policy
+    #   The AWS Identity and Access Management (AWS IAM) policy to attach to
+    #   the rule group.
+    #
+    # @return [Types::PutFirewallRuleGroupPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutFirewallRuleGroupPolicyResponse#return_value #return_value} => Boolean
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_firewall_rule_group_policy({
+    #     arn: "Arn", # required
+    #     firewall_rule_group_policy: "FirewallRuleGroupPolicy", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.return_value #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/PutFirewallRuleGroupPolicy AWS API Documentation
+    #
+    # @overload put_firewall_rule_group_policy(params = {})
+    # @param [Hash] params ({})
+    def put_firewall_rule_group_policy(params = {}, options = {})
+      req = build_request(:put_firewall_rule_group_policy, params)
+      req.send_request(options)
+    end
+
     # Specifies an AWS account that you want to share a query logging
     # configuration with, the query logging configuration that you want to
     # share, and the operations that you want the account to be able to
@@ -2314,6 +3500,286 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
+    # Updates the configuration of the firewall behavior provided by DNS
+    # Firewall for a single Amazon virtual private cloud (VPC).
+    #
+    # @option params [required, String] :resource_id
+    #   The ID of the Amazon virtual private cloud (VPC) that the
+    #   configuration is for.
+    #
+    # @option params [required, String] :firewall_fail_open
+    #   Determines how Route 53 Resolver handles queries during failures, for
+    #   example when all traffic that is sent to DNS Firewall fails to receive
+    #   a reply.
+    #
+    #   * By default, fail open is disabled, which means the failure mode is
+    #     closed. This approach favors security over availability. DNS
+    #     Firewall blocks queries that it is unable to evaluate properly.
+    #
+    #   * If you enable this option, the failure mode is open. This approach
+    #     favors availability over security. DNS Firewall allows queries to
+    #     proceed if it is unable to properly evaluate them.
+    #
+    #   This behavior is only enforced for VPCs that have at least one DNS
+    #   Firewall rule group association.
+    #
+    # @return [Types::UpdateFirewallConfigResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallConfigResponse#firewall_config #firewall_config} => Types::FirewallConfig
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_config({
+    #     resource_id: "ResourceId", # required
+    #     firewall_fail_open: "ENABLED", # required, accepts ENABLED, DISABLED
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_config.id #=> String
+    #   resp.firewall_config.resource_id #=> String
+    #   resp.firewall_config.owner_id #=> String
+    #   resp.firewall_config.firewall_fail_open #=> String, one of "ENABLED", "DISABLED"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallConfig AWS API Documentation
+    #
+    # @overload update_firewall_config(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_config(params = {}, options = {})
+      req = build_request(:update_firewall_config, params)
+      req.send_request(options)
+    end
+
+    # Updates the firewall domain list from an array of domain
+    # specifications.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list whose domains you want to update.
+    #
+    # @option params [required, String] :operation
+    #   What you want DNS Firewall to do with the domains that you are
+    #   providing:
+    #
+    #   * `ADD` - Add the domains to the ones that are already in the domain
+    #     list.
+    #
+    #   * `REMOVE` - Search the domain list for the domains and remove them
+    #     from the list.
+    #
+    #   * `REPLACE` - Update the domain list to exactly match the list that
+    #     you are providing.
+    #
+    # @option params [required, Array<String>] :domains
+    #   A list of domains to use in the update operation.
+    #
+    #   Each domain specification in your domain list must satisfy the
+    #   following requirements:
+    #
+    #   * It can optionally start with `*` (asterisk).
+    #
+    #   * With the exception of the optional starting asterisk, it must only
+    #     contain the following characters: `A-Z`, `a-z`, `0-9`, `-` (hyphen).
+    #
+    #   * It must be from 1-255 characters in length.
+    #
+    # @return [Types::UpdateFirewallDomainsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallDomainsResponse#id #id} => String
+    #   * {Types::UpdateFirewallDomainsResponse#name #name} => String
+    #   * {Types::UpdateFirewallDomainsResponse#status #status} => String
+    #   * {Types::UpdateFirewallDomainsResponse#status_message #status_message} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_domains({
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     operation: "ADD", # required, accepts ADD, REMOVE, REPLACE
+    #     domains: ["FirewallDomainName"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.id #=> String
+    #   resp.name #=> String
+    #   resp.status #=> String, one of "COMPLETE", "COMPLETE_IMPORT_FAILED", "IMPORTING", "DELETING", "UPDATING"
+    #   resp.status_message #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallDomains AWS API Documentation
+    #
+    # @overload update_firewall_domains(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_domains(params = {}, options = {})
+      req = build_request(:update_firewall_domains, params)
+      req.send_request(options)
+    end
+
+    # Updates the specified firewall rule.
+    #
+    # @option params [required, String] :firewall_rule_group_id
+    #   The unique identifier of the firewall rule group for the rule.
+    #
+    # @option params [required, String] :firewall_domain_list_id
+    #   The ID of the domain list to use in the rule.
+    #
+    # @option params [Integer] :priority
+    #   The setting that determines the processing order of the rule in the
+    #   rule group. DNS Firewall processes the rules in a rule group by order
+    #   of priority, starting from the lowest setting.
+    #
+    #   You must specify a unique priority for each rule in a rule group. To
+    #   make it easier to insert rules later, leave space between the numbers,
+    #   for example, use 100, 200, and so on. You can change the priority
+    #   setting for the rules in a rule group at any time.
+    #
+    # @option params [String] :action
+    #   The action that DNS Firewall should take on a DNS query when it
+    #   matches one of the domains in the rule's domain list:
+    #
+    #   * `ALLOW` - Permit the request to go through.
+    #
+    #   * `ALERT` - Permit the request to go through but send an alert to the
+    #     logs.
+    #
+    #   * `BLOCK` - Disallow the request. This option requires additional
+    #     details in the rule's `BlockResponse`.
+    #
+    # @option params [String] :block_response
+    #   The way that you want DNS Firewall to block the request. Used for the
+    #   rule action setting `BLOCK`.
+    #
+    #   * `NODATA` - Respond indicating that the query was successful, but no
+    #     response is available for it.
+    #
+    #   * `NXDOMAIN` - Respond indicating that the domain name that's in the
+    #     query doesn't exist.
+    #
+    #   * `OVERRIDE` - Provide a custom override in the response. This option
+    #     requires custom handling details in the rule's `BlockOverride*`
+    #     settings.
+    #
+    # @option params [String] :block_override_domain
+    #   The custom DNS record to send back in response to the query. Used for
+    #   the rule action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    # @option params [String] :block_override_dns_type
+    #   The DNS record's type. This determines the format of the record value
+    #   that you provided in `BlockOverrideDomain`. Used for the rule action
+    #   `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    # @option params [Integer] :block_override_ttl
+    #   The recommended amount of time, in seconds, for the DNS resolver or
+    #   web browser to cache the provided override record. Used for the rule
+    #   action `BLOCK` with a `BlockResponse` setting of `OVERRIDE`.
+    #
+    # @option params [String] :name
+    #   The name of the rule.
+    #
+    # @return [Types::UpdateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_rule({
+    #     firewall_rule_group_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId", # required
+    #     priority: 1,
+    #     action: "ALLOW", # accepts ALLOW, BLOCK, ALERT
+    #     block_response: "NODATA", # accepts NODATA, NXDOMAIN, OVERRIDE
+    #     block_override_domain: "BlockOverrideDomain",
+    #     block_override_dns_type: "CNAME", # accepts CNAME
+    #     block_override_ttl: 1,
+    #     name: "Name",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule.firewall_rule_group_id #=> String
+    #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.name #=> String
+    #   resp.firewall_rule.priority #=> Integer
+    #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
+    #   resp.firewall_rule.block_response #=> String, one of "NODATA", "NXDOMAIN", "OVERRIDE"
+    #   resp.firewall_rule.block_override_domain #=> String
+    #   resp.firewall_rule.block_override_dns_type #=> String, one of "CNAME"
+    #   resp.firewall_rule.block_override_ttl #=> Integer
+    #   resp.firewall_rule.creator_request_id #=> String
+    #   resp.firewall_rule.creation_time #=> String
+    #   resp.firewall_rule.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRule AWS API Documentation
+    #
+    # @overload update_firewall_rule(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_rule(params = {}, options = {})
+      req = build_request(:update_firewall_rule, params)
+      req.send_request(options)
+    end
+
+    # Changes the association of a FirewallRuleGroup with a VPC. The
+    # association enables DNS filtering for the VPC.
+    #
+    # @option params [required, String] :firewall_rule_group_association_id
+    #   The identifier of the FirewallRuleGroupAssociation.
+    #
+    # @option params [Integer] :priority
+    #   The setting that determines the processing order of the rule group
+    #   among the rule groups that you associate with the specified VPC. DNS
+    #   Firewall filters VPC traffic starting from rule group with the lowest
+    #   numeric priority setting.
+    #
+    #   You must specify a unique priority for each rule group that you
+    #   associate with a single VPC. To make it easier to insert rule groups
+    #   later, leave space between the numbers, for example, use 100, 200, and
+    #   so on. You can change the priority setting for a rule group
+    #   association after you create it.
+    #
+    # @option params [String] :mutation_protection
+    #   If enabled, this setting disallows modification or removal of the
+    #   association, to help prevent against accidentally altering DNS
+    #   firewall protections.
+    #
+    # @option params [String] :name
+    #   The name of the rule group association.
+    #
+    # @return [Types::UpdateFirewallRuleGroupAssociationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallRuleGroupAssociationResponse#firewall_rule_group_association #firewall_rule_group_association} => Types::FirewallRuleGroupAssociation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_rule_group_association({
+    #     firewall_rule_group_association_id: "ResourceId", # required
+    #     priority: 1,
+    #     mutation_protection: "ENABLED", # accepts ENABLED, DISABLED
+    #     name: "Name",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_rule_group_association.id #=> String
+    #   resp.firewall_rule_group_association.arn #=> String
+    #   resp.firewall_rule_group_association.firewall_rule_group_id #=> String
+    #   resp.firewall_rule_group_association.vpc_id #=> String
+    #   resp.firewall_rule_group_association.name #=> String
+    #   resp.firewall_rule_group_association.priority #=> Integer
+    #   resp.firewall_rule_group_association.mutation_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.firewall_rule_group_association.managed_owner_name #=> String
+    #   resp.firewall_rule_group_association.status #=> String, one of "COMPLETE", "DELETING", "UPDATING"
+    #   resp.firewall_rule_group_association.status_message #=> String
+    #   resp.firewall_rule_group_association.creator_request_id #=> String
+    #   resp.firewall_rule_group_association.creation_time #=> String
+    #   resp.firewall_rule_group_association.modification_time #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRuleGroupAssociation AWS API Documentation
+    #
+    # @overload update_firewall_rule_group_association(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_rule_group_association(params = {}, options = {})
+      req = build_request(:update_firewall_rule_group_association, params)
+      req.send_request(options)
+    end
+
     # Updates an existing DNSSEC validation configuration. If there is no
     # existing DNSSEC validation configuration, one is created.
     #
@@ -2468,7 +3934,7 @@ module Aws::Route53Resolver
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-route53resolver'
-      context[:gem_version] = '1.24.0'
+      context[:gem_version] = '1.25.0'
       Seahorse::Client::Request.new(handlers, context)
     end