aws-sdk-route53resolver 1.51.0 → 1.53.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ece1bf22dbf2ff44e3cb35a57ee43915d5d35066af0bb6ad6d54aad00d4b9d0d
-  data.tar.gz: 6f98f7dfe1be79dca9502aaed229c5fee5f2df5a858a7b09c3fee3d5d7b84444
+  metadata.gz: cf762094376862d0110b6d0e144ecd17bb8a33d07b88cbcd09c5c3a84f1c11c8
+  data.tar.gz: 02c2c7071bcaf87a9511f4c3605a89a8bd9b3a454956afff34151890026e0514
 SHA512:
-  metadata.gz: 92100a5a81a289577be65ace5a312d37d0c8b07367382aecb0345339568ad685a570c5f3fa6cc69460bb404c08607f0f6f3f6dd737d13af3e8522ad7b5f3dcde
-  data.tar.gz: aa7384ec4fd5fdc7258d1b051cb39727c10ef3f378deb3bd1fc0338c80f1295d254ecac6c60d3f94d207bc20e90dd075e624b851bad071f2a928ce905bb15e7a
+  metadata.gz: 4b6ff0d4b01e1a703751df44c6af54b74a37d539288ce6143713c9482b2ec3864adf462b551bec82884a9c7dcde8281a0f827efbf148eda6fa19942939802899
+  data.tar.gz: 63478269e52962ee11d1b08330dbae840590b90c6f1343b1d54360b1310b03d63f29c9b63e2890f74678777c5f465afba23ba73f35947670c0be661d21381a3e

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.53.0 (2024-01-08)
+------------------
+
+* Feature - This release adds support for query type configuration on firewall rules that enables customers for granular action (ALLOW, ALERT, BLOCK) by DNS query type.
+
+1.52.0 (2023-12-18)
+------------------
+
+* Feature - Add DOH protocols in resolver endpoints.
+
 1.51.0 (2023-11-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.51.0
+1.53.0

data/lib/aws-sdk-route53resolver/client.rb

@@ -541,9 +541,11 @@ module Aws::Route53Resolver
     #   resp.resolver_endpoint.status_message #=> String
     #   resp.resolver_endpoint.creation_time #=> String
     #   resp.resolver_endpoint.modification_time #=> String
-    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
     #   resp.resolver_endpoint.outpost_arn #=> String
     #   resp.resolver_endpoint.preferred_instance_type #=> String
+    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
+    #   resp.resolver_endpoint.protocols #=> Array
+    #   resp.resolver_endpoint.protocols[0] #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/AssociateResolverEndpointIpAddress AWS API Documentation
     #
@@ -811,6 +813,37 @@ module Aws::Route53Resolver
     # @option params [required, String] :name
     #   A name that lets you identify the rule in the rule group.
     #
+    # @option params [String] :qtype
+    #   The DNS query type you want the rule to evaluate. Allowed values are;
+    #
+    #   * A: Returns an IPv4 address.
+    #
+    #   * AAAA: Returns an Ipv6 address.
+    #
+    #   * CAA: Restricts CAs that can create SSL/TLS certifications for the
+    #     domain.
+    #
+    #   * CNAME: Returns another domain name.
+    #
+    #   * DS: Record that identifies the DNSSEC signing key of a delegated
+    #     zone.
+    #
+    #   * MX: Specifies mail servers.
+    #
+    #   * NAPTR: Regular-expression-based rewriting of domain names.
+    #
+    #   * NS: Authoritative name servers.
+    #
+    #   * PTR: Maps an IP address to a domain name.
+    #
+    #   * SOA: Start of authority record for the zone.
+    #
+    #   * SPF: Lists the servers authorized to send emails from a domain.
+    #
+    #   * SRV: Application specific values that identify servers.
+    #
+    #   * TXT: Verifies email senders and application-specific values.
+    #
     # @return [Types::CreateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
@@ -828,6 +861,7 @@ module Aws::Route53Resolver
     #     block_override_dns_type: "CNAME", # accepts CNAME
     #     block_override_ttl: 1,
     #     name: "Name", # required
+    #     qtype: "Qtype",
     #   })
     #
     # @example Response structure
@@ -844,6 +878,7 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.creator_request_id #=> String
     #   resp.firewall_rule.creation_time #=> String
     #   resp.firewall_rule.modification_time #=> String
+    #   resp.firewall_rule.qtype #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRule AWS API Documentation
     #
@@ -913,7 +948,7 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Creates an Route 53 Resolver on an Outpost.
+    # Creates a Route 53 Resolver on an Outpost.
     #
     # @option params [required, String] :creator_request_id
     #   A unique string that identifies the request and that allows failed
@@ -1027,6 +1062,19 @@ module Aws::Route53Resolver
     #   from (for outbound endpoints) or that you forward DNS queries to (for
     #   inbound endpoints). The subnet ID uniquely identifies a VPC.
     #
+    #   <note markdown="1"> Even though the minimum is 1, Route 53 requires that you create at
+    #   least two.
+    #
+    #    </note>
+    #
+    # @option params [String] :outpost_arn
+    #   The Amazon Resource Name (ARN) of the Outpost. If you specify this,
+    #   you must also specify a value for the `PreferredInstanceType`.
+    #
+    # @option params [String] :preferred_instance_type
+    #   The instance type. If you specify this, you must also specify a value
+    #   for the `OutpostArn`.
+    #
     # @option params [Array<Types::Tag>] :tags
     #   A list of the tag keys and values that you want to associate with the
     #   endpoint.
@@ -1036,13 +1084,33 @@ module Aws::Route53Resolver
     #   A dual-stack endpoint means that it will resolve via both IPv4 and
     #   IPv6. This endpoint type is applied to all IP addresses.
     #
-    # @option params [String] :outpost_arn
-    #   The Amazon Resource Name (ARN) of the Outpost. If you specify this,
-    #   you must also specify a value for the `PreferredInstanceType`.
+    # @option params [Array<String>] :protocols
+    #   The protocols you want to use for the endpoint. DoH-FIPS is applicable
+    #   for inbound endpoints only.
     #
-    # @option params [String] :preferred_instance_type
-    #   The instance type. If you specify this, you must also specify a value
-    #   for the `OutpostArn`.
+    #   For an inbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 and DoH-FIPS in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * DoH-FIPS alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   For an outbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * None, which is treated as Do53.
     #
     # @return [Types::CreateResolverEndpointResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1062,6 +1130,8 @@ module Aws::Route53Resolver
     #         ipv_6: "Ipv6",
     #       },
     #     ],
+    #     outpost_arn: "OutpostArn",
+    #     preferred_instance_type: "OutpostInstanceType",
     #     tags: [
     #       {
     #         key: "TagKey", # required
@@ -1069,8 +1139,7 @@ module Aws::Route53Resolver
     #       },
     #     ],
     #     resolver_endpoint_type: "IPV6", # accepts IPV6, IPV4, DUALSTACK
-    #     outpost_arn: "OutpostArn",
-    #     preferred_instance_type: "OutpostInstanceType",
+    #     protocols: ["DoH"], # accepts DoH, Do53, DoH-FIPS
     #   })
     #
     # @example Response structure
@@ -1088,9 +1157,11 @@ module Aws::Route53Resolver
     #   resp.resolver_endpoint.status_message #=> String
     #   resp.resolver_endpoint.creation_time #=> String
     #   resp.resolver_endpoint.modification_time #=> String
-    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
     #   resp.resolver_endpoint.outpost_arn #=> String
     #   resp.resolver_endpoint.preferred_instance_type #=> String
+    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
+    #   resp.resolver_endpoint.protocols #=> Array
+    #   resp.resolver_endpoint.protocols[0] #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateResolverEndpoint AWS API Documentation
     #
@@ -1230,7 +1301,7 @@ module Aws::Route53Resolver
     #   Currently, only Resolver can create rules that have a value of
     #   `RECURSIVE` for `RuleType`.
     #
-    # @option params [required, String] :domain_name
+    # @option params [String] :domain_name
     #   DNS queries for this domain name are forwarded to the IP addresses
     #   that you specify in `TargetIps`. If a query matches multiple Resolver
     #   rules (example.com and www.example.com), outbound DNS queries are
@@ -1263,12 +1334,13 @@ module Aws::Route53Resolver
     #     creator_request_id: "CreatorRequestId", # required
     #     name: "Name",
     #     rule_type: "FORWARD", # required, accepts FORWARD, SYSTEM, RECURSIVE
-    #     domain_name: "DomainName", # required
+    #     domain_name: "DomainName",
     #     target_ips: [
     #       {
     #         ip: "Ip",
     #         port: 1,
     #         ipv_6: "Ipv6",
+    #         protocol: "DoH", # accepts DoH, Do53, DoH-FIPS
     #       },
     #     ],
     #     resolver_endpoint_id: "ResourceId",
@@ -1294,6 +1366,7 @@ module Aws::Route53Resolver
     #   resp.resolver_rule.target_ips[0].ip #=> String
     #   resp.resolver_rule.target_ips[0].port #=> Integer
     #   resp.resolver_rule.target_ips[0].ipv_6 #=> String
+    #   resp.resolver_rule.target_ips[0].protocol #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #   resp.resolver_rule.resolver_endpoint_id #=> String
     #   resp.resolver_rule.owner_id #=> String
     #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
@@ -1355,6 +1428,38 @@ module Aws::Route53Resolver
     # @option params [required, String] :firewall_domain_list_id
     #   The ID of the domain list that's used in the rule.
     #
+    # @option params [String] :qtype
+    #   The DNS query type that the rule you are deleting evaluates. Allowed
+    #   values are;
+    #
+    #   * A: Returns an IPv4 address.
+    #
+    #   * AAAA: Returns an Ipv6 address.
+    #
+    #   * CAA: Restricts CAs that can create SSL/TLS certifications for the
+    #     domain.
+    #
+    #   * CNAME: Returns another domain name.
+    #
+    #   * DS: Record that identifies the DNSSEC signing key of a delegated
+    #     zone.
+    #
+    #   * MX: Specifies mail servers.
+    #
+    #   * NAPTR: Regular-expression-based rewriting of domain names.
+    #
+    #   * NS: Authoritative name servers.
+    #
+    #   * PTR: Maps an IP address to a domain name.
+    #
+    #   * SOA: Start of authority record for the zone.
+    #
+    #   * SPF: Lists the servers authorized to send emails from a domain.
+    #
+    #   * SRV: Application specific values that identify servers.
+    #
+    #   * TXT: Verifies email senders and application-specific values.
+    #
     # @return [Types::DeleteFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DeleteFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
@@ -1364,6 +1469,7 @@ module Aws::Route53Resolver
     #   resp = client.delete_firewall_rule({
     #     firewall_rule_group_id: "ResourceId", # required
     #     firewall_domain_list_id: "ResourceId", # required
+    #     qtype: "Qtype",
     #   })
     #
     # @example Response structure
@@ -1380,6 +1486,7 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.creator_request_id #=> String
     #   resp.firewall_rule.creation_time #=> String
     #   resp.firewall_rule.modification_time #=> String
+    #   resp.firewall_rule.qtype #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRule AWS API Documentation
     #
@@ -1505,9 +1612,11 @@ module Aws::Route53Resolver
     #   resp.resolver_endpoint.status_message #=> String
     #   resp.resolver_endpoint.creation_time #=> String
     #   resp.resolver_endpoint.modification_time #=> String
-    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
     #   resp.resolver_endpoint.outpost_arn #=> String
     #   resp.resolver_endpoint.preferred_instance_type #=> String
+    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
+    #   resp.resolver_endpoint.protocols #=> Array
+    #   resp.resolver_endpoint.protocols[0] #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteResolverEndpoint AWS API Documentation
     #
@@ -1612,6 +1721,7 @@ module Aws::Route53Resolver
     #   resp.resolver_rule.target_ips[0].ip #=> String
     #   resp.resolver_rule.target_ips[0].port #=> Integer
     #   resp.resolver_rule.target_ips[0].ipv_6 #=> String
+    #   resp.resolver_rule.target_ips[0].protocol #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #   resp.resolver_rule.resolver_endpoint_id #=> String
     #   resp.resolver_rule.owner_id #=> String
     #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
@@ -1717,9 +1827,11 @@ module Aws::Route53Resolver
     #   resp.resolver_endpoint.status_message #=> String
     #   resp.resolver_endpoint.creation_time #=> String
     #   resp.resolver_endpoint.modification_time #=> String
-    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
     #   resp.resolver_endpoint.outpost_arn #=> String
     #   resp.resolver_endpoint.preferred_instance_type #=> String
+    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
+    #   resp.resolver_endpoint.protocols #=> Array
+    #   resp.resolver_endpoint.protocols[0] #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DisassociateResolverEndpointIpAddress AWS API Documentation
     #
@@ -2145,9 +2257,11 @@ module Aws::Route53Resolver
     #   resp.resolver_endpoint.status_message #=> String
     #   resp.resolver_endpoint.creation_time #=> String
     #   resp.resolver_endpoint.modification_time #=> String
-    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
     #   resp.resolver_endpoint.outpost_arn #=> String
     #   resp.resolver_endpoint.preferred_instance_type #=> String
+    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
+    #   resp.resolver_endpoint.protocols #=> Array
+    #   resp.resolver_endpoint.protocols[0] #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/GetResolverEndpoint AWS API Documentation
     #
@@ -2298,6 +2412,7 @@ module Aws::Route53Resolver
     #   resp.resolver_rule.target_ips[0].ip #=> String
     #   resp.resolver_rule.target_ips[0].port #=> Integer
     #   resp.resolver_rule.target_ips[0].ipv_6 #=> String
+    #   resp.resolver_rule.target_ips[0].protocol #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #   resp.resolver_rule.resolver_endpoint_id #=> String
     #   resp.resolver_rule.owner_id #=> String
     #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
@@ -2851,6 +2966,7 @@ module Aws::Route53Resolver
     #   resp.firewall_rules[0].creator_request_id #=> String
     #   resp.firewall_rules[0].creation_time #=> String
     #   resp.firewall_rules[0].modification_time #=> String
+    #   resp.firewall_rules[0].qtype #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRules AWS API Documentation
     #
@@ -3155,9 +3271,11 @@ module Aws::Route53Resolver
     #   resp.resolver_endpoints[0].status_message #=> String
     #   resp.resolver_endpoints[0].creation_time #=> String
     #   resp.resolver_endpoints[0].modification_time #=> String
-    #   resp.resolver_endpoints[0].resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
     #   resp.resolver_endpoints[0].outpost_arn #=> String
     #   resp.resolver_endpoints[0].preferred_instance_type #=> String
+    #   resp.resolver_endpoints[0].resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
+    #   resp.resolver_endpoints[0].protocols #=> Array
+    #   resp.resolver_endpoints[0].protocols[0] #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListResolverEndpoints AWS API Documentation
     #
@@ -3589,6 +3707,7 @@ module Aws::Route53Resolver
     #   resp.resolver_rules[0].target_ips[0].ip #=> String
     #   resp.resolver_rules[0].target_ips[0].port #=> Integer
     #   resp.resolver_rules[0].target_ips[0].ipv_6 #=> String
+    #   resp.resolver_rules[0].target_ips[0].protocol #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #   resp.resolver_rules[0].resolver_endpoint_id #=> String
     #   resp.resolver_rules[0].owner_id #=> String
     #   resp.resolver_rules[0].share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
@@ -4073,6 +4192,37 @@ module Aws::Route53Resolver
     # @option params [String] :name
     #   The name of the rule.
     #
+    # @option params [String] :qtype
+    #   The DNS query type you want the rule to evaluate. Allowed values are;
+    #
+    #   * A: Returns an IPv4 address.
+    #
+    #   * AAAA: Returns an Ipv6 address.
+    #
+    #   * CAA: Restricts CAs that can create SSL/TLS certifications for the
+    #     domain.
+    #
+    #   * CNAME: Returns another domain name.
+    #
+    #   * DS: Record that identifies the DNSSEC signing key of a delegated
+    #     zone.
+    #
+    #   * MX: Specifies mail servers.
+    #
+    #   * NAPTR: Regular-expression-based rewriting of domain names.
+    #
+    #   * NS: Authoritative name servers.
+    #
+    #   * PTR: Maps an IP address to a domain name.
+    #
+    #   * SOA: Start of authority record for the zone.
+    #
+    #   * SPF: Lists the servers authorized to send emails from a domain.
+    #
+    #   * SRV: Application specific values that identify servers.
+    #
+    #   * TXT: Verifies email senders and application-specific values.
+    #
     # @return [Types::UpdateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
@@ -4089,6 +4239,7 @@ module Aws::Route53Resolver
     #     block_override_dns_type: "CNAME", # accepts CNAME
     #     block_override_ttl: 1,
     #     name: "Name",
+    #     qtype: "Qtype",
     #   })
     #
     # @example Response structure
@@ -4105,6 +4256,7 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.creator_request_id #=> String
     #   resp.firewall_rule.creation_time #=> String
     #   resp.firewall_rule.modification_time #=> String
+    #   resp.firewall_rule.qtype #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRule AWS API Documentation
     #
@@ -4326,7 +4478,7 @@ module Aws::Route53Resolver
       req.send_request(options)
     end
 
-    # Updates the name, or enpoint type for an inbound or an outbound
+    # Updates the name, or endpoint type for an inbound or an outbound
     # Resolver endpoint. You can only update between IPV4 and DUALSTACK,
     # IPV6 endpoint type can't be updated to other type.
     #
@@ -4347,6 +4499,42 @@ module Aws::Route53Resolver
     #   IPv4 to dual-stack. If you don't specify an IPv6 address, one will be
     #   automatically chosen from your subnet.
     #
+    # @option params [Array<String>] :protocols
+    #   The protocols you want to use for the endpoint. DoH-FIPS is applicable
+    #   for inbound endpoints only.
+    #
+    #   For an inbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 and DoH-FIPS in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * DoH-FIPS alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   For an outbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   You can't change the protocol of an inbound endpoint directly from
+    #   only Do53 to only DoH, or DoH-FIPS. This is to prevent a sudden
+    #   disruption to incoming traffic that relies on Do53. To change the
+    #   protocol from Do53 to DoH, or DoH-FIPS, you must first enable both
+    #   Do53 and DoH, or Do53 and DoH-FIPS, to make sure that all incoming
+    #   traffic has transferred to using the DoH protocol, or DoH-FIPS, and
+    #   then remove the Do53.
+    #
     # @return [Types::UpdateResolverEndpointResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateResolverEndpointResponse#resolver_endpoint #resolver_endpoint} => Types::ResolverEndpoint
@@ -4363,6 +4551,7 @@ module Aws::Route53Resolver
     #         ipv_6: "Ipv6", # required
     #       },
     #     ],
+    #     protocols: ["DoH"], # accepts DoH, Do53, DoH-FIPS
     #   })
     #
     # @example Response structure
@@ -4380,9 +4569,11 @@ module Aws::Route53Resolver
     #   resp.resolver_endpoint.status_message #=> String
     #   resp.resolver_endpoint.creation_time #=> String
     #   resp.resolver_endpoint.modification_time #=> String
-    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
     #   resp.resolver_endpoint.outpost_arn #=> String
     #   resp.resolver_endpoint.preferred_instance_type #=> String
+    #   resp.resolver_endpoint.resolver_endpoint_type #=> String, one of "IPV6", "IPV4", "DUALSTACK"
+    #   resp.resolver_endpoint.protocols #=> Array
+    #   resp.resolver_endpoint.protocols[0] #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateResolverEndpoint AWS API Documentation
     #
@@ -4418,6 +4609,7 @@ module Aws::Route53Resolver
     #           ip: "Ip",
     #           port: 1,
     #           ipv_6: "Ipv6",
+    #           protocol: "DoH", # accepts DoH, Do53, DoH-FIPS
     #         },
     #       ],
     #       resolver_endpoint_id: "ResourceId",
@@ -4438,6 +4630,7 @@ module Aws::Route53Resolver
     #   resp.resolver_rule.target_ips[0].ip #=> String
     #   resp.resolver_rule.target_ips[0].port #=> Integer
     #   resp.resolver_rule.target_ips[0].ipv_6 #=> String
+    #   resp.resolver_rule.target_ips[0].protocol #=> String, one of "DoH", "Do53", "DoH-FIPS"
     #   resp.resolver_rule.resolver_endpoint_id #=> String
     #   resp.resolver_rule.owner_id #=> String
     #   resp.resolver_rule.share_status #=> String, one of "NOT_SHARED", "SHARED_WITH_ME", "SHARED_BY_ME"
@@ -4466,7 +4659,7 @@ module Aws::Route53Resolver
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-route53resolver'
-      context[:gem_version] = '1.51.0'
+      context[:gem_version] = '1.53.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-route53resolver/client_api.rb

@@ -197,12 +197,15 @@ module Aws::Route53Resolver
     OutpostResolverStatusMessage = Shapes::StringShape.new(name: 'OutpostResolverStatusMessage')
     Port = Shapes::IntegerShape.new(name: 'Port')
     Priority = Shapes::IntegerShape.new(name: 'Priority')
+    Protocol = Shapes::StringShape.new(name: 'Protocol')
+    ProtocolList = Shapes::ListShape.new(name: 'ProtocolList')
     PutFirewallRuleGroupPolicyRequest = Shapes::StructureShape.new(name: 'PutFirewallRuleGroupPolicyRequest')
     PutFirewallRuleGroupPolicyResponse = Shapes::StructureShape.new(name: 'PutFirewallRuleGroupPolicyResponse')
     PutResolverQueryLogConfigPolicyRequest = Shapes::StructureShape.new(name: 'PutResolverQueryLogConfigPolicyRequest')
     PutResolverQueryLogConfigPolicyResponse = Shapes::StructureShape.new(name: 'PutResolverQueryLogConfigPolicyResponse')
     PutResolverRulePolicyRequest = Shapes::StructureShape.new(name: 'PutResolverRulePolicyRequest')
     PutResolverRulePolicyResponse = Shapes::StructureShape.new(name: 'PutResolverRulePolicyResponse')
+    Qtype = Shapes::StringShape.new(name: 'Qtype')
     ResolverAutodefinedReverseStatus = Shapes::StringShape.new(name: 'ResolverAutodefinedReverseStatus')
     ResolverConfig = Shapes::StructureShape.new(name: 'ResolverConfig')
     ResolverConfigList = Shapes::ListShape.new(name: 'ResolverConfigList')
@@ -351,6 +354,7 @@ module Aws::Route53Resolver
     CreateFirewallRuleRequest.add_member(:block_override_dns_type, Shapes::ShapeRef.new(shape: BlockOverrideDnsType, location_name: "BlockOverrideDnsType", metadata: {"box"=>true}))
     CreateFirewallRuleRequest.add_member(:block_override_ttl, Shapes::ShapeRef.new(shape: BlockOverrideTtl, location_name: "BlockOverrideTtl", metadata: {"box"=>true}))
     CreateFirewallRuleRequest.add_member(:name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "Name"))
+    CreateFirewallRuleRequest.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype", metadata: {"box"=>true}))
     CreateFirewallRuleRequest.struct_class = Types::CreateFirewallRuleRequest
 
     CreateFirewallRuleResponse.add_member(:firewall_rule, Shapes::ShapeRef.new(shape: FirewallRule, location_name: "FirewallRule"))
@@ -372,10 +376,11 @@ module Aws::Route53Resolver
     CreateResolverEndpointRequest.add_member(:security_group_ids, Shapes::ShapeRef.new(shape: SecurityGroupIds, required: true, location_name: "SecurityGroupIds", metadata: {"box"=>true}))
     CreateResolverEndpointRequest.add_member(:direction, Shapes::ShapeRef.new(shape: ResolverEndpointDirection, required: true, location_name: "Direction"))
     CreateResolverEndpointRequest.add_member(:ip_addresses, Shapes::ShapeRef.new(shape: IpAddressesRequest, required: true, location_name: "IpAddresses"))
-    CreateResolverEndpointRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags", metadata: {"box"=>true}))
-    CreateResolverEndpointRequest.add_member(:resolver_endpoint_type, Shapes::ShapeRef.new(shape: ResolverEndpointType, location_name: "ResolverEndpointType", metadata: {"box"=>true}))
     CreateResolverEndpointRequest.add_member(:outpost_arn, Shapes::ShapeRef.new(shape: OutpostArn, location_name: "OutpostArn", metadata: {"box"=>true}))
     CreateResolverEndpointRequest.add_member(:preferred_instance_type, Shapes::ShapeRef.new(shape: OutpostInstanceType, location_name: "PreferredInstanceType", metadata: {"box"=>true}))
+    CreateResolverEndpointRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags", metadata: {"box"=>true}))
+    CreateResolverEndpointRequest.add_member(:resolver_endpoint_type, Shapes::ShapeRef.new(shape: ResolverEndpointType, location_name: "ResolverEndpointType", metadata: {"box"=>true}))
+    CreateResolverEndpointRequest.add_member(:protocols, Shapes::ShapeRef.new(shape: ProtocolList, location_name: "Protocols", metadata: {"box"=>true}))
     CreateResolverEndpointRequest.struct_class = Types::CreateResolverEndpointRequest
 
     CreateResolverEndpointResponse.add_member(:resolver_endpoint, Shapes::ShapeRef.new(shape: ResolverEndpoint, location_name: "ResolverEndpoint"))
@@ -393,7 +398,7 @@ module Aws::Route53Resolver
     CreateResolverRuleRequest.add_member(:creator_request_id, Shapes::ShapeRef.new(shape: CreatorRequestId, required: true, location_name: "CreatorRequestId"))
     CreateResolverRuleRequest.add_member(:name, Shapes::ShapeRef.new(shape: Name, location_name: "Name"))
     CreateResolverRuleRequest.add_member(:rule_type, Shapes::ShapeRef.new(shape: RuleTypeOption, required: true, location_name: "RuleType"))
-    CreateResolverRuleRequest.add_member(:domain_name, Shapes::ShapeRef.new(shape: DomainName, required: true, location_name: "DomainName"))
+    CreateResolverRuleRequest.add_member(:domain_name, Shapes::ShapeRef.new(shape: DomainName, location_name: "DomainName", metadata: {"box"=>true}))
     CreateResolverRuleRequest.add_member(:target_ips, Shapes::ShapeRef.new(shape: TargetList, location_name: "TargetIps", metadata: {"box"=>true}))
     CreateResolverRuleRequest.add_member(:resolver_endpoint_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResolverEndpointId", metadata: {"box"=>true}))
     CreateResolverRuleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags", metadata: {"box"=>true}))
@@ -416,6 +421,7 @@ module Aws::Route53Resolver
 
     DeleteFirewallRuleRequest.add_member(:firewall_rule_group_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallRuleGroupId"))
     DeleteFirewallRuleRequest.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallDomainListId"))
+    DeleteFirewallRuleRequest.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype"))
     DeleteFirewallRuleRequest.struct_class = Types::DeleteFirewallRuleRequest
 
     DeleteFirewallRuleResponse.add_member(:firewall_rule, Shapes::ShapeRef.new(shape: FirewallRule, location_name: "FirewallRule"))
@@ -523,6 +529,7 @@ module Aws::Route53Resolver
     FirewallRule.add_member(:creator_request_id, Shapes::ShapeRef.new(shape: CreatorRequestId, location_name: "CreatorRequestId"))
     FirewallRule.add_member(:creation_time, Shapes::ShapeRef.new(shape: Rfc3339TimeString, location_name: "CreationTime"))
     FirewallRule.add_member(:modification_time, Shapes::ShapeRef.new(shape: Rfc3339TimeString, location_name: "ModificationTime"))
+    FirewallRule.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype"))
     FirewallRule.struct_class = Types::FirewallRule
 
     FirewallRuleGroup.add_member(:id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "Id"))
@@ -888,6 +895,8 @@ module Aws::Route53Resolver
 
     OutpostResolverList.member = Shapes::ShapeRef.new(shape: OutpostResolver)
 
+    ProtocolList.member = Shapes::ShapeRef.new(shape: Protocol)
+
     PutFirewallRuleGroupPolicyRequest.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "Arn"))
     PutFirewallRuleGroupPolicyRequest.add_member(:firewall_rule_group_policy, Shapes::ShapeRef.new(shape: FirewallRuleGroupPolicy, required: true, location_name: "FirewallRuleGroupPolicy"))
     PutFirewallRuleGroupPolicyRequest.struct_class = Types::PutFirewallRuleGroupPolicyRequest
@@ -937,9 +946,10 @@ module Aws::Route53Resolver
     ResolverEndpoint.add_member(:status_message, Shapes::ShapeRef.new(shape: StatusMessage, location_name: "StatusMessage"))
     ResolverEndpoint.add_member(:creation_time, Shapes::ShapeRef.new(shape: Rfc3339TimeString, location_name: "CreationTime"))
     ResolverEndpoint.add_member(:modification_time, Shapes::ShapeRef.new(shape: Rfc3339TimeString, location_name: "ModificationTime"))
-    ResolverEndpoint.add_member(:resolver_endpoint_type, Shapes::ShapeRef.new(shape: ResolverEndpointType, location_name: "ResolverEndpointType"))
     ResolverEndpoint.add_member(:outpost_arn, Shapes::ShapeRef.new(shape: OutpostArn, location_name: "OutpostArn"))
     ResolverEndpoint.add_member(:preferred_instance_type, Shapes::ShapeRef.new(shape: OutpostInstanceType, location_name: "PreferredInstanceType"))
+    ResolverEndpoint.add_member(:resolver_endpoint_type, Shapes::ShapeRef.new(shape: ResolverEndpointType, location_name: "ResolverEndpointType"))
+    ResolverEndpoint.add_member(:protocols, Shapes::ShapeRef.new(shape: ProtocolList, location_name: "Protocols"))
     ResolverEndpoint.struct_class = Types::ResolverEndpoint
 
     ResolverEndpoints.member = Shapes::ShapeRef.new(shape: ResolverEndpoint)
@@ -1040,6 +1050,7 @@ module Aws::Route53Resolver
     TargetAddress.add_member(:ip, Shapes::ShapeRef.new(shape: Ip, location_name: "Ip", metadata: {"box"=>true}))
     TargetAddress.add_member(:port, Shapes::ShapeRef.new(shape: Port, location_name: "Port", metadata: {"box"=>true}))
     TargetAddress.add_member(:ipv_6, Shapes::ShapeRef.new(shape: Ipv6, location_name: "Ipv6", metadata: {"box"=>true}))
+    TargetAddress.add_member(:protocol, Shapes::ShapeRef.new(shape: Protocol, location_name: "Protocol", metadata: {"box"=>true}))
     TargetAddress.struct_class = Types::TargetAddress
 
     TargetList.member = Shapes::ShapeRef.new(shape: TargetAddress)
@@ -1092,6 +1103,7 @@ module Aws::Route53Resolver
     UpdateFirewallRuleRequest.add_member(:block_override_dns_type, Shapes::ShapeRef.new(shape: BlockOverrideDnsType, location_name: "BlockOverrideDnsType", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.add_member(:block_override_ttl, Shapes::ShapeRef.new(shape: BlockOverrideTtl, location_name: "BlockOverrideTtl", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.add_member(:name, Shapes::ShapeRef.new(shape: Name, location_name: "Name", metadata: {"box"=>true}))
+    UpdateFirewallRuleRequest.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype"))
     UpdateFirewallRuleRequest.struct_class = Types::UpdateFirewallRuleRequest
 
     UpdateFirewallRuleResponse.add_member(:firewall_rule, Shapes::ShapeRef.new(shape: FirewallRule, location_name: "FirewallRule"))
@@ -1130,6 +1142,7 @@ module Aws::Route53Resolver
     UpdateResolverEndpointRequest.add_member(:name, Shapes::ShapeRef.new(shape: Name, location_name: "Name", metadata: {"box"=>true}))
     UpdateResolverEndpointRequest.add_member(:resolver_endpoint_type, Shapes::ShapeRef.new(shape: ResolverEndpointType, location_name: "ResolverEndpointType", metadata: {"box"=>true}))
     UpdateResolverEndpointRequest.add_member(:update_ip_addresses, Shapes::ShapeRef.new(shape: UpdateIpAddresses, location_name: "UpdateIpAddresses", metadata: {"box"=>true}))
+    UpdateResolverEndpointRequest.add_member(:protocols, Shapes::ShapeRef.new(shape: ProtocolList, location_name: "Protocols", metadata: {"box"=>true}))
     UpdateResolverEndpointRequest.struct_class = Types::UpdateResolverEndpointRequest
 
     UpdateResolverEndpointResponse.add_member(:resolver_endpoint, Shapes::ShapeRef.new(shape: ResolverEndpoint, location_name: "ResolverEndpoint"))
@@ -1290,6 +1303,7 @@ module Aws::Route53Resolver
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceErrorException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
@@ -1324,6 +1338,7 @@ module Aws::Route53Resolver
         o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceUnavailableException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
       end)
 
@@ -2166,6 +2181,7 @@ module Aws::Route53Resolver
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceErrorException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
       end)
@@ -2183,6 +2199,7 @@ module Aws::Route53Resolver
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceErrorException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
       end)
     end
 

data/lib/aws-sdk-route53resolver/endpoint_provider.rb

@@ -32,7 +32,7 @@ module Aws::Route53Resolver
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               if Aws::Endpoints::Matchers.string_equals?(region, "us-gov-east-1")
                 return Aws::Endpoints::Endpoint.new(url: "https://route53resolver.us-gov-east-1.amazonaws.com", headers: {}, properties: {})
               end

data/lib/aws-sdk-route53resolver/types.rb

@@ -401,6 +401,39 @@ module Aws::Route53Resolver
     #   A name that lets you identify the rule in the rule group.
     #   @return [String]
     #
+    # @!attribute [rw] qtype
+    #   The DNS query type you want the rule to evaluate. Allowed values
+    #   are;
+    #
+    #   * A: Returns an IPv4 address.
+    #
+    #   * AAAA: Returns an Ipv6 address.
+    #
+    #   * CAA: Restricts CAs that can create SSL/TLS certifications for the
+    #     domain.
+    #
+    #   * CNAME: Returns another domain name.
+    #
+    #   * DS: Record that identifies the DNSSEC signing key of a delegated
+    #     zone.
+    #
+    #   * MX: Specifies mail servers.
+    #
+    #   * NAPTR: Regular-expression-based rewriting of domain names.
+    #
+    #   * NS: Authoritative name servers.
+    #
+    #   * PTR: Maps an IP address to a domain name.
+    #
+    #   * SOA: Start of authority record for the zone.
+    #
+    #   * SPF: Lists the servers authorized to send emails from a domain.
+    #
+    #   * SRV: Application specific values that identify servers.
+    #
+    #   * TXT: Verifies email senders and application-specific values.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRuleRequest AWS API Documentation
     #
     class CreateFirewallRuleRequest < Struct.new(
@@ -413,7 +446,8 @@ module Aws::Route53Resolver
       :block_override_domain,
       :block_override_dns_type,
       :block_override_ttl,
-      :name)
+      :name,
+      :qtype)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -525,8 +559,23 @@ module Aws::Route53Resolver
     #   The subnets and IP addresses in your VPC that DNS queries originate
     #   from (for outbound endpoints) or that you forward DNS queries to
     #   (for inbound endpoints). The subnet ID uniquely identifies a VPC.
+    #
+    #   <note markdown="1"> Even though the minimum is 1, Route 53 requires that you create at
+    #   least two.
+    #
+    #    </note>
     #   @return [Array<Types::IpAddressRequest>]
     #
+    # @!attribute [rw] outpost_arn
+    #   The Amazon Resource Name (ARN) of the Outpost. If you specify this,
+    #   you must also specify a value for the `PreferredInstanceType`.
+    #   @return [String]
+    #
+    # @!attribute [rw] preferred_instance_type
+    #   The instance type. If you specify this, you must also specify a
+    #   value for the `OutpostArn`.
+    #   @return [String]
+    #
     # @!attribute [rw] tags
     #   A list of the tag keys and values that you want to associate with
     #   the endpoint.
@@ -539,15 +588,34 @@ module Aws::Route53Resolver
     #   addresses.
     #   @return [String]
     #
-    # @!attribute [rw] outpost_arn
-    #   The Amazon Resource Name (ARN) of the Outpost. If you specify this,
-    #   you must also specify a value for the `PreferredInstanceType`.
-    #   @return [String]
+    # @!attribute [rw] protocols
+    #   The protocols you want to use for the endpoint. DoH-FIPS is
+    #   applicable for inbound endpoints only.
     #
-    # @!attribute [rw] preferred_instance_type
-    #   The instance type. If you specify this, you must also specify a
-    #   value for the `OutpostArn`.
-    #   @return [String]
+    #   For an inbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 and DoH-FIPS in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * DoH-FIPS alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   For an outbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * None, which is treated as Do53.
+    #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateResolverEndpointRequest AWS API Documentation
     #
@@ -557,10 +625,11 @@ module Aws::Route53Resolver
       :security_group_ids,
       :direction,
       :ip_addresses,
+      :outpost_arn,
+      :preferred_instance_type,
       :tags,
       :resolver_endpoint_type,
-      :outpost_arn,
-      :preferred_instance_type)
+      :protocols)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -787,11 +856,45 @@ module Aws::Route53Resolver
     #   The ID of the domain list that's used in the rule.
     #   @return [String]
     #
+    # @!attribute [rw] qtype
+    #   The DNS query type that the rule you are deleting evaluates. Allowed
+    #   values are;
+    #
+    #   * A: Returns an IPv4 address.
+    #
+    #   * AAAA: Returns an Ipv6 address.
+    #
+    #   * CAA: Restricts CAs that can create SSL/TLS certifications for the
+    #     domain.
+    #
+    #   * CNAME: Returns another domain name.
+    #
+    #   * DS: Record that identifies the DNSSEC signing key of a delegated
+    #     zone.
+    #
+    #   * MX: Specifies mail servers.
+    #
+    #   * NAPTR: Regular-expression-based rewriting of domain names.
+    #
+    #   * NS: Authoritative name servers.
+    #
+    #   * PTR: Maps an IP address to a domain name.
+    #
+    #   * SOA: Start of authority record for the zone.
+    #
+    #   * SPF: Lists the servers authorized to send emails from a domain.
+    #
+    #   * SRV: Application specific values that identify servers.
+    #
+    #   * TXT: Verifies email senders and application-specific values.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRuleRequest AWS API Documentation
     #
     class DeleteFirewallRuleRequest < Struct.new(
       :firewall_rule_group_id,
-      :firewall_domain_list_id)
+      :firewall_domain_list_id,
+      :qtype)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1492,6 +1595,39 @@ module Aws::Route53Resolver
     #   format and Coordinated Universal Time (UTC).
     #   @return [String]
     #
+    # @!attribute [rw] qtype
+    #   The DNS query type you want the rule to evaluate. Allowed values
+    #   are;
+    #
+    #   * A: Returns an IPv4 address.
+    #
+    #   * AAAA: Returns an Ipv6 address.
+    #
+    #   * CAA: Restricts CAs that can create SSL/TLS certifications for the
+    #     domain.
+    #
+    #   * CNAME: Returns another domain name.
+    #
+    #   * DS: Record that identifies the DNSSEC signing key of a delegated
+    #     zone.
+    #
+    #   * MX: Specifies mail servers.
+    #
+    #   * NAPTR: Regular-expression-based rewriting of domain names.
+    #
+    #   * NS: Authoritative name servers.
+    #
+    #   * PTR: Maps an IP address to a domain name.
+    #
+    #   * SOA: Start of authority record for the zone.
+    #
+    #   * SPF: Lists the servers authorized to send emails from a domain.
+    #
+    #   * SRV: Application specific values that identify servers.
+    #
+    #   * TXT: Verifies email senders and application-specific values.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/FirewallRule AWS API Documentation
     #
     class FirewallRule < Struct.new(
@@ -1506,7 +1642,8 @@ module Aws::Route53Resolver
       :block_override_ttl,
       :creator_request_id,
       :creation_time,
-      :modification_time)
+      :modification_time,
+      :qtype)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2933,7 +3070,8 @@ module Aws::Route53Resolver
     # @!attribute [rw] resolver_dnssec_configs
     #   An array that contains one [ResolverDnssecConfig][1] element for
     #   each configuration for DNSSEC validation that is associated with the
-    #   current Amazon Web Services account.
+    #   current Amazon Web Services account. It doesn't contain disabled
+    #   DNSSEC configurations for the resource.
     #
     #
     #
@@ -3957,10 +4095,6 @@ module Aws::Route53Resolver
     #   format and Coordinated Universal Time (UTC).
     #   @return [String]
     #
-    # @!attribute [rw] resolver_endpoint_type
-    #   The Resolver endpoint IP address type.
-    #   @return [String]
-    #
     # @!attribute [rw] outpost_arn
     #   The ARN (Amazon Resource Name) for the Outpost.
     #   @return [String]
@@ -3969,6 +4103,39 @@ module Aws::Route53Resolver
     #   The Amazon EC2 instance type.
     #   @return [String]
     #
+    # @!attribute [rw] resolver_endpoint_type
+    #   The Resolver endpoint IP address type.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocols
+    #   Protocols used for the endpoint. DoH-FIPS is applicable for inbound
+    #   endpoints only.
+    #
+    #   For an inbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 and DoH-FIPS in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * DoH-FIPS alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   For an outbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * None, which is treated as Do53.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ResolverEndpoint AWS API Documentation
     #
     class ResolverEndpoint < Struct.new(
@@ -3984,9 +4151,10 @@ module Aws::Route53Resolver
       :status_message,
       :creation_time,
       :modification_time,
-      :resolver_endpoint_type,
       :outpost_arn,
-      :preferred_instance_type)
+      :preferred_instance_type,
+      :resolver_endpoint_type,
+      :protocols)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4562,12 +4730,42 @@ module Aws::Route53Resolver
     #   One IPv6 address that you want to forward DNS queries to.
     #   @return [String]
     #
+    # @!attribute [rw] protocol
+    #   The protocols for the Resolver endpoints. DoH-FIPS is applicable for
+    #   inbound endpoints only.
+    #
+    #   For an inbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 and DoH-FIPS in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * DoH-FIPS alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   For an outbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * None, which is treated as Do53.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/TargetAddress AWS API Documentation
     #
     class TargetAddress < Struct.new(
       :ip,
       :port,
-      :ipv_6)
+      :ipv_6,
+      :protocol)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4876,6 +5074,39 @@ module Aws::Route53Resolver
     #   The name of the rule.
     #   @return [String]
     #
+    # @!attribute [rw] qtype
+    #   The DNS query type you want the rule to evaluate. Allowed values
+    #   are;
+    #
+    #   * A: Returns an IPv4 address.
+    #
+    #   * AAAA: Returns an Ipv6 address.
+    #
+    #   * CAA: Restricts CAs that can create SSL/TLS certifications for the
+    #     domain.
+    #
+    #   * CNAME: Returns another domain name.
+    #
+    #   * DS: Record that identifies the DNSSEC signing key of a delegated
+    #     zone.
+    #
+    #   * MX: Specifies mail servers.
+    #
+    #   * NAPTR: Regular-expression-based rewriting of domain names.
+    #
+    #   * NS: Authoritative name servers.
+    #
+    #   * PTR: Maps an IP address to a domain name.
+    #
+    #   * SOA: Start of authority record for the zone.
+    #
+    #   * SPF: Lists the servers authorized to send emails from a domain.
+    #
+    #   * SRV: Application specific values that identify servers.
+    #
+    #   * TXT: Verifies email senders and application-specific values.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRuleRequest AWS API Documentation
     #
     class UpdateFirewallRuleRequest < Struct.new(
@@ -4887,7 +5118,8 @@ module Aws::Route53Resolver
       :block_override_domain,
       :block_override_dns_type,
       :block_override_ttl,
-      :name)
+      :name,
+      :qtype)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5073,13 +5305,51 @@ module Aws::Route53Resolver
     #   will be automatically chosen from your subnet.
     #   @return [Array<Types::UpdateIpAddress>]
     #
+    # @!attribute [rw] protocols
+    #   The protocols you want to use for the endpoint. DoH-FIPS is
+    #   applicable for inbound endpoints only.
+    #
+    #   For an inbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 and DoH-FIPS in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * DoH-FIPS alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   For an outbound endpoint you can apply the protocols as follows:
+    #
+    #   * Do53 and DoH in combination.
+    #
+    #   * Do53 alone.
+    #
+    #   * DoH alone.
+    #
+    #   * None, which is treated as Do53.
+    #
+    #   You can't change the protocol of an inbound endpoint directly from
+    #   only Do53 to only DoH, or DoH-FIPS. This is to prevent a sudden
+    #   disruption to incoming traffic that relies on Do53. To change the
+    #   protocol from Do53 to DoH, or DoH-FIPS, you must first enable both
+    #   Do53 and DoH, or Do53 and DoH-FIPS, to make sure that all incoming
+    #   traffic has transferred to using the DoH protocol, or DoH-FIPS, and
+    #   then remove the Do53.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateResolverEndpointRequest AWS API Documentation
     #
     class UpdateResolverEndpointRequest < Struct.new(
       :resolver_endpoint_id,
       :name,
       :resolver_endpoint_type,
-      :update_ip_addresses)
+      :update_ip_addresses,
+      :protocols)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5125,8 +5395,9 @@ module Aws::Route53Resolver
       include Aws::Structure
     end
 
-    # You have provided an invalid command. Supported values are `ADD`,
-    # `REMOVE`, or `REPLACE` a domain.
+    # You have provided an invalid command. If you ran the
+    # `UpdateFirewallDomains` request. supported values are `ADD`, `REMOVE`,
+    # or `REPLACE` a domain.
     #
     # @!attribute [rw] message
     #   @return [String]

data/lib/aws-sdk-route53resolver.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-route53resolver/customizations'
 # @!group service
 module Aws::Route53Resolver
 
-  GEM_VERSION = '1.51.0'
+  GEM_VERSION = '1.53.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-route53resolver
 version: !ruby/object:Gem::Version
-  version: 1.51.0
+  version: 1.53.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-11-28 00:00:00.000000000 Z
+date: 2024-01-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core