aws-sdk-route53resolver 1.71.0 → 1.73.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e263b48ed0d14f6355ada97a6a27aba189708f14b4611b175b134834f9b7c8dd
-  data.tar.gz: fdf4165cf09419193022a3396ed35f53a10076a8bad618c2eeca2b001d23eb87
+  metadata.gz: 6b52fca6223281d438eb705b809e3df5858a0f90d8de563f60ce8d845d1b435c
+  data.tar.gz: d91066c8dfa0e8789b64499e15b9f23dc47f5c646138ceb4727b78ca88e84111
 SHA512:
-  metadata.gz: 6c365925a4d9d91da87170a860cf98b3a5b341fc1377b2942c5de823d9f8390efd6744580f1011a0be1ada6307640edf53569d112c74880dcb7c27f7236de4e9
-  data.tar.gz: cf7520f36c088a73104960756815f7e3902f44dfadb08f64dd87b9226fcfaf9279c17fc51732d5de985625e77add698319cf3c2893d044eba4b81f3c17b29df5
+  metadata.gz: 69db2cd9346f1c06b7da716f1a272c11255013f09bb5d11e01c98c090c08a40f042c596688ba460e1f085eef640fbc330870823c0034605eb1ba0b4f8cf36565
+  data.tar.gz: a0fdf4df9ad3695094a00566f082d6d0ff73ebe00dffebcd5f24b7767526e2bbb0332b1aeee0d285cfb0af4111f25f379b572ff72637366ae157f06cc25f4a3f

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.73.0 (2024-11-15)
+------------------
+
+* Feature - Route 53 Resolver DNS Firewall Advanced Rules allows you to monitor and block suspicious DNS traffic based on anomalies detected in the queries, such as DNS tunneling and Domain Generation Algorithms (DGAs).
+
+1.72.0 (2024-10-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.71.0 (2024-10-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.71.0
+1.73.0

data/lib/aws-sdk-route53resolver/client.rb

@@ -805,8 +805,9 @@ module Aws::Route53Resolver
     #   The unique identifier of the firewall rule group where you want to
     #   create the rule.
     #
-    # @option params [required, String] :firewall_domain_list_id
-    #   The ID of the domain list that you want to use in the rule.
+    # @option params [String] :firewall_domain_list_id
+    #   The ID of the domain list that you want to use in the rule. Can't be
+    #   used together with `DnsThreatProtecton`.
     #
     # @option params [required, Integer] :priority
     #   The setting that determines the processing order of the rule in the
@@ -820,9 +821,11 @@ module Aws::Route53Resolver
     #
     # @option params [required, String] :action
     #   The action that DNS Firewall should take on a DNS query when it
-    #   matches one of the domains in the rule's domain list:
+    #   matches one of the domains in the rule's domain list, or a threat in
+    #   a DNS Firewall Advanced rule:
     #
-    #   * `ALLOW` - Permit the request to go through.
+    #   * `ALLOW` - Permit the request to go through. Not available for DNS
+    #     Firewall Advanced rules.
     #
     #   * `ALERT` - Permit the request and send metrics and logs to Cloud
     #     Watch.
@@ -873,11 +876,11 @@ module Aws::Route53Resolver
     #   How you want the the rule to evaluate DNS redirection in the DNS
     #   redirection chain, such as CNAME or DNAME.
     #
-    #   `Inspect_Redirection_Domain `(Default) inspects all domains in the
+    #   `INSPECT_REDIRECTION_DOMAIN`: (Default) inspects all domains in the
     #   redirection chain. The individual domains in the redirection chain
     #   must be added to the domain list.
     #
-    #   `Trust_Redirection_Domain ` inspects only the first domain in the
+    #   `TRUST_REDIRECTION_DOMAIN`: Inspects only the first domain in the
     #   redirection chain. You don't need to add the subsequent domains in
     #   the domain in the redirection list to the domain list.
     #
@@ -921,6 +924,23 @@ module Aws::Route53Resolver
     #
     #   [1]: https://en.wikipedia.org/wiki/List_of_DNS_record_types
     #
+    # @option params [String] :dns_threat_protection
+    #   Use to create a DNS Firewall Advanced rule.
+    #
+    # @option params [String] :confidence_threshold
+    #   The confidence threshold for DNS Firewall Advanced. You must provide
+    #   this value when you create a DNS Firewall Advanced rule. The
+    #   confidence level values mean:
+    #
+    #   * `LOW`: Provides the highest detection rate for threats, but also
+    #     increases false positives.
+    #
+    #   * `MEDIUM`: Provides a balance between detecting threats and false
+    #     positives.
+    #
+    #   * `HIGH`: Detects only the most well corroborated threats with a low
+    #     rate of false positives.
+    #
     # @return [Types::CreateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
@@ -930,7 +950,7 @@ module Aws::Route53Resolver
     #   resp = client.create_firewall_rule({
     #     creator_request_id: "CreatorRequestId", # required
     #     firewall_rule_group_id: "ResourceId", # required
-    #     firewall_domain_list_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId",
     #     priority: 1, # required
     #     action: "ALLOW", # required, accepts ALLOW, BLOCK, ALERT
     #     block_response: "NODATA", # accepts NODATA, NXDOMAIN, OVERRIDE
@@ -940,12 +960,15 @@ module Aws::Route53Resolver
     #     name: "Name", # required
     #     firewall_domain_redirection_action: "INSPECT_REDIRECTION_DOMAIN", # accepts INSPECT_REDIRECTION_DOMAIN, TRUST_REDIRECTION_DOMAIN
     #     qtype: "Qtype",
+    #     dns_threat_protection: "DGA", # accepts DGA, DNS_TUNNELING
+    #     confidence_threshold: "LOW", # accepts LOW, MEDIUM, HIGH
     #   })
     #
     # @example Response structure
     #
     #   resp.firewall_rule.firewall_rule_group_id #=> String
     #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.firewall_threat_protection_id #=> String
     #   resp.firewall_rule.name #=> String
     #   resp.firewall_rule.priority #=> Integer
     #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
@@ -958,6 +981,8 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.modification_time #=> String
     #   resp.firewall_rule.firewall_domain_redirection_action #=> String, one of "INSPECT_REDIRECTION_DOMAIN", "TRUST_REDIRECTION_DOMAIN"
     #   resp.firewall_rule.qtype #=> String
+    #   resp.firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING"
+    #   resp.firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/CreateFirewallRule AWS API Documentation
     #
@@ -1518,9 +1543,12 @@ module Aws::Route53Resolver
     #   The unique identifier of the firewall rule group that you want to
     #   delete the rule from.
     #
-    # @option params [required, String] :firewall_domain_list_id
+    # @option params [String] :firewall_domain_list_id
     #   The ID of the domain list that's used in the rule.
     #
+    # @option params [String] :firewall_threat_protection_id
+    #   The ID that is created for a DNS Firewall Advanced rule.
+    #
     # @option params [String] :qtype
     #   The DNS query type that the rule you are deleting evaluates. Allowed
     #   values are;
@@ -1570,7 +1598,8 @@ module Aws::Route53Resolver
     #
     #   resp = client.delete_firewall_rule({
     #     firewall_rule_group_id: "ResourceId", # required
-    #     firewall_domain_list_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId",
+    #     firewall_threat_protection_id: "ResourceId",
     #     qtype: "Qtype",
     #   })
     #
@@ -1578,6 +1607,7 @@ module Aws::Route53Resolver
     #
     #   resp.firewall_rule.firewall_rule_group_id #=> String
     #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.firewall_threat_protection_id #=> String
     #   resp.firewall_rule.name #=> String
     #   resp.firewall_rule.priority #=> Integer
     #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
@@ -1590,6 +1620,8 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.modification_time #=> String
     #   resp.firewall_rule.firewall_domain_redirection_action #=> String, one of "INSPECT_REDIRECTION_DOMAIN", "TRUST_REDIRECTION_DOMAIN"
     #   resp.firewall_rule.qtype #=> String
+    #   resp.firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING"
+    #   resp.firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/DeleteFirewallRule AWS API Documentation
     #
@@ -3009,9 +3041,11 @@ module Aws::Route53Resolver
     #   Optional additional filter for the rules to retrieve.
     #
     #   The action that DNS Firewall should take on a DNS query when it
-    #   matches one of the domains in the rule's domain list:
+    #   matches one of the domains in the rule's domain list, or a threat in
+    #   a DNS Firewall Advanced rule:
     #
-    #   * `ALLOW` - Permit the request to go through.
+    #   * `ALLOW` - Permit the request to go through. Not availabe for DNS
+    #     Firewall Advanced rules.
     #
     #   * `ALERT` - Permit the request to go through but send an alert to the
     #     logs.
@@ -3061,6 +3095,7 @@ module Aws::Route53Resolver
     #   resp.firewall_rules #=> Array
     #   resp.firewall_rules[0].firewall_rule_group_id #=> String
     #   resp.firewall_rules[0].firewall_domain_list_id #=> String
+    #   resp.firewall_rules[0].firewall_threat_protection_id #=> String
     #   resp.firewall_rules[0].name #=> String
     #   resp.firewall_rules[0].priority #=> Integer
     #   resp.firewall_rules[0].action #=> String, one of "ALLOW", "BLOCK", "ALERT"
@@ -3073,6 +3108,8 @@ module Aws::Route53Resolver
     #   resp.firewall_rules[0].modification_time #=> String
     #   resp.firewall_rules[0].firewall_domain_redirection_action #=> String, one of "INSPECT_REDIRECTION_DOMAIN", "TRUST_REDIRECTION_DOMAIN"
     #   resp.firewall_rules[0].qtype #=> String
+    #   resp.firewall_rules[0].dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING"
+    #   resp.firewall_rules[0].confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/ListFirewallRules AWS API Documentation
     #
@@ -4243,9 +4280,12 @@ module Aws::Route53Resolver
     # @option params [required, String] :firewall_rule_group_id
     #   The unique identifier of the firewall rule group for the rule.
     #
-    # @option params [required, String] :firewall_domain_list_id
+    # @option params [String] :firewall_domain_list_id
     #   The ID of the domain list to use in the rule.
     #
+    # @option params [String] :firewall_threat_protection_id
+    #   The DNS Firewall Advanced rule ID.
+    #
     # @option params [Integer] :priority
     #   The setting that determines the processing order of the rule in the
     #   rule group. DNS Firewall processes the rules in a rule group by order
@@ -4258,9 +4298,11 @@ module Aws::Route53Resolver
     #
     # @option params [String] :action
     #   The action that DNS Firewall should take on a DNS query when it
-    #   matches one of the domains in the rule's domain list:
+    #   matches one of the domains in the rule's domain list, or a threat in
+    #   a DNS Firewall Advanced rule:
     #
-    #   * `ALLOW` - Permit the request to go through.
+    #   * `ALLOW` - Permit the request to go through. Not available for DNS
+    #     Firewall Advanced rules.
     #
     #   * `ALERT` - Permit the request to go through but send an alert to the
     #     logs.
@@ -4303,11 +4345,11 @@ module Aws::Route53Resolver
     #   How you want the the rule to evaluate DNS redirection in the DNS
     #   redirection chain, such as CNAME or DNAME.
     #
-    #   `Inspect_Redirection_Domain `(Default) inspects all domains in the
+    #   `INSPECT_REDIRECTION_DOMAIN`: (Default) inspects all domains in the
     #   redirection chain. The individual domains in the redirection chain
     #   must be added to the domain list.
     #
-    #   `Trust_Redirection_Domain ` inspects only the first domain in the
+    #   `TRUST_REDIRECTION_DOMAIN`: Inspects only the first domain in the
     #   redirection chain. You don't need to add the subsequent domains in
     #   the domain in the redirection list to the domain list.
     #
@@ -4357,6 +4399,31 @@ module Aws::Route53Resolver
     #
     #   [1]: https://en.wikipedia.org/wiki/List_of_DNS_record_types
     #
+    # @option params [String] :dns_threat_protection
+    #   The type of the DNS Firewall Advanced rule. Valid values are:
+    #
+    #   * `DGA`: Domain generation algorithms detection. DGAs are used by
+    #     attackers to generate a large number of domains to to launch malware
+    #     attacks.
+    #
+    #   * `DNS_TUNNELING`: DNS tunneling detection. DNS tunneling is used by
+    #     attackers to exfiltrate data from the client by using the DNS tunnel
+    #     without making a network connection to the client.
+    #
+    # @option params [String] :confidence_threshold
+    #   The confidence threshold for DNS Firewall Advanced. You must provide
+    #   this value when you create a DNS Firewall Advanced rule. The
+    #   confidence level values mean:
+    #
+    #   * `LOW`: Provides the highest detection rate for threats, but also
+    #     increases false positives.
+    #
+    #   * `MEDIUM`: Provides a balance between detecting threats and false
+    #     positives.
+    #
+    #   * `HIGH`: Detects only the most well corroborated threats with a low
+    #     rate of false positives.
+    #
     # @return [Types::UpdateFirewallRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateFirewallRuleResponse#firewall_rule #firewall_rule} => Types::FirewallRule
@@ -4365,7 +4432,8 @@ module Aws::Route53Resolver
     #
     #   resp = client.update_firewall_rule({
     #     firewall_rule_group_id: "ResourceId", # required
-    #     firewall_domain_list_id: "ResourceId", # required
+    #     firewall_domain_list_id: "ResourceId",
+    #     firewall_threat_protection_id: "ResourceId",
     #     priority: 1,
     #     action: "ALLOW", # accepts ALLOW, BLOCK, ALERT
     #     block_response: "NODATA", # accepts NODATA, NXDOMAIN, OVERRIDE
@@ -4375,12 +4443,15 @@ module Aws::Route53Resolver
     #     name: "Name",
     #     firewall_domain_redirection_action: "INSPECT_REDIRECTION_DOMAIN", # accepts INSPECT_REDIRECTION_DOMAIN, TRUST_REDIRECTION_DOMAIN
     #     qtype: "Qtype",
+    #     dns_threat_protection: "DGA", # accepts DGA, DNS_TUNNELING
+    #     confidence_threshold: "LOW", # accepts LOW, MEDIUM, HIGH
     #   })
     #
     # @example Response structure
     #
     #   resp.firewall_rule.firewall_rule_group_id #=> String
     #   resp.firewall_rule.firewall_domain_list_id #=> String
+    #   resp.firewall_rule.firewall_threat_protection_id #=> String
     #   resp.firewall_rule.name #=> String
     #   resp.firewall_rule.priority #=> Integer
     #   resp.firewall_rule.action #=> String, one of "ALLOW", "BLOCK", "ALERT"
@@ -4393,6 +4464,8 @@ module Aws::Route53Resolver
     #   resp.firewall_rule.modification_time #=> String
     #   resp.firewall_rule.firewall_domain_redirection_action #=> String, one of "INSPECT_REDIRECTION_DOMAIN", "TRUST_REDIRECTION_DOMAIN"
     #   resp.firewall_rule.qtype #=> String
+    #   resp.firewall_rule.dns_threat_protection #=> String, one of "DGA", "DNS_TUNNELING"
+    #   resp.firewall_rule.confidence_threshold #=> String, one of "LOW", "MEDIUM", "HIGH"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/route53resolver-2018-04-01/UpdateFirewallRule AWS API Documentation
     #
@@ -4802,7 +4875,7 @@ module Aws::Route53Resolver
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-route53resolver'
-      context[:gem_version] = '1.71.0'
+      context[:gem_version] = '1.73.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-route53resolver/client_api.rb

@@ -32,6 +32,7 @@ module Aws::Route53Resolver
     BlockOverrideTtl = Shapes::IntegerShape.new(name: 'BlockOverrideTtl')
     BlockResponse = Shapes::StringShape.new(name: 'BlockResponse')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
+    ConfidenceThreshold = Shapes::StringShape.new(name: 'ConfidenceThreshold')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     Count = Shapes::IntegerShape.new(name: 'Count')
     CreateFirewallDomainListRequest = Shapes::StructureShape.new(name: 'CreateFirewallDomainListRequest')
@@ -72,6 +73,7 @@ module Aws::Route53Resolver
     DisassociateResolverQueryLogConfigResponse = Shapes::StructureShape.new(name: 'DisassociateResolverQueryLogConfigResponse')
     DisassociateResolverRuleRequest = Shapes::StructureShape.new(name: 'DisassociateResolverRuleRequest')
     DisassociateResolverRuleResponse = Shapes::StructureShape.new(name: 'DisassociateResolverRuleResponse')
+    DnsThreatProtection = Shapes::StringShape.new(name: 'DnsThreatProtection')
     DomainListFileUrl = Shapes::StringShape.new(name: 'DomainListFileUrl')
     DomainName = Shapes::StringShape.new(name: 'DomainName')
     ExceptionMessage = Shapes::StringShape.new(name: 'ExceptionMessage')
@@ -349,7 +351,7 @@ module Aws::Route53Resolver
 
     CreateFirewallRuleRequest.add_member(:creator_request_id, Shapes::ShapeRef.new(shape: CreatorRequestId, required: true, location_name: "CreatorRequestId", metadata: {"idempotencyToken"=>true}))
     CreateFirewallRuleRequest.add_member(:firewall_rule_group_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallRuleGroupId"))
-    CreateFirewallRuleRequest.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallDomainListId"))
+    CreateFirewallRuleRequest.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallDomainListId", metadata: {"box"=>true}))
     CreateFirewallRuleRequest.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, required: true, location_name: "Priority"))
     CreateFirewallRuleRequest.add_member(:action, Shapes::ShapeRef.new(shape: Action, required: true, location_name: "Action"))
     CreateFirewallRuleRequest.add_member(:block_response, Shapes::ShapeRef.new(shape: BlockResponse, location_name: "BlockResponse", metadata: {"box"=>true}))
@@ -359,6 +361,8 @@ module Aws::Route53Resolver
     CreateFirewallRuleRequest.add_member(:name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "Name"))
     CreateFirewallRuleRequest.add_member(:firewall_domain_redirection_action, Shapes::ShapeRef.new(shape: FirewallDomainRedirectionAction, location_name: "FirewallDomainRedirectionAction", metadata: {"box"=>true}))
     CreateFirewallRuleRequest.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype", metadata: {"box"=>true}))
+    CreateFirewallRuleRequest.add_member(:dns_threat_protection, Shapes::ShapeRef.new(shape: DnsThreatProtection, location_name: "DnsThreatProtection", metadata: {"box"=>true}))
+    CreateFirewallRuleRequest.add_member(:confidence_threshold, Shapes::ShapeRef.new(shape: ConfidenceThreshold, location_name: "ConfidenceThreshold", metadata: {"box"=>true}))
     CreateFirewallRuleRequest.struct_class = Types::CreateFirewallRuleRequest
 
     CreateFirewallRuleResponse.add_member(:firewall_rule, Shapes::ShapeRef.new(shape: FirewallRule, location_name: "FirewallRule"))
@@ -424,7 +428,8 @@ module Aws::Route53Resolver
     DeleteFirewallRuleGroupResponse.struct_class = Types::DeleteFirewallRuleGroupResponse
 
     DeleteFirewallRuleRequest.add_member(:firewall_rule_group_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallRuleGroupId"))
-    DeleteFirewallRuleRequest.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallDomainListId"))
+    DeleteFirewallRuleRequest.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallDomainListId", metadata: {"box"=>true}))
+    DeleteFirewallRuleRequest.add_member(:firewall_threat_protection_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallThreatProtectionId", metadata: {"box"=>true}))
     DeleteFirewallRuleRequest.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype"))
     DeleteFirewallRuleRequest.struct_class = Types::DeleteFirewallRuleRequest
 
@@ -523,6 +528,7 @@ module Aws::Route53Resolver
 
     FirewallRule.add_member(:firewall_rule_group_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallRuleGroupId"))
     FirewallRule.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallDomainListId"))
+    FirewallRule.add_member(:firewall_threat_protection_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallThreatProtectionId"))
     FirewallRule.add_member(:name, Shapes::ShapeRef.new(shape: Name, location_name: "Name"))
     FirewallRule.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority"))
     FirewallRule.add_member(:action, Shapes::ShapeRef.new(shape: Action, location_name: "Action"))
@@ -535,6 +541,8 @@ module Aws::Route53Resolver
     FirewallRule.add_member(:modification_time, Shapes::ShapeRef.new(shape: Rfc3339TimeString, location_name: "ModificationTime"))
     FirewallRule.add_member(:firewall_domain_redirection_action, Shapes::ShapeRef.new(shape: FirewallDomainRedirectionAction, location_name: "FirewallDomainRedirectionAction"))
     FirewallRule.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype"))
+    FirewallRule.add_member(:dns_threat_protection, Shapes::ShapeRef.new(shape: DnsThreatProtection, location_name: "DnsThreatProtection"))
+    FirewallRule.add_member(:confidence_threshold, Shapes::ShapeRef.new(shape: ConfidenceThreshold, location_name: "ConfidenceThreshold"))
     FirewallRule.struct_class = Types::FirewallRule
 
     FirewallRuleGroup.add_member(:id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "Id"))
@@ -1101,7 +1109,8 @@ module Aws::Route53Resolver
     UpdateFirewallRuleGroupAssociationResponse.struct_class = Types::UpdateFirewallRuleGroupAssociationResponse
 
     UpdateFirewallRuleRequest.add_member(:firewall_rule_group_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallRuleGroupId"))
-    UpdateFirewallRuleRequest.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallDomainListId"))
+    UpdateFirewallRuleRequest.add_member(:firewall_domain_list_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallDomainListId", metadata: {"box"=>true}))
+    UpdateFirewallRuleRequest.add_member(:firewall_threat_protection_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallThreatProtectionId", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.add_member(:action, Shapes::ShapeRef.new(shape: Action, location_name: "Action", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.add_member(:block_response, Shapes::ShapeRef.new(shape: BlockResponse, location_name: "BlockResponse", metadata: {"box"=>true}))
@@ -1111,6 +1120,8 @@ module Aws::Route53Resolver
     UpdateFirewallRuleRequest.add_member(:name, Shapes::ShapeRef.new(shape: Name, location_name: "Name", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.add_member(:firewall_domain_redirection_action, Shapes::ShapeRef.new(shape: FirewallDomainRedirectionAction, location_name: "FirewallDomainRedirectionAction", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.add_member(:qtype, Shapes::ShapeRef.new(shape: Qtype, location_name: "Qtype"))
+    UpdateFirewallRuleRequest.add_member(:dns_threat_protection, Shapes::ShapeRef.new(shape: DnsThreatProtection, location_name: "DnsThreatProtection", metadata: {"box"=>true}))
+    UpdateFirewallRuleRequest.add_member(:confidence_threshold, Shapes::ShapeRef.new(shape: ConfidenceThreshold, location_name: "ConfidenceThreshold", metadata: {"box"=>true}))
     UpdateFirewallRuleRequest.struct_class = Types::UpdateFirewallRuleRequest
 
     UpdateFirewallRuleResponse.add_member(:firewall_rule, Shapes::ShapeRef.new(shape: FirewallRule, location_name: "FirewallRule"))
@@ -1373,6 +1384,7 @@ module Aws::Route53Resolver
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
       end)
 

data/lib/aws-sdk-route53resolver/endpoint_parameters.rb

@@ -52,15 +52,18 @@ module Aws::Route53Resolver
       self[:region] = options[:region]
       self[:use_dual_stack] = options[:use_dual_stack]
       self[:use_dual_stack] = false if self[:use_dual_stack].nil?
-      if self[:use_dual_stack].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
-      end
       self[:use_fips] = options[:use_fips]
       self[:use_fips] = false if self[:use_fips].nil?
-      if self[:use_fips].nil?
-        raise ArgumentError, "Missing required EndpointParameter: :use_fips"
-      end
       self[:endpoint] = options[:endpoint]
     end
+
+    def self.create(config, options={})
+      new({
+        region: config.region,
+        use_dual_stack: config.use_dualstack_endpoint,
+        use_fips: config.use_fips_endpoint,
+        endpoint: (config.endpoint.to_s unless config.regional_endpoint),
+      }.merge(options))
+    end
   end
 end