aws-sdk-shield 1.42.0 → 1.46.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9ec87470cee2c8e4d058d9344146f19184367d965f0dd975abd759a131310a2
-  data.tar.gz: 38f7f5d23e17e1220c11d5aba1b32ae56daf1e3a73d4ecc42d4860062cc79ded
+  metadata.gz: 3d6373ad000ef650e2a98a06c6fcd44c468774dbedc8f5f4450bf35f2411e6d0
+  data.tar.gz: 2794b2131ca23284317bbd039e2e609b6397c3c355b414e59d60a9207c373540
 SHA512:
-  metadata.gz: 10ccbd8b43f78366d7a6d441ced3cac6468b20baf849105e42db9209436df4c2063117958d5848bdd05e2c0ea404e7d942c79b3ae1d5df0a83b44dc607948929
-  data.tar.gz: 423f0ba03b9c138a4d8687f8322bb9555ebdd2f4845954d80f9c734dad6b47d780783a7dc9c4034b8e80e3be34987fb61804248653a006e19af4a75667614232
+  metadata.gz: ba883b89690540cc2192236a09bd9f788ba90d500b1ca721625a35536d3944b8eec690565078861da0c420e5be33056c3f7f73fde89d3cfa064e24513f708e60
+  data.tar.gz: 3d93922ae49a9117f570d86b80e3d16ace1b744954c9b73e5b1d366630f42370c1b697ad2c9a62667115a7c2edabad5c9e8b8fb8f80fb5849288027fe362c391

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.46.0 (2021-12-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.45.0 (2021-12-01)
+------------------
+
+* Feature - This release adds API support for Automatic Application Layer DDoS Mitigation for AWS Shield Advanced. Customers can now enable automatic DDoS mitigation in count or block mode for layer 7 protected resources.
+
+1.44.0 (2021-11-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.43.0 (2021-11-04)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.42.0 (2021-10-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.42.0
+1.46.0

data/lib/aws-sdk-shield/client.rb

@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
@@ -73,6 +74,7 @@ module Aws::Shield
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
 
@@ -119,7 +121,9 @@ module Aws::Shield
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -173,6 +177,10 @@ module Aws::Shield
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -285,6 +293,15 @@ module Aws::Shield
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
@@ -296,7 +313,7 @@ module Aws::Shield
     #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
+    #   @option options [Float] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set per-request on the session.
     #
@@ -312,6 +329,9 @@ module Aws::Shield
     #     disables this behaviour.  This value can safely be set per
     #     request on the session.
     #
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
+    #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
     #
@@ -348,8 +368,8 @@ module Aws::Shield
     #
     #
     #
-    # [1]: https://aws.amazon.com/premiumsupport/business-support/
-    # [2]: https://aws.amazon.com/premiumsupport/enterprise-support/
+    # [1]: https://docs.aws.amazon.com/premiumsupport/business-support/
+    # [2]: https://docs.aws.amazon.com/premiumsupport/enterprise-support/
     #
     # @option params [required, String] :log_bucket
     #   The Amazon S3 bucket that contains the logs that you want to share.
@@ -382,13 +402,12 @@ module Aws::Shield
     # `RoleArn`.
     #
     # Prior to making the `AssociateDRTRole` request, you must attach the
-    # [AWSShieldDRTAccessPolicy][1] managed policy to the role you will
-    # specify in the request. For more information see [Attaching and
-    # Detaching IAM Policies](
-    # https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html).
-    # The role must also trust the service principal `
-    # drt.shield.amazonaws.com`. For more information, see [IAM JSON Policy
-    # Elements: Principal][2].
+    # `AWSShieldDRTAccessPolicy` managed policy to the role that you'll
+    # specify in the request. You can access this policy in the IAM console
+    # at [AWSShieldDRTAccessPolicy][1]. For more information see [Adding and
+    # removing IAM identity permissions][2]. The role must also trust the
+    # service principal `drt.shield.amazonaws.com`. For more information,
+    # see [IAM JSON policy elements: Principal][3].
     #
     # The SRT will have access only to your WAF and Shield resources. By
     # submitting this request, you authorize the SRT to inspect your WAF and
@@ -397,20 +416,21 @@ module Aws::Shield
     # by you.
     #
     # You must have the `iam:PassRole` permission to make an
-    # `AssociateDRTRole` request. For more information, see [Granting a User
-    # Permissions to Pass a Role to an Amazon Web Services Service][3].
+    # `AssociateDRTRole` request. For more information, see [Granting a user
+    # permissions to pass a role to an Amazon Web Services service][4].
     #
     # To use the services of the SRT and make an `AssociateDRTRole` request,
-    # you must be subscribed to the [Business Support plan][4] or the
-    # [Enterprise Support plan][5].
+    # you must be subscribed to the [Business Support plan][5] or the
+    # [Enterprise Support plan][6].
     #
     #
     #
     # [1]: https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy
-    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
-    # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
-    # [4]: https://aws.amazon.com/premiumsupport/business-support/
-    # [5]: https://aws.amazon.com/premiumsupport/enterprise-support/
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html
+    # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
+    # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
+    # [5]: https://docs.aws.amazon.com/premiumsupport/business-support/
+    # [6]: https://docs.aws.amazon.com/premiumsupport/enterprise-support/
     #
     # @option params [required, String] :role_arn
     #   The Amazon Resource Name (ARN) of the role the SRT will use to access
@@ -445,9 +465,9 @@ module Aws::Shield
     # Adds health-based detection to the Shield Advanced protection for a
     # resource. Shield Advanced health-based detection uses the health of
     # your Amazon Web Services resource to improve responsiveness and
-    # accuracy in attack detection and mitigation.
+    # accuracy in attack detection and response.
     #
-    # You define the health check in Route 53 and then associate it with
+    # You define the health check in Route 53 and then associate it with
     # your Shield Advanced protection. For more information, see [Shield
     # Advanced Health-Based Detection][1] in the *WAF Developer Guide*.
     #
@@ -541,17 +561,18 @@ module Aws::Shield
     # Enables Shield Advanced for a specific Amazon Web Services resource.
     # The resource can be an Amazon CloudFront distribution, Elastic Load
     # Balancing load balancer, Global Accelerator accelerator, Elastic IP
-    # Address, or an Amazon Route 53 hosted zone.
+    # Address, or an Amazon Route 53 hosted zone.
     #
     # You can add protection to only a single resource with each
-    # CreateProtection request. If you want to add protection to multiple
-    # resources at once, use the [WAF console][1]. For more information see
-    # [Getting Started with Shield Advanced][2] and [Add Shield Advanced
-    # Protection to more Amazon Web Services Resources][3].
+    # `CreateProtection` request. You can add protection to multiple
+    # resources at once through the Shield Advanced console at
+    # [https://console.aws.amazon.com/wafv2/shieldv2#/][1]. For more
+    # information see [Getting Started with Shield Advanced][2] and [Adding
+    # Shield Advanced protection to Amazon Web Services resources][3].
     #
     #
     #
-    # [1]: https://console.aws.amazon.com/waf/
+    # [1]: https://console.aws.amazon.com/wafv2/shieldv2#/
     # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html
     # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html
     #
@@ -577,7 +598,7 @@ module Aws::Shield
     #   * For an Global Accelerator accelerator:
     #     `arn:aws:globalaccelerator::account-id:accelerator/accelerator-id `
     #
-    #   * For Amazon Route 53: `arn:aws:route53:::hostedzone/hosted-zone-id `
+    #   * For Amazon Route 53: `arn:aws:route53:::hostedzone/hosted-zone-id `
     #
     #   * For an Elastic IP address:
     #     `arn:aws:ec2:region:account-id:eip-allocation/allocation-id `
@@ -772,7 +793,7 @@ module Aws::Shield
     # Describes the details of a DDoS attack.
     #
     # @option params [required, String] :attack_id
-    #   The unique identifier (ID) for the attack that to be described.
+    #   The unique identifier (ID) for the attack.
     #
     # @return [Types::DescribeAttackResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -956,6 +977,7 @@ module Aws::Shield
     #   resp.protection.health_check_ids #=> Array
     #   resp.protection.health_check_ids[0] #=> String
     #   resp.protection.protection_arn #=> String
+    #   resp.protection.application_layer_automatic_response_configuration.status #=> String, one of "ENABLED", "DISABLED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/DescribeProtection AWS API Documentation
     #
@@ -1035,6 +1057,31 @@ module Aws::Shield
       req.send_request(options)
     end
 
+    # Disable the Shield Advanced automatic application layer DDoS
+    # mitigation feature for the resource. This stops Shield Advanced from
+    # creating, verifying, and applying WAF rules for attacks that it
+    # detects for the resource.
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN (Amazon Resource Name) of the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.disable_application_layer_automatic_response({
+    #     resource_arn: "ResourceArn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/DisableApplicationLayerAutomaticResponse AWS API Documentation
+    #
+    # @overload disable_application_layer_automatic_response(params = {})
+    # @param [Hash] params ({})
+    def disable_application_layer_automatic_response(params = {}, options = {})
+      req = build_request(:disable_application_layer_automatic_response, params)
+      req.send_request(options)
+    end
+
     # Removes authorization from the Shield Response Team (SRT) to notify
     # contacts about escalations to the SRT and to initiate proactive
     # customer support.
@@ -1053,18 +1100,6 @@ module Aws::Shield
     # Removes the Shield Response Team's (SRT) access to the specified
     # Amazon S3 bucket containing the logs that you shared previously.
     #
-    # To make a `DisassociateDRTLogBucket` request, you must be subscribed
-    # to the [Business Support plan][1] or the [Enterprise Support plan][2].
-    # However, if you are not subscribed to one of these support plans, but
-    # had been previously and had granted the SRT access to your account,
-    # you can submit a `DisassociateDRTLogBucket` request to remove this
-    # access.
-    #
-    #
-    #
-    # [1]: https://aws.amazon.com/premiumsupport/business-support/
-    # [2]: https://aws.amazon.com/premiumsupport/enterprise-support/
-    #
     # @option params [required, String] :log_bucket
     #   The Amazon S3 bucket that contains the logs that you want to share.
     #
@@ -1088,17 +1123,6 @@ module Aws::Shield
     # Removes the Shield Response Team's (SRT) access to your Amazon Web
     # Services account.
     #
-    # To make a `DisassociateDRTRole` request, you must be subscribed to the
-    # [Business Support plan][1] or the [Enterprise Support plan][2].
-    # However, if you are not subscribed to one of these support plans, but
-    # had been previously and had granted the SRT access to your account,
-    # you can submit a `DisassociateDRTRole` request to remove this access.
-    #
-    #
-    #
-    # [1]: https://aws.amazon.com/premiumsupport/business-support/
-    # [2]: https://aws.amazon.com/premiumsupport/enterprise-support/
-    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/DisassociateDRTRole AWS API Documentation
@@ -1113,9 +1137,9 @@ module Aws::Shield
     # Removes health-based detection from the Shield Advanced protection for
     # a resource. Shield Advanced health-based detection uses the health of
     # your Amazon Web Services resource to improve responsiveness and
-    # accuracy in attack detection and mitigation.
+    # accuracy in attack detection and response.
     #
-    # You define the health check in Route 53 and then associate or
+    # You define the health check in Route 53 and then associate or
     # disassociate it with your Shield Advanced protection. For more
     # information, see [Shield Advanced Health-Based Detection][1] in the
     # *WAF Developer Guide*.
@@ -1150,6 +1174,76 @@ module Aws::Shield
       req.send_request(options)
     end
 
+    # Enable the Shield Advanced automatic application layer DDoS mitigation
+    # for the resource.
+    #
+    # <note markdown="1"> This feature is available for Amazon CloudFront distributions only.
+    #
+    #  </note>
+    #
+    # This causes Shield Advanced to create, verify, and apply WAF rules for
+    # DDoS attacks that it detects for the resource. Shield Advanced applies
+    # the rules in a Shield rule group inside the web ACL that you've
+    # associated with the resource. For information about how automatic
+    # mitigation works and the requirements for using it, see [Shield
+    # Advanced automatic application layer DDoS mitigation][1].
+    #
+    # Don't use this action to make changes to automatic mitigation
+    # settings when it's already enabled for a resource. Instead, use
+    # UpdateApplicationLayerAutomaticResponse.
+    #
+    # To use this feature, you must associate a web ACL with the protected
+    # resource. The web ACL must be created using the latest version of WAF
+    # (v2). You can associate the web ACL through the Shield Advanced
+    # console at [https://console.aws.amazon.com/wafv2/shieldv2#/][2]. For
+    # more information, see [Getting Started with Shield Advanced][3].
+    #
+    # You can also do this through the WAF console or the WAF API, but you
+    # must manage Shield Advanced automatic mitigation through Shield
+    # Advanced. For information about WAF, see [WAF Developer Guide][4].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-automatic-app-layer-response.html
+    # [2]: https://console.aws.amazon.com/wafv2/shieldv2#/
+    # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html
+    # [4]: https://docs.aws.amazon.com/waf/latest/developerguide/
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN (Amazon Resource Name) of the resource.
+    #
+    # @option params [required, Types::ResponseAction] :action
+    #   Specifies the action setting that Shield Advanced should use in the
+    #   WAF rules that it creates on behalf of the protected resource in
+    #   response to DDoS attacks. You specify this as part of the
+    #   configuration for the automatic application layer DDoS mitigation
+    #   feature, when you enable or update automatic mitigation. Shield
+    #   Advanced creates the WAF rules in a Shield Advanced-managed rule
+    #   group, inside the web ACL that you have associated with the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.enable_application_layer_automatic_response({
+    #     resource_arn: "ResourceArn", # required
+    #     action: { # required
+    #       block: {
+    #       },
+    #       count: {
+    #       },
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/EnableApplicationLayerAutomaticResponse AWS API Documentation
+    #
+    # @overload enable_application_layer_automatic_response(params = {})
+    # @param [Hash] params ({})
+    def enable_application_layer_automatic_response(params = {}, options = {})
+      req = build_request(:enable_application_layer_automatic_response, params)
+      req.send_request(options)
+    end
+
     # Authorizes the Shield Response Team (SRT) to use email and phone to
     # notify contacts about escalations to the SRT and to initiate proactive
     # customer support.
@@ -1188,44 +1282,56 @@ module Aws::Shield
     # specified time period.
     #
     # @option params [Array<String>] :resource_arns
-    #   The ARN (Amazon Resource Name) of the resource that was attacked. If
-    #   this is left blank, all applicable resources for this account will be
-    #   included.
+    #   The ARNs (Amazon Resource Names) of the resources that were attacked.
+    #   If you leave this blank, all applicable resources for this account
+    #   will be included.
     #
     # @option params [Types::TimeRange] :start_time
     #   The start of the time period for the attacks. This is a `timestamp`
-    #   type. The sample request above indicates a `number` type because the
-    #   default used by WAF is Unix time in seconds. However any valid
-    #   [timestamp format][1] is allowed.
+    #   type. The request syntax listing for this call indicates a `number`
+    #   type, but you can provide the time in any valid [timestamp format][1]
+    #   setting.
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp
     #
     # @option params [Types::TimeRange] :end_time
     #   The end of the time period for the attacks. This is a `timestamp`
-    #   type. The sample request above indicates a `number` type because the
-    #   default used by WAF is Unix time in seconds. However any valid
-    #   [timestamp format][1] is allowed.
+    #   type. The request syntax listing for this call indicates a `number`
+    #   type, but you can provide the time in any valid [timestamp format][1]
+    #   setting.
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types
+    #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp
     #
     # @option params [String] :next_token
-    #   The `ListAttacksRequest.NextMarker` value from a previous call to
-    #   `ListAttacksRequest`. Pass null if this is the first call.
+    #   When you request a list of objects from Shield Advanced, if the
+    #   response does not include all of the remaining available objects,
+    #   Shield Advanced includes a `NextToken` value in the response. You can
+    #   retrieve the next batch of objects by requesting the list again and
+    #   providing the token that was returned by the prior call in your
+    #   request.
+    #
+    #   You can indicate the maximum number of objects that you want Shield
+    #   Advanced to return for a single call with the `MaxResults` setting.
+    #   Shield Advanced will not return more than `MaxResults` objects, but
+    #   may return fewer, even if more objects are still available.
+    #
+    #   Whenever more objects remain that Shield Advanced has not yet returned
+    #   to you, the response will include a `NextToken` value.
+    #
+    #   On your first call to a list operation, leave this setting empty.
     #
     # @option params [Integer] :max_results
-    #   The maximum number of AttackSummary objects to return. If you leave
-    #   this blank, Shield Advanced returns the first 20 results.
+    #   The greatest number of objects that you want Shield Advanced to return
+    #   to the list request. Shield Advanced might return fewer objects than
+    #   you indicate in this setting, even if more objects are available. If
+    #   there are more objects remaining, Shield Advanced will always also
+    #   return a `NextToken` value in the response.
     #
-    #   This is a maximum value. Shield Advanced might return the results in
-    #   smaller batches. That is, the number of objects returned could be less
-    #   than `MaxResults`, even if there are still more objects yet to return.
-    #   If there are more objects to return, Shield Advanced returns a value
-    #   in `NextToken` that you can use in your next request, to get the next
-    #   batch of objects.
+    #   The default setting is 20.
     #
     # @return [Types::ListAttacksResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1273,19 +1379,31 @@ module Aws::Shield
     # Retrieves the ProtectionGroup objects for the account.
     #
     # @option params [String] :next_token
-    #   The next token value from a previous call to `ListProtectionGroups`.
-    #   Pass null if this is the first call.
+    #   When you request a list of objects from Shield Advanced, if the
+    #   response does not include all of the remaining available objects,
+    #   Shield Advanced includes a `NextToken` value in the response. You can
+    #   retrieve the next batch of objects by requesting the list again and
+    #   providing the token that was returned by the prior call in your
+    #   request.
+    #
+    #   You can indicate the maximum number of objects that you want Shield
+    #   Advanced to return for a single call with the `MaxResults` setting.
+    #   Shield Advanced will not return more than `MaxResults` objects, but
+    #   may return fewer, even if more objects are still available.
+    #
+    #   Whenever more objects remain that Shield Advanced has not yet returned
+    #   to you, the response will include a `NextToken` value.
+    #
+    #   On your first call to a list operation, leave this setting empty.
     #
     # @option params [Integer] :max_results
-    #   The maximum number of ProtectionGroup objects to return. If you leave
-    #   this blank, Shield Advanced returns the first 20 results.
+    #   The greatest number of objects that you want Shield Advanced to return
+    #   to the list request. Shield Advanced might return fewer objects than
+    #   you indicate in this setting, even if more objects are available. If
+    #   there are more objects remaining, Shield Advanced will always also
+    #   return a `NextToken` value in the response.
     #
-    #   This is a maximum value. Shield Advanced might return the results in
-    #   smaller batches. That is, the number of objects returned could be less
-    #   than `MaxResults`, even if there are still more objects yet to return.
-    #   If there are more objects to return, Shield Advanced returns a value
-    #   in `NextToken` that you can use in your next request, to get the next
-    #   batch of objects.
+    #   The default setting is 20.
     #
     # @return [Types::ListProtectionGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1325,19 +1443,31 @@ module Aws::Shield
     # Lists all Protection objects for the account.
     #
     # @option params [String] :next_token
-    #   The `ListProtectionsRequest.NextToken` value from a previous call to
-    #   `ListProtections`. Pass null if this is the first call.
+    #   When you request a list of objects from Shield Advanced, if the
+    #   response does not include all of the remaining available objects,
+    #   Shield Advanced includes a `NextToken` value in the response. You can
+    #   retrieve the next batch of objects by requesting the list again and
+    #   providing the token that was returned by the prior call in your
+    #   request.
+    #
+    #   You can indicate the maximum number of objects that you want Shield
+    #   Advanced to return for a single call with the `MaxResults` setting.
+    #   Shield Advanced will not return more than `MaxResults` objects, but
+    #   may return fewer, even if more objects are still available.
+    #
+    #   Whenever more objects remain that Shield Advanced has not yet returned
+    #   to you, the response will include a `NextToken` value.
+    #
+    #   On your first call to a list operation, leave this setting empty.
     #
     # @option params [Integer] :max_results
-    #   The maximum number of Protection objects to return. If you leave this
-    #   blank, Shield Advanced returns the first 20 results.
+    #   The greatest number of objects that you want Shield Advanced to return
+    #   to the list request. Shield Advanced might return fewer objects than
+    #   you indicate in this setting, even if more objects are available. If
+    #   there are more objects remaining, Shield Advanced will always also
+    #   return a `NextToken` value in the response.
     #
-    #   This is a maximum value. Shield Advanced might return the results in
-    #   smaller batches. That is, the number of objects returned could be less
-    #   than `MaxResults`, even if there are still more objects yet to return.
-    #   If there are more objects to return, Shield Advanced returns a value
-    #   in `NextToken` that you can use in your next request, to get the next
-    #   batch of objects.
+    #   The default setting is 20.
     #
     # @return [Types::ListProtectionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1362,6 +1492,7 @@ module Aws::Shield
     #   resp.protections[0].health_check_ids #=> Array
     #   resp.protections[0].health_check_ids[0] #=> String
     #   resp.protections[0].protection_arn #=> String
+    #   resp.protections[0].application_layer_automatic_response_configuration.status #=> String, one of "ENABLED", "DISABLED"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/ListProtections AWS API Documentation
@@ -1381,19 +1512,31 @@ module Aws::Shield
     #   example to update, delete, or describe it.
     #
     # @option params [String] :next_token
-    #   The next token value from a previous call to
-    #   `ListResourcesInProtectionGroup`. Pass null if this is the first call.
+    #   When you request a list of objects from Shield Advanced, if the
+    #   response does not include all of the remaining available objects,
+    #   Shield Advanced includes a `NextToken` value in the response. You can
+    #   retrieve the next batch of objects by requesting the list again and
+    #   providing the token that was returned by the prior call in your
+    #   request.
+    #
+    #   You can indicate the maximum number of objects that you want Shield
+    #   Advanced to return for a single call with the `MaxResults` setting.
+    #   Shield Advanced will not return more than `MaxResults` objects, but
+    #   may return fewer, even if more objects are still available.
+    #
+    #   Whenever more objects remain that Shield Advanced has not yet returned
+    #   to you, the response will include a `NextToken` value.
+    #
+    #   On your first call to a list operation, leave this setting empty.
     #
     # @option params [Integer] :max_results
-    #   The maximum number of resource ARN objects to return. If you leave
-    #   this blank, Shield Advanced returns the first 20 results.
+    #   The greatest number of objects that you want Shield Advanced to return
+    #   to the list request. Shield Advanced might return fewer objects than
+    #   you indicate in this setting, even if more objects are available. If
+    #   there are more objects remaining, Shield Advanced will always also
+    #   return a `NextToken` value in the response.
     #
-    #   This is a maximum value. Shield Advanced might return the results in
-    #   smaller batches. That is, the number of objects returned could be less
-    #   than `MaxResults`, even if there are still more objects yet to return.
-    #   If there are more objects to return, Shield Advanced returns a value
-    #   in `NextToken` that you can use in your next request, to get the next
-    #   batch of objects.
+    #   The default setting is 20.
     #
     # @return [Types::ListResourcesInProtectionGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1515,6 +1658,44 @@ module Aws::Shield
       req.send_request(options)
     end
 
+    # Updates an existing Shield Advanced automatic application layer DDoS
+    # mitigation configuration for the specified resource.
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN (Amazon Resource Name) of the resource.
+    #
+    # @option params [required, Types::ResponseAction] :action
+    #   Specifies the action setting that Shield Advanced should use in the
+    #   WAF rules that it creates on behalf of the protected resource in
+    #   response to DDoS attacks. You specify this as part of the
+    #   configuration for the automatic application layer DDoS mitigation
+    #   feature, when you enable or update automatic mitigation. Shield
+    #   Advanced creates the WAF rules in a Shield Advanced-managed rule
+    #   group, inside the web ACL that you have associated with the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_application_layer_automatic_response({
+    #     resource_arn: "ResourceArn", # required
+    #     action: { # required
+    #       block: {
+    #       },
+    #       count: {
+    #       },
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/shield-2016-06-02/UpdateApplicationLayerAutomaticResponse AWS API Documentation
+    #
+    # @overload update_application_layer_automatic_response(params = {})
+    # @param [Hash] params ({})
+    def update_application_layer_automatic_response(params = {}, options = {})
+      req = build_request(:update_application_layer_automatic_response, params)
+      req.send_request(options)
+    end
+
     # Updates the details of the list of email addresses and phone numbers
     # that the Shield Response Team (SRT) can use to contact you if you have
     # proactive engagement enabled, for escalations to the SRT and to
@@ -1659,7 +1840,7 @@ module Aws::Shield
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-shield'
-      context[:gem_version] = '1.42.0'
+      context[:gem_version] = '1.46.0'
       Seahorse::Client::Request.new(handlers, context)
     end