@aws-sdk/client-fms 3.315.0 → 3.318.0

package/dist-types/commands/GetAdminScopeCommand.d.ts

@@ -0,0 +1,80 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { GetAdminScopeRequest, GetAdminScopeResponse } from "../models/models_0";
+/**
+ * @public
+ *
+ * The input for {@link GetAdminScopeCommand}.
+ */
+export interface GetAdminScopeCommandInput extends GetAdminScopeRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetAdminScopeCommand}.
+ */
+export interface GetAdminScopeCommandOutput extends GetAdminScopeResponse, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Returns information about the specified account's administrative scope. The admistrative scope defines the resources that an Firewall Manager administrator can manage.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, GetAdminScopeCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, GetAdminScopeCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const input = { // GetAdminScopeRequest
+ *   AdminAccount: "STRING_VALUE", // required
+ * };
+ * const command = new GetAdminScopeCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @param GetAdminScopeCommandInput - {@link GetAdminScopeCommandInput}
+ * @returns {@link GetAdminScopeCommandOutput}
+ * @see {@link GetAdminScopeCommandInput} for command's `input` shape.
+ * @see {@link GetAdminScopeCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ * @throws {@link InternalErrorException} (client fault)
+ *  <p>The operation failed because of a system problem, even though the request was valid. Retry
+ *       your request.</p>
+ *
+ * @throws {@link InvalidInputException} (client fault)
+ *  <p>The parameters of the request were invalid.</p>
+ *
+ * @throws {@link InvalidOperationException} (client fault)
+ *  <p>The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have
+ *         submitted an <code>AssociateAdminAccount</code> request for an account ID that
+ *             was already set as the Firewall Manager administrator. Or you might have tried to access a Region
+ *   that's disabled by default, and that you need to enable for the Firewall Manager
+ *   administrator account and for Organizations before you can access it.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified resource was not found.</p>
+ *
+ *
+ */
+export declare class GetAdminScopeCommand extends $Command<GetAdminScopeCommandInput, GetAdminScopeCommandOutput, FMSClientResolvedConfig> {
+    readonly input: GetAdminScopeCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: GetAdminScopeCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: FMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetAdminScopeCommandInput, GetAdminScopeCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/GetComplianceDetailCommand.d.ts

@@ -23,23 +23,23 @@ export interface GetComplianceDetailCommandOutput extends GetComplianceDetailRes
  *       include resources that are in and out of compliance with the specified policy. </p>
  *          <ul>
  *             <li>
- *               <p>Resources are
+ *                <p>Resources are
  *               considered noncompliant for WAF and Shield Advanced policies if the specified policy has
  *               not been applied to them.</p>
  *             </li>
  *             <li>
- *               <p>Resources are considered noncompliant for security group policies if
+ *                <p>Resources are considered noncompliant for security group policies if
  *               they are in scope of the policy, they violate one or more of the policy rules, and remediation
  *               is disabled or not possible.</p>
  *             </li>
  *             <li>
- *               <p>Resources are considered noncompliant for Network Firewall policies
+ *                <p>Resources are considered noncompliant for Network Firewall policies
  *                 if a firewall is missing in the VPC, if the firewall endpoint isn't set up in an expected Availability Zone and subnet,
  *                 if a subnet created by the Firewall Manager doesn't have the expected route table,
  *                 and for modifications to a firewall policy that violate the Firewall Manager policy's rules.</p>
  *             </li>
  *             <li>
- *               <p>Resources are considered noncompliant for DNS Firewall policies
+ *                <p>Resources are considered noncompliant for DNS Firewall policies
  *               if a DNS Firewall rule group is missing from the rule group associations for the VPC. </p>
  *             </li>
  *          </ul>

package/dist-types/commands/ListAdminAccountsForOrganizationCommand.d.ts

@@ -0,0 +1,79 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { ListAdminAccountsForOrganizationRequest, ListAdminAccountsForOrganizationResponse } from "../models/models_0";
+/**
+ * @public
+ *
+ * The input for {@link ListAdminAccountsForOrganizationCommand}.
+ */
+export interface ListAdminAccountsForOrganizationCommandInput extends ListAdminAccountsForOrganizationRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link ListAdminAccountsForOrganizationCommand}.
+ */
+export interface ListAdminAccountsForOrganizationCommandOutput extends ListAdminAccountsForOrganizationResponse, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Returns a <code>AdminAccounts</code> object that lists the Firewall Manager administrators within the organization that are onboarded to Firewall Manager by <a>AssociateAdminAccount</a>.</p>
+ *          <p>This operation can be called only from the organization's management account.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, ListAdminAccountsForOrganizationCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, ListAdminAccountsForOrganizationCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const input = { // ListAdminAccountsForOrganizationRequest
+ *   NextToken: "STRING_VALUE",
+ *   MaxResults: Number("int"),
+ * };
+ * const command = new ListAdminAccountsForOrganizationCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @param ListAdminAccountsForOrganizationCommandInput - {@link ListAdminAccountsForOrganizationCommandInput}
+ * @returns {@link ListAdminAccountsForOrganizationCommandOutput}
+ * @see {@link ListAdminAccountsForOrganizationCommandInput} for command's `input` shape.
+ * @see {@link ListAdminAccountsForOrganizationCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ * @throws {@link InternalErrorException} (client fault)
+ *  <p>The operation failed because of a system problem, even though the request was valid. Retry
+ *       your request.</p>
+ *
+ * @throws {@link InvalidOperationException} (client fault)
+ *  <p>The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have
+ *         submitted an <code>AssociateAdminAccount</code> request for an account ID that
+ *             was already set as the Firewall Manager administrator. Or you might have tried to access a Region
+ *   that's disabled by default, and that you need to enable for the Firewall Manager
+ *   administrator account and for Organizations before you can access it.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified resource was not found.</p>
+ *
+ *
+ */
+export declare class ListAdminAccountsForOrganizationCommand extends $Command<ListAdminAccountsForOrganizationCommandInput, ListAdminAccountsForOrganizationCommandOutput, FMSClientResolvedConfig> {
+    readonly input: ListAdminAccountsForOrganizationCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: ListAdminAccountsForOrganizationCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: FMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<ListAdminAccountsForOrganizationCommandInput, ListAdminAccountsForOrganizationCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/ListAdminsManagingAccountCommand.d.ts

@@ -0,0 +1,74 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { ListAdminsManagingAccountRequest, ListAdminsManagingAccountResponse } from "../models/models_0";
+/**
+ * @public
+ *
+ * The input for {@link ListAdminsManagingAccountCommand}.
+ */
+export interface ListAdminsManagingAccountCommandInput extends ListAdminsManagingAccountRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link ListAdminsManagingAccountCommand}.
+ */
+export interface ListAdminsManagingAccountCommandOutput extends ListAdminsManagingAccountResponse, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Lists the accounts that are managing the specified Organizations member account. This is useful for any member account so that they can view the accounts who are managing their account. This operation only returns the managing administrators that have the requested account within their <a>AdminScope</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, ListAdminsManagingAccountCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, ListAdminsManagingAccountCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const input = { // ListAdminsManagingAccountRequest
+ *   NextToken: "STRING_VALUE",
+ *   MaxResults: Number("int"),
+ * };
+ * const command = new ListAdminsManagingAccountCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @param ListAdminsManagingAccountCommandInput - {@link ListAdminsManagingAccountCommandInput}
+ * @returns {@link ListAdminsManagingAccountCommandOutput}
+ * @see {@link ListAdminsManagingAccountCommandInput} for command's `input` shape.
+ * @see {@link ListAdminsManagingAccountCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ * @throws {@link InternalErrorException} (client fault)
+ *  <p>The operation failed because of a system problem, even though the request was valid. Retry
+ *       your request.</p>
+ *
+ * @throws {@link InvalidInputException} (client fault)
+ *  <p>The parameters of the request were invalid.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified resource was not found.</p>
+ *
+ *
+ */
+export declare class ListAdminsManagingAccountCommand extends $Command<ListAdminsManagingAccountCommandInput, ListAdminsManagingAccountCommandOutput, FMSClientResolvedConfig> {
+    readonly input: ListAdminsManagingAccountCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: ListAdminsManagingAccountCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: FMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<ListAdminsManagingAccountCommandInput, ListAdminsManagingAccountCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/ListMemberAccountsCommand.d.ts

@@ -21,8 +21,7 @@ export interface ListMemberAccountsCommandOutput extends ListMemberAccountsRespo
  * @public
  * <p>Returns a <code>MemberAccounts</code> object that lists the member accounts in the
  *       administrator's Amazon Web Services organization.</p>
- *          <p>The <code>ListMemberAccounts</code> must be submitted by the account that is set as the
- *       Firewall Manager administrator.</p>
+ *          <p>Either an Firewall Manager administrator or the organization's management account can make this request.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutAdminAccountCommand.d.ts

@@ -0,0 +1,112 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { PutAdminAccountRequest } from "../models/models_0";
+/**
+ * @public
+ *
+ * The input for {@link PutAdminAccountCommand}.
+ */
+export interface PutAdminAccountCommandInput extends PutAdminAccountRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link PutAdminAccountCommand}.
+ */
+export interface PutAdminAccountCommandOutput extends __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Creates or updates an Firewall Manager administrator account. The account must be a member of the organization that was onboarded to Firewall Manager by <a>AssociateAdminAccount</a>. Only the organization's management account can create an Firewall Manager administrator account. When you create an Firewall Manager administrator account, the service checks to see if the account is already a delegated administrator within Organizations. If the account isn't a delegated administrator, Firewall Manager calls Organizations to delegate the account within Organizations. For more information about administrator accounts within Organizations, see
+ *         <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html">Managing the Amazon Web Services Accounts in Your Organization</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, PutAdminAccountCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, PutAdminAccountCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const input = { // PutAdminAccountRequest
+ *   AdminAccount: "STRING_VALUE", // required
+ *   AdminScope: { // AdminScope
+ *     AccountScope: { // AccountScope
+ *       Accounts: [ // AccountIdList
+ *         "STRING_VALUE",
+ *       ],
+ *       AllAccountsEnabled: true || false,
+ *       ExcludeSpecifiedAccounts: true || false,
+ *     },
+ *     OrganizationalUnitScope: { // OrganizationalUnitScope
+ *       OrganizationalUnits: [ // OrganizationalUnitIdList
+ *         "STRING_VALUE",
+ *       ],
+ *       AllOrganizationalUnitsEnabled: true || false,
+ *       ExcludeSpecifiedOrganizationalUnits: true || false,
+ *     },
+ *     RegionScope: { // RegionScope
+ *       Regions: [ // AWSRegionList
+ *         "STRING_VALUE",
+ *       ],
+ *       AllRegionsEnabled: true || false,
+ *     },
+ *     PolicyTypeScope: { // PolicyTypeScope
+ *       PolicyTypes: [ // SecurityServiceTypeList
+ *         "WAF" || "WAFV2" || "SHIELD_ADVANCED" || "SECURITY_GROUPS_COMMON" || "SECURITY_GROUPS_CONTENT_AUDIT" || "SECURITY_GROUPS_USAGE_AUDIT" || "NETWORK_FIREWALL" || "DNS_FIREWALL" || "THIRD_PARTY_FIREWALL" || "IMPORT_NETWORK_FIREWALL",
+ *       ],
+ *       AllPolicyTypesEnabled: true || false,
+ *     },
+ *   },
+ * };
+ * const command = new PutAdminAccountCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @param PutAdminAccountCommandInput - {@link PutAdminAccountCommandInput}
+ * @returns {@link PutAdminAccountCommandOutput}
+ * @see {@link PutAdminAccountCommandInput} for command's `input` shape.
+ * @see {@link PutAdminAccountCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ * @throws {@link InternalErrorException} (client fault)
+ *  <p>The operation failed because of a system problem, even though the request was valid. Retry
+ *       your request.</p>
+ *
+ * @throws {@link InvalidInputException} (client fault)
+ *  <p>The parameters of the request were invalid.</p>
+ *
+ * @throws {@link InvalidOperationException} (client fault)
+ *  <p>The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have
+ *         submitted an <code>AssociateAdminAccount</code> request for an account ID that
+ *             was already set as the Firewall Manager administrator. Or you might have tried to access a Region
+ *   that's disabled by default, and that you need to enable for the Firewall Manager
+ *   administrator account and for Organizations before you can access it.</p>
+ *
+ * @throws {@link LimitExceededException} (client fault)
+ *  <p>The operation exceeds a resource limit, for example, the maximum number of
+ *         <code>policy</code> objects that you can create for an Amazon Web Services account. For more information,
+ *       see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html">Firewall
+ *         Manager Limits</a> in the <i>WAF Developer Guide</i>.</p>
+ *
+ *
+ */
+export declare class PutAdminAccountCommand extends $Command<PutAdminAccountCommandInput, PutAdminAccountCommandOutput, FMSClientResolvedConfig> {
+    readonly input: PutAdminAccountCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: PutAdminAccountCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: FMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<PutAdminAccountCommandInput, PutAdminAccountCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/PutNotificationChannelCommand.d.ts

@@ -21,9 +21,8 @@ export interface PutNotificationChannelCommandOutput extends __MetadataBearer {
  * @public
  * <p>Designates the IAM role and Amazon Simple Notification Service (SNS) topic that
  *       Firewall Manager uses to record SNS logs.</p>
- *          <p>To perform this action outside of the console, you must configure the SNS topic to allow the Firewall Manager
- *       role <code>AWSServiceRoleForFMS</code> to publish SNS logs. For more information, see
- *       <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html">Firewall Manager required permissions for API actions</a> in the <i>Firewall Manager Developer Guide</i>.</p>
+ *          <p>To perform this action outside of the console, you must first configure the SNS topic's access policy to allow the <code>SnsRoleName</code> to publish SNS logs. If the <code>SnsRoleName</code> provided is a role other than the <code>AWSServiceRoleForFMS</code> service-linked role, this role must have a trust relationship configured to allow the Firewall Manager service principal <code>fms.amazonaws.com</code> to assume this role. For information about configuring an SNS access policy, see
+ *       <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-security_iam_service-with-iam.html#fms-security_iam_service-with-iam-roles-service">Service roles for Firewall Manager</a> in the <i>Firewall Manager Developer Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutPolicyCommand.d.ts

@@ -102,6 +102,7 @@ export interface PutPolicyCommandOutput extends PutPolicyResponse, __MetadataBea
  *       "STRING_VALUE",
  *     ],
  *     PolicyDescription: "STRING_VALUE",
+ *     PolicyStatus: "ACTIVE" || "OUT_OF_ADMIN_SCOPE",
  *   },
  *   TagList: [ // TagList
  *     { // Tag

package/dist-types/commands/PutResourceSetCommand.d.ts

@@ -37,6 +37,7 @@ export interface PutResourceSetCommandOutput extends PutResourceSetResponse, __M
  *       "STRING_VALUE",
  *     ],
  *     LastUpdateTime: new Date("TIMESTAMP"),
+ *     ResourceSetStatus: "ACTIVE" || "OUT_OF_ADMIN_SCOPE",
  *   },
  *   TagList: [ // TagList
  *     { // Tag

package/dist-types/commands/index.d.ts

@@ -10,6 +10,7 @@ export * from "./DeleteResourceSetCommand";
 export * from "./DisassociateAdminAccountCommand";
 export * from "./DisassociateThirdPartyFirewallCommand";
 export * from "./GetAdminAccountCommand";
+export * from "./GetAdminScopeCommand";
 export * from "./GetAppsListCommand";
 export * from "./GetComplianceDetailCommand";
 export * from "./GetNotificationChannelCommand";
@@ -19,6 +20,8 @@ export * from "./GetProtocolsListCommand";
 export * from "./GetResourceSetCommand";
 export * from "./GetThirdPartyFirewallAssociationStatusCommand";
 export * from "./GetViolationDetailsCommand";
+export * from "./ListAdminAccountsForOrganizationCommand";
+export * from "./ListAdminsManagingAccountCommand";
 export * from "./ListAppsListsCommand";
 export * from "./ListComplianceStatusCommand";
 export * from "./ListDiscoveredResourcesCommand";
@@ -29,6 +32,7 @@ export * from "./ListResourceSetResourcesCommand";
 export * from "./ListResourceSetsCommand";
 export * from "./ListTagsForResourceCommand";
 export * from "./ListThirdPartyFirewallFirewallPoliciesCommand";
+export * from "./PutAdminAccountCommand";
 export * from "./PutAppsListCommand";
 export * from "./PutNotificationChannelCommand";
 export * from "./PutPolicyCommand";

package/dist-types/endpoint/EndpointParameters.d.ts

@@ -12,7 +12,7 @@ export declare const resolveClientEndpointParameters: <T>(options: T & ClientInp
     defaultSigningName: string;
 };
 export interface EndpointParameters extends __EndpointParameters {
-    Region: string;
+    Region?: string;
     UseDualStack?: boolean;
     UseFIPS?: boolean;
     Endpoint?: string;