@aws-sdk/client-fms 3.316.0 → 3.318.0

package/dist-types/commands/ListAdminsManagingAccountCommand.d.ts

@@ -0,0 +1,74 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { ListAdminsManagingAccountRequest, ListAdminsManagingAccountResponse } from "../models/models_0";
+/**
+ * @public
+ *
+ * The input for {@link ListAdminsManagingAccountCommand}.
+ */
+export interface ListAdminsManagingAccountCommandInput extends ListAdminsManagingAccountRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link ListAdminsManagingAccountCommand}.
+ */
+export interface ListAdminsManagingAccountCommandOutput extends ListAdminsManagingAccountResponse, __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Lists the accounts that are managing the specified Organizations member account. This is useful for any member account so that they can view the accounts who are managing their account. This operation only returns the managing administrators that have the requested account within their <a>AdminScope</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, ListAdminsManagingAccountCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, ListAdminsManagingAccountCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const input = { // ListAdminsManagingAccountRequest
+ *   NextToken: "STRING_VALUE",
+ *   MaxResults: Number("int"),
+ * };
+ * const command = new ListAdminsManagingAccountCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @param ListAdminsManagingAccountCommandInput - {@link ListAdminsManagingAccountCommandInput}
+ * @returns {@link ListAdminsManagingAccountCommandOutput}
+ * @see {@link ListAdminsManagingAccountCommandInput} for command's `input` shape.
+ * @see {@link ListAdminsManagingAccountCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ * @throws {@link InternalErrorException} (client fault)
+ *  <p>The operation failed because of a system problem, even though the request was valid. Retry
+ *       your request.</p>
+ *
+ * @throws {@link InvalidInputException} (client fault)
+ *  <p>The parameters of the request were invalid.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified resource was not found.</p>
+ *
+ *
+ */
+export declare class ListAdminsManagingAccountCommand extends $Command<ListAdminsManagingAccountCommandInput, ListAdminsManagingAccountCommandOutput, FMSClientResolvedConfig> {
+    readonly input: ListAdminsManagingAccountCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: ListAdminsManagingAccountCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: FMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<ListAdminsManagingAccountCommandInput, ListAdminsManagingAccountCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/ListMemberAccountsCommand.d.ts

@@ -21,8 +21,7 @@ export interface ListMemberAccountsCommandOutput extends ListMemberAccountsRespo
  * @public
  * <p>Returns a <code>MemberAccounts</code> object that lists the member accounts in the
  *       administrator's Amazon Web Services organization.</p>
- *          <p>The <code>ListMemberAccounts</code> must be submitted by the account that is set as the
- *       Firewall Manager administrator.</p>
+ *          <p>Either an Firewall Manager administrator or the organization's management account can make this request.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutAdminAccountCommand.d.ts

@@ -0,0 +1,112 @@
+import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { PutAdminAccountRequest } from "../models/models_0";
+/**
+ * @public
+ *
+ * The input for {@link PutAdminAccountCommand}.
+ */
+export interface PutAdminAccountCommandInput extends PutAdminAccountRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link PutAdminAccountCommand}.
+ */
+export interface PutAdminAccountCommandOutput extends __MetadataBearer {
+}
+/**
+ * @public
+ * <p>Creates or updates an Firewall Manager administrator account. The account must be a member of the organization that was onboarded to Firewall Manager by <a>AssociateAdminAccount</a>. Only the organization's management account can create an Firewall Manager administrator account. When you create an Firewall Manager administrator account, the service checks to see if the account is already a delegated administrator within Organizations. If the account isn't a delegated administrator, Firewall Manager calls Organizations to delegate the account within Organizations. For more information about administrator accounts within Organizations, see
+ *         <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html">Managing the Amazon Web Services Accounts in Your Organization</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, PutAdminAccountCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, PutAdminAccountCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const input = { // PutAdminAccountRequest
+ *   AdminAccount: "STRING_VALUE", // required
+ *   AdminScope: { // AdminScope
+ *     AccountScope: { // AccountScope
+ *       Accounts: [ // AccountIdList
+ *         "STRING_VALUE",
+ *       ],
+ *       AllAccountsEnabled: true || false,
+ *       ExcludeSpecifiedAccounts: true || false,
+ *     },
+ *     OrganizationalUnitScope: { // OrganizationalUnitScope
+ *       OrganizationalUnits: [ // OrganizationalUnitIdList
+ *         "STRING_VALUE",
+ *       ],
+ *       AllOrganizationalUnitsEnabled: true || false,
+ *       ExcludeSpecifiedOrganizationalUnits: true || false,
+ *     },
+ *     RegionScope: { // RegionScope
+ *       Regions: [ // AWSRegionList
+ *         "STRING_VALUE",
+ *       ],
+ *       AllRegionsEnabled: true || false,
+ *     },
+ *     PolicyTypeScope: { // PolicyTypeScope
+ *       PolicyTypes: [ // SecurityServiceTypeList
+ *         "WAF" || "WAFV2" || "SHIELD_ADVANCED" || "SECURITY_GROUPS_COMMON" || "SECURITY_GROUPS_CONTENT_AUDIT" || "SECURITY_GROUPS_USAGE_AUDIT" || "NETWORK_FIREWALL" || "DNS_FIREWALL" || "THIRD_PARTY_FIREWALL" || "IMPORT_NETWORK_FIREWALL",
+ *       ],
+ *       AllPolicyTypesEnabled: true || false,
+ *     },
+ *   },
+ * };
+ * const command = new PutAdminAccountCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @param PutAdminAccountCommandInput - {@link PutAdminAccountCommandInput}
+ * @returns {@link PutAdminAccountCommandOutput}
+ * @see {@link PutAdminAccountCommandInput} for command's `input` shape.
+ * @see {@link PutAdminAccountCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ * @throws {@link InternalErrorException} (client fault)
+ *  <p>The operation failed because of a system problem, even though the request was valid. Retry
+ *       your request.</p>
+ *
+ * @throws {@link InvalidInputException} (client fault)
+ *  <p>The parameters of the request were invalid.</p>
+ *
+ * @throws {@link InvalidOperationException} (client fault)
+ *  <p>The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have
+ *         submitted an <code>AssociateAdminAccount</code> request for an account ID that
+ *             was already set as the Firewall Manager administrator. Or you might have tried to access a Region
+ *   that's disabled by default, and that you need to enable for the Firewall Manager
+ *   administrator account and for Organizations before you can access it.</p>
+ *
+ * @throws {@link LimitExceededException} (client fault)
+ *  <p>The operation exceeds a resource limit, for example, the maximum number of
+ *         <code>policy</code> objects that you can create for an Amazon Web Services account. For more information,
+ *       see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html">Firewall
+ *         Manager Limits</a> in the <i>WAF Developer Guide</i>.</p>
+ *
+ *
+ */
+export declare class PutAdminAccountCommand extends $Command<PutAdminAccountCommandInput, PutAdminAccountCommandOutput, FMSClientResolvedConfig> {
+    readonly input: PutAdminAccountCommandInput;
+    static getEndpointParameterInstructions(): EndpointParameterInstructions;
+    /**
+     * @public
+     */
+    constructor(input: PutAdminAccountCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: FMSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<PutAdminAccountCommandInput, PutAdminAccountCommandOutput>;
+    /**
+     * @internal
+     */
+    private serialize;
+    /**
+     * @internal
+     */
+    private deserialize;
+}

package/dist-types/commands/PutNotificationChannelCommand.d.ts

@@ -21,9 +21,8 @@ export interface PutNotificationChannelCommandOutput extends __MetadataBearer {
  * @public
  * <p>Designates the IAM role and Amazon Simple Notification Service (SNS) topic that
  *       Firewall Manager uses to record SNS logs.</p>
- *          <p>To perform this action outside of the console, you must configure the SNS topic to allow the Firewall Manager
- *       role <code>AWSServiceRoleForFMS</code> to publish SNS logs. For more information, see
- *       <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html">Firewall Manager required permissions for API actions</a> in the <i>Firewall Manager Developer Guide</i>.</p>
+ *          <p>To perform this action outside of the console, you must first configure the SNS topic's access policy to allow the <code>SnsRoleName</code> to publish SNS logs. If the <code>SnsRoleName</code> provided is a role other than the <code>AWSServiceRoleForFMS</code> service-linked role, this role must have a trust relationship configured to allow the Firewall Manager service principal <code>fms.amazonaws.com</code> to assume this role. For information about configuring an SNS access policy, see
+ *       <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-security_iam_service-with-iam.html#fms-security_iam_service-with-iam-roles-service">Service roles for Firewall Manager</a> in the <i>Firewall Manager Developer Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutPolicyCommand.d.ts

@@ -102,6 +102,7 @@ export interface PutPolicyCommandOutput extends PutPolicyResponse, __MetadataBea
  *       "STRING_VALUE",
  *     ],
  *     PolicyDescription: "STRING_VALUE",
+ *     PolicyStatus: "ACTIVE" || "OUT_OF_ADMIN_SCOPE",
  *   },
  *   TagList: [ // TagList
  *     { // Tag

package/dist-types/commands/PutResourceSetCommand.d.ts

@@ -37,6 +37,7 @@ export interface PutResourceSetCommandOutput extends PutResourceSetResponse, __M
  *       "STRING_VALUE",
  *     ],
  *     LastUpdateTime: new Date("TIMESTAMP"),
+ *     ResourceSetStatus: "ACTIVE" || "OUT_OF_ADMIN_SCOPE",
  *   },
  *   TagList: [ // TagList
  *     { // Tag

package/dist-types/commands/index.d.ts

@@ -10,6 +10,7 @@ export * from "./DeleteResourceSetCommand";
 export * from "./DisassociateAdminAccountCommand";
 export * from "./DisassociateThirdPartyFirewallCommand";
 export * from "./GetAdminAccountCommand";
+export * from "./GetAdminScopeCommand";
 export * from "./GetAppsListCommand";
 export * from "./GetComplianceDetailCommand";
 export * from "./GetNotificationChannelCommand";
@@ -19,6 +20,8 @@ export * from "./GetProtocolsListCommand";
 export * from "./GetResourceSetCommand";
 export * from "./GetThirdPartyFirewallAssociationStatusCommand";
 export * from "./GetViolationDetailsCommand";
+export * from "./ListAdminAccountsForOrganizationCommand";
+export * from "./ListAdminsManagingAccountCommand";
 export * from "./ListAppsListsCommand";
 export * from "./ListComplianceStatusCommand";
 export * from "./ListDiscoveredResourcesCommand";
@@ -29,6 +32,7 @@ export * from "./ListResourceSetResourcesCommand";
 export * from "./ListResourceSetsCommand";
 export * from "./ListTagsForResourceCommand";
 export * from "./ListThirdPartyFirewallFirewallPoliciesCommand";
+export * from "./PutAdminAccountCommand";
 export * from "./PutAppsListCommand";
 export * from "./PutNotificationChannelCommand";
 export * from "./PutPolicyCommand";

package/dist-types/endpoint/EndpointParameters.d.ts

@@ -12,7 +12,7 @@ export declare const resolveClientEndpointParameters: <T>(options: T & ClientInp
     defaultSigningName: string;
 };
 export interface EndpointParameters extends __EndpointParameters {
-    Region: string;
+    Region?: string;
     UseDualStack?: boolean;
     UseFIPS?: boolean;
     Endpoint?: string;