@aws-sdk/client-route53resolver 3.1069.0 → 3.1071.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist-cjs/index.js CHANGED
@@ -1275,6 +1275,7 @@ const IpAddressStatus = {
1275
1275
  Deleting: "DELETING",
1276
1276
  Detaching: "DETACHING",
1277
1277
  FailedCreation: "FAILED_CREATION",
1278
+ FailedCreationInsufficientEC2CapacityInOutpost: "FAILED_CREATION_INSUFFICIENT_EC2_CAPACITY_IN_OUTPOST",
1278
1279
  FailedResourceGone: "FAILED_RESOURCE_GONE",
1279
1280
  Isolated: "ISOLATED",
1280
1281
  RemapAttaching: "REMAP_ATTACHING",
@@ -291,6 +291,7 @@ const _P = "Priority";
291
291
  const _PFRGP = "PutFirewallRuleGroupPolicy";
292
292
  const _PFRGPR = "PutFirewallRuleGroupPolicyRequest";
293
293
  const _PFRGPRu = "PutFirewallRuleGroupPolicyResponse";
294
+ const _PI = "ProductId";
294
295
  const _PIT = "PreferredInstanceType";
295
296
  const _PRQLCP = "PutResolverQueryLogConfigPolicy";
296
297
  const _PRQLCPR = "PutResolverQueryLogConfigPolicyRequest";
@@ -298,6 +299,9 @@ const _PRQLCPRu = "PutResolverQueryLogConfigPolicyResponse";
298
299
  const _PRRP = "PutResolverRulePolicy";
299
300
  const _PRRPR = "PutResolverRulePolicyRequest";
300
301
  const _PRRPRu = "PutResolverRulePolicyResponse";
302
+ const _PTP = "PartnerThreatProtection";
303
+ const _PTPC = "PartnerThreatProtectionConfig";
304
+ const _Pa = "Partner";
301
305
  const _Po = "Port";
302
306
  const _Pr = "Protocols";
303
307
  const _Pro = "Protocol";
@@ -344,7 +348,8 @@ const _RV = "ReturnValue";
344
348
  const _S = "Status";
345
349
  const _SB = "SortBy";
346
350
  const _SGI = "SecurityGroupIds";
347
- const _SI = "SubnetId";
351
+ const _SI = "SubscriptionInfo";
352
+ const _SIu = "SubnetId";
348
353
  const _SM = "StatusMessage";
349
354
  const _SNI = "ServerNameIndication";
350
355
  const _SO = "SortOrder";
@@ -404,6 +409,7 @@ const _URRp = "UpdateResolverRule";
404
409
  const _V = "Value";
405
410
  const _VE = "ValidationException";
406
411
  const _VI = "VpcId";
412
+ const _VN = "VendorName";
407
413
  const _VPCI = "VPCId";
408
414
  const _VS = "ValidationStatus";
409
415
  const _Va = "Values";
@@ -917,8 +923,8 @@ const FirewallDomainListMetadata$ = [3, n0, _FDLM,
917
923
  exports.FirewallDomainListMetadata$ = FirewallDomainListMetadata$;
918
924
  const FirewallRule$ = [3, n0, _FR,
919
925
  0,
920
- [_FRGI, _FDLI, _FTPI, _N, _P, _A, _BR, _BOD, _BODT, _BOT, _CRI, _CTr, _MT, _FDRA, _Q, _DTP, _CT, _FRT],
921
- [0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, () => FirewallRuleType$]
926
+ [_FRGI, _FDLI, _FTPI, _N, _P, _A, _BR, _BOD, _BODT, _BOT, _CRI, _CTr, _MT, _FDRA, _Q, _DTP, _CT, _FRT, _S, _SM],
927
+ [0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, () => FirewallRuleType$, 0, 0]
922
928
  ];
923
929
  exports.FirewallRule$ = FirewallRule$;
924
930
  const FirewallRuleGroup$ = [3, n0, _FRG,
@@ -941,14 +947,14 @@ const FirewallRuleGroupMetadata$ = [3, n0, _FRGM,
941
947
  exports.FirewallRuleGroupMetadata$ = FirewallRuleGroupMetadata$;
942
948
  const FirewallRuleType$ = [3, n0, _FRT,
943
949
  0,
944
- [_FACC, _FATC, _DTP],
945
- [() => FirewallAdvancedContentCategoryConfig$, () => FirewallAdvancedThreatCategoryConfig$, () => DnsThreatProtectionRuleTypeConfig$]
950
+ [_PTP, _FACC, _FATC, _DTP],
951
+ [() => PartnerThreatProtectionConfig$, () => FirewallAdvancedContentCategoryConfig$, () => FirewallAdvancedThreatCategoryConfig$, () => DnsThreatProtectionRuleTypeConfig$]
946
952
  ];
947
953
  exports.FirewallRuleType$ = FirewallRuleType$;
948
954
  const FirewallRuleTypeDefinition$ = [3, n0, _FRTD,
949
955
  0,
950
- [_RTu, _V, _DNi, _De],
951
- [0, 0, 0, 0]
956
+ [_RTu, _V, _DNi, _De, _SI],
957
+ [0, 0, 0, 0, () => SubscriptionInfo$]
952
958
  ];
953
959
  exports.FirewallRuleTypeDefinition$ = FirewallRuleTypeDefinition$;
954
960
  const GetFirewallConfigRequest$ = [3, n0, _GFCR,
@@ -1145,19 +1151,19 @@ const ImportFirewallDomainsResponse$ = [3, n0, _IFDRm,
1145
1151
  exports.ImportFirewallDomainsResponse$ = ImportFirewallDomainsResponse$;
1146
1152
  const IpAddressRequest$ = [3, n0, _IAR,
1147
1153
  0,
1148
- [_SI, _Ip, _Ipv],
1154
+ [_SIu, _Ip, _Ipv],
1149
1155
  [0, 0, 0], 1
1150
1156
  ];
1151
1157
  exports.IpAddressRequest$ = IpAddressRequest$;
1152
1158
  const IpAddressResponse$ = [3, n0, _IARp,
1153
1159
  0,
1154
- [_II, _SI, _Ip, _Ipv, _S, _SM, _CTr, _MT],
1160
+ [_II, _SIu, _Ip, _Ipv, _S, _SM, _CTr, _MT],
1155
1161
  [0, 0, 0, 0, 0, 0, 0, 0]
1156
1162
  ];
1157
1163
  exports.IpAddressResponse$ = IpAddressResponse$;
1158
1164
  const IpAddressUpdate$ = [3, n0, _IAU,
1159
1165
  0,
1160
- [_II, _SI, _Ip, _Ipv],
1166
+ [_II, _SIu, _Ip, _Ipv],
1161
1167
  [0, 0, 0, 0]
1162
1168
  ];
1163
1169
  exports.IpAddressUpdate$ = IpAddressUpdate$;
@@ -1371,6 +1377,12 @@ const OutpostResolver$ = [3, n0, _OR,
1371
1377
  [0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0]
1372
1378
  ];
1373
1379
  exports.OutpostResolver$ = OutpostResolver$;
1380
+ const PartnerThreatProtectionConfig$ = [3, n0, _PTPC,
1381
+ 0,
1382
+ [_Pa],
1383
+ [0], 1
1384
+ ];
1385
+ exports.PartnerThreatProtectionConfig$ = PartnerThreatProtectionConfig$;
1374
1386
  const PutFirewallRuleGroupPolicyRequest$ = [3, n0, _PFRGPR,
1375
1387
  0,
1376
1388
  [_Ar, _FRGP],
@@ -1455,6 +1467,12 @@ const ResolverRuleConfig$ = [3, n0, _RRC,
1455
1467
  [0, () => TargetList, 0]
1456
1468
  ];
1457
1469
  exports.ResolverRuleConfig$ = ResolverRuleConfig$;
1470
+ const SubscriptionInfo$ = [3, n0, _SI,
1471
+ 0,
1472
+ [_VN, _PI],
1473
+ [0, 0]
1474
+ ];
1475
+ exports.SubscriptionInfo$ = SubscriptionInfo$;
1458
1476
  const Tag$ = [3, n0, _Ta,
1459
1477
  0,
1460
1478
  [_K, _V],
@@ -167,6 +167,7 @@ export const IpAddressStatus = {
167
167
  Deleting: "DELETING",
168
168
  Detaching: "DETACHING",
169
169
  FailedCreation: "FAILED_CREATION",
170
+ FailedCreationInsufficientEC2CapacityInOutpost: "FAILED_CREATION_INSUFFICIENT_EC2_CAPACITY_IN_OUTPOST",
170
171
  FailedResourceGone: "FAILED_RESOURCE_GONE",
171
172
  Isolated: "ISOLATED",
172
173
  RemapAttaching: "REMAP_ATTACHING",
@@ -291,6 +291,7 @@ const _P = "Priority";
291
291
  const _PFRGP = "PutFirewallRuleGroupPolicy";
292
292
  const _PFRGPR = "PutFirewallRuleGroupPolicyRequest";
293
293
  const _PFRGPRu = "PutFirewallRuleGroupPolicyResponse";
294
+ const _PI = "ProductId";
294
295
  const _PIT = "PreferredInstanceType";
295
296
  const _PRQLCP = "PutResolverQueryLogConfigPolicy";
296
297
  const _PRQLCPR = "PutResolverQueryLogConfigPolicyRequest";
@@ -298,6 +299,9 @@ const _PRQLCPRu = "PutResolverQueryLogConfigPolicyResponse";
298
299
  const _PRRP = "PutResolverRulePolicy";
299
300
  const _PRRPR = "PutResolverRulePolicyRequest";
300
301
  const _PRRPRu = "PutResolverRulePolicyResponse";
302
+ const _PTP = "PartnerThreatProtection";
303
+ const _PTPC = "PartnerThreatProtectionConfig";
304
+ const _Pa = "Partner";
301
305
  const _Po = "Port";
302
306
  const _Pr = "Protocols";
303
307
  const _Pro = "Protocol";
@@ -344,7 +348,8 @@ const _RV = "ReturnValue";
344
348
  const _S = "Status";
345
349
  const _SB = "SortBy";
346
350
  const _SGI = "SecurityGroupIds";
347
- const _SI = "SubnetId";
351
+ const _SI = "SubscriptionInfo";
352
+ const _SIu = "SubnetId";
348
353
  const _SM = "StatusMessage";
349
354
  const _SNI = "ServerNameIndication";
350
355
  const _SO = "SortOrder";
@@ -404,6 +409,7 @@ const _URRp = "UpdateResolverRule";
404
409
  const _V = "Value";
405
410
  const _VE = "ValidationException";
406
411
  const _VI = "VpcId";
412
+ const _VN = "VendorName";
407
413
  const _VPCI = "VPCId";
408
414
  const _VS = "ValidationStatus";
409
415
  const _Va = "Values";
@@ -837,8 +843,8 @@ export var FirewallDomainListMetadata$ = [3, n0, _FDLM,
837
843
  ];
838
844
  export var FirewallRule$ = [3, n0, _FR,
839
845
  0,
840
- [_FRGI, _FDLI, _FTPI, _N, _P, _A, _BR, _BOD, _BODT, _BOT, _CRI, _CTr, _MT, _FDRA, _Q, _DTP, _CT, _FRT],
841
- [0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, () => FirewallRuleType$]
846
+ [_FRGI, _FDLI, _FTPI, _N, _P, _A, _BR, _BOD, _BODT, _BOT, _CRI, _CTr, _MT, _FDRA, _Q, _DTP, _CT, _FRT, _S, _SM],
847
+ [0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, () => FirewallRuleType$, 0, 0]
842
848
  ];
843
849
  export var FirewallRuleGroup$ = [3, n0, _FRG,
844
850
  0,
@@ -857,13 +863,13 @@ export var FirewallRuleGroupMetadata$ = [3, n0, _FRGM,
857
863
  ];
858
864
  export var FirewallRuleType$ = [3, n0, _FRT,
859
865
  0,
860
- [_FACC, _FATC, _DTP],
861
- [() => FirewallAdvancedContentCategoryConfig$, () => FirewallAdvancedThreatCategoryConfig$, () => DnsThreatProtectionRuleTypeConfig$]
866
+ [_PTP, _FACC, _FATC, _DTP],
867
+ [() => PartnerThreatProtectionConfig$, () => FirewallAdvancedContentCategoryConfig$, () => FirewallAdvancedThreatCategoryConfig$, () => DnsThreatProtectionRuleTypeConfig$]
862
868
  ];
863
869
  export var FirewallRuleTypeDefinition$ = [3, n0, _FRTD,
864
870
  0,
865
- [_RTu, _V, _DNi, _De],
866
- [0, 0, 0, 0]
871
+ [_RTu, _V, _DNi, _De, _SI],
872
+ [0, 0, 0, 0, () => SubscriptionInfo$]
867
873
  ];
868
874
  export var GetFirewallConfigRequest$ = [3, n0, _GFCR,
869
875
  0,
@@ -1027,17 +1033,17 @@ export var ImportFirewallDomainsResponse$ = [3, n0, _IFDRm,
1027
1033
  ];
1028
1034
  export var IpAddressRequest$ = [3, n0, _IAR,
1029
1035
  0,
1030
- [_SI, _Ip, _Ipv],
1036
+ [_SIu, _Ip, _Ipv],
1031
1037
  [0, 0, 0], 1
1032
1038
  ];
1033
1039
  export var IpAddressResponse$ = [3, n0, _IARp,
1034
1040
  0,
1035
- [_II, _SI, _Ip, _Ipv, _S, _SM, _CTr, _MT],
1041
+ [_II, _SIu, _Ip, _Ipv, _S, _SM, _CTr, _MT],
1036
1042
  [0, 0, 0, 0, 0, 0, 0, 0]
1037
1043
  ];
1038
1044
  export var IpAddressUpdate$ = [3, n0, _IAU,
1039
1045
  0,
1040
- [_II, _SI, _Ip, _Ipv],
1046
+ [_II, _SIu, _Ip, _Ipv],
1041
1047
  [0, 0, 0, 0]
1042
1048
  ];
1043
1049
  export var ListFirewallConfigsRequest$ = [3, n0, _LFCR,
@@ -1215,6 +1221,11 @@ export var OutpostResolver$ = [3, n0, _OR,
1215
1221
  [_Ar, _CTr, _MT, _CRI, _I, _IC, _PIT, _N, _S, _SM, _OA],
1216
1222
  [0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0]
1217
1223
  ];
1224
+ export var PartnerThreatProtectionConfig$ = [3, n0, _PTPC,
1225
+ 0,
1226
+ [_Pa],
1227
+ [0], 1
1228
+ ];
1218
1229
  export var PutFirewallRuleGroupPolicyRequest$ = [3, n0, _PFRGPR,
1219
1230
  0,
1220
1231
  [_Ar, _FRGP],
@@ -1285,6 +1296,11 @@ export var ResolverRuleConfig$ = [3, n0, _RRC,
1285
1296
  [_N, _TI, _REI],
1286
1297
  [0, () => TargetList, 0]
1287
1298
  ];
1299
+ export var SubscriptionInfo$ = [3, n0, _SI,
1300
+ 0,
1301
+ [_VN, _PI],
1302
+ [0, 0]
1303
+ ];
1288
1304
  export var Tag$ = [3, n0, _Ta,
1289
1305
  0,
1290
1306
  [_K, _V],
@@ -29,7 +29,8 @@ declare const AssociateFirewallRuleGroupCommand_base: {
29
29
  };
30
30
  };
31
31
  /**
32
- * <p>Associates a <a>FirewallRuleGroup</a> with a VPC, to provide DNS filtering for the VPC. </p>
32
+ * <p>Associates a <a>FirewallRuleGroup</a> with a VPC, to provide DNS filtering for the VPC.</p>
33
+ * <p>If the rule group contains any rule configured with the <code>PartnerThreatProtection</code> rule type, the calling account must hold an active AWS Marketplace subscription to the named partner. If the subscription is missing, the association request is rejected.</p>
33
34
  * @example
34
35
  * Use a bare-bones client and the command you need to make an API call.
35
36
  * ```javascript
@@ -56,6 +56,9 @@ declare const BatchCreateFirewallRuleCommand_base: {
56
56
  * DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
57
57
  * ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
58
58
  * FirewallRuleType: { // FirewallRuleType
59
+ * PartnerThreatProtection: { // PartnerThreatProtectionConfig
60
+ * Partner: "STRING_VALUE", // required
61
+ * },
59
62
  * FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
60
63
  * Category: "STRING_VALUE", // required
61
64
  * },
@@ -93,6 +96,9 @@ declare const BatchCreateFirewallRuleCommand_base: {
93
96
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
94
97
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
95
98
  * // FirewallRuleType: { // FirewallRuleType
99
+ * // PartnerThreatProtection: { // PartnerThreatProtectionConfig
100
+ * // Partner: "STRING_VALUE", // required
101
+ * // },
96
102
  * // FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
97
103
  * // Category: "STRING_VALUE", // required
98
104
  * // },
@@ -104,6 +110,8 @@ declare const BatchCreateFirewallRuleCommand_base: {
104
110
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH", // required
105
111
  * // },
106
112
  * // },
113
+ * // Status: "STRING_VALUE",
114
+ * // StatusMessage: "STRING_VALUE",
107
115
  * // },
108
116
  * // ],
109
117
  * // CreateErrors: [ // BatchCreateFirewallRuleErrors
@@ -124,6 +132,9 @@ declare const BatchCreateFirewallRuleCommand_base: {
124
132
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
125
133
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
126
134
  * // FirewallRuleType: {
135
+ * // PartnerThreatProtection: {
136
+ * // Partner: "STRING_VALUE", // required
137
+ * // },
127
138
  * // FirewallAdvancedContentCategory: {
128
139
  * // Category: "STRING_VALUE", // required
129
140
  * // },
@@ -71,6 +71,9 @@ declare const BatchDeleteFirewallRuleCommand_base: {
71
71
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
72
72
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
73
73
  * // FirewallRuleType: { // FirewallRuleType
74
+ * // PartnerThreatProtection: { // PartnerThreatProtectionConfig
75
+ * // Partner: "STRING_VALUE", // required
76
+ * // },
74
77
  * // FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
75
78
  * // Category: "STRING_VALUE", // required
76
79
  * // },
@@ -82,6 +85,8 @@ declare const BatchDeleteFirewallRuleCommand_base: {
82
85
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH", // required
83
86
  * // },
84
87
  * // },
88
+ * // Status: "STRING_VALUE",
89
+ * // StatusMessage: "STRING_VALUE",
85
90
  * // },
86
91
  * // ],
87
92
  * // DeleteErrors: [ // BatchDeleteFirewallRuleErrors
@@ -56,6 +56,9 @@ declare const BatchUpdateFirewallRuleCommand_base: {
56
56
  * DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
57
57
  * ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
58
58
  * FirewallRuleType: { // FirewallRuleType
59
+ * PartnerThreatProtection: { // PartnerThreatProtectionConfig
60
+ * Partner: "STRING_VALUE", // required
61
+ * },
59
62
  * FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
60
63
  * Category: "STRING_VALUE", // required
61
64
  * },
@@ -93,6 +96,9 @@ declare const BatchUpdateFirewallRuleCommand_base: {
93
96
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
94
97
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
95
98
  * // FirewallRuleType: { // FirewallRuleType
99
+ * // PartnerThreatProtection: { // PartnerThreatProtectionConfig
100
+ * // Partner: "STRING_VALUE", // required
101
+ * // },
96
102
  * // FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
97
103
  * // Category: "STRING_VALUE", // required
98
104
  * // },
@@ -104,6 +110,8 @@ declare const BatchUpdateFirewallRuleCommand_base: {
104
110
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH", // required
105
111
  * // },
106
112
  * // },
113
+ * // Status: "STRING_VALUE",
114
+ * // StatusMessage: "STRING_VALUE",
107
115
  * // },
108
116
  * // ],
109
117
  * // UpdateErrors: [ // BatchUpdateFirewallRuleErrors
@@ -124,6 +132,9 @@ declare const BatchUpdateFirewallRuleCommand_base: {
124
132
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
125
133
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
126
134
  * // FirewallRuleType: {
135
+ * // PartnerThreatProtection: {
136
+ * // Partner: "STRING_VALUE", // required
137
+ * // },
127
138
  * // FirewallAdvancedContentCategory: {
128
139
  * // Category: "STRING_VALUE", // required
129
140
  * // },
@@ -29,7 +29,22 @@ declare const CreateFirewallRuleCommand_base: {
29
29
  };
30
30
  };
31
31
  /**
32
- * <p>Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.</p>
32
+ * <p>Creates a single DNS Firewall rule in the specified rule group. The rule can use any one of the following match sources, and the chosen source must be supplied through the matching request field — they are mutually exclusive:</p>
33
+ * <ul>
34
+ * <li>
35
+ * <p>
36
+ * <code>FirewallDomainListId</code> — match a customer-managed or AWS-managed domain list.</p>
37
+ * </li>
38
+ * <li>
39
+ * <p>
40
+ * <code>DnsThreatProtection</code> — match a built-in DNS Firewall Advanced threat detector (<code>DGA</code>, <code>DNS_TUNNELING</code>, or <code>DICTIONARY_DGA</code>).</p>
41
+ * </li>
42
+ * <li>
43
+ * <p>
44
+ * <code>FirewallRuleType</code> — match one of the rule-type variants returned by <a>ListFirewallRuleTypes</a>: <code>FirewallAdvancedContentCategory</code>, <code>FirewallAdvancedThreatCategory</code>, <code>DnsThreatProtection</code>, or <code>PartnerThreatProtection</code>. The <code>PartnerThreatProtection</code> variant requires an active AWS Marketplace subscription to the named partner product.</p>
45
+ * </li>
46
+ * </ul>
47
+ * <p>For rules that require asynchronous provisioning (today, the <code>PartnerThreatProtection</code> rule type), the rule's <code>Status</code> begins at <code>CREATING</code> and transitions to <code>COMPLETE</code> once the rule is provisioned and the marketplace entitlement is verified. If provisioning fails, <code>Status</code> becomes <code>CREATION_FAILED</code> and <code>StatusMessage</code> contains a human-readable reason; the rule is then immutable and must be removed with <a>DeleteFirewallRule</a>.</p>
33
48
  * @example
34
49
  * Use a bare-bones client and the command you need to make an API call.
35
50
  * ```javascript
@@ -54,6 +69,9 @@ declare const CreateFirewallRuleCommand_base: {
54
69
  * DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
55
70
  * ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
56
71
  * FirewallRuleType: { // FirewallRuleType
72
+ * PartnerThreatProtection: { // PartnerThreatProtectionConfig
73
+ * Partner: "STRING_VALUE", // required
74
+ * },
57
75
  * FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
58
76
  * Category: "STRING_VALUE", // required
59
77
  * },
@@ -88,6 +106,9 @@ declare const CreateFirewallRuleCommand_base: {
88
106
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
89
107
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
90
108
  * // FirewallRuleType: { // FirewallRuleType
109
+ * // PartnerThreatProtection: { // PartnerThreatProtectionConfig
110
+ * // Partner: "STRING_VALUE", // required
111
+ * // },
91
112
  * // FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
92
113
  * // Category: "STRING_VALUE", // required
93
114
  * // },
@@ -99,6 +120,8 @@ declare const CreateFirewallRuleCommand_base: {
99
120
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH", // required
100
121
  * // },
101
122
  * // },
123
+ * // Status: "STRING_VALUE",
124
+ * // StatusMessage: "STRING_VALUE",
102
125
  * // },
103
126
  * // };
104
127
  *
@@ -29,7 +29,9 @@ declare const DeleteFirewallRuleCommand_base: {
29
29
  };
30
30
  };
31
31
  /**
32
- * <p>Deletes the specified firewall rule.</p>
32
+ * <p>Deletes the specified firewall rule. Identify the rule using either <code>FirewallDomainListId</code> (for domain-list and DNS Firewall Advanced rules) or <code>FirewallThreatProtectionId</code> (for partner-managed and DNS Firewall Advanced rules) — together with <code>FirewallRuleGroupId</code>.</p>
33
+ * <p>
34
+ * <code>DeleteFirewallRule</code> is the only operation that succeeds against a rule whose <code>Status</code> is <code>CREATION_FAILED</code>.</p>
33
35
  * @example
34
36
  * Use a bare-bones client and the command you need to make an API call.
35
37
  * ```javascript
@@ -66,6 +68,9 @@ declare const DeleteFirewallRuleCommand_base: {
66
68
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
67
69
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
68
70
  * // FirewallRuleType: { // FirewallRuleType
71
+ * // PartnerThreatProtection: { // PartnerThreatProtectionConfig
72
+ * // Partner: "STRING_VALUE", // required
73
+ * // },
69
74
  * // FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
70
75
  * // Category: "STRING_VALUE", // required
71
76
  * // },
@@ -77,6 +82,8 @@ declare const DeleteFirewallRuleCommand_base: {
77
82
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH", // required
78
83
  * // },
79
84
  * // },
85
+ * // Status: "STRING_VALUE",
86
+ * // StatusMessage: "STRING_VALUE",
80
87
  * // },
81
88
  * // };
82
89
  *
@@ -29,7 +29,8 @@ declare const ListFirewallRuleTypesCommand_base: {
29
29
  };
30
30
  };
31
31
  /**
32
- * <p>Retrieves the available rule types that can be used in DNS Firewall rules.</p>
32
+ * <p>Retrieves the rule-type variants that can be used in the <code>FirewallRuleType</code> field of <a>CreateFirewallRule</a> and <a>UpdateFirewallRule</a>. Each returned <a>FirewallRuleTypeDefinition</a> identifies one variant + value combination — for example, <code>FirewallAdvancedContentCategory</code> + <code>VIOLENCE_AND_HATE_SPEECH</code>, or <code>PartnerThreatProtection</code> + a partner-managed feed.</p>
33
+ * <p>The supported <code>RuleType</code> filter values are <code>FirewallAdvancedContentCategory</code>, <code>FirewallAdvancedThreatCategory</code>, <code>DnsThreatProtection</code>, and <code>PartnerThreatProtection</code>. When a returned definition's variant requires an external subscription (currently only <code>PartnerThreatProtection</code>), the response also includes a <a>SubscriptionInfo</a> identifying the AWS Marketplace product that backs it; absence of <code>SubscriptionInfo</code> means the variant is fully managed by AWS and requires no separate subscription.</p>
33
34
  * @example
34
35
  * Use a bare-bones client and the command you need to make an API call.
35
36
  * ```javascript
@@ -52,6 +53,10 @@ declare const ListFirewallRuleTypesCommand_base: {
52
53
  * // Value: "STRING_VALUE",
53
54
  * // DisplayName: "STRING_VALUE",
54
55
  * // Description: "STRING_VALUE",
56
+ * // SubscriptionInfo: { // SubscriptionInfo
57
+ * // VendorName: "STRING_VALUE",
58
+ * // ProductId: "STRING_VALUE",
59
+ * // },
55
60
  * // },
56
61
  * // ],
57
62
  * // NextToken: "STRING_VALUE",
@@ -29,8 +29,9 @@ declare const ListFirewallRulesCommand_base: {
29
29
  };
30
30
  };
31
31
  /**
32
- * <p>Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC. </p>
33
- * <p>A single call might return only a partial list of the rules. For information, see <code>MaxResults</code>. </p>
32
+ * <p>Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC.</p>
33
+ * <p>A single call might return only a partial list of the rules. For information, see <code>MaxResults</code>.</p>
34
+ * <p>For rules that require asynchronous provisioning, the response includes <code>Status</code> (see <a>FirewallRuleStatus</a>) and, on failure, <code>StatusMessage</code> with the reason.</p>
34
35
  * @example
35
36
  * Use a bare-bones client and the command you need to make an API call.
36
37
  * ```javascript
@@ -70,6 +71,9 @@ declare const ListFirewallRulesCommand_base: {
70
71
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
71
72
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
72
73
  * // FirewallRuleType: { // FirewallRuleType
74
+ * // PartnerThreatProtection: { // PartnerThreatProtectionConfig
75
+ * // Partner: "STRING_VALUE", // required
76
+ * // },
73
77
  * // FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
74
78
  * // Category: "STRING_VALUE", // required
75
79
  * // },
@@ -81,6 +85,8 @@ declare const ListFirewallRulesCommand_base: {
81
85
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH", // required
82
86
  * // },
83
87
  * // },
88
+ * // Status: "STRING_VALUE",
89
+ * // StatusMessage: "STRING_VALUE",
84
90
  * // },
85
91
  * // ],
86
92
  * // };
@@ -54,7 +54,7 @@ declare const ListResolverEndpointIpAddressesCommand_base: {
54
54
  * // SubnetId: "STRING_VALUE",
55
55
  * // Ip: "STRING_VALUE",
56
56
  * // Ipv6: "STRING_VALUE",
57
- * // Status: "CREATING" || "FAILED_CREATION" || "ATTACHING" || "ATTACHED" || "REMAP_DETACHING" || "REMAP_ATTACHING" || "DETACHING" || "FAILED_RESOURCE_GONE" || "DELETING" || "DELETE_FAILED_FAS_EXPIRED" || "UPDATING" || "UPDATE_FAILED" || "ISOLATED",
57
+ * // Status: "CREATING" || "FAILED_CREATION" || "FAILED_CREATION_INSUFFICIENT_EC2_CAPACITY_IN_OUTPOST" || "ATTACHING" || "ATTACHED" || "REMAP_DETACHING" || "REMAP_ATTACHING" || "DETACHING" || "FAILED_RESOURCE_GONE" || "DELETING" || "DELETE_FAILED_FAS_EXPIRED" || "UPDATING" || "UPDATE_FAILED" || "ISOLATED",
58
58
  * // StatusMessage: "STRING_VALUE",
59
59
  * // CreationTime: "STRING_VALUE",
60
60
  * // ModificationTime: "STRING_VALUE",
@@ -29,7 +29,7 @@ declare const UpdateFirewallRuleCommand_base: {
29
29
  };
30
30
  };
31
31
  /**
32
- * <p>Updates the specified firewall rule. </p>
32
+ * <p>Updates the specified firewall rule. The rule's <code>FirewallRuleType</code>, <code>FirewallDomainListId</code>, and top-level <code>DnsThreatProtection</code> match source cannot be changed after creation. Rules whose <code>Status</code> is <code>CREATING</code> or <code>CREATION_FAILED</code> cannot be updated; remove a failed rule with <a>DeleteFirewallRule</a>.</p>
33
33
  * @example
34
34
  * Use a bare-bones client and the command you need to make an API call.
35
35
  * ```javascript
@@ -54,6 +54,9 @@ declare const UpdateFirewallRuleCommand_base: {
54
54
  * DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
55
55
  * ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
56
56
  * FirewallRuleType: { // FirewallRuleType
57
+ * PartnerThreatProtection: { // PartnerThreatProtectionConfig
58
+ * Partner: "STRING_VALUE", // required
59
+ * },
57
60
  * FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
58
61
  * Category: "STRING_VALUE", // required
59
62
  * },
@@ -88,6 +91,9 @@ declare const UpdateFirewallRuleCommand_base: {
88
91
  * // DnsThreatProtection: "DGA" || "DNS_TUNNELING" || "DICTIONARY_DGA",
89
92
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
90
93
  * // FirewallRuleType: { // FirewallRuleType
94
+ * // PartnerThreatProtection: { // PartnerThreatProtectionConfig
95
+ * // Partner: "STRING_VALUE", // required
96
+ * // },
91
97
  * // FirewallAdvancedContentCategory: { // FirewallAdvancedContentCategoryConfig
92
98
  * // Category: "STRING_VALUE", // required
93
99
  * // },
@@ -99,6 +105,8 @@ declare const UpdateFirewallRuleCommand_base: {
99
105
  * // ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH", // required
100
106
  * // },
101
107
  * // },
108
+ * // Status: "STRING_VALUE",
109
+ * // StatusMessage: "STRING_VALUE",
102
110
  * // },
103
111
  * // };
104
112
  *
@@ -403,6 +403,7 @@ export declare const IpAddressStatus: {
403
403
  readonly Deleting: "DELETING";
404
404
  readonly Detaching: "DETACHING";
405
405
  readonly FailedCreation: "FAILED_CREATION";
406
+ readonly FailedCreationInsufficientEC2CapacityInOutpost: "FAILED_CREATION_INSUFFICIENT_EC2_CAPACITY_IN_OUTPOST";
406
407
  readonly FailedResourceGone: "FAILED_RESOURCE_GONE";
407
408
  readonly Isolated: "ISOLATED";
408
409
  readonly RemapAttaching: "REMAP_ATTACHING";
@@ -638,7 +638,7 @@ export interface DnsThreatProtectionRuleTypeConfig {
638
638
  * </li>
639
639
  * <li>
640
640
  * <p>
641
- * <code>DICT_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
641
+ * <code>DICTIONARY_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
642
642
  * </li>
643
643
  * </ul>
644
644
  * @public
@@ -687,22 +687,40 @@ export interface FirewallAdvancedThreatCategoryConfig {
687
687
  Category: string | undefined;
688
688
  }
689
689
  /**
690
- * <p>The configuration for a rule type in a DNS Firewall rule. This is a union type exactly one member should be set.</p>
690
+ * <p>The configuration for a partner threat-protection rule. To enumerate the partners available in your account, call <a>ListFirewallRuleTypes</a> with <code>RuleType</code> set to <code>PartnerThreatProtection</code> — each returned <a>FirewallRuleTypeDefinition</a> includes a <a>SubscriptionInfo</a> identifying the AWS Marketplace product that backs it.</p>
691
+ * @public
692
+ */
693
+ export interface PartnerThreatProtectionConfig {
694
+ /**
695
+ * <p>The identifier of the partner threat-protection product, exactly as returned in the <code>Value</code> field of a <a>FirewallRuleTypeDefinition</a> with <code>RuleType</code> set to <code>PartnerThreatProtection</code>. The calling account must hold an active AWS Marketplace subscription to this product.</p>
696
+ * @public
697
+ */
698
+ Partner: string | undefined;
699
+ }
700
+ /**
701
+ * <p>The rule-type configuration for a DNS Firewall rule. <code>FirewallRuleType</code> is a tagged union — exactly one member must be set per rule, and the member determines what the rule matches against. This shape is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields on <a>CreateFirewallRule</a> and <a>UpdateFirewallRule</a>.</p>
702
+ * <p>Call <a>ListFirewallRuleTypes</a> to discover which rule-type variants and which values within each variant are available in your account and Region.</p>
691
703
  * @public
692
704
  */
693
705
  export interface FirewallRuleType {
694
706
  /**
695
- * <p>The configuration for a content category-based filtering rule.</p>
707
+ * <p>Configures the rule to match a third-party threat feed delivered through AWS Marketplace. The calling account must hold an active subscription to the partner product named in <code>Partner</code>; if the subscription is missing or revoked, the rule is created with <code>Status</code>
708
+ * <code>CREATION_FAILED</code> and cannot be modified — only deleted. See <a>PartnerThreatProtectionConfig</a>.</p>
709
+ * @public
710
+ */
711
+ PartnerThreatProtection?: PartnerThreatProtectionConfig | undefined;
712
+ /**
713
+ * <p>Configures the rule to match an AWS-managed content category (for example, <code>VIOLENCE_AND_HATE_SPEECH</code>). See <a>FirewallAdvancedContentCategoryConfig</a>.</p>
696
714
  * @public
697
715
  */
698
716
  FirewallAdvancedContentCategory?: FirewallAdvancedContentCategoryConfig | undefined;
699
717
  /**
700
- * <p>The configuration for a threat category-based filtering rule.</p>
718
+ * <p>Configures the rule to match an AWS-managed advanced threat category (for example, <code>PHISHING</code>). See <a>FirewallAdvancedThreatCategoryConfig</a>.</p>
701
719
  * @public
702
720
  */
703
721
  FirewallAdvancedThreatCategory?: FirewallAdvancedThreatCategoryConfig | undefined;
704
722
  /**
705
- * <p>The configuration for a DNS threat protection rule type, such as DGA or DNS tunneling detection.</p>
723
+ * <p>Configures the rule to match a built-in DNS Firewall Advanced threat detector <code>DGA</code>, <code>DNS_TUNNELING</code>, or <code>DICTIONARY_DGA</code>. See <a>DnsThreatProtectionRuleTypeConfig</a>.</p>
706
724
  * @public
707
725
  */
708
726
  DnsThreatProtection?: DnsThreatProtectionRuleTypeConfig | undefined;
@@ -862,7 +880,7 @@ export interface CreateFirewallRuleEntry {
862
880
  * </li>
863
881
  * <li>
864
882
  * <p>
865
- * <code>DICT_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
883
+ * <code>DICTIONARY_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
866
884
  * </li>
867
885
  * </ul>
868
886
  * @public
@@ -888,7 +906,26 @@ export interface CreateFirewallRuleEntry {
888
906
  */
889
907
  ConfidenceThreshold?: ConfidenceThreshold | undefined;
890
908
  /**
891
- * <p>The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields.</p>
909
+ * <p>The rule type configuration for the firewall rule. This is a tagged union — set exactly one of its members. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields. Use one of:</p>
910
+ * <ul>
911
+ * <li>
912
+ * <p>
913
+ * <code>FirewallAdvancedContentCategory</code> — match an AWS-managed content category (for example, <code>VIOLENCE_AND_HATE_SPEECH</code>).</p>
914
+ * </li>
915
+ * <li>
916
+ * <p>
917
+ * <code>FirewallAdvancedThreatCategory</code> — match an AWS-managed advanced threat category (for example, <code>PHISHING</code>).</p>
918
+ * </li>
919
+ * <li>
920
+ * <p>
921
+ * <code>DnsThreatProtection</code> — match a built-in DNS Firewall Advanced threat detector (<code>DGA</code>, <code>DNS_TUNNELING</code>, or <code>DICTIONARY_DGA</code>).</p>
922
+ * </li>
923
+ * <li>
924
+ * <p>
925
+ * <code>PartnerThreatProtection</code> — match a third-party threat feed delivered through AWS Marketplace. The selected partner must be an active subscription on the calling account.</p>
926
+ * </li>
927
+ * </ul>
928
+ * <p>To enumerate the values supported in your account, call <a>ListFirewallRuleTypes</a>.</p>
892
929
  * @public
893
930
  */
894
931
  FirewallRuleType?: FirewallRuleType | undefined;
@@ -1081,13 +1118,17 @@ export interface FirewallRule {
1081
1118
  * <li>
1082
1119
  * <p>
1083
1120
  * <code>DGA</code>: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains
1084
- * to to launch malware attacks.</p>
1121
+ * to launch malware attacks.</p>
1085
1122
  * </li>
1086
1123
  * <li>
1087
1124
  * <p>
1088
1125
  * <code>DNS_TUNNELING</code>: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without
1089
1126
  * making a network connection to the client.</p>
1090
1127
  * </li>
1128
+ * <li>
1129
+ * <p>
1130
+ * <code>DICTIONARY_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
1131
+ * </li>
1091
1132
  * </ul>
1092
1133
  * @public
1093
1134
  */
@@ -1115,10 +1156,54 @@ export interface FirewallRule {
1115
1156
  */
1116
1157
  ConfidenceThreshold?: ConfidenceThreshold | undefined;
1117
1158
  /**
1118
- * <p>The rule type configuration for the firewall rule. Exactly one member of this union should be set.</p>
1159
+ * <p>The rule type configuration for the firewall rule. This is a tagged union — exactly one of its members will be populated. Possible members are:</p>
1160
+ * <ul>
1161
+ * <li>
1162
+ * <p>
1163
+ * <code>FirewallAdvancedContentCategory</code> — an AWS-managed content category (for example, <code>VIOLENCE_AND_HATE_SPEECH</code>).</p>
1164
+ * </li>
1165
+ * <li>
1166
+ * <p>
1167
+ * <code>FirewallAdvancedThreatCategory</code> — an AWS-managed advanced threat category (for example, <code>PHISHING</code>).</p>
1168
+ * </li>
1169
+ * <li>
1170
+ * <p>
1171
+ * <code>DnsThreatProtection</code> — a built-in DNS Firewall Advanced threat detector (<code>DGA</code>, <code>DNS_TUNNELING</code>, or <code>DICTIONARY_DGA</code>).</p>
1172
+ * </li>
1173
+ * <li>
1174
+ * <p>
1175
+ * <code>PartnerThreatProtection</code> — a third-party threat feed delivered through AWS Marketplace.</p>
1176
+ * </li>
1177
+ * </ul>
1178
+ * <p>To enumerate the values supported in your account, call <a>ListFirewallRuleTypes</a>.</p>
1119
1179
  * @public
1120
1180
  */
1121
1181
  FirewallRuleType?: FirewallRuleType | undefined;
1182
+ /**
1183
+ * <p>The lifecycle state of the firewall rule. Possible values:</p>
1184
+ * <ul>
1185
+ * <li>
1186
+ * <p>
1187
+ * <code>CREATING</code> — DNS Firewall is provisioning the rule. Rules created with the <code>PartnerThreatProtection</code> rule type begin in this state while DNS Firewall verifies the calling account's AWS Marketplace entitlement.</p>
1188
+ * </li>
1189
+ * <li>
1190
+ * <p>
1191
+ * <code>COMPLETE</code> — The rule is provisioned and enforcing matches.</p>
1192
+ * </li>
1193
+ * <li>
1194
+ * <p>
1195
+ * <code>CREATION_FAILED</code> — Provisioning failed. <code>StatusMessage</code> contains a human-readable reason. A rule in this state is immutable: <a>UpdateFirewallRule</a> rejects the request, and the rule must be removed with <a>DeleteFirewallRule</a>.</p>
1196
+ * </li>
1197
+ * </ul>
1198
+ * <p>For rules that do not require asynchronous provisioning, this field may be absent.</p>
1199
+ * @public
1200
+ */
1201
+ Status?: string | undefined;
1202
+ /**
1203
+ * <p>An additional message about the rule's lifecycle state. Populated when <code>Status</code> is <code>CREATION_FAILED</code> to describe why provisioning failed.</p>
1204
+ * @public
1205
+ */
1206
+ StatusMessage?: string | undefined;
1122
1207
  }
1123
1208
  /**
1124
1209
  * <p>An error that occurred while creating a firewall rule in a batch operation.</p>
@@ -1383,7 +1468,7 @@ export interface UpdateFirewallRuleEntry {
1383
1468
  * </li>
1384
1469
  * <li>
1385
1470
  * <p>
1386
- * <code>DICT_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
1471
+ * <code>DICTIONARY_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
1387
1472
  * </li>
1388
1473
  * </ul>
1389
1474
  * @public
@@ -1409,7 +1494,26 @@ export interface UpdateFirewallRuleEntry {
1409
1494
  */
1410
1495
  ConfidenceThreshold?: ConfidenceThreshold | undefined;
1411
1496
  /**
1412
- * <p>The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields.</p>
1497
+ * <p>The rule type configuration for the firewall rule. This is a tagged union — set exactly one of its members. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields. Use one of:</p>
1498
+ * <ul>
1499
+ * <li>
1500
+ * <p>
1501
+ * <code>FirewallAdvancedContentCategory</code> — match an AWS-managed content category (for example, <code>VIOLENCE_AND_HATE_SPEECH</code>).</p>
1502
+ * </li>
1503
+ * <li>
1504
+ * <p>
1505
+ * <code>FirewallAdvancedThreatCategory</code> — match an AWS-managed advanced threat category (for example, <code>PHISHING</code>).</p>
1506
+ * </li>
1507
+ * <li>
1508
+ * <p>
1509
+ * <code>DnsThreatProtection</code> — match a built-in DNS Firewall Advanced threat detector (<code>DGA</code>, <code>DNS_TUNNELING</code>, or <code>DICTIONARY_DGA</code>).</p>
1510
+ * </li>
1511
+ * <li>
1512
+ * <p>
1513
+ * <code>PartnerThreatProtection</code> — match a third-party threat feed delivered through AWS Marketplace. The selected partner must be an active subscription on the calling account.</p>
1514
+ * </li>
1515
+ * </ul>
1516
+ * <p>To enumerate the values supported in your account, call <a>ListFirewallRuleTypes</a>.</p>
1413
1517
  * @public
1414
1518
  */
1415
1519
  FirewallRuleType?: FirewallRuleType | undefined;
@@ -1725,8 +1829,22 @@ export interface CreateFirewallRuleRequest {
1725
1829
  Qtype?: string | undefined;
1726
1830
  /**
1727
1831
  * <p>
1728
- * Use to create a DNS Firewall Advanced rule.
1832
+ * The type of the DNS Firewall Advanced rule. This setting is mutually exclusive with <code>FirewallDomainListId</code> and <code>FirewallRuleType</code>. Valid values are:
1729
1833
  * </p>
1834
+ * <ul>
1835
+ * <li>
1836
+ * <p>
1837
+ * <code>DGA</code>: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks.</p>
1838
+ * </li>
1839
+ * <li>
1840
+ * <p>
1841
+ * <code>DNS_TUNNELING</code>: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.</p>
1842
+ * </li>
1843
+ * <li>
1844
+ * <p>
1845
+ * <code>DICTIONARY_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
1846
+ * </li>
1847
+ * </ul>
1730
1848
  * @public
1731
1849
  */
1732
1850
  DnsThreatProtection?: DnsThreatProtection | undefined;
@@ -1753,7 +1871,26 @@ export interface CreateFirewallRuleRequest {
1753
1871
  */
1754
1872
  ConfidenceThreshold?: ConfidenceThreshold | undefined;
1755
1873
  /**
1756
- * <p>The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields.</p>
1874
+ * <p>The rule type configuration for the firewall rule. This is a tagged union — set exactly one of its members. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields. Use one of:</p>
1875
+ * <ul>
1876
+ * <li>
1877
+ * <p>
1878
+ * <code>FirewallAdvancedContentCategory</code> — match an AWS-managed content category (for example, <code>VIOLENCE_AND_HATE_SPEECH</code>).</p>
1879
+ * </li>
1880
+ * <li>
1881
+ * <p>
1882
+ * <code>FirewallAdvancedThreatCategory</code> — match an AWS-managed advanced threat category (for example, <code>PHISHING</code>).</p>
1883
+ * </li>
1884
+ * <li>
1885
+ * <p>
1886
+ * <code>DnsThreatProtection</code> — match a built-in DNS Firewall Advanced threat detector (<code>DGA</code>, <code>DNS_TUNNELING</code>, or <code>DICTIONARY_DGA</code>).</p>
1887
+ * </li>
1888
+ * <li>
1889
+ * <p>
1890
+ * <code>PartnerThreatProtection</code> — match a third-party threat feed delivered through AWS Marketplace. The selected partner must be an active subscription on the calling account.</p>
1891
+ * </li>
1892
+ * </ul>
1893
+ * <p>To enumerate the values supported in your account, call <a>ListFirewallRuleTypes</a>.</p>
1757
1894
  * @public
1758
1895
  */
1759
1896
  FirewallRuleType?: FirewallRuleType | undefined;
@@ -3260,6 +3397,22 @@ export interface FirewallRuleGroupMetadata {
3260
3397
  */
3261
3398
  ShareStatus?: ShareStatus | undefined;
3262
3399
  }
3400
+ /**
3401
+ * <p>Identifies the AWS Marketplace product that backs a partner-managed rule type. Returned as part of <a>FirewallRuleTypeDefinition</a> when the rule type variant requires an active customer subscription to the named product.</p>
3402
+ * @public
3403
+ */
3404
+ export interface SubscriptionInfo {
3405
+ /**
3406
+ * <p>The name of the AWS Marketplace seller (vendor) that publishes the partner threat-protection product (for example, <code>Palo Alto Networks</code>).</p>
3407
+ * @public
3408
+ */
3409
+ VendorName?: string | undefined;
3410
+ /**
3411
+ * <p>The AWS Marketplace product identifier of the partner threat-protection product. Use this value to verify or manage the calling account's subscription in AWS Marketplace.</p>
3412
+ * @public
3413
+ */
3414
+ ProductId?: string | undefined;
3415
+ }
3263
3416
  /**
3264
3417
  * <p>The definition of an available rule type that can be used in DNS Firewall rules. This is returned by <a>ListFirewallRuleTypes</a>.</p>
3265
3418
  * @public
@@ -3285,6 +3438,11 @@ export interface FirewallRuleTypeDefinition {
3285
3438
  * @public
3286
3439
  */
3287
3440
  Description?: string | undefined;
3441
+ /**
3442
+ * <p>For rule types that require an external subscription (today, only the <code>PartnerThreatProtection</code> variant), describes the AWS Marketplace product that backs the rule type. Absent for rule types that are managed by AWS and do not require a separate subscription. See <a>SubscriptionInfo</a>.</p>
3443
+ * @public
3444
+ */
3445
+ SubscriptionInfo?: SubscriptionInfo | undefined;
3288
3446
  }
3289
3447
  /**
3290
3448
  * @public
@@ -4086,7 +4244,7 @@ export interface ListFirewallRulesResponse {
4086
4244
  */
4087
4245
  export interface ListFirewallRuleTypesRequest {
4088
4246
  /**
4089
- * <p>The rule type to filter by. If specified, only rule types matching this value are returned.</p>
4247
+ * <p>An optional filter that restricts the response to a single <a>FirewallRuleType</a> variant. Supported values: <code>FirewallAdvancedContentCategory</code>, <code>FirewallAdvancedThreatCategory</code>, <code>DnsThreatProtection</code>, and <code>PartnerThreatProtection</code>. If omitted, definitions across all variants are returned.</p>
4090
4248
  * @public
4091
4249
  */
4092
4250
  RuleType?: string | undefined;
@@ -5311,19 +5469,23 @@ export interface UpdateFirewallRuleRequest {
5311
5469
  Qtype?: string | undefined;
5312
5470
  /**
5313
5471
  * <p>
5314
- * The type of the DNS Firewall Advanced rule. Valid values are:
5472
+ * The type of the DNS Firewall Advanced rule. This setting is mutually exclusive with <code>FirewallDomainListId</code> and <code>FirewallRuleType</code>. Valid values are:
5315
5473
  * </p>
5316
5474
  * <ul>
5317
5475
  * <li>
5318
5476
  * <p>
5319
5477
  * <code>DGA</code>: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains
5320
- * to to launch malware attacks.</p>
5478
+ * to launch malware attacks.</p>
5321
5479
  * </li>
5322
5480
  * <li>
5323
5481
  * <p>
5324
5482
  * <code>DNS_TUNNELING</code>: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without
5325
5483
  * making a network connection to the client.</p>
5326
5484
  * </li>
5485
+ * <li>
5486
+ * <p>
5487
+ * <code>DICTIONARY_DGA</code>: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.</p>
5488
+ * </li>
5327
5489
  * </ul>
5328
5490
  * @public
5329
5491
  */
@@ -5351,7 +5513,26 @@ export interface UpdateFirewallRuleRequest {
5351
5513
  */
5352
5514
  ConfidenceThreshold?: ConfidenceThreshold | undefined;
5353
5515
  /**
5354
- * <p>The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields.</p>
5516
+ * <p>The rule type configuration for the firewall rule. This is a tagged union — set exactly one of its members. This setting is mutually exclusive with the top-level <code>FirewallDomainListId</code> and <code>DnsThreatProtection</code> fields. Use one of:</p>
5517
+ * <ul>
5518
+ * <li>
5519
+ * <p>
5520
+ * <code>FirewallAdvancedContentCategory</code> — match an AWS-managed content category (for example, <code>VIOLENCE_AND_HATE_SPEECH</code>).</p>
5521
+ * </li>
5522
+ * <li>
5523
+ * <p>
5524
+ * <code>FirewallAdvancedThreatCategory</code> — match an AWS-managed advanced threat category (for example, <code>PHISHING</code>).</p>
5525
+ * </li>
5526
+ * <li>
5527
+ * <p>
5528
+ * <code>DnsThreatProtection</code> — match a built-in DNS Firewall Advanced threat detector (<code>DGA</code>, <code>DNS_TUNNELING</code>, or <code>DICTIONARY_DGA</code>).</p>
5529
+ * </li>
5530
+ * <li>
5531
+ * <p>
5532
+ * <code>PartnerThreatProtection</code> — match a third-party threat feed delivered through AWS Marketplace. The selected partner must be an active subscription on the calling account.</p>
5533
+ * </li>
5534
+ * </ul>
5535
+ * <p>To enumerate the values supported in your account, call <a>ListFirewallRuleTypes</a>.</p>
5355
5536
  * @public
5356
5537
  */
5357
5538
  FirewallRuleType?: FirewallRuleType | undefined;
@@ -162,6 +162,7 @@ export declare var ListResolverRulesResponse$: StaticStructureSchema;
162
162
  export declare var ListTagsForResourceRequest$: StaticStructureSchema;
163
163
  export declare var ListTagsForResourceResponse$: StaticStructureSchema;
164
164
  export declare var OutpostResolver$: StaticStructureSchema;
165
+ export declare var PartnerThreatProtectionConfig$: StaticStructureSchema;
165
166
  export declare var PutFirewallRuleGroupPolicyRequest$: StaticStructureSchema;
166
167
  export declare var PutFirewallRuleGroupPolicyResponse$: StaticStructureSchema;
167
168
  export declare var PutResolverQueryLogConfigPolicyRequest$: StaticStructureSchema;
@@ -176,6 +177,7 @@ export declare var ResolverQueryLogConfigAssociation$: StaticStructureSchema;
176
177
  export declare var ResolverRule$: StaticStructureSchema;
177
178
  export declare var ResolverRuleAssociation$: StaticStructureSchema;
178
179
  export declare var ResolverRuleConfig$: StaticStructureSchema;
180
+ export declare var SubscriptionInfo$: StaticStructureSchema;
179
181
  export declare var Tag$: StaticStructureSchema;
180
182
  export declare var TagResourceRequest$: StaticStructureSchema;
181
183
  export declare var TagResourceResponse$: StaticStructureSchema;
@@ -221,6 +221,7 @@ export declare const IpAddressStatus: {
221
221
  readonly Deleting: "DELETING";
222
222
  readonly Detaching: "DETACHING";
223
223
  readonly FailedCreation: "FAILED_CREATION";
224
+ readonly FailedCreationInsufficientEC2CapacityInOutpost: "FAILED_CREATION_INSUFFICIENT_EC2_CAPACITY_IN_OUTPOST";
224
225
  readonly FailedResourceGone: "FAILED_RESOURCE_GONE";
225
226
  readonly Isolated: "ISOLATED";
226
227
  readonly RemapAttaching: "REMAP_ATTACHING";
@@ -142,7 +142,11 @@ export interface FirewallAdvancedContentCategoryConfig {
142
142
  export interface FirewallAdvancedThreatCategoryConfig {
143
143
  Category: string | undefined;
144
144
  }
145
+ export interface PartnerThreatProtectionConfig {
146
+ Partner: string | undefined;
147
+ }
145
148
  export interface FirewallRuleType {
149
+ PartnerThreatProtection?: PartnerThreatProtectionConfig | undefined;
146
150
  FirewallAdvancedContentCategory?:
147
151
  | FirewallAdvancedContentCategoryConfig
148
152
  | undefined;
@@ -190,6 +194,8 @@ export interface FirewallRule {
190
194
  DnsThreatProtection?: DnsThreatProtection | undefined;
191
195
  ConfidenceThreshold?: ConfidenceThreshold | undefined;
192
196
  FirewallRuleType?: FirewallRuleType | undefined;
197
+ Status?: string | undefined;
198
+ StatusMessage?: string | undefined;
193
199
  }
194
200
  export interface BatchCreateFirewallRuleError {
195
201
  FirewallRule?: CreateFirewallRuleEntry | undefined;
@@ -517,11 +523,16 @@ export interface FirewallRuleGroupMetadata {
517
523
  CreatorRequestId?: string | undefined;
518
524
  ShareStatus?: ShareStatus | undefined;
519
525
  }
526
+ export interface SubscriptionInfo {
527
+ VendorName?: string | undefined;
528
+ ProductId?: string | undefined;
529
+ }
520
530
  export interface FirewallRuleTypeDefinition {
521
531
  RuleType?: string | undefined;
522
532
  Value?: string | undefined;
523
533
  DisplayName?: string | undefined;
524
534
  Description?: string | undefined;
535
+ SubscriptionInfo?: SubscriptionInfo | undefined;
525
536
  }
526
537
  export interface GetFirewallConfigRequest {
527
538
  ResourceId: string | undefined;
@@ -161,6 +161,7 @@ export declare var ListResolverRulesResponse$: StaticStructureSchema;
161
161
  export declare var ListTagsForResourceRequest$: StaticStructureSchema;
162
162
  export declare var ListTagsForResourceResponse$: StaticStructureSchema;
163
163
  export declare var OutpostResolver$: StaticStructureSchema;
164
+ export declare var PartnerThreatProtectionConfig$: StaticStructureSchema;
164
165
  export declare var PutFirewallRuleGroupPolicyRequest$: StaticStructureSchema;
165
166
  export declare var PutFirewallRuleGroupPolicyResponse$: StaticStructureSchema;
166
167
  export declare var PutResolverQueryLogConfigPolicyRequest$: StaticStructureSchema;
@@ -175,6 +176,7 @@ export declare var ResolverQueryLogConfigAssociation$: StaticStructureSchema;
175
176
  export declare var ResolverRule$: StaticStructureSchema;
176
177
  export declare var ResolverRuleAssociation$: StaticStructureSchema;
177
178
  export declare var ResolverRuleConfig$: StaticStructureSchema;
179
+ export declare var SubscriptionInfo$: StaticStructureSchema;
178
180
  export declare var Tag$: StaticStructureSchema;
179
181
  export declare var TagResourceRequest$: StaticStructureSchema;
180
182
  export declare var TagResourceResponse$: StaticStructureSchema;
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@aws-sdk/client-route53resolver",
3
3
  "description": "AWS SDK for JavaScript Route53resolver Client for Node.js, Browser and React Native",
4
- "version": "3.1069.0",
4
+ "version": "3.1071.0",
5
5
  "scripts": {
6
6
  "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
7
7
  "build:cjs": "node ../../scripts/compilation/inline",
@@ -21,8 +21,8 @@
21
21
  "dependencies": {
22
22
  "@aws-crypto/sha256-browser": "5.2.0",
23
23
  "@aws-crypto/sha256-js": "5.2.0",
24
- "@aws-sdk/core": "^3.974.21",
25
- "@aws-sdk/credential-provider-node": "^3.972.56",
24
+ "@aws-sdk/core": "^3.974.22",
25
+ "@aws-sdk/credential-provider-node": "^3.972.57",
26
26
  "@aws-sdk/types": "^3.973.13",
27
27
  "@smithy/core": "^3.24.6",
28
28
  "@smithy/fetch-http-handler": "^5.4.6",