@aws-sdk/client-route53resolver 3.692.0 → 3.694.0

package/dist-cjs/index.js

@@ -30,6 +30,7 @@ __export(src_exports, {
   AutodefinedReverseFlag: () => AutodefinedReverseFlag,
   BlockOverrideDnsType: () => BlockOverrideDnsType,
   BlockResponse: () => BlockResponse,
+  ConfidenceThreshold: () => ConfidenceThreshold,
   ConflictException: () => ConflictException,
   CreateFirewallDomainListCommand: () => CreateFirewallDomainListCommand,
   CreateFirewallRuleCommand: () => CreateFirewallRuleCommand,
@@ -49,6 +50,7 @@ __export(src_exports, {
   DisassociateResolverEndpointIpAddressCommand: () => DisassociateResolverEndpointIpAddressCommand,
   DisassociateResolverQueryLogConfigCommand: () => DisassociateResolverQueryLogConfigCommand,
   DisassociateResolverRuleCommand: () => DisassociateResolverRuleCommand,
+  DnsThreatProtection: () => DnsThreatProtection,
   FirewallDomainImportOperation: () => FirewallDomainImportOperation,
   FirewallDomainListStatus: () => FirewallDomainListStatus,
   FirewallDomainRedirectionAction: () => FirewallDomainRedirectionAction,
@@ -596,6 +598,11 @@ var BlockResponse = {
   NXDOMAIN: "NXDOMAIN",
   OVERRIDE: "OVERRIDE"
 };
+var ConfidenceThreshold = {
+  HIGH: "HIGH",
+  LOW: "LOW",
+  MEDIUM: "MEDIUM"
+};
 var FirewallDomainListStatus = {
   COMPLETE: "COMPLETE",
   COMPLETE_IMPORT_FAILED: "COMPLETE_IMPORT_FAILED",
@@ -603,6 +610,10 @@ var FirewallDomainListStatus = {
   IMPORTING: "IMPORTING",
   UPDATING: "UPDATING"
 };
+var DnsThreatProtection = {
+  DGA: "DGA",
+  DNS_TUNNELING: "DNS_TUNNELING"
+};
 var FirewallDomainRedirectionAction = {
   INSPECT_REDIRECTION_DOMAIN: "INSPECT_REDIRECTION_DOMAIN",
   TRUST_REDIRECTION_DOMAIN: "TRUST_REDIRECTION_DOMAIN"
@@ -2350,7 +2361,9 @@ var se_CreateFirewallRuleRequest = /* @__PURE__ */ __name((input, context) => {
     BlockOverrideDomain: [],
     BlockOverrideTtl: [],
     BlockResponse: [],
+    ConfidenceThreshold: [],
     CreatorRequestId: [true, (_) => _ ?? (0, import_uuid.v4)()],
+    DnsThreatProtection: [],
     FirewallDomainListId: [],
     FirewallDomainRedirectionAction: [],
     FirewallRuleGroupId: [],
@@ -3605,7 +3618,9 @@ var paginateListTagsForResource = (0, import_core.createPaginator)(Route53Resolv
   AutodefinedReverseFlag,
   BlockOverrideDnsType,
   BlockResponse,
+  ConfidenceThreshold,
   FirewallDomainListStatus,
+  DnsThreatProtection,
   FirewallDomainRedirectionAction,
   ShareStatus,
   FirewallRuleGroupStatus,

package/dist-es/models/models_0.js

@@ -216,6 +216,11 @@ export const BlockResponse = {
     NXDOMAIN: "NXDOMAIN",
     OVERRIDE: "OVERRIDE",
 };
+export const ConfidenceThreshold = {
+    HIGH: "HIGH",
+    LOW: "LOW",
+    MEDIUM: "MEDIUM",
+};
 export const FirewallDomainListStatus = {
     COMPLETE: "COMPLETE",
     COMPLETE_IMPORT_FAILED: "COMPLETE_IMPORT_FAILED",
@@ -223,6 +228,10 @@ export const FirewallDomainListStatus = {
     IMPORTING: "IMPORTING",
     UPDATING: "UPDATING",
 };
+export const DnsThreatProtection = {
+    DGA: "DGA",
+    DNS_TUNNELING: "DNS_TUNNELING",
+};
 export const FirewallDomainRedirectionAction = {
     INSPECT_REDIRECTION_DOMAIN: "INSPECT_REDIRECTION_DOMAIN",
     TRUST_REDIRECTION_DOMAIN: "TRUST_REDIRECTION_DOMAIN",

package/dist-es/protocols/Aws_json1_1.js

@@ -1548,7 +1548,9 @@ const se_CreateFirewallRuleRequest = (input, context) => {
         BlockOverrideDomain: [],
         BlockOverrideTtl: [],
         BlockResponse: [],
+        ConfidenceThreshold: [],
         CreatorRequestId: [true, (_) => _ ?? generateIdempotencyToken()],
+        DnsThreatProtection: [],
         FirewallDomainListId: [],
         FirewallDomainRedirectionAction: [],
         FirewallRuleGroupId: [],

package/dist-types/commands/CreateFirewallRuleCommand.d.ts

@@ -37,7 +37,7 @@ declare const CreateFirewallRuleCommand_base: {
  * const input = { // CreateFirewallRuleRequest
  *   CreatorRequestId: "STRING_VALUE", // required
  *   FirewallRuleGroupId: "STRING_VALUE", // required
- *   FirewallDomainListId: "STRING_VALUE", // required
+ *   FirewallDomainListId: "STRING_VALUE",
  *   Priority: Number("int"), // required
  *   Action: "ALLOW" || "BLOCK" || "ALERT", // required
  *   BlockResponse: "NODATA" || "NXDOMAIN" || "OVERRIDE",
@@ -47,6 +47,8 @@ declare const CreateFirewallRuleCommand_base: {
  *   Name: "STRING_VALUE", // required
  *   FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN",
  *   Qtype: "STRING_VALUE",
+ *   DnsThreatProtection: "DGA" || "DNS_TUNNELING",
+ *   ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
  * };
  * const command = new CreateFirewallRuleCommand(input);
  * const response = await client.send(command);
@@ -54,6 +56,7 @@ declare const CreateFirewallRuleCommand_base: {
  * //   FirewallRule: { // FirewallRule
  * //     FirewallRuleGroupId: "STRING_VALUE",
  * //     FirewallDomainListId: "STRING_VALUE",
+ * //     FirewallThreatProtectionId: "STRING_VALUE",
  * //     Name: "STRING_VALUE",
  * //     Priority: Number("int"),
  * //     Action: "ALLOW" || "BLOCK" || "ALERT",
@@ -66,6 +69,8 @@ declare const CreateFirewallRuleCommand_base: {
  * //     ModificationTime: "STRING_VALUE",
  * //     FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN",
  * //     Qtype: "STRING_VALUE",
+ * //     DnsThreatProtection: "DGA" || "DNS_TUNNELING",
+ * //     ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
  * //   },
  * // };
  *

package/dist-types/commands/DeleteFirewallRuleCommand.d.ts

@@ -36,7 +36,8 @@ declare const DeleteFirewallRuleCommand_base: {
  * const client = new Route53ResolverClient(config);
  * const input = { // DeleteFirewallRuleRequest
  *   FirewallRuleGroupId: "STRING_VALUE", // required
- *   FirewallDomainListId: "STRING_VALUE", // required
+ *   FirewallDomainListId: "STRING_VALUE",
+ *   FirewallThreatProtectionId: "STRING_VALUE",
  *   Qtype: "STRING_VALUE",
  * };
  * const command = new DeleteFirewallRuleCommand(input);
@@ -45,6 +46,7 @@ declare const DeleteFirewallRuleCommand_base: {
  * //   FirewallRule: { // FirewallRule
  * //     FirewallRuleGroupId: "STRING_VALUE",
  * //     FirewallDomainListId: "STRING_VALUE",
+ * //     FirewallThreatProtectionId: "STRING_VALUE",
  * //     Name: "STRING_VALUE",
  * //     Priority: Number("int"),
  * //     Action: "ALLOW" || "BLOCK" || "ALERT",
@@ -57,6 +59,8 @@ declare const DeleteFirewallRuleCommand_base: {
  * //     ModificationTime: "STRING_VALUE",
  * //     FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN",
  * //     Qtype: "STRING_VALUE",
+ * //     DnsThreatProtection: "DGA" || "DNS_TUNNELING",
+ * //     ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
  * //   },
  * // };
  *
@@ -82,6 +86,10 @@ declare const DeleteFirewallRuleCommand_base: {
  * @throws {@link ThrottlingException} (client fault)
  *  <p>The request was throttled. Try again in a few minutes.</p>
  *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>You have provided an invalid command. If you ran the <code>UpdateFirewallDomains</code> request. supported values are <code>ADD</code>,
+ * 			<code>REMOVE</code>, or <code>REPLACE</code> a domain.</p>
+ *
  * @throws {@link Route53ResolverServiceException}
  * <p>Base exception class for all service exceptions from Route53Resolver service.</p>
  *

package/dist-types/commands/ListFirewallRulesCommand.d.ts

@@ -50,6 +50,7 @@ declare const ListFirewallRulesCommand_base: {
  * //     { // FirewallRule
  * //       FirewallRuleGroupId: "STRING_VALUE",
  * //       FirewallDomainListId: "STRING_VALUE",
+ * //       FirewallThreatProtectionId: "STRING_VALUE",
  * //       Name: "STRING_VALUE",
  * //       Priority: Number("int"),
  * //       Action: "ALLOW" || "BLOCK" || "ALERT",
@@ -62,6 +63,8 @@ declare const ListFirewallRulesCommand_base: {
  * //       ModificationTime: "STRING_VALUE",
  * //       FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN",
  * //       Qtype: "STRING_VALUE",
+ * //       DnsThreatProtection: "DGA" || "DNS_TUNNELING",
+ * //       ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
  * //     },
  * //   ],
  * // };

package/dist-types/commands/UpdateFirewallRuleCommand.d.ts

@@ -36,7 +36,8 @@ declare const UpdateFirewallRuleCommand_base: {
  * const client = new Route53ResolverClient(config);
  * const input = { // UpdateFirewallRuleRequest
  *   FirewallRuleGroupId: "STRING_VALUE", // required
- *   FirewallDomainListId: "STRING_VALUE", // required
+ *   FirewallDomainListId: "STRING_VALUE",
+ *   FirewallThreatProtectionId: "STRING_VALUE",
  *   Priority: Number("int"),
  *   Action: "ALLOW" || "BLOCK" || "ALERT",
  *   BlockResponse: "NODATA" || "NXDOMAIN" || "OVERRIDE",
@@ -46,6 +47,8 @@ declare const UpdateFirewallRuleCommand_base: {
  *   Name: "STRING_VALUE",
  *   FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN",
  *   Qtype: "STRING_VALUE",
+ *   DnsThreatProtection: "DGA" || "DNS_TUNNELING",
+ *   ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
  * };
  * const command = new UpdateFirewallRuleCommand(input);
  * const response = await client.send(command);
@@ -53,6 +56,7 @@ declare const UpdateFirewallRuleCommand_base: {
  * //   FirewallRule: { // FirewallRule
  * //     FirewallRuleGroupId: "STRING_VALUE",
  * //     FirewallDomainListId: "STRING_VALUE",
+ * //     FirewallThreatProtectionId: "STRING_VALUE",
  * //     Name: "STRING_VALUE",
  * //     Priority: Number("int"),
  * //     Action: "ALLOW" || "BLOCK" || "ALERT",
@@ -65,6 +69,8 @@ declare const UpdateFirewallRuleCommand_base: {
  * //     ModificationTime: "STRING_VALUE",
  * //     FirewallDomainRedirectionAction: "INSPECT_REDIRECTION_DOMAIN" || "TRUST_REDIRECTION_DOMAIN",
  * //     Qtype: "STRING_VALUE",
+ * //     DnsThreatProtection: "DGA" || "DNS_TUNNELING",
+ * //     ConfidenceThreshold: "LOW" || "MEDIUM" || "HIGH",
  * //   },
  * // };
  *

package/dist-types/models/models_0.d.ts

@@ -737,7 +737,7 @@ export interface ResolverQueryLogConfigAssociation {
      *             </li>
      *             <li>
      *                <p>
-     *                   <code>CREATED</code>: The association between an Amazon VPC and a query logging configuration
+     *                   <code>ACTIVE</code>: The association between an Amazon VPC and a query logging configuration
      * 				was successfully created. Resolver is logging queries that originate in the specified VPC.</p>
      *             </li>
      *             <li>
@@ -934,6 +934,19 @@ export declare const BlockResponse: {
  * @public
  */
 export type BlockResponse = (typeof BlockResponse)[keyof typeof BlockResponse];
+/**
+ * @public
+ * @enum
+ */
+export declare const ConfidenceThreshold: {
+    readonly HIGH: "HIGH";
+    readonly LOW: "LOW";
+    readonly MEDIUM: "MEDIUM";
+};
+/**
+ * @public
+ */
+export type ConfidenceThreshold = (typeof ConfidenceThreshold)[keyof typeof ConfidenceThreshold];
 /**
  * @public
  */
@@ -1040,6 +1053,18 @@ export interface CreateFirewallDomainListResponse {
      */
     FirewallDomainList?: FirewallDomainList | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const DnsThreatProtection: {
+    readonly DGA: "DGA";
+    readonly DNS_TUNNELING: "DNS_TUNNELING";
+};
+/**
+ * @public
+ */
+export type DnsThreatProtection = (typeof DnsThreatProtection)[keyof typeof DnsThreatProtection];
 /**
  * @public
  * @enum
@@ -1069,10 +1094,10 @@ export interface CreateFirewallRuleRequest {
      */
     FirewallRuleGroupId: string | undefined;
     /**
-     * <p>The ID of the domain list that you want to use in the rule. </p>
+     * <p>The ID of the domain list that you want to use in the rule. Can't be used together with <code>DnsThreatProtecton</code>.</p>
      * @public
      */
-    FirewallDomainListId: string | undefined;
+    FirewallDomainListId?: string | undefined;
     /**
      * <p>The setting that determines the processing order of the rule in the rule group. DNS Firewall
      *            processes the rules in a rule group by order of priority, starting from the lowest setting.</p>
@@ -1083,11 +1108,11 @@ export interface CreateFirewallRuleRequest {
      */
     Priority: number | undefined;
     /**
-     * <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:</p>
+     * <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:</p>
      *          <ul>
      *             <li>
      *                <p>
-     *                   <code>ALLOW</code> - Permit the request to go through.</p>
+     *                   <code>ALLOW</code> - Permit the request to go through. Not available for DNS Firewall Advanced rules.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -1150,10 +1175,10 @@ export interface CreateFirewallRuleRequest {
      * 			How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.
      * 		</p>
      *          <p>
-     *             <code>Inspect_Redirection_Domain </code>(Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
+     *             <code>INSPECT_REDIRECTION_DOMAIN</code>: (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
      * 			added to the domain list.</p>
      *          <p>
-     *             <code>Trust_Redirection_Domain </code> inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
+     *             <code>TRUST_REDIRECTION_DOMAIN</code>: Inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
      * 			the domain list.</p>
      * @public
      */
@@ -1214,6 +1239,35 @@ export interface CreateFirewallRuleRequest {
      * @public
      */
     Qtype?: string | undefined;
+    /**
+     * <p>
+     * 			Use to create a DNS Firewall Advanced rule.
+     * 		</p>
+     * @public
+     */
+    DnsThreatProtection?: DnsThreatProtection | undefined;
+    /**
+     * <p>
+     * 			The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule. The confidence
+     * 			level values mean:
+     * 		</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>LOW</code>: Provides the highest detection rate for threats, but also increases false positives.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>MEDIUM</code>: Provides a balance between detecting threats and false positives.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>HIGH</code>: Detects only the most well corroborated threats with a low rate of false positives. </p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ConfidenceThreshold?: ConfidenceThreshold | undefined;
 }
 /**
  * <p>A single firewall rule in a rule group.</p>
@@ -1221,7 +1275,7 @@ export interface CreateFirewallRuleRequest {
  */
 export interface FirewallRule {
     /**
-     * <p>The unique identifier of the firewall rule group of the rule. </p>
+     * <p>The unique identifier of the Firewall rule group of the rule. </p>
      * @public
      */
     FirewallRuleGroupId?: string | undefined;
@@ -1230,6 +1284,13 @@ export interface FirewallRule {
      * @public
      */
     FirewallDomainListId?: string | undefined;
+    /**
+     * <p>
+     * 			ID of the DNS Firewall Advanced rule.
+     * 		</p>
+     * @public
+     */
+    FirewallThreatProtectionId?: string | undefined;
     /**
      * <p>The name of the rule. </p>
      * @public
@@ -1241,11 +1302,11 @@ export interface FirewallRule {
      */
     Priority?: number | undefined;
     /**
-     * <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:</p>
+     * <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:</p>
      *          <ul>
      *             <li>
      *                <p>
-     *                   <code>ALLOW</code> - Permit the request to go through.</p>
+     *                   <code>ALLOW</code> - Permit the request to go through. Not available for DNS Firewall Advanced rules.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -1314,10 +1375,10 @@ export interface FirewallRule {
      * 			How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.
      * 		</p>
      *          <p>
-     *             <code>Inspect_Redirection_Domain </code>(Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
+     *             <code>INSPECT_REDIRECTION_DOMAIN</code>: (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
      * 			added to the domain list.</p>
      *          <p>
-     *             <code>Trust_Redirection_Domain </code> inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
+     *             <code>TRUST_REDIRECTION_DOMAIN</code>: Inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
      * 			the domain list.</p>
      * @public
      */
@@ -1378,6 +1439,47 @@ export interface FirewallRule {
      * @public
      */
     Qtype?: string | undefined;
+    /**
+     * <p>
+     * 			The type of the DNS Firewall Advanced rule. Valid values are:
+     * 		</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>DGA</code>: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains
+     * 				to to launch malware attacks.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DNS_TUNNELING</code>: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without
+     * 				making a network connection to the client.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    DnsThreatProtection?: DnsThreatProtection | undefined;
+    /**
+     * <p>
+     * 			The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule. The confidence
+     * 			level values mean:
+     * 		</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>LOW</code>: Provides the highest detection rate for threats, but also increases false positives.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>MEDIUM</code>: Provides a balance between detecting threats and false positives.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>HIGH</code>: Detects only the most well corroborated threats with a low rate of false positives. </p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ConfidenceThreshold?: ConfidenceThreshold | undefined;
 }
 /**
  * @public
@@ -2032,45 +2134,7 @@ export interface TargetAddress {
     Ipv6?: string | undefined;
     /**
      * <p>
-     * 			The protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.
-     *
-     * 		</p>
-     *          <p>For an inbound endpoint you can apply the protocols as follows:</p>
-     *          <ul>
-     *             <li>
-     *                <p> Do53  and DoH in combination.</p>
-     *             </li>
-     *             <li>
-     *                <p>Do53  and DoH-FIPS in combination.</p>
-     *             </li>
-     *             <li>
-     *                <p>Do53 alone.</p>
-     *             </li>
-     *             <li>
-     *                <p>DoH alone.</p>
-     *             </li>
-     *             <li>
-     *                <p>DoH-FIPS alone.</p>
-     *             </li>
-     *             <li>
-     *                <p>None, which is treated as Do53.</p>
-     *             </li>
-     *          </ul>
-     *          <p>For an outbound endpoint you can apply the protocols as follows:</p>
-     *          <ul>
-     *             <li>
-     *                <p> Do53  and DoH in combination.</p>
-     *             </li>
-     *             <li>
-     *                <p>Do53 alone.</p>
-     *             </li>
-     *             <li>
-     *                <p>DoH alone.</p>
-     *             </li>
-     *             <li>
-     *                <p>None, which is treated as Do53.</p>
-     *             </li>
-     *          </ul>
+     * 			The protocols for the target address. The protocol you choose needs to be supported by the outbound endpoint of the Resolver rule.</p>
      * @public
      */
     Protocol?: Protocol | undefined;
@@ -2288,7 +2352,14 @@ export interface DeleteFirewallRuleRequest {
      * <p>The ID of the domain list that's used in the rule.  </p>
      * @public
      */
-    FirewallDomainListId: string | undefined;
+    FirewallDomainListId?: string | undefined;
+    /**
+     * <p>
+     * 			The ID that is created for a DNS Firewall Advanced rule.
+     * 		</p>
+     * @public
+     */
+    FirewallThreatProtectionId?: string | undefined;
     /**
      * <p>
      * 			The DNS query type that the rule you are deleting evaluates. Allowed values are;
@@ -3828,11 +3899,11 @@ export interface ListFirewallRulesRequest {
     Priority?: number | undefined;
     /**
      * <p>Optional additional filter for the rules to retrieve.</p>
-     *          <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:</p>
+     *          <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:</p>
      *          <ul>
      *             <li>
      *                <p>
-     *                   <code>ALLOW</code> - Permit the request to go through.</p>
+     *                   <code>ALLOW</code> - Permit the request to go through. Not availabe for DNS Firewall Advanced rules.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -4938,7 +5009,14 @@ export interface UpdateFirewallRuleRequest {
      * <p>The ID of the domain list to use in the rule.  </p>
      * @public
      */
-    FirewallDomainListId: string | undefined;
+    FirewallDomainListId?: string | undefined;
+    /**
+     * <p>
+     * 			The DNS Firewall Advanced rule ID.
+     * 		</p>
+     * @public
+     */
+    FirewallThreatProtectionId?: string | undefined;
     /**
      * <p>The setting that determines the processing order of the rule in the rule group. DNS Firewall
      *            processes the rules in a rule group by order of priority, starting from the lowest setting.</p>
@@ -4949,11 +5027,11 @@ export interface UpdateFirewallRuleRequest {
      */
     Priority?: number | undefined;
     /**
-     * <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:</p>
+     * <p>The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:</p>
      *          <ul>
      *             <li>
      *                <p>
-     *                   <code>ALLOW</code> - Permit the request to go through.</p>
+     *                   <code>ALLOW</code> - Permit the request to go through. Not available for DNS Firewall Advanced rules.</p>
      *             </li>
      *             <li>
      *                <p>
@@ -5011,10 +5089,10 @@ export interface UpdateFirewallRuleRequest {
      * 			How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.
      * 		</p>
      *          <p>
-     *             <code>Inspect_Redirection_Domain </code>(Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
+     *             <code>INSPECT_REDIRECTION_DOMAIN</code>: (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be
      * 			added to the domain list.</p>
      *          <p>
-     *             <code>Trust_Redirection_Domain </code> inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
+     *             <code>TRUST_REDIRECTION_DOMAIN</code>: Inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to
      * 			the domain list.</p>
      * @public
      */
@@ -5079,6 +5157,47 @@ export interface UpdateFirewallRuleRequest {
      * @public
      */
     Qtype?: string | undefined;
+    /**
+     * <p>
+     * 			The type of the DNS Firewall Advanced rule. Valid values are:
+     * 		</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>DGA</code>: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains
+     * 				to to launch malware attacks.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>DNS_TUNNELING</code>: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without
+     * 				making a network connection to the client.</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    DnsThreatProtection?: DnsThreatProtection | undefined;
+    /**
+     * <p>
+     * 			The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule. The confidence
+     * 			level values mean:
+     * 		</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <code>LOW</code>: Provides the highest detection rate for threats, but also increases false positives.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>MEDIUM</code>: Provides a balance between detecting threats and false positives.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <code>HIGH</code>: Detects only the most well corroborated threats with a low rate of false positives. </p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ConfidenceThreshold?: ConfidenceThreshold | undefined;
 }
 /**
  * @public

package/dist-types/ts3.4/models/models_0.d.ts

@@ -279,6 +279,13 @@ export declare const BlockResponse: {
   readonly OVERRIDE: "OVERRIDE";
 };
 export type BlockResponse = (typeof BlockResponse)[keyof typeof BlockResponse];
+export declare const ConfidenceThreshold: {
+  readonly HIGH: "HIGH";
+  readonly LOW: "LOW";
+  readonly MEDIUM: "MEDIUM";
+};
+export type ConfidenceThreshold =
+  (typeof ConfidenceThreshold)[keyof typeof ConfidenceThreshold];
 export interface CreateFirewallDomainListRequest {
   CreatorRequestId?: string | undefined;
   Name: string | undefined;
@@ -308,6 +315,12 @@ export interface FirewallDomainList {
 export interface CreateFirewallDomainListResponse {
   FirewallDomainList?: FirewallDomainList | undefined;
 }
+export declare const DnsThreatProtection: {
+  readonly DGA: "DGA";
+  readonly DNS_TUNNELING: "DNS_TUNNELING";
+};
+export type DnsThreatProtection =
+  (typeof DnsThreatProtection)[keyof typeof DnsThreatProtection];
 export declare const FirewallDomainRedirectionAction: {
   readonly INSPECT_REDIRECTION_DOMAIN: "INSPECT_REDIRECTION_DOMAIN";
   readonly TRUST_REDIRECTION_DOMAIN: "TRUST_REDIRECTION_DOMAIN";
@@ -317,7 +330,7 @@ export type FirewallDomainRedirectionAction =
 export interface CreateFirewallRuleRequest {
   CreatorRequestId?: string | undefined;
   FirewallRuleGroupId: string | undefined;
-  FirewallDomainListId: string | undefined;
+  FirewallDomainListId?: string | undefined;
   Priority: number | undefined;
   Action: Action | undefined;
   BlockResponse?: BlockResponse | undefined;
@@ -327,10 +340,13 @@ export interface CreateFirewallRuleRequest {
   Name: string | undefined;
   FirewallDomainRedirectionAction?: FirewallDomainRedirectionAction | undefined;
   Qtype?: string | undefined;
+  DnsThreatProtection?: DnsThreatProtection | undefined;
+  ConfidenceThreshold?: ConfidenceThreshold | undefined;
 }
 export interface FirewallRule {
   FirewallRuleGroupId?: string | undefined;
   FirewallDomainListId?: string | undefined;
+  FirewallThreatProtectionId?: string | undefined;
   Name?: string | undefined;
   Priority?: number | undefined;
   Action?: Action | undefined;
@@ -343,6 +359,8 @@ export interface FirewallRule {
   ModificationTime?: string | undefined;
   FirewallDomainRedirectionAction?: FirewallDomainRedirectionAction | undefined;
   Qtype?: string | undefined;
+  DnsThreatProtection?: DnsThreatProtection | undefined;
+  ConfidenceThreshold?: ConfidenceThreshold | undefined;
 }
 export interface CreateFirewallRuleResponse {
   FirewallRule?: FirewallRule | undefined;
@@ -531,7 +549,8 @@ export interface DeleteFirewallDomainListResponse {
 }
 export interface DeleteFirewallRuleRequest {
   FirewallRuleGroupId: string | undefined;
-  FirewallDomainListId: string | undefined;
+  FirewallDomainListId?: string | undefined;
+  FirewallThreatProtectionId?: string | undefined;
   Qtype?: string | undefined;
 }
 export interface DeleteFirewallRuleResponse {
@@ -1062,7 +1081,8 @@ export interface UpdateFirewallDomainsResponse {
 }
 export interface UpdateFirewallRuleRequest {
   FirewallRuleGroupId: string | undefined;
-  FirewallDomainListId: string | undefined;
+  FirewallDomainListId?: string | undefined;
+  FirewallThreatProtectionId?: string | undefined;
   Priority?: number | undefined;
   Action?: Action | undefined;
   BlockResponse?: BlockResponse | undefined;
@@ -1072,6 +1092,8 @@ export interface UpdateFirewallRuleRequest {
   Name?: string | undefined;
   FirewallDomainRedirectionAction?: FirewallDomainRedirectionAction | undefined;
   Qtype?: string | undefined;
+  DnsThreatProtection?: DnsThreatProtection | undefined;
+  ConfidenceThreshold?: ConfidenceThreshold | undefined;
 }
 export interface UpdateFirewallRuleResponse {
   FirewallRule?: FirewallRule | undefined;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-route53resolver",
   "description": "AWS SDK for JavaScript Route53resolver Client for Node.js, Browser and React Native",
-  "version": "3.692.0",
+  "version": "3.694.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-route53resolver",
@@ -20,19 +20,19 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "3.692.0",
-    "@aws-sdk/client-sts": "3.692.0",
-    "@aws-sdk/core": "3.692.0",
-    "@aws-sdk/credential-provider-node": "3.692.0",
-    "@aws-sdk/middleware-host-header": "3.692.0",
-    "@aws-sdk/middleware-logger": "3.692.0",
-    "@aws-sdk/middleware-recursion-detection": "3.692.0",
-    "@aws-sdk/middleware-user-agent": "3.692.0",
-    "@aws-sdk/region-config-resolver": "3.692.0",
+    "@aws-sdk/client-sso-oidc": "3.693.0",
+    "@aws-sdk/client-sts": "3.693.0",
+    "@aws-sdk/core": "3.693.0",
+    "@aws-sdk/credential-provider-node": "3.693.0",
+    "@aws-sdk/middleware-host-header": "3.693.0",
+    "@aws-sdk/middleware-logger": "3.693.0",
+    "@aws-sdk/middleware-recursion-detection": "3.693.0",
+    "@aws-sdk/middleware-user-agent": "3.693.0",
+    "@aws-sdk/region-config-resolver": "3.693.0",
     "@aws-sdk/types": "3.692.0",
-    "@aws-sdk/util-endpoints": "3.692.0",
-    "@aws-sdk/util-user-agent-browser": "3.692.0",
-    "@aws-sdk/util-user-agent-node": "3.692.0",
+    "@aws-sdk/util-endpoints": "3.693.0",
+    "@aws-sdk/util-user-agent-browser": "3.693.0",
+    "@aws-sdk/util-user-agent-node": "3.693.0",
     "@smithy/config-resolver": "^3.0.11",
     "@smithy/core": "^2.5.2",
     "@smithy/fetch-http-handler": "^4.1.0",