feat(client-fms): AWS Firewall Manager now supports the configuration…

… of third-party policies that can use either the centralized or distributed deployment models.
aws · Mar 30, 2022 · 7dbbfd5 · 7dbbfd5
1 parent 4e3290e
commit 7dbbfd5
Show file tree

Hide file tree

Showing 26 changed files with 7,346 additions and 5,285 deletions.
diff --git a/clients/client-fms/README.md b/clients/client-fms/README.md
@@ -8,12 +8,12 @@
 AWS SDK for JavaScript FMS Client for Node.js, Browser and React Native.
 
 <p>This is the <i>Firewall Manager API Reference</i>. This guide is for
-developers who need detailed information about the Firewall Manager API actions, data types, and
-errors. For detailed information about Firewall Manager features, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html">Firewall Manager
-Developer Guide</a>.</p>
-<p>Some API actions require explicit resource permissions. For information, see the
-developer guide topic <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html">Firewall Manager required permissions
-for API actions</a>. </p>
+developers who need detailed information about the Firewall Manager API actions, data
+types, and errors. For detailed information about Firewall Manager features, see the
+<a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html">Firewall Manager Developer Guide</a>.</p>
+<p>Some API actions require explicit resource permissions. For information, see the developer guide topic
+<a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html">Firewall Manager required permissions for API actions</a>.
+</p>
 
 ## Installing
 

diff --git a/clients/client-fms/src/FMS.ts b/clients/client-fms/src/FMS.ts
diff --git a/clients/client-fms/src/FMSClient.ts b/clients/client-fms/src/FMSClient.ts
@@ -55,6 +55,10 @@ import {
   AssociateAdminAccountCommandInput,
   AssociateAdminAccountCommandOutput,
 } from "./commands/AssociateAdminAccountCommand";
+import {
+  AssociateThirdPartyFirewallCommandInput,
+  AssociateThirdPartyFirewallCommandOutput,
+} from "./commands/AssociateThirdPartyFirewallCommand";
 import { DeleteAppsListCommandInput, DeleteAppsListCommandOutput } from "./commands/DeleteAppsListCommand";
 import {
   DeleteNotificationChannelCommandInput,
@@ -69,6 +73,10 @@ import {
   DisassociateAdminAccountCommandInput,
   DisassociateAdminAccountCommandOutput,
 } from "./commands/DisassociateAdminAccountCommand";
+import {
+  DisassociateThirdPartyFirewallCommandInput,
+  DisassociateThirdPartyFirewallCommandOutput,
+} from "./commands/DisassociateThirdPartyFirewallCommand";
 import { GetAdminAccountCommandInput, GetAdminAccountCommandOutput } from "./commands/GetAdminAccountCommand";
 import { GetAppsListCommandInput, GetAppsListCommandOutput } from "./commands/GetAppsListCommand";
 import {
@@ -85,6 +93,10 @@ import {
   GetProtectionStatusCommandOutput,
 } from "./commands/GetProtectionStatusCommand";
 import { GetProtocolsListCommandInput, GetProtocolsListCommandOutput } from "./commands/GetProtocolsListCommand";
+import {
+  GetThirdPartyFirewallAssociationStatusCommandInput,
+  GetThirdPartyFirewallAssociationStatusCommandOutput,
+} from "./commands/GetThirdPartyFirewallAssociationStatusCommand";
 import {
   GetViolationDetailsCommandInput,
   GetViolationDetailsCommandOutput,
@@ -101,6 +113,10 @@ import {
   ListTagsForResourceCommandInput,
   ListTagsForResourceCommandOutput,
 } from "./commands/ListTagsForResourceCommand";
+import {
+  ListThirdPartyFirewallFirewallPoliciesCommandInput,
+  ListThirdPartyFirewallFirewallPoliciesCommandOutput,
+} from "./commands/ListThirdPartyFirewallFirewallPoliciesCommand";
 import { PutAppsListCommandInput, PutAppsListCommandOutput } from "./commands/PutAppsListCommand";
 import {
   PutNotificationChannelCommandInput,
@@ -114,25 +130,29 @@ import { getRuntimeConfig as __getRuntimeConfig } from "./runtimeConfig";
 
 export type ServiceInputTypes =
   | AssociateAdminAccountCommandInput
+  | AssociateThirdPartyFirewallCommandInput
   | DeleteAppsListCommandInput
   | DeleteNotificationChannelCommandInput
   | DeletePolicyCommandInput
   | DeleteProtocolsListCommandInput
   | DisassociateAdminAccountCommandInput
+  | DisassociateThirdPartyFirewallCommandInput
   | GetAdminAccountCommandInput
   | GetAppsListCommandInput
   | GetComplianceDetailCommandInput
   | GetNotificationChannelCommandInput
   | GetPolicyCommandInput
   | GetProtectionStatusCommandInput
   | GetProtocolsListCommandInput
+  | GetThirdPartyFirewallAssociationStatusCommandInput
   | GetViolationDetailsCommandInput
   | ListAppsListsCommandInput
   | ListComplianceStatusCommandInput
   | ListMemberAccountsCommandInput
   | ListPoliciesCommandInput
   | ListProtocolsListsCommandInput
   | ListTagsForResourceCommandInput
+  | ListThirdPartyFirewallFirewallPoliciesCommandInput
   | PutAppsListCommandInput
   | PutNotificationChannelCommandInput
   | PutPolicyCommandInput
@@ -142,25 +162,29 @@ export type ServiceInputTypes =
 
 export type ServiceOutputTypes =
   | AssociateAdminAccountCommandOutput
+  | AssociateThirdPartyFirewallCommandOutput
   | DeleteAppsListCommandOutput
   | DeleteNotificationChannelCommandOutput
   | DeletePolicyCommandOutput
   | DeleteProtocolsListCommandOutput
   | DisassociateAdminAccountCommandOutput
+  | DisassociateThirdPartyFirewallCommandOutput
   | GetAdminAccountCommandOutput
   | GetAppsListCommandOutput
   | GetComplianceDetailCommandOutput
   | GetNotificationChannelCommandOutput
   | GetPolicyCommandOutput
   | GetProtectionStatusCommandOutput
   | GetProtocolsListCommandOutput
+  | GetThirdPartyFirewallAssociationStatusCommandOutput
   | GetViolationDetailsCommandOutput
   | ListAppsListsCommandOutput
   | ListComplianceStatusCommandOutput
   | ListMemberAccountsCommandOutput
   | ListPoliciesCommandOutput
   | ListProtocolsListsCommandOutput
   | ListTagsForResourceCommandOutput
+  | ListThirdPartyFirewallFirewallPoliciesCommandOutput
   | PutAppsListCommandOutput
   | PutNotificationChannelCommandOutput
   | PutPolicyCommandOutput
@@ -323,12 +347,12 @@ export interface FMSClientResolvedConfig extends FMSClientResolvedConfigType {}
 
 /**
  * <p>This is the <i>Firewall Manager API Reference</i>. This guide is for
- *          developers who need detailed information about the Firewall Manager API actions, data types, and
- *          errors. For detailed information about Firewall Manager features, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html">Firewall Manager
- *             Developer Guide</a>.</p>
- *          <p>Some API actions require explicit resource permissions. For information, see the
- *          developer guide topic <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html">Firewall Manager required permissions
- *             for API actions</a>. </p>
+ *       developers who need detailed information about the Firewall Manager API actions, data
+ *       types, and errors. For detailed information about Firewall Manager features, see the
+ *         <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html">Firewall Manager Developer Guide</a>.</p>
+ *          <p>Some API actions require explicit resource permissions. For information, see the developer guide topic
+ *         <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html">Firewall Manager required permissions for API actions</a>.
+ * </p>
  */
 export class FMSClient extends __Client<
   __HttpHandlerOptions,

diff --git a/clients/client-fms/src/commands/AssociateAdminAccountCommand.ts b/clients/client-fms/src/commands/AssociateAdminAccountCommand.ts
@@ -22,11 +22,10 @@ export interface AssociateAdminAccountCommandInput extends AssociateAdminAccount
 export interface AssociateAdminAccountCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Sets the Firewall Manager administrator account. The account must be a member of the
- *          organization in Organizations whose resources you want to protect. Firewall Manager sets the
- *          permissions that allow the account to administer your Firewall Manager policies.</p>
- *          <p>The account that you associate with Firewall Manager is called the Firewall Manager administrator
- *          account. </p>
+ * <p>Sets the Firewall Manager administrator account. The account must be
+ *       a member of the organization in Organizations whose resources you want to protect.
+ *           Firewall Manager sets the permissions that allow the account to administer your Firewall Manager policies.</p>
+ *          <p>The account that you associate with Firewall Manager is called the Firewall Manager administrator account. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-fms/src/commands/AssociateThirdPartyFirewallCommand.ts b/clients/client-fms/src/commands/AssociateThirdPartyFirewallCommand.ts
@@ -0,0 +1,100 @@
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { AssociateThirdPartyFirewallRequest, AssociateThirdPartyFirewallResponse } from "../models/models_0";
+import {
+  deserializeAws_json1_1AssociateThirdPartyFirewallCommand,
+  serializeAws_json1_1AssociateThirdPartyFirewallCommand,
+} from "../protocols/Aws_json1_1";
+
+export interface AssociateThirdPartyFirewallCommandInput extends AssociateThirdPartyFirewallRequest {}
+export interface AssociateThirdPartyFirewallCommandOutput
+  extends AssociateThirdPartyFirewallResponse,
+    __MetadataBearer {}
+
+/**
+ * <p>Sets the Firewall Manager policy administrator as a tenant administrator of a third-party firewall service. A tenant is an instance of the third-party firewall service that's associated with your Amazon Web Services customer account.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, AssociateThirdPartyFirewallCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, AssociateThirdPartyFirewallCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const command = new AssociateThirdPartyFirewallCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link AssociateThirdPartyFirewallCommandInput} for command's `input` shape.
+ * @see {@link AssociateThirdPartyFirewallCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ */
+export class AssociateThirdPartyFirewallCommand extends $Command<
+  AssociateThirdPartyFirewallCommandInput,
+  AssociateThirdPartyFirewallCommandOutput,
+  FMSClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: AssociateThirdPartyFirewallCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: FMSClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<AssociateThirdPartyFirewallCommandInput, AssociateThirdPartyFirewallCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "FMSClient";
+    const commandName = "AssociateThirdPartyFirewallCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: AssociateThirdPartyFirewallRequest.filterSensitiveLog,
+      outputFilterSensitiveLog: AssociateThirdPartyFirewallResponse.filterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(input: AssociateThirdPartyFirewallCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
+    return serializeAws_json1_1AssociateThirdPartyFirewallCommand(input, context);
+  }
+
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<AssociateThirdPartyFirewallCommandOutput> {
+    return deserializeAws_json1_1AssociateThirdPartyFirewallCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}
diff --git a/clients/client-fms/src/commands/DeleteNotificationChannelCommand.ts b/clients/client-fms/src/commands/DeleteNotificationChannelCommand.ts
@@ -22,8 +22,8 @@ export interface DeleteNotificationChannelCommandInput extends DeleteNotificatio
 export interface DeleteNotificationChannelCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Deletes an Firewall Manager association with the IAM role and the Amazon Simple Notification
- *          Service (SNS) topic that is used to record Firewall Manager SNS logs.</p>
+ * <p>Deletes an Firewall Manager association with the IAM role and the Amazon Simple
+ *       Notification Service (SNS) topic that is used to record Firewall Manager SNS logs.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-fms/src/commands/DisassociateAdminAccountCommand.ts b/clients/client-fms/src/commands/DisassociateAdminAccountCommand.ts
@@ -22,9 +22,9 @@ export interface DisassociateAdminAccountCommandInput extends DisassociateAdminA
 export interface DisassociateAdminAccountCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Disassociates the account that has been set as the Firewall Manager administrator account. To
- *          set a different account as the administrator account, you must submit an
- *             <code>AssociateAdminAccount</code> request.</p>
+ * <p>Disassociates the account that has been set as the Firewall Manager administrator
+ *       account. To set a different account as the administrator account, you must submit an
+ *         <code>AssociateAdminAccount</code> request.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-fms/src/commands/DisassociateThirdPartyFirewallCommand.ts b/clients/client-fms/src/commands/DisassociateThirdPartyFirewallCommand.ts
@@ -0,0 +1,103 @@
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+import { FMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../FMSClient";
+import { DisassociateThirdPartyFirewallRequest, DisassociateThirdPartyFirewallResponse } from "../models/models_0";
+import {
+  deserializeAws_json1_1DisassociateThirdPartyFirewallCommand,
+  serializeAws_json1_1DisassociateThirdPartyFirewallCommand,
+} from "../protocols/Aws_json1_1";
+
+export interface DisassociateThirdPartyFirewallCommandInput extends DisassociateThirdPartyFirewallRequest {}
+export interface DisassociateThirdPartyFirewallCommandOutput
+  extends DisassociateThirdPartyFirewallResponse,
+    __MetadataBearer {}
+
+/**
+ * <p>Disassociates a Firewall Manager policy administrator from a third-party firewall tenant. When you call <code>DisassociateThirdPartyFirewall</code>, the third-party firewall vendor deletes all of the firewalls that are associated with the account.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { FMSClient, DisassociateThirdPartyFirewallCommand } from "@aws-sdk/client-fms"; // ES Modules import
+ * // const { FMSClient, DisassociateThirdPartyFirewallCommand } = require("@aws-sdk/client-fms"); // CommonJS import
+ * const client = new FMSClient(config);
+ * const command = new DisassociateThirdPartyFirewallCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link DisassociateThirdPartyFirewallCommandInput} for command's `input` shape.
+ * @see {@link DisassociateThirdPartyFirewallCommandOutput} for command's `response` shape.
+ * @see {@link FMSClientResolvedConfig | config} for FMSClient's `config` shape.
+ *
+ */
+export class DisassociateThirdPartyFirewallCommand extends $Command<
+  DisassociateThirdPartyFirewallCommandInput,
+  DisassociateThirdPartyFirewallCommandOutput,
+  FMSClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: DisassociateThirdPartyFirewallCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: FMSClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<DisassociateThirdPartyFirewallCommandInput, DisassociateThirdPartyFirewallCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "FMSClient";
+    const commandName = "DisassociateThirdPartyFirewallCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: DisassociateThirdPartyFirewallRequest.filterSensitiveLog,
+      outputFilterSensitiveLog: DisassociateThirdPartyFirewallResponse.filterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(
+    input: DisassociateThirdPartyFirewallCommandInput,
+    context: __SerdeContext
+  ): Promise<__HttpRequest> {
+    return serializeAws_json1_1DisassociateThirdPartyFirewallCommand(input, context);
+  }
+
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<DisassociateThirdPartyFirewallCommandOutput> {
+    return deserializeAws_json1_1DisassociateThirdPartyFirewallCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}
diff --git a/clients/client-fms/src/commands/GetAdminAccountCommand.ts b/clients/client-fms/src/commands/GetAdminAccountCommand.ts
@@ -22,8 +22,8 @@ export interface GetAdminAccountCommandInput extends GetAdminAccountRequest {}
 export interface GetAdminAccountCommandOutput extends GetAdminAccountResponse, __MetadataBearer {}
 
 /**
- * <p>Returns the Organizations account that is associated with Firewall Manager as the Firewall Manager
- *          administrator.</p>
+ * <p>Returns the Organizations account that is associated with Firewall Manager
+ *       as the Firewall Manager administrator.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript