AWS Firewall Manager adds support for network ACL policies to manage …

…Amazon Virtual Private Cloud (VPC) network access control lists (ACLs) for accounts in your organization.

Add new ValidateStateMachineDefinition operation, which performs syntax checking on the definition of a Amazon States Language (ASL) state machine.
Bug Fix: IVS Real Time does not support ARNs using the `svs` prefix.
UpdateGraphQLAPI documentation update and datasource introspection secret arn update
Bug Fix: IVS does not support arns with the `svs` prefix
Updates Amazon RDS documentation for setting local time zones for RDS for Db2 DB instances.

VERSION

@@ -1 +1 @@
-1.11.314
+1.11.315

generated/src/aws-cpp-sdk-fms/include/aws/fms/FMSClient.h

@@ -414,8 +414,8 @@ namespace FMS
 
         /**
          * <p>Returns information about the specified account's administrative scope. The
-         * admistrative scope defines the resources that an Firewall Manager administrator
-         * can manage.</p><p><h3>See Also:</h3>   <a
+         * administrative scope defines the resources that an Firewall Manager
+         * administrator can manage.</p><p><h3>See Also:</h3>   <a
          * href="http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminScope">AWS
          * API Reference</a></p>
          */
@@ -468,19 +468,8 @@ namespace FMS
         /**
          * <p>Returns detailed compliance information about the specified member account.
          * Details include resources that are in and out of compliance with the specified
-         * policy. </p> <ul> <li> <p>Resources are considered noncompliant for WAF and
-         * Shield Advanced policies if the specified policy has not been applied to
-         * them.</p> </li> <li> <p>Resources are considered noncompliant for security group
-         * policies if they are in scope of the policy, they violate one or more of the
-         * policy rules, and remediation is disabled or not possible.</p> </li> <li>
-         * <p>Resources are considered noncompliant for Network Firewall policies if a
-         * firewall is missing in the VPC, if the firewall endpoint isn't set up in an
-         * expected Availability Zone and subnet, if a subnet created by the Firewall
-         * Manager doesn't have the expected route table, and for modifications to a
-         * firewall policy that violate the Firewall Manager policy's rules.</p> </li> <li>
-         * <p>Resources are considered noncompliant for DNS Firewall policies if a DNS
-         * Firewall rule group is missing from the rule group associations for the VPC.
-         * </p> </li> </ul><p><h3>See Also:</h3>   <a
+         * policy. </p> <p>The reasons for resources being considered compliant depend on
+         * the Firewall Manager policy type. </p><p><h3>See Also:</h3>   <a
          * href="http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetComplianceDetail">AWS
          * API Reference</a></p>
          */
@@ -1112,14 +1101,19 @@ namespace FMS
          * organization that you created with Organizations, Firewall Manager automatically
          * applies the policy to the resources in that account that are within scope of the
          * policy. </p> <p>Firewall Manager provides the following types of policies: </p>
-         * <ul> <li> <p> <b>Shield Advanced policy</b> - This policy applies Shield
-         * Advanced protection to specified accounts and resources. </p> </li> <li> <p>
-         * <b>Security Groups policy</b> - This type of policy gives you control over
-         * security groups that are in use throughout your organization in Organizations
-         * and lets you enforce a baseline set of rules across your organization. </p>
-         * </li> <li> <p> <b>Network Firewall policy</b> - This policy applies Network
-         * Firewall protection to your organization's VPCs. </p> </li> <li> <p> <b>DNS
-         * Firewall policy</b> - This policy applies Amazon Route 53 Resolver DNS Firewall
+         * <ul> <li> <p> <b>WAF policy</b> - This policy applies WAF web ACL protections to
+         * specified accounts and resources. </p> </li> <li> <p> <b>Shield Advanced
+         * policy</b> - This policy applies Shield Advanced protection to specified
+         * accounts and resources. </p> </li> <li> <p> <b>Security Groups policy</b> - This
+         * type of policy gives you control over security groups that are in use throughout
+         * your organization in Organizations and lets you enforce a baseline set of rules
+         * across your organization. </p> </li> <li> <p> <b>Network ACL policy</b> - This
+         * type of policy gives you control over the network ACLs that are in use
+         * throughout your organization in Organizations and lets you enforce a baseline
+         * set of first and last network ACL rules across your organization. </p> </li>
+         * <li> <p> <b>Network Firewall policy</b> - This policy applies Network Firewall
+         * protection to your organization's VPCs. </p> </li> <li> <p> <b>DNS Firewall
+         * policy</b> - This policy applies Amazon Route 53 Resolver DNS Firewall
          * protections to your organization's VPCs. </p> </li> <li> <p> <b>Third-party
          * firewall policy</b> - This policy applies third-party firewall protections.
          * Third-party firewalls are available by subscription through the Amazon Web

generated/src/aws-cpp-sdk-fms/include/aws/fms/model/AdminAccountSummary.h

@@ -143,8 +143,8 @@ namespace Model
 
     /**
      * <p>The current status of the request to onboard a member account as an Firewall
-     * Manager administator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account is
-     * onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
+     * Manager administrator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account
+     * is onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
      * <code>ONBOARDING_COMPLETE</code> - Firewall Manager The account is onboarded to
      * Firewall Manager as an administrator, and can perform actions on the resources
      * defined in their <a>AdminScope</a>.</p> </li> <li> <p> <code>OFFBOARDING</code>
@@ -156,8 +156,8 @@ namespace Model
 
     /**
      * <p>The current status of the request to onboard a member account as an Firewall
-     * Manager administator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account is
-     * onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
+     * Manager administrator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account
+     * is onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
      * <code>ONBOARDING_COMPLETE</code> - Firewall Manager The account is onboarded to
      * Firewall Manager as an administrator, and can perform actions on the resources
      * defined in their <a>AdminScope</a>.</p> </li> <li> <p> <code>OFFBOARDING</code>
@@ -169,8 +169,8 @@ namespace Model
 
     /**
      * <p>The current status of the request to onboard a member account as an Firewall
-     * Manager administator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account is
-     * onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
+     * Manager administrator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account
+     * is onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
      * <code>ONBOARDING_COMPLETE</code> - Firewall Manager The account is onboarded to
      * Firewall Manager as an administrator, and can perform actions on the resources
      * defined in their <a>AdminScope</a>.</p> </li> <li> <p> <code>OFFBOARDING</code>
@@ -182,8 +182,8 @@ namespace Model
 
     /**
      * <p>The current status of the request to onboard a member account as an Firewall
-     * Manager administator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account is
-     * onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
+     * Manager administrator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account
+     * is onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
      * <code>ONBOARDING_COMPLETE</code> - Firewall Manager The account is onboarded to
      * Firewall Manager as an administrator, and can perform actions on the resources
      * defined in their <a>AdminScope</a>.</p> </li> <li> <p> <code>OFFBOARDING</code>
@@ -195,8 +195,8 @@ namespace Model
 
     /**
      * <p>The current status of the request to onboard a member account as an Firewall
-     * Manager administator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account is
-     * onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
+     * Manager administrator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account
+     * is onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
      * <code>ONBOARDING_COMPLETE</code> - Firewall Manager The account is onboarded to
      * Firewall Manager as an administrator, and can perform actions on the resources
      * defined in their <a>AdminScope</a>.</p> </li> <li> <p> <code>OFFBOARDING</code>
@@ -208,8 +208,8 @@ namespace Model
 
     /**
      * <p>The current status of the request to onboard a member account as an Firewall
-     * Manager administator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account is
-     * onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
+     * Manager administrator.</p> <ul> <li> <p> <code>ONBOARDING</code> - The account
+     * is onboarding to Firewall Manager as an administrator.</p> </li> <li> <p>
      * <code>ONBOARDING_COMPLETE</code> - Firewall Manager The account is onboarded to
      * Firewall Manager as an administrator, and can perform actions on the resources
      * defined in their <a>AdminScope</a>.</p> </li> <li> <p> <code>OFFBOARDING</code>

generated/src/aws-cpp-sdk-fms/include/aws/fms/model/CreateNetworkAclAction.h

@@ -0,0 +1,161 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#pragma once
+#include <aws/fms/FMS_EXPORTS.h>
+#include <aws/core/utils/memory/stl/AWSString.h>
+#include <aws/fms/model/ActionTarget.h>
+#include <utility>
+
+namespace Aws
+{
+namespace Utils
+{
+namespace Json
+{
+  class JsonValue;
+  class JsonView;
+} // namespace Json
+} // namespace Utils
+namespace FMS
+{
+namespace Model
+{
+
+  /**
+   * <p>Information about the <code>CreateNetworkAcl</code> action in Amazon EC2.
+   * This is a remediation option in <code>RemediationAction</code>.</p><p><h3>See
+   * Also:</h3>   <a
+   * href="http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/CreateNetworkAclAction">AWS
+   * API Reference</a></p>
+   */
+  class CreateNetworkAclAction
+  {
+  public:
+    AWS_FMS_API CreateNetworkAclAction();
+    AWS_FMS_API CreateNetworkAclAction(Aws::Utils::Json::JsonView jsonValue);
+    AWS_FMS_API CreateNetworkAclAction& operator=(Aws::Utils::Json::JsonView jsonValue);
+    AWS_FMS_API Aws::Utils::Json::JsonValue Jsonize() const;
+
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline const Aws::String& GetDescription() const{ return m_description; }
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline bool DescriptionHasBeenSet() const { return m_descriptionHasBeenSet; }
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline void SetDescription(const Aws::String& value) { m_descriptionHasBeenSet = true; m_description = value; }
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline void SetDescription(Aws::String&& value) { m_descriptionHasBeenSet = true; m_description = std::move(value); }
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline void SetDescription(const char* value) { m_descriptionHasBeenSet = true; m_description.assign(value); }
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline CreateNetworkAclAction& WithDescription(const Aws::String& value) { SetDescription(value); return *this;}
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline CreateNetworkAclAction& WithDescription(Aws::String&& value) { SetDescription(std::move(value)); return *this;}
+
+    /**
+     * <p>Brief description of this remediation action. </p>
+     */
+    inline CreateNetworkAclAction& WithDescription(const char* value) { SetDescription(value); return *this;}
+
+
+    /**
+     * <p>The VPC that's associated with the remediation action.</p>
+     */
+    inline const ActionTarget& GetVpc() const{ return m_vpc; }
+
+    /**
+     * <p>The VPC that's associated with the remediation action.</p>
+     */
+    inline bool VpcHasBeenSet() const { return m_vpcHasBeenSet; }
+
+    /**
+     * <p>The VPC that's associated with the remediation action.</p>
+     */
+    inline void SetVpc(const ActionTarget& value) { m_vpcHasBeenSet = true; m_vpc = value; }
+
+    /**
+     * <p>The VPC that's associated with the remediation action.</p>
+     */
+    inline void SetVpc(ActionTarget&& value) { m_vpcHasBeenSet = true; m_vpc = std::move(value); }
+
+    /**
+     * <p>The VPC that's associated with the remediation action.</p>
+     */
+    inline CreateNetworkAclAction& WithVpc(const ActionTarget& value) { SetVpc(value); return *this;}
+
+    /**
+     * <p>The VPC that's associated with the remediation action.</p>
+     */
+    inline CreateNetworkAclAction& WithVpc(ActionTarget&& value) { SetVpc(std::move(value)); return *this;}
+
+
+    /**
+     * <p>Indicates whether it is possible for Firewall Manager to perform this
+     * remediation action. A false value indicates that auto remediation is disabled or
+     * Firewall Manager is unable to perform the action due to a conflict of some
+     * kind.</p>
+     */
+    inline bool GetFMSCanRemediate() const{ return m_fMSCanRemediate; }
+
+    /**
+     * <p>Indicates whether it is possible for Firewall Manager to perform this
+     * remediation action. A false value indicates that auto remediation is disabled or
+     * Firewall Manager is unable to perform the action due to a conflict of some
+     * kind.</p>
+     */
+    inline bool FMSCanRemediateHasBeenSet() const { return m_fMSCanRemediateHasBeenSet; }
+
+    /**
+     * <p>Indicates whether it is possible for Firewall Manager to perform this
+     * remediation action. A false value indicates that auto remediation is disabled or
+     * Firewall Manager is unable to perform the action due to a conflict of some
+     * kind.</p>
+     */
+    inline void SetFMSCanRemediate(bool value) { m_fMSCanRemediateHasBeenSet = true; m_fMSCanRemediate = value; }
+
+    /**
+     * <p>Indicates whether it is possible for Firewall Manager to perform this
+     * remediation action. A false value indicates that auto remediation is disabled or
+     * Firewall Manager is unable to perform the action due to a conflict of some
+     * kind.</p>
+     */
+    inline CreateNetworkAclAction& WithFMSCanRemediate(bool value) { SetFMSCanRemediate(value); return *this;}
+
+  private:
+
+    Aws::String m_description;
+    bool m_descriptionHasBeenSet = false;
+
+    ActionTarget m_vpc;
+    bool m_vpcHasBeenSet = false;
+
+    bool m_fMSCanRemediate;
+    bool m_fMSCanRemediateHasBeenSet = false;
+  };
+
+} // namespace Model
+} // namespace FMS
+} // namespace Aws