From 278471b3a1b8889c52d00455aea5cd1ae913fe3a Mon Sep 17 00:00:00 2001
From: awstools <awstools@amazon.com>
Date: Thu, 10 Oct 2024 18:17:38 +0000
Subject: [PATCH] feat(client-route53resolver): Route 53 Resolver Forwarding
 Rules can now include a server name indication (SNI) in the target address
 for rules that use the DNS-over-HTTPS (DoH) protocol. When a DoH-enabled
 Outbound Resolver Endpoint forwards a request to a DoH server, it will
 provide the SNI in the TLS handshake.

---
 .../src/commands/CreateResolverRuleCommand.ts |  2 ++
 .../src/commands/DeleteResolverRuleCommand.ts |  1 +
 .../src/commands/GetResolverRuleCommand.ts    |  1 +
 .../src/commands/ListResolverRulesCommand.ts  |  1 +
 .../src/commands/UpdateResolverRuleCommand.ts |  2 ++
 .../src/models/models_0.ts                    | 17 +++++++++++++++--
 .../aws-models/route53resolver.json           | 19 +++++++++++++++++--
 7 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts b/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts
index 6bcb47838d6a..c8b7d097b172 100644
--- a/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts
+++ b/clients/client-route53resolver/src/commands/CreateResolverRuleCommand.ts
@@ -47,6 +47,7 @@ export interface CreateResolverRuleCommandOutput extends CreateResolverRuleRespo
  *       Port: Number("int"),
  *       Ipv6: "STRING_VALUE",
  *       Protocol: "DoH" || "Do53" || "DoH-FIPS",
+ *       ServerNameIndication: "STRING_VALUE",
  *     },
  *   ],
  *   ResolverEndpointId: "STRING_VALUE",
@@ -75,6 +76,7 @@ export interface CreateResolverRuleCommandOutput extends CreateResolverRuleRespo
  * //         Port: Number("int"),
  * //         Ipv6: "STRING_VALUE",
  * //         Protocol: "DoH" || "Do53" || "DoH-FIPS",
+ * //         ServerNameIndication: "STRING_VALUE",
  * //       },
  * //     ],
  * //     ResolverEndpointId: "STRING_VALUE",
diff --git a/clients/client-route53resolver/src/commands/DeleteResolverRuleCommand.ts b/clients/client-route53resolver/src/commands/DeleteResolverRuleCommand.ts
index 3adee0d443ff..01400e69df10 100644
--- a/clients/client-route53resolver/src/commands/DeleteResolverRuleCommand.ts
+++ b/clients/client-route53resolver/src/commands/DeleteResolverRuleCommand.ts
@@ -58,6 +58,7 @@ export interface DeleteResolverRuleCommandOutput extends DeleteResolverRuleRespo
  * //         Port: Number("int"),
  * //         Ipv6: "STRING_VALUE",
  * //         Protocol: "DoH" || "Do53" || "DoH-FIPS",
+ * //         ServerNameIndication: "STRING_VALUE",
  * //       },
  * //     ],
  * //     ResolverEndpointId: "STRING_VALUE",
diff --git a/clients/client-route53resolver/src/commands/GetResolverRuleCommand.ts b/clients/client-route53resolver/src/commands/GetResolverRuleCommand.ts
index 26ccd4962873..0e3b0a69c2a9 100644
--- a/clients/client-route53resolver/src/commands/GetResolverRuleCommand.ts
+++ b/clients/client-route53resolver/src/commands/GetResolverRuleCommand.ts
@@ -57,6 +57,7 @@ export interface GetResolverRuleCommandOutput extends GetResolverRuleResponse, _
  * //         Port: Number("int"),
  * //         Ipv6: "STRING_VALUE",
  * //         Protocol: "DoH" || "Do53" || "DoH-FIPS",
+ * //         ServerNameIndication: "STRING_VALUE",
  * //       },
  * //     ],
  * //     ResolverEndpointId: "STRING_VALUE",
diff --git a/clients/client-route53resolver/src/commands/ListResolverRulesCommand.ts b/clients/client-route53resolver/src/commands/ListResolverRulesCommand.ts
index 89c3e6ba2f5e..53ad58b14fda 100644
--- a/clients/client-route53resolver/src/commands/ListResolverRulesCommand.ts
+++ b/clients/client-route53resolver/src/commands/ListResolverRulesCommand.ts
@@ -68,6 +68,7 @@ export interface ListResolverRulesCommandOutput extends ListResolverRulesRespons
  * //           Port: Number("int"),
  * //           Ipv6: "STRING_VALUE",
  * //           Protocol: "DoH" || "Do53" || "DoH-FIPS",
+ * //           ServerNameIndication: "STRING_VALUE",
  * //         },
  * //       ],
  * //       ResolverEndpointId: "STRING_VALUE",
diff --git a/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts b/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts
index 76df294bddd4..55785f651ca3 100644
--- a/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts
+++ b/clients/client-route53resolver/src/commands/UpdateResolverRuleCommand.ts
@@ -46,6 +46,7 @@ export interface UpdateResolverRuleCommandOutput extends UpdateResolverRuleRespo
  *         Port: Number("int"),
  *         Ipv6: "STRING_VALUE",
  *         Protocol: "DoH" || "Do53" || "DoH-FIPS",
+ *         ServerNameIndication: "STRING_VALUE",
  *       },
  *     ],
  *     ResolverEndpointId: "STRING_VALUE",
@@ -69,6 +70,7 @@ export interface UpdateResolverRuleCommandOutput extends UpdateResolverRuleRespo
  * //         Port: Number("int"),
  * //         Ipv6: "STRING_VALUE",
  * //         Protocol: "DoH" || "Do53" || "DoH-FIPS",
+ * //         ServerNameIndication: "STRING_VALUE",
  * //       },
  * //     ],
  * //     ResolverEndpointId: "STRING_VALUE",
diff --git a/clients/client-route53resolver/src/models/models_0.ts b/clients/client-route53resolver/src/models/models_0.ts
index d44e8eda09f2..3b76906aacc8 100644
--- a/clients/client-route53resolver/src/models/models_0.ts
+++ b/clients/client-route53resolver/src/models/models_0.ts
@@ -2149,11 +2149,11 @@ export interface CreateResolverQueryLogConfigRequest {
    *                <p>
    *                   <b>S3 bucket</b>: </p>
    *                <p>
-   *                   <code>arn:aws:s3:::examplebucket</code>
+   *                   <code>arn:aws:s3:::amzn-s3-demo-bucket</code>
    *                </p>
    *                <p>You can optionally append a file prefix to the end of the ARN.</p>
    *                <p>
-   *                   <code>arn:aws:s3:::examplebucket/development/</code>
+   *                   <code>arn:aws:s3:::amzn-s3-demo-bucket/development/</code>
    *                </p>
    *             </li>
    *             <li>
@@ -2408,6 +2408,15 @@ export interface TargetAddress {
    * @public
    */
   Protocol?: Protocol;
+
+  /**
+   * <p>
+   * 			The Server Name Indication of the DoH server that you want to forward queries to.
+   * 			This is only used if the Protocol of the <code>TargetAddress</code> is <code>DoH</code>.
+   * 		</p>
+   * @public
+   */
+  ServerNameIndication?: string;
 }
 
 /**
@@ -5711,6 +5720,10 @@ export interface UpdateFirewallRuleRequest {
    * 				NUMBER can be 1-65334, for
    * 				example, TYPE28. For more information, see
    * 				<a href="https://en.wikipedia.org/wiki/List_of_DNS_record_types">List of DNS record types</a>.</p>
+   *                <note>
+   *                   <p>If you set up a firewall BLOCK rule with action NXDOMAIN on query type equals AAAA,
+   * 					this action will not be applied to synthetic IPv6 addresses generated when DNS64 is enabled. </p>
+   *                </note>
    *             </li>
    *          </ul>
    * @public
diff --git a/codegen/sdk-codegen/aws-models/route53resolver.json b/codegen/sdk-codegen/aws-models/route53resolver.json
index 0ca166afdf9f..756403c2d6e2 100644
--- a/codegen/sdk-codegen/aws-models/route53resolver.json
+++ b/codegen/sdk-codegen/aws-models/route53resolver.json
@@ -1057,7 +1057,7 @@
         "DestinationArn": {
           "target": "com.amazonaws.route53resolver#DestinationArn",
           "traits": {
-            "smithy.api#documentation": "<p>The ARN of the resource that you want Resolver to send query logs. You can send query logs to an S3 bucket, a CloudWatch Logs log group, \n\t\t\tor a Kinesis Data Firehose delivery stream. Examples of valid values include the following:</p>\n         <ul>\n            <li>\n               <p>\n                  <b>S3 bucket</b>: </p>\n               <p>\n                  <code>arn:aws:s3:::examplebucket</code>\n               </p>\n               <p>You can optionally append a file prefix to the end of the ARN.</p>\n               <p>\n                  <code>arn:aws:s3:::examplebucket/development/</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <b>CloudWatch Logs log group</b>: </p>\n               <p>\n                  <code>arn:aws:logs:us-west-1:123456789012:log-group:/mystack-testgroup-12ABC1AB12A1:*</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <b>Kinesis Data Firehose delivery stream</b>:</p>\n               <p>\n                  <code>arn:aws:kinesis:us-east-2:0123456789:stream/my_stream_name</code>\n               </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>The ARN of the resource that you want Resolver to send query logs. You can send query logs to an S3 bucket, a CloudWatch Logs log group, \n\t\t\tor a Kinesis Data Firehose delivery stream. Examples of valid values include the following:</p>\n         <ul>\n            <li>\n               <p>\n                  <b>S3 bucket</b>: </p>\n               <p>\n                  <code>arn:aws:s3:::amzn-s3-demo-bucket</code>\n               </p>\n               <p>You can optionally append a file prefix to the end of the ARN.</p>\n               <p>\n                  <code>arn:aws:s3:::amzn-s3-demo-bucket/development/</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <b>CloudWatch Logs log group</b>: </p>\n               <p>\n                  <code>arn:aws:logs:us-west-1:123456789012:log-group:/mystack-testgroup-12ABC1AB12A1:*</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <b>Kinesis Data Firehose delivery stream</b>:</p>\n               <p>\n                  <code>arn:aws:kinesis:us-east-2:0123456789:stream/my_stream_name</code>\n               </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7961,6 +7961,15 @@
         "target": "com.amazonaws.route53resolver#ResourceId"
       }
     },
+    "com.amazonaws.route53resolver#ServerNameIndication": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 0,
+          "max": 255
+        }
+      }
+    },
     "com.amazonaws.route53resolver#ServicePrinciple": {
       "type": "string",
       "traits": {
@@ -8206,6 +8215,12 @@
           "traits": {
             "smithy.api#documentation": "<p>\n\t\t\tThe protocols for the Resolver endpoints. DoH-FIPS is applicable for inbound endpoints only.\n\t\t\t\n\t\t</p>\n         <p>For an inbound endpoint you can apply the protocols as follows:</p>\n         <ul>\n            <li>\n               <p> Do53  and DoH in combination.</p>\n            </li>\n            <li>\n               <p>Do53  and DoH-FIPS in combination.</p>\n            </li>\n            <li>\n               <p>Do53 alone.</p>\n            </li>\n            <li>\n               <p>DoH alone.</p>\n            </li>\n            <li>\n               <p>DoH-FIPS alone.</p>\n            </li>\n            <li>\n               <p>None, which is treated as Do53.</p>\n            </li>\n         </ul>\n         <p>For an outbound endpoint you can apply the protocols as follows:</p>\n         <ul>\n            <li>\n               <p> Do53  and DoH in combination.</p>\n            </li>\n            <li>\n               <p>Do53 alone.</p>\n            </li>\n            <li>\n               <p>DoH alone.</p>\n            </li>\n            <li>\n               <p>None, which is treated as Do53.</p>\n            </li>\n         </ul>"
           }
+        },
+        "ServerNameIndication": {
+          "target": "com.amazonaws.route53resolver#ServerNameIndication",
+          "traits": {
+            "smithy.api#documentation": "<p>\n\t\t\tThe Server Name Indication of the DoH server that you want to forward queries to. \n\t\t\tThis is only used if the Protocol of the <code>TargetAddress</code> is <code>DoH</code>.\n\t\t</p>"
+          }
         }
       },
       "traits": {
@@ -8648,7 +8663,7 @@
         "Qtype": {
           "target": "com.amazonaws.route53resolver#Qtype",
           "traits": {
-            "smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n         <ul>\n            <li>\n               <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n            </li>\n            <li>\n               <p>AAAA: Returns an Ipv6 address.</p>\n            </li>\n            <li>\n               <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n            </li>\n            <li>\n               <p>CNAME: Returns another domain name.</p>\n            </li>\n            <li>\n               <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n            </li>\n            <li>\n               <p>MX: Specifies mail servers.</p>\n            </li>\n            <li>\n               <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n            </li>\n            <li>\n               <p>NS: Authoritative name servers.</p>\n            </li>\n            <li>\n               <p>PTR: Maps an IP address to a domain name.</p>\n            </li>\n            <li>\n               <p>SOA: Start of authority record for the zone.</p>\n            </li>\n            <li>\n               <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n            </li>\n            <li>\n               <p>SRV: Application specific values that identify servers.</p>\n            </li>\n            <li>\n               <p>TXT: Verifies email senders and application-specific values.</p>\n            </li>\n            <li>\n               <p>A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be\n\t\t\t\tdefined as TYPENUMBER, where the\n\t\t\t\tNUMBER can be 1-65334, for\n\t\t\t\texample, TYPE28. For more information, see \n\t\t\t\t<a href=\"https://en.wikipedia.org/wiki/List_of_DNS_record_types\">List of DNS record types</a>.</p>\n            </li>\n         </ul>"
+            "smithy.api#documentation": "<p>\n\t\t\tThe DNS query type you want the rule to evaluate. Allowed values are;\n\t\t</p>\n         <ul>\n            <li>\n               <p>\n\t\t\t\tA: Returns an IPv4 address.</p>\n            </li>\n            <li>\n               <p>AAAA: Returns an Ipv6 address.</p>\n            </li>\n            <li>\n               <p>CAA: Restricts CAs that can create SSL/TLS certifications for the domain.</p>\n            </li>\n            <li>\n               <p>CNAME: Returns another domain name.</p>\n            </li>\n            <li>\n               <p>DS: Record that identifies the DNSSEC signing key of a delegated zone.</p>\n            </li>\n            <li>\n               <p>MX: Specifies mail servers.</p>\n            </li>\n            <li>\n               <p>NAPTR: Regular-expression-based rewriting of domain names.</p>\n            </li>\n            <li>\n               <p>NS: Authoritative name servers.</p>\n            </li>\n            <li>\n               <p>PTR: Maps an IP address to a domain name.</p>\n            </li>\n            <li>\n               <p>SOA: Start of authority record for the zone.</p>\n            </li>\n            <li>\n               <p>SPF: Lists the servers authorized to send emails from a domain.</p>\n            </li>\n            <li>\n               <p>SRV: Application specific values that identify servers.</p>\n            </li>\n            <li>\n               <p>TXT: Verifies email senders and application-specific values.</p>\n            </li>\n            <li>\n               <p>A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be\n\t\t\t\tdefined as TYPENUMBER, where the\n\t\t\t\tNUMBER can be 1-65334, for\n\t\t\t\texample, TYPE28. For more information, see \n\t\t\t\t<a href=\"https://en.wikipedia.org/wiki/List_of_DNS_record_types\">List of DNS record types</a>.</p>\n               <note>\n                  <p>If you set up a firewall BLOCK rule with action NXDOMAIN on query type equals AAAA, \n\t\t\t\t\tthis action will not be applied to synthetic IPv6 addresses generated when DNS64 is enabled. </p>\n               </note>\n            </li>\n         </ul>"
           }
         }
       },