diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon Route 53 Resolver SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2018-04-01@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-route53resolver)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.Route53Resolver](http://hackage.haskell.org/package/amazonka-route53resolver/docs/Amazonka-Route53Resolver.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-route53resolver` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-route53resolver.cabal b/amazonka-route53resolver.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-route53resolver.cabal
@@ -0,0 +1,192 @@
+cabal-version:      2.2
+name:               amazonka-route53resolver
+version:            2.0
+synopsis:           Amazon Route 53 Resolver SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2018-04-01@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.Route53Resolver.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.Route53Resolver" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-route53resolver
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.Route53Resolver
+    Amazonka.Route53Resolver.AssociateFirewallRuleGroup
+    Amazonka.Route53Resolver.AssociateResolverEndpointIpAddress
+    Amazonka.Route53Resolver.AssociateResolverQueryLogConfig
+    Amazonka.Route53Resolver.AssociateResolverRule
+    Amazonka.Route53Resolver.CreateFirewallDomainList
+    Amazonka.Route53Resolver.CreateFirewallRule
+    Amazonka.Route53Resolver.CreateFirewallRuleGroup
+    Amazonka.Route53Resolver.CreateResolverEndpoint
+    Amazonka.Route53Resolver.CreateResolverQueryLogConfig
+    Amazonka.Route53Resolver.CreateResolverRule
+    Amazonka.Route53Resolver.DeleteFirewallDomainList
+    Amazonka.Route53Resolver.DeleteFirewallRule
+    Amazonka.Route53Resolver.DeleteFirewallRuleGroup
+    Amazonka.Route53Resolver.DeleteResolverEndpoint
+    Amazonka.Route53Resolver.DeleteResolverQueryLogConfig
+    Amazonka.Route53Resolver.DeleteResolverRule
+    Amazonka.Route53Resolver.DisassociateFirewallRuleGroup
+    Amazonka.Route53Resolver.DisassociateResolverEndpointIpAddress
+    Amazonka.Route53Resolver.DisassociateResolverQueryLogConfig
+    Amazonka.Route53Resolver.DisassociateResolverRule
+    Amazonka.Route53Resolver.GetFirewallConfig
+    Amazonka.Route53Resolver.GetFirewallDomainList
+    Amazonka.Route53Resolver.GetFirewallRuleGroup
+    Amazonka.Route53Resolver.GetFirewallRuleGroupAssociation
+    Amazonka.Route53Resolver.GetFirewallRuleGroupPolicy
+    Amazonka.Route53Resolver.GetResolverConfig
+    Amazonka.Route53Resolver.GetResolverDnssecConfig
+    Amazonka.Route53Resolver.GetResolverEndpoint
+    Amazonka.Route53Resolver.GetResolverQueryLogConfig
+    Amazonka.Route53Resolver.GetResolverQueryLogConfigAssociation
+    Amazonka.Route53Resolver.GetResolverQueryLogConfigPolicy
+    Amazonka.Route53Resolver.GetResolverRule
+    Amazonka.Route53Resolver.GetResolverRuleAssociation
+    Amazonka.Route53Resolver.GetResolverRulePolicy
+    Amazonka.Route53Resolver.ImportFirewallDomains
+    Amazonka.Route53Resolver.Lens
+    Amazonka.Route53Resolver.ListFirewallConfigs
+    Amazonka.Route53Resolver.ListFirewallDomainLists
+    Amazonka.Route53Resolver.ListFirewallDomains
+    Amazonka.Route53Resolver.ListFirewallRuleGroupAssociations
+    Amazonka.Route53Resolver.ListFirewallRuleGroups
+    Amazonka.Route53Resolver.ListFirewallRules
+    Amazonka.Route53Resolver.ListResolverConfigs
+    Amazonka.Route53Resolver.ListResolverDnssecConfigs
+    Amazonka.Route53Resolver.ListResolverEndpointIpAddresses
+    Amazonka.Route53Resolver.ListResolverEndpoints
+    Amazonka.Route53Resolver.ListResolverQueryLogConfigAssociations
+    Amazonka.Route53Resolver.ListResolverQueryLogConfigs
+    Amazonka.Route53Resolver.ListResolverRuleAssociations
+    Amazonka.Route53Resolver.ListResolverRules
+    Amazonka.Route53Resolver.ListTagsForResource
+    Amazonka.Route53Resolver.PutFirewallRuleGroupPolicy
+    Amazonka.Route53Resolver.PutResolverQueryLogConfigPolicy
+    Amazonka.Route53Resolver.PutResolverRulePolicy
+    Amazonka.Route53Resolver.TagResource
+    Amazonka.Route53Resolver.Types
+    Amazonka.Route53Resolver.Types.Action
+    Amazonka.Route53Resolver.Types.AutodefinedReverseFlag
+    Amazonka.Route53Resolver.Types.BlockOverrideDnsType
+    Amazonka.Route53Resolver.Types.BlockResponse
+    Amazonka.Route53Resolver.Types.Filter
+    Amazonka.Route53Resolver.Types.FirewallConfig
+    Amazonka.Route53Resolver.Types.FirewallDomainImportOperation
+    Amazonka.Route53Resolver.Types.FirewallDomainList
+    Amazonka.Route53Resolver.Types.FirewallDomainListMetadata
+    Amazonka.Route53Resolver.Types.FirewallDomainListStatus
+    Amazonka.Route53Resolver.Types.FirewallDomainUpdateOperation
+    Amazonka.Route53Resolver.Types.FirewallFailOpenStatus
+    Amazonka.Route53Resolver.Types.FirewallRule
+    Amazonka.Route53Resolver.Types.FirewallRuleGroup
+    Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociation
+    Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociationStatus
+    Amazonka.Route53Resolver.Types.FirewallRuleGroupMetadata
+    Amazonka.Route53Resolver.Types.FirewallRuleGroupStatus
+    Amazonka.Route53Resolver.Types.IpAddressRequest
+    Amazonka.Route53Resolver.Types.IpAddressResponse
+    Amazonka.Route53Resolver.Types.IpAddressStatus
+    Amazonka.Route53Resolver.Types.IpAddressUpdate
+    Amazonka.Route53Resolver.Types.MutationProtectionStatus
+    Amazonka.Route53Resolver.Types.ResolverAutodefinedReverseStatus
+    Amazonka.Route53Resolver.Types.ResolverConfig
+    Amazonka.Route53Resolver.Types.ResolverDnssecConfig
+    Amazonka.Route53Resolver.Types.ResolverDNSSECValidationStatus
+    Amazonka.Route53Resolver.Types.ResolverEndpoint
+    Amazonka.Route53Resolver.Types.ResolverEndpointDirection
+    Amazonka.Route53Resolver.Types.ResolverEndpointStatus
+    Amazonka.Route53Resolver.Types.ResolverQueryLogConfig
+    Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociation
+    Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationError
+    Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationStatus
+    Amazonka.Route53Resolver.Types.ResolverQueryLogConfigStatus
+    Amazonka.Route53Resolver.Types.ResolverRule
+    Amazonka.Route53Resolver.Types.ResolverRuleAssociation
+    Amazonka.Route53Resolver.Types.ResolverRuleAssociationStatus
+    Amazonka.Route53Resolver.Types.ResolverRuleConfig
+    Amazonka.Route53Resolver.Types.ResolverRuleStatus
+    Amazonka.Route53Resolver.Types.RuleTypeOption
+    Amazonka.Route53Resolver.Types.ShareStatus
+    Amazonka.Route53Resolver.Types.SortOrder
+    Amazonka.Route53Resolver.Types.Tag
+    Amazonka.Route53Resolver.Types.TargetAddress
+    Amazonka.Route53Resolver.Types.Validation
+    Amazonka.Route53Resolver.UntagResource
+    Amazonka.Route53Resolver.UpdateFirewallConfig
+    Amazonka.Route53Resolver.UpdateFirewallDomains
+    Amazonka.Route53Resolver.UpdateFirewallRule
+    Amazonka.Route53Resolver.UpdateFirewallRuleGroupAssociation
+    Amazonka.Route53Resolver.UpdateResolverConfig
+    Amazonka.Route53Resolver.UpdateResolverDnssecConfig
+    Amazonka.Route53Resolver.UpdateResolverEndpoint
+    Amazonka.Route53Resolver.UpdateResolverRule
+    Amazonka.Route53Resolver.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-route53resolver-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.Route53Resolver
+    Test.Amazonka.Route53Resolver
+    Test.Amazonka.Route53Resolver.Internal
+
+  build-depends:
+    , amazonka-core             >=2.0 && <2.1
+    , amazonka-route53resolver
+    , amazonka-test             >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/AssociateFirewallRuleGroup.yaml b/fixture/AssociateFirewallRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateFirewallRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateFirewallRuleGroupResponse.proto b/fixture/AssociateFirewallRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateFirewallRuleGroupResponse.proto
diff --git a/fixture/AssociateResolverEndpointIpAddress.yaml b/fixture/AssociateResolverEndpointIpAddress.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateResolverEndpointIpAddress.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateResolverEndpointIpAddressResponse.proto b/fixture/AssociateResolverEndpointIpAddressResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateResolverEndpointIpAddressResponse.proto
diff --git a/fixture/AssociateResolverQueryLogConfig.yaml b/fixture/AssociateResolverQueryLogConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateResolverQueryLogConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateResolverQueryLogConfigResponse.proto b/fixture/AssociateResolverQueryLogConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateResolverQueryLogConfigResponse.proto
diff --git a/fixture/AssociateResolverRule.yaml b/fixture/AssociateResolverRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateResolverRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateResolverRuleResponse.proto b/fixture/AssociateResolverRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateResolverRuleResponse.proto
diff --git a/fixture/CreateFirewallDomainList.yaml b/fixture/CreateFirewallDomainList.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFirewallDomainList.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateFirewallDomainListResponse.proto b/fixture/CreateFirewallDomainListResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFirewallDomainListResponse.proto
diff --git a/fixture/CreateFirewallRule.yaml b/fixture/CreateFirewallRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFirewallRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateFirewallRuleGroup.yaml b/fixture/CreateFirewallRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFirewallRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateFirewallRuleGroupResponse.proto b/fixture/CreateFirewallRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFirewallRuleGroupResponse.proto
diff --git a/fixture/CreateFirewallRuleResponse.proto b/fixture/CreateFirewallRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateFirewallRuleResponse.proto
diff --git a/fixture/CreateResolverEndpoint.yaml b/fixture/CreateResolverEndpoint.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateResolverEndpoint.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateResolverEndpointResponse.proto b/fixture/CreateResolverEndpointResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateResolverEndpointResponse.proto
diff --git a/fixture/CreateResolverQueryLogConfig.yaml b/fixture/CreateResolverQueryLogConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateResolverQueryLogConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateResolverQueryLogConfigResponse.proto b/fixture/CreateResolverQueryLogConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateResolverQueryLogConfigResponse.proto
diff --git a/fixture/CreateResolverRule.yaml b/fixture/CreateResolverRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateResolverRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateResolverRuleResponse.proto b/fixture/CreateResolverRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateResolverRuleResponse.proto
diff --git a/fixture/DeleteFirewallDomainList.yaml b/fixture/DeleteFirewallDomainList.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallDomainList.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteFirewallDomainListResponse.proto b/fixture/DeleteFirewallDomainListResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallDomainListResponse.proto
diff --git a/fixture/DeleteFirewallRule.yaml b/fixture/DeleteFirewallRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteFirewallRuleGroup.yaml b/fixture/DeleteFirewallRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteFirewallRuleGroupResponse.proto b/fixture/DeleteFirewallRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallRuleGroupResponse.proto
diff --git a/fixture/DeleteFirewallRuleResponse.proto b/fixture/DeleteFirewallRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallRuleResponse.proto
diff --git a/fixture/DeleteResolverEndpoint.yaml b/fixture/DeleteResolverEndpoint.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteResolverEndpoint.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteResolverEndpointResponse.proto b/fixture/DeleteResolverEndpointResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteResolverEndpointResponse.proto
diff --git a/fixture/DeleteResolverQueryLogConfig.yaml b/fixture/DeleteResolverQueryLogConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteResolverQueryLogConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteResolverQueryLogConfigResponse.proto b/fixture/DeleteResolverQueryLogConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteResolverQueryLogConfigResponse.proto
diff --git a/fixture/DeleteResolverRule.yaml b/fixture/DeleteResolverRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteResolverRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteResolverRuleResponse.proto b/fixture/DeleteResolverRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteResolverRuleResponse.proto
diff --git a/fixture/DisassociateFirewallRuleGroup.yaml b/fixture/DisassociateFirewallRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateFirewallRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateFirewallRuleGroupResponse.proto b/fixture/DisassociateFirewallRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateFirewallRuleGroupResponse.proto
diff --git a/fixture/DisassociateResolverEndpointIpAddress.yaml b/fixture/DisassociateResolverEndpointIpAddress.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateResolverEndpointIpAddress.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateResolverEndpointIpAddressResponse.proto b/fixture/DisassociateResolverEndpointIpAddressResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateResolverEndpointIpAddressResponse.proto
diff --git a/fixture/DisassociateResolverQueryLogConfig.yaml b/fixture/DisassociateResolverQueryLogConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateResolverQueryLogConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateResolverQueryLogConfigResponse.proto b/fixture/DisassociateResolverQueryLogConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateResolverQueryLogConfigResponse.proto
diff --git a/fixture/DisassociateResolverRule.yaml b/fixture/DisassociateResolverRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateResolverRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateResolverRuleResponse.proto b/fixture/DisassociateResolverRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateResolverRuleResponse.proto
diff --git a/fixture/GetFirewallConfig.yaml b/fixture/GetFirewallConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFirewallConfigResponse.proto b/fixture/GetFirewallConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallConfigResponse.proto
diff --git a/fixture/GetFirewallDomainList.yaml b/fixture/GetFirewallDomainList.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallDomainList.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFirewallDomainListResponse.proto b/fixture/GetFirewallDomainListResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallDomainListResponse.proto
diff --git a/fixture/GetFirewallRuleGroup.yaml b/fixture/GetFirewallRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFirewallRuleGroupAssociation.yaml b/fixture/GetFirewallRuleGroupAssociation.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallRuleGroupAssociation.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFirewallRuleGroupAssociationResponse.proto b/fixture/GetFirewallRuleGroupAssociationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallRuleGroupAssociationResponse.proto
diff --git a/fixture/GetFirewallRuleGroupPolicy.yaml b/fixture/GetFirewallRuleGroupPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallRuleGroupPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetFirewallRuleGroupPolicyResponse.proto b/fixture/GetFirewallRuleGroupPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallRuleGroupPolicyResponse.proto
diff --git a/fixture/GetFirewallRuleGroupResponse.proto b/fixture/GetFirewallRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetFirewallRuleGroupResponse.proto
diff --git a/fixture/GetResolverConfig.yaml b/fixture/GetResolverConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverConfigResponse.proto b/fixture/GetResolverConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverConfigResponse.proto
diff --git a/fixture/GetResolverDnssecConfig.yaml b/fixture/GetResolverDnssecConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverDnssecConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverDnssecConfigResponse.proto b/fixture/GetResolverDnssecConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverDnssecConfigResponse.proto
diff --git a/fixture/GetResolverEndpoint.yaml b/fixture/GetResolverEndpoint.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverEndpoint.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverEndpointResponse.proto b/fixture/GetResolverEndpointResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverEndpointResponse.proto
diff --git a/fixture/GetResolverQueryLogConfig.yaml b/fixture/GetResolverQueryLogConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverQueryLogConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverQueryLogConfigAssociation.yaml b/fixture/GetResolverQueryLogConfigAssociation.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverQueryLogConfigAssociation.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverQueryLogConfigAssociationResponse.proto b/fixture/GetResolverQueryLogConfigAssociationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverQueryLogConfigAssociationResponse.proto
diff --git a/fixture/GetResolverQueryLogConfigPolicy.yaml b/fixture/GetResolverQueryLogConfigPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverQueryLogConfigPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverQueryLogConfigPolicyResponse.proto b/fixture/GetResolverQueryLogConfigPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverQueryLogConfigPolicyResponse.proto
diff --git a/fixture/GetResolverQueryLogConfigResponse.proto b/fixture/GetResolverQueryLogConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverQueryLogConfigResponse.proto
diff --git a/fixture/GetResolverRule.yaml b/fixture/GetResolverRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverRuleAssociation.yaml b/fixture/GetResolverRuleAssociation.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverRuleAssociation.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverRuleAssociationResponse.proto b/fixture/GetResolverRuleAssociationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverRuleAssociationResponse.proto
diff --git a/fixture/GetResolverRulePolicy.yaml b/fixture/GetResolverRulePolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverRulePolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetResolverRulePolicyResponse.proto b/fixture/GetResolverRulePolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverRulePolicyResponse.proto
diff --git a/fixture/GetResolverRuleResponse.proto b/fixture/GetResolverRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetResolverRuleResponse.proto
diff --git a/fixture/ImportFirewallDomains.yaml b/fixture/ImportFirewallDomains.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ImportFirewallDomains.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ImportFirewallDomainsResponse.proto b/fixture/ImportFirewallDomainsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ImportFirewallDomainsResponse.proto
diff --git a/fixture/ListFirewallConfigs.yaml b/fixture/ListFirewallConfigs.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallConfigs.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFirewallConfigsResponse.proto b/fixture/ListFirewallConfigsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallConfigsResponse.proto
diff --git a/fixture/ListFirewallDomainLists.yaml b/fixture/ListFirewallDomainLists.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallDomainLists.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFirewallDomainListsResponse.proto b/fixture/ListFirewallDomainListsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallDomainListsResponse.proto
diff --git a/fixture/ListFirewallDomains.yaml b/fixture/ListFirewallDomains.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallDomains.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFirewallDomainsResponse.proto b/fixture/ListFirewallDomainsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallDomainsResponse.proto
diff --git a/fixture/ListFirewallRuleGroupAssociations.yaml b/fixture/ListFirewallRuleGroupAssociations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallRuleGroupAssociations.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFirewallRuleGroupAssociationsResponse.proto b/fixture/ListFirewallRuleGroupAssociationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallRuleGroupAssociationsResponse.proto
diff --git a/fixture/ListFirewallRuleGroups.yaml b/fixture/ListFirewallRuleGroups.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallRuleGroups.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFirewallRuleGroupsResponse.proto b/fixture/ListFirewallRuleGroupsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallRuleGroupsResponse.proto
diff --git a/fixture/ListFirewallRules.yaml b/fixture/ListFirewallRules.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallRules.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListFirewallRulesResponse.proto b/fixture/ListFirewallRulesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListFirewallRulesResponse.proto
diff --git a/fixture/ListResolverConfigs.yaml b/fixture/ListResolverConfigs.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverConfigs.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverConfigsResponse.proto b/fixture/ListResolverConfigsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverConfigsResponse.proto
diff --git a/fixture/ListResolverDnssecConfigs.yaml b/fixture/ListResolverDnssecConfigs.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverDnssecConfigs.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverDnssecConfigsResponse.proto b/fixture/ListResolverDnssecConfigsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverDnssecConfigsResponse.proto
diff --git a/fixture/ListResolverEndpointIpAddresses.yaml b/fixture/ListResolverEndpointIpAddresses.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverEndpointIpAddresses.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverEndpointIpAddressesResponse.proto b/fixture/ListResolverEndpointIpAddressesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverEndpointIpAddressesResponse.proto
diff --git a/fixture/ListResolverEndpoints.yaml b/fixture/ListResolverEndpoints.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverEndpoints.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverEndpointsResponse.proto b/fixture/ListResolverEndpointsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverEndpointsResponse.proto
diff --git a/fixture/ListResolverQueryLogConfigAssociations.yaml b/fixture/ListResolverQueryLogConfigAssociations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverQueryLogConfigAssociations.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverQueryLogConfigAssociationsResponse.proto b/fixture/ListResolverQueryLogConfigAssociationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverQueryLogConfigAssociationsResponse.proto
diff --git a/fixture/ListResolverQueryLogConfigs.yaml b/fixture/ListResolverQueryLogConfigs.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverQueryLogConfigs.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverQueryLogConfigsResponse.proto b/fixture/ListResolverQueryLogConfigsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverQueryLogConfigsResponse.proto
diff --git a/fixture/ListResolverRuleAssociations.yaml b/fixture/ListResolverRuleAssociations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverRuleAssociations.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverRuleAssociationsResponse.proto b/fixture/ListResolverRuleAssociationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverRuleAssociationsResponse.proto
diff --git a/fixture/ListResolverRules.yaml b/fixture/ListResolverRules.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverRules.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResolverRulesResponse.proto b/fixture/ListResolverRulesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResolverRulesResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/PutFirewallRuleGroupPolicy.yaml b/fixture/PutFirewallRuleGroupPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutFirewallRuleGroupPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutFirewallRuleGroupPolicyResponse.proto b/fixture/PutFirewallRuleGroupPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutFirewallRuleGroupPolicyResponse.proto
diff --git a/fixture/PutResolverQueryLogConfigPolicy.yaml b/fixture/PutResolverQueryLogConfigPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutResolverQueryLogConfigPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutResolverQueryLogConfigPolicyResponse.proto b/fixture/PutResolverQueryLogConfigPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutResolverQueryLogConfigPolicyResponse.proto
diff --git a/fixture/PutResolverRulePolicy.yaml b/fixture/PutResolverRulePolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutResolverRulePolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutResolverRulePolicyResponse.proto b/fixture/PutResolverRulePolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutResolverRulePolicyResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateFirewallConfig.yaml b/fixture/UpdateFirewallConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateFirewallConfigResponse.proto b/fixture/UpdateFirewallConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallConfigResponse.proto
diff --git a/fixture/UpdateFirewallDomains.yaml b/fixture/UpdateFirewallDomains.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallDomains.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateFirewallDomainsResponse.proto b/fixture/UpdateFirewallDomainsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallDomainsResponse.proto
diff --git a/fixture/UpdateFirewallRule.yaml b/fixture/UpdateFirewallRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateFirewallRuleGroupAssociation.yaml b/fixture/UpdateFirewallRuleGroupAssociation.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallRuleGroupAssociation.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateFirewallRuleGroupAssociationResponse.proto b/fixture/UpdateFirewallRuleGroupAssociationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallRuleGroupAssociationResponse.proto
diff --git a/fixture/UpdateFirewallRuleResponse.proto b/fixture/UpdateFirewallRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateFirewallRuleResponse.proto
diff --git a/fixture/UpdateResolverConfig.yaml b/fixture/UpdateResolverConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateResolverConfigResponse.proto b/fixture/UpdateResolverConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverConfigResponse.proto
diff --git a/fixture/UpdateResolverDnssecConfig.yaml b/fixture/UpdateResolverDnssecConfig.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverDnssecConfig.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateResolverDnssecConfigResponse.proto b/fixture/UpdateResolverDnssecConfigResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverDnssecConfigResponse.proto
diff --git a/fixture/UpdateResolverEndpoint.yaml b/fixture/UpdateResolverEndpoint.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverEndpoint.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateResolverEndpointResponse.proto b/fixture/UpdateResolverEndpointResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverEndpointResponse.proto
diff --git a/fixture/UpdateResolverRule.yaml b/fixture/UpdateResolverRule.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverRule.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/route53resolver/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  route53resolver.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateResolverRuleResponse.proto b/fixture/UpdateResolverRuleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateResolverRuleResponse.proto
diff --git a/gen/Amazonka/Route53Resolver.hs b/gen/Amazonka/Route53Resolver.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver.hs
@@ -0,0 +1,747 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.Route53Resolver
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2018-04-01@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- When you create a VPC using Amazon VPC, you automatically get DNS
+-- resolution within the VPC from Route 53 Resolver. By default, Resolver
+-- answers DNS queries for VPC domain names such as domain names for EC2
+-- instances or Elastic Load Balancing load balancers. Resolver performs
+-- recursive lookups against public name servers for all other domain
+-- names.
+--
+-- You can also configure DNS resolution between your VPC and your network
+-- over a Direct Connect or VPN connection:
+--
+-- __Forward DNS queries from resolvers on your network to Route 53
+-- Resolver__
+--
+-- DNS resolvers on your network can forward DNS queries to Resolver in a
+-- specified VPC. This allows your DNS resolvers to easily resolve domain
+-- names for Amazon Web Services resources such as EC2 instances or records
+-- in a Route 53 private hosted zone. For more information, see
+-- <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-network-to-vpc How DNS Resolvers on Your Network Forward DNS Queries to Route 53 Resolver>
+-- in the /Amazon Route 53 Developer Guide/.
+--
+-- __Conditionally forward queries from a VPC to resolvers on your
+-- network__
+--
+-- You can configure Resolver to forward queries that it receives from EC2
+-- instances in your VPCs to DNS resolvers on your network. To forward
+-- selected queries, you create Resolver rules that specify the domain
+-- names for the DNS queries that you want to forward (such as
+-- example.com), and the IP addresses of the DNS resolvers on your network
+-- that you want to forward the queries to. If a query matches multiple
+-- rules (example.com, acme.example.com), Resolver chooses the rule with
+-- the most specific match (acme.example.com) and forwards the query to the
+-- IP addresses that you specified in that rule. For more information, see
+-- <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-overview-forward-vpc-to-network How Route 53 Resolver Forwards DNS Queries from Your VPCs to Your Network>
+-- in the /Amazon Route 53 Developer Guide/.
+--
+-- Like Amazon VPC, Resolver is Regional. In each Region where you have
+-- VPCs, you can choose whether to forward queries from your VPCs to your
+-- network (outbound queries), from your network to your VPCs (inbound
+-- queries), or both.
+module Amazonka.Route53Resolver
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** ConflictException
+    _ConflictException,
+
+    -- ** InternalServiceErrorException
+    _InternalServiceErrorException,
+
+    -- ** InvalidNextTokenException
+    _InvalidNextTokenException,
+
+    -- ** InvalidParameterException
+    _InvalidParameterException,
+
+    -- ** InvalidPolicyDocument
+    _InvalidPolicyDocument,
+
+    -- ** InvalidRequestException
+    _InvalidRequestException,
+
+    -- ** InvalidTagException
+    _InvalidTagException,
+
+    -- ** LimitExceededException
+    _LimitExceededException,
+
+    -- ** ResourceExistsException
+    _ResourceExistsException,
+
+    -- ** ResourceInUseException
+    _ResourceInUseException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- ** ResourceUnavailableException
+    _ResourceUnavailableException,
+
+    -- ** ThrottlingException
+    _ThrottlingException,
+
+    -- ** UnknownResourceException
+    _UnknownResourceException,
+
+    -- ** ValidationException
+    _ValidationException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** AssociateFirewallRuleGroup
+    AssociateFirewallRuleGroup (AssociateFirewallRuleGroup'),
+    newAssociateFirewallRuleGroup,
+    AssociateFirewallRuleGroupResponse (AssociateFirewallRuleGroupResponse'),
+    newAssociateFirewallRuleGroupResponse,
+
+    -- ** AssociateResolverEndpointIpAddress
+    AssociateResolverEndpointIpAddress (AssociateResolverEndpointIpAddress'),
+    newAssociateResolverEndpointIpAddress,
+    AssociateResolverEndpointIpAddressResponse (AssociateResolverEndpointIpAddressResponse'),
+    newAssociateResolverEndpointIpAddressResponse,
+
+    -- ** AssociateResolverQueryLogConfig
+    AssociateResolverQueryLogConfig (AssociateResolverQueryLogConfig'),
+    newAssociateResolverQueryLogConfig,
+    AssociateResolverQueryLogConfigResponse (AssociateResolverQueryLogConfigResponse'),
+    newAssociateResolverQueryLogConfigResponse,
+
+    -- ** AssociateResolverRule
+    AssociateResolverRule (AssociateResolverRule'),
+    newAssociateResolverRule,
+    AssociateResolverRuleResponse (AssociateResolverRuleResponse'),
+    newAssociateResolverRuleResponse,
+
+    -- ** CreateFirewallDomainList
+    CreateFirewallDomainList (CreateFirewallDomainList'),
+    newCreateFirewallDomainList,
+    CreateFirewallDomainListResponse (CreateFirewallDomainListResponse'),
+    newCreateFirewallDomainListResponse,
+
+    -- ** CreateFirewallRule
+    CreateFirewallRule (CreateFirewallRule'),
+    newCreateFirewallRule,
+    CreateFirewallRuleResponse (CreateFirewallRuleResponse'),
+    newCreateFirewallRuleResponse,
+
+    -- ** CreateFirewallRuleGroup
+    CreateFirewallRuleGroup (CreateFirewallRuleGroup'),
+    newCreateFirewallRuleGroup,
+    CreateFirewallRuleGroupResponse (CreateFirewallRuleGroupResponse'),
+    newCreateFirewallRuleGroupResponse,
+
+    -- ** CreateResolverEndpoint
+    CreateResolverEndpoint (CreateResolverEndpoint'),
+    newCreateResolverEndpoint,
+    CreateResolverEndpointResponse (CreateResolverEndpointResponse'),
+    newCreateResolverEndpointResponse,
+
+    -- ** CreateResolverQueryLogConfig
+    CreateResolverQueryLogConfig (CreateResolverQueryLogConfig'),
+    newCreateResolverQueryLogConfig,
+    CreateResolverQueryLogConfigResponse (CreateResolverQueryLogConfigResponse'),
+    newCreateResolverQueryLogConfigResponse,
+
+    -- ** CreateResolverRule
+    CreateResolverRule (CreateResolverRule'),
+    newCreateResolverRule,
+    CreateResolverRuleResponse (CreateResolverRuleResponse'),
+    newCreateResolverRuleResponse,
+
+    -- ** DeleteFirewallDomainList
+    DeleteFirewallDomainList (DeleteFirewallDomainList'),
+    newDeleteFirewallDomainList,
+    DeleteFirewallDomainListResponse (DeleteFirewallDomainListResponse'),
+    newDeleteFirewallDomainListResponse,
+
+    -- ** DeleteFirewallRule
+    DeleteFirewallRule (DeleteFirewallRule'),
+    newDeleteFirewallRule,
+    DeleteFirewallRuleResponse (DeleteFirewallRuleResponse'),
+    newDeleteFirewallRuleResponse,
+
+    -- ** DeleteFirewallRuleGroup
+    DeleteFirewallRuleGroup (DeleteFirewallRuleGroup'),
+    newDeleteFirewallRuleGroup,
+    DeleteFirewallRuleGroupResponse (DeleteFirewallRuleGroupResponse'),
+    newDeleteFirewallRuleGroupResponse,
+
+    -- ** DeleteResolverEndpoint
+    DeleteResolverEndpoint (DeleteResolverEndpoint'),
+    newDeleteResolverEndpoint,
+    DeleteResolverEndpointResponse (DeleteResolverEndpointResponse'),
+    newDeleteResolverEndpointResponse,
+
+    -- ** DeleteResolverQueryLogConfig
+    DeleteResolverQueryLogConfig (DeleteResolverQueryLogConfig'),
+    newDeleteResolverQueryLogConfig,
+    DeleteResolverQueryLogConfigResponse (DeleteResolverQueryLogConfigResponse'),
+    newDeleteResolverQueryLogConfigResponse,
+
+    -- ** DeleteResolverRule
+    DeleteResolverRule (DeleteResolverRule'),
+    newDeleteResolverRule,
+    DeleteResolverRuleResponse (DeleteResolverRuleResponse'),
+    newDeleteResolverRuleResponse,
+
+    -- ** DisassociateFirewallRuleGroup
+    DisassociateFirewallRuleGroup (DisassociateFirewallRuleGroup'),
+    newDisassociateFirewallRuleGroup,
+    DisassociateFirewallRuleGroupResponse (DisassociateFirewallRuleGroupResponse'),
+    newDisassociateFirewallRuleGroupResponse,
+
+    -- ** DisassociateResolverEndpointIpAddress
+    DisassociateResolverEndpointIpAddress (DisassociateResolverEndpointIpAddress'),
+    newDisassociateResolverEndpointIpAddress,
+    DisassociateResolverEndpointIpAddressResponse (DisassociateResolverEndpointIpAddressResponse'),
+    newDisassociateResolverEndpointIpAddressResponse,
+
+    -- ** DisassociateResolverQueryLogConfig
+    DisassociateResolverQueryLogConfig (DisassociateResolverQueryLogConfig'),
+    newDisassociateResolverQueryLogConfig,
+    DisassociateResolverQueryLogConfigResponse (DisassociateResolverQueryLogConfigResponse'),
+    newDisassociateResolverQueryLogConfigResponse,
+
+    -- ** DisassociateResolverRule
+    DisassociateResolverRule (DisassociateResolverRule'),
+    newDisassociateResolverRule,
+    DisassociateResolverRuleResponse (DisassociateResolverRuleResponse'),
+    newDisassociateResolverRuleResponse,
+
+    -- ** GetFirewallConfig
+    GetFirewallConfig (GetFirewallConfig'),
+    newGetFirewallConfig,
+    GetFirewallConfigResponse (GetFirewallConfigResponse'),
+    newGetFirewallConfigResponse,
+
+    -- ** GetFirewallDomainList
+    GetFirewallDomainList (GetFirewallDomainList'),
+    newGetFirewallDomainList,
+    GetFirewallDomainListResponse (GetFirewallDomainListResponse'),
+    newGetFirewallDomainListResponse,
+
+    -- ** GetFirewallRuleGroup
+    GetFirewallRuleGroup (GetFirewallRuleGroup'),
+    newGetFirewallRuleGroup,
+    GetFirewallRuleGroupResponse (GetFirewallRuleGroupResponse'),
+    newGetFirewallRuleGroupResponse,
+
+    -- ** GetFirewallRuleGroupAssociation
+    GetFirewallRuleGroupAssociation (GetFirewallRuleGroupAssociation'),
+    newGetFirewallRuleGroupAssociation,
+    GetFirewallRuleGroupAssociationResponse (GetFirewallRuleGroupAssociationResponse'),
+    newGetFirewallRuleGroupAssociationResponse,
+
+    -- ** GetFirewallRuleGroupPolicy
+    GetFirewallRuleGroupPolicy (GetFirewallRuleGroupPolicy'),
+    newGetFirewallRuleGroupPolicy,
+    GetFirewallRuleGroupPolicyResponse (GetFirewallRuleGroupPolicyResponse'),
+    newGetFirewallRuleGroupPolicyResponse,
+
+    -- ** GetResolverConfig
+    GetResolverConfig (GetResolverConfig'),
+    newGetResolverConfig,
+    GetResolverConfigResponse (GetResolverConfigResponse'),
+    newGetResolverConfigResponse,
+
+    -- ** GetResolverDnssecConfig
+    GetResolverDnssecConfig (GetResolverDnssecConfig'),
+    newGetResolverDnssecConfig,
+    GetResolverDnssecConfigResponse (GetResolverDnssecConfigResponse'),
+    newGetResolverDnssecConfigResponse,
+
+    -- ** GetResolverEndpoint
+    GetResolverEndpoint (GetResolverEndpoint'),
+    newGetResolverEndpoint,
+    GetResolverEndpointResponse (GetResolverEndpointResponse'),
+    newGetResolverEndpointResponse,
+
+    -- ** GetResolverQueryLogConfig
+    GetResolverQueryLogConfig (GetResolverQueryLogConfig'),
+    newGetResolverQueryLogConfig,
+    GetResolverQueryLogConfigResponse (GetResolverQueryLogConfigResponse'),
+    newGetResolverQueryLogConfigResponse,
+
+    -- ** GetResolverQueryLogConfigAssociation
+    GetResolverQueryLogConfigAssociation (GetResolverQueryLogConfigAssociation'),
+    newGetResolverQueryLogConfigAssociation,
+    GetResolverQueryLogConfigAssociationResponse (GetResolverQueryLogConfigAssociationResponse'),
+    newGetResolverQueryLogConfigAssociationResponse,
+
+    -- ** GetResolverQueryLogConfigPolicy
+    GetResolverQueryLogConfigPolicy (GetResolverQueryLogConfigPolicy'),
+    newGetResolverQueryLogConfigPolicy,
+    GetResolverQueryLogConfigPolicyResponse (GetResolverQueryLogConfigPolicyResponse'),
+    newGetResolverQueryLogConfigPolicyResponse,
+
+    -- ** GetResolverRule
+    GetResolverRule (GetResolverRule'),
+    newGetResolverRule,
+    GetResolverRuleResponse (GetResolverRuleResponse'),
+    newGetResolverRuleResponse,
+
+    -- ** GetResolverRuleAssociation
+    GetResolverRuleAssociation (GetResolverRuleAssociation'),
+    newGetResolverRuleAssociation,
+    GetResolverRuleAssociationResponse (GetResolverRuleAssociationResponse'),
+    newGetResolverRuleAssociationResponse,
+
+    -- ** GetResolverRulePolicy
+    GetResolverRulePolicy (GetResolverRulePolicy'),
+    newGetResolverRulePolicy,
+    GetResolverRulePolicyResponse (GetResolverRulePolicyResponse'),
+    newGetResolverRulePolicyResponse,
+
+    -- ** ImportFirewallDomains
+    ImportFirewallDomains (ImportFirewallDomains'),
+    newImportFirewallDomains,
+    ImportFirewallDomainsResponse (ImportFirewallDomainsResponse'),
+    newImportFirewallDomainsResponse,
+
+    -- ** ListFirewallConfigs (Paginated)
+    ListFirewallConfigs (ListFirewallConfigs'),
+    newListFirewallConfigs,
+    ListFirewallConfigsResponse (ListFirewallConfigsResponse'),
+    newListFirewallConfigsResponse,
+
+    -- ** ListFirewallDomainLists (Paginated)
+    ListFirewallDomainLists (ListFirewallDomainLists'),
+    newListFirewallDomainLists,
+    ListFirewallDomainListsResponse (ListFirewallDomainListsResponse'),
+    newListFirewallDomainListsResponse,
+
+    -- ** ListFirewallDomains (Paginated)
+    ListFirewallDomains (ListFirewallDomains'),
+    newListFirewallDomains,
+    ListFirewallDomainsResponse (ListFirewallDomainsResponse'),
+    newListFirewallDomainsResponse,
+
+    -- ** ListFirewallRuleGroupAssociations (Paginated)
+    ListFirewallRuleGroupAssociations (ListFirewallRuleGroupAssociations'),
+    newListFirewallRuleGroupAssociations,
+    ListFirewallRuleGroupAssociationsResponse (ListFirewallRuleGroupAssociationsResponse'),
+    newListFirewallRuleGroupAssociationsResponse,
+
+    -- ** ListFirewallRuleGroups (Paginated)
+    ListFirewallRuleGroups (ListFirewallRuleGroups'),
+    newListFirewallRuleGroups,
+    ListFirewallRuleGroupsResponse (ListFirewallRuleGroupsResponse'),
+    newListFirewallRuleGroupsResponse,
+
+    -- ** ListFirewallRules (Paginated)
+    ListFirewallRules (ListFirewallRules'),
+    newListFirewallRules,
+    ListFirewallRulesResponse (ListFirewallRulesResponse'),
+    newListFirewallRulesResponse,
+
+    -- ** ListResolverConfigs (Paginated)
+    ListResolverConfigs (ListResolverConfigs'),
+    newListResolverConfigs,
+    ListResolverConfigsResponse (ListResolverConfigsResponse'),
+    newListResolverConfigsResponse,
+
+    -- ** ListResolverDnssecConfigs (Paginated)
+    ListResolverDnssecConfigs (ListResolverDnssecConfigs'),
+    newListResolverDnssecConfigs,
+    ListResolverDnssecConfigsResponse (ListResolverDnssecConfigsResponse'),
+    newListResolverDnssecConfigsResponse,
+
+    -- ** ListResolverEndpointIpAddresses (Paginated)
+    ListResolverEndpointIpAddresses (ListResolverEndpointIpAddresses'),
+    newListResolverEndpointIpAddresses,
+    ListResolverEndpointIpAddressesResponse (ListResolverEndpointIpAddressesResponse'),
+    newListResolverEndpointIpAddressesResponse,
+
+    -- ** ListResolverEndpoints (Paginated)
+    ListResolverEndpoints (ListResolverEndpoints'),
+    newListResolverEndpoints,
+    ListResolverEndpointsResponse (ListResolverEndpointsResponse'),
+    newListResolverEndpointsResponse,
+
+    -- ** ListResolverQueryLogConfigAssociations (Paginated)
+    ListResolverQueryLogConfigAssociations (ListResolverQueryLogConfigAssociations'),
+    newListResolverQueryLogConfigAssociations,
+    ListResolverQueryLogConfigAssociationsResponse (ListResolverQueryLogConfigAssociationsResponse'),
+    newListResolverQueryLogConfigAssociationsResponse,
+
+    -- ** ListResolverQueryLogConfigs (Paginated)
+    ListResolverQueryLogConfigs (ListResolverQueryLogConfigs'),
+    newListResolverQueryLogConfigs,
+    ListResolverQueryLogConfigsResponse (ListResolverQueryLogConfigsResponse'),
+    newListResolverQueryLogConfigsResponse,
+
+    -- ** ListResolverRuleAssociations (Paginated)
+    ListResolverRuleAssociations (ListResolverRuleAssociations'),
+    newListResolverRuleAssociations,
+    ListResolverRuleAssociationsResponse (ListResolverRuleAssociationsResponse'),
+    newListResolverRuleAssociationsResponse,
+
+    -- ** ListResolverRules (Paginated)
+    ListResolverRules (ListResolverRules'),
+    newListResolverRules,
+    ListResolverRulesResponse (ListResolverRulesResponse'),
+    newListResolverRulesResponse,
+
+    -- ** ListTagsForResource (Paginated)
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** PutFirewallRuleGroupPolicy
+    PutFirewallRuleGroupPolicy (PutFirewallRuleGroupPolicy'),
+    newPutFirewallRuleGroupPolicy,
+    PutFirewallRuleGroupPolicyResponse (PutFirewallRuleGroupPolicyResponse'),
+    newPutFirewallRuleGroupPolicyResponse,
+
+    -- ** PutResolverQueryLogConfigPolicy
+    PutResolverQueryLogConfigPolicy (PutResolverQueryLogConfigPolicy'),
+    newPutResolverQueryLogConfigPolicy,
+    PutResolverQueryLogConfigPolicyResponse (PutResolverQueryLogConfigPolicyResponse'),
+    newPutResolverQueryLogConfigPolicyResponse,
+
+    -- ** PutResolverRulePolicy
+    PutResolverRulePolicy (PutResolverRulePolicy'),
+    newPutResolverRulePolicy,
+    PutResolverRulePolicyResponse (PutResolverRulePolicyResponse'),
+    newPutResolverRulePolicyResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateFirewallConfig
+    UpdateFirewallConfig (UpdateFirewallConfig'),
+    newUpdateFirewallConfig,
+    UpdateFirewallConfigResponse (UpdateFirewallConfigResponse'),
+    newUpdateFirewallConfigResponse,
+
+    -- ** UpdateFirewallDomains
+    UpdateFirewallDomains (UpdateFirewallDomains'),
+    newUpdateFirewallDomains,
+    UpdateFirewallDomainsResponse (UpdateFirewallDomainsResponse'),
+    newUpdateFirewallDomainsResponse,
+
+    -- ** UpdateFirewallRule
+    UpdateFirewallRule (UpdateFirewallRule'),
+    newUpdateFirewallRule,
+    UpdateFirewallRuleResponse (UpdateFirewallRuleResponse'),
+    newUpdateFirewallRuleResponse,
+
+    -- ** UpdateFirewallRuleGroupAssociation
+    UpdateFirewallRuleGroupAssociation (UpdateFirewallRuleGroupAssociation'),
+    newUpdateFirewallRuleGroupAssociation,
+    UpdateFirewallRuleGroupAssociationResponse (UpdateFirewallRuleGroupAssociationResponse'),
+    newUpdateFirewallRuleGroupAssociationResponse,
+
+    -- ** UpdateResolverConfig
+    UpdateResolverConfig (UpdateResolverConfig'),
+    newUpdateResolverConfig,
+    UpdateResolverConfigResponse (UpdateResolverConfigResponse'),
+    newUpdateResolverConfigResponse,
+
+    -- ** UpdateResolverDnssecConfig
+    UpdateResolverDnssecConfig (UpdateResolverDnssecConfig'),
+    newUpdateResolverDnssecConfig,
+    UpdateResolverDnssecConfigResponse (UpdateResolverDnssecConfigResponse'),
+    newUpdateResolverDnssecConfigResponse,
+
+    -- ** UpdateResolverEndpoint
+    UpdateResolverEndpoint (UpdateResolverEndpoint'),
+    newUpdateResolverEndpoint,
+    UpdateResolverEndpointResponse (UpdateResolverEndpointResponse'),
+    newUpdateResolverEndpointResponse,
+
+    -- ** UpdateResolverRule
+    UpdateResolverRule (UpdateResolverRule'),
+    newUpdateResolverRule,
+    UpdateResolverRuleResponse (UpdateResolverRuleResponse'),
+    newUpdateResolverRuleResponse,
+
+    -- * Types
+
+    -- ** Action
+    Action (..),
+
+    -- ** AutodefinedReverseFlag
+    AutodefinedReverseFlag (..),
+
+    -- ** BlockOverrideDnsType
+    BlockOverrideDnsType (..),
+
+    -- ** BlockResponse
+    BlockResponse (..),
+
+    -- ** FirewallDomainImportOperation
+    FirewallDomainImportOperation (..),
+
+    -- ** FirewallDomainListStatus
+    FirewallDomainListStatus (..),
+
+    -- ** FirewallDomainUpdateOperation
+    FirewallDomainUpdateOperation (..),
+
+    -- ** FirewallFailOpenStatus
+    FirewallFailOpenStatus (..),
+
+    -- ** FirewallRuleGroupAssociationStatus
+    FirewallRuleGroupAssociationStatus (..),
+
+    -- ** FirewallRuleGroupStatus
+    FirewallRuleGroupStatus (..),
+
+    -- ** IpAddressStatus
+    IpAddressStatus (..),
+
+    -- ** MutationProtectionStatus
+    MutationProtectionStatus (..),
+
+    -- ** ResolverAutodefinedReverseStatus
+    ResolverAutodefinedReverseStatus (..),
+
+    -- ** ResolverDNSSECValidationStatus
+    ResolverDNSSECValidationStatus (..),
+
+    -- ** ResolverEndpointDirection
+    ResolverEndpointDirection (..),
+
+    -- ** ResolverEndpointStatus
+    ResolverEndpointStatus (..),
+
+    -- ** ResolverQueryLogConfigAssociationError
+    ResolverQueryLogConfigAssociationError (..),
+
+    -- ** ResolverQueryLogConfigAssociationStatus
+    ResolverQueryLogConfigAssociationStatus (..),
+
+    -- ** ResolverQueryLogConfigStatus
+    ResolverQueryLogConfigStatus (..),
+
+    -- ** ResolverRuleAssociationStatus
+    ResolverRuleAssociationStatus (..),
+
+    -- ** ResolverRuleStatus
+    ResolverRuleStatus (..),
+
+    -- ** RuleTypeOption
+    RuleTypeOption (..),
+
+    -- ** ShareStatus
+    ShareStatus (..),
+
+    -- ** SortOrder
+    SortOrder (..),
+
+    -- ** Validation
+    Validation (..),
+
+    -- ** Filter
+    Filter (Filter'),
+    newFilter,
+
+    -- ** FirewallConfig
+    FirewallConfig (FirewallConfig'),
+    newFirewallConfig,
+
+    -- ** FirewallDomainList
+    FirewallDomainList (FirewallDomainList'),
+    newFirewallDomainList,
+
+    -- ** FirewallDomainListMetadata
+    FirewallDomainListMetadata (FirewallDomainListMetadata'),
+    newFirewallDomainListMetadata,
+
+    -- ** FirewallRule
+    FirewallRule (FirewallRule'),
+    newFirewallRule,
+
+    -- ** FirewallRuleGroup
+    FirewallRuleGroup (FirewallRuleGroup'),
+    newFirewallRuleGroup,
+
+    -- ** FirewallRuleGroupAssociation
+    FirewallRuleGroupAssociation (FirewallRuleGroupAssociation'),
+    newFirewallRuleGroupAssociation,
+
+    -- ** FirewallRuleGroupMetadata
+    FirewallRuleGroupMetadata (FirewallRuleGroupMetadata'),
+    newFirewallRuleGroupMetadata,
+
+    -- ** IpAddressRequest
+    IpAddressRequest (IpAddressRequest'),
+    newIpAddressRequest,
+
+    -- ** IpAddressResponse
+    IpAddressResponse (IpAddressResponse'),
+    newIpAddressResponse,
+
+    -- ** IpAddressUpdate
+    IpAddressUpdate (IpAddressUpdate'),
+    newIpAddressUpdate,
+
+    -- ** ResolverConfig
+    ResolverConfig (ResolverConfig'),
+    newResolverConfig,
+
+    -- ** ResolverDnssecConfig
+    ResolverDnssecConfig (ResolverDnssecConfig'),
+    newResolverDnssecConfig,
+
+    -- ** ResolverEndpoint
+    ResolverEndpoint (ResolverEndpoint'),
+    newResolverEndpoint,
+
+    -- ** ResolverQueryLogConfig
+    ResolverQueryLogConfig (ResolverQueryLogConfig'),
+    newResolverQueryLogConfig,
+
+    -- ** ResolverQueryLogConfigAssociation
+    ResolverQueryLogConfigAssociation (ResolverQueryLogConfigAssociation'),
+    newResolverQueryLogConfigAssociation,
+
+    -- ** ResolverRule
+    ResolverRule (ResolverRule'),
+    newResolverRule,
+
+    -- ** ResolverRuleAssociation
+    ResolverRuleAssociation (ResolverRuleAssociation'),
+    newResolverRuleAssociation,
+
+    -- ** ResolverRuleConfig
+    ResolverRuleConfig (ResolverRuleConfig'),
+    newResolverRuleConfig,
+
+    -- ** Tag
+    Tag (Tag'),
+    newTag,
+
+    -- ** TargetAddress
+    TargetAddress (TargetAddress'),
+    newTargetAddress,
+  )
+where
+
+import Amazonka.Route53Resolver.AssociateFirewallRuleGroup
+import Amazonka.Route53Resolver.AssociateResolverEndpointIpAddress
+import Amazonka.Route53Resolver.AssociateResolverQueryLogConfig
+import Amazonka.Route53Resolver.AssociateResolverRule
+import Amazonka.Route53Resolver.CreateFirewallDomainList
+import Amazonka.Route53Resolver.CreateFirewallRule
+import Amazonka.Route53Resolver.CreateFirewallRuleGroup
+import Amazonka.Route53Resolver.CreateResolverEndpoint
+import Amazonka.Route53Resolver.CreateResolverQueryLogConfig
+import Amazonka.Route53Resolver.CreateResolverRule
+import Amazonka.Route53Resolver.DeleteFirewallDomainList
+import Amazonka.Route53Resolver.DeleteFirewallRule
+import Amazonka.Route53Resolver.DeleteFirewallRuleGroup
+import Amazonka.Route53Resolver.DeleteResolverEndpoint
+import Amazonka.Route53Resolver.DeleteResolverQueryLogConfig
+import Amazonka.Route53Resolver.DeleteResolverRule
+import Amazonka.Route53Resolver.DisassociateFirewallRuleGroup
+import Amazonka.Route53Resolver.DisassociateResolverEndpointIpAddress
+import Amazonka.Route53Resolver.DisassociateResolverQueryLogConfig
+import Amazonka.Route53Resolver.DisassociateResolverRule
+import Amazonka.Route53Resolver.GetFirewallConfig
+import Amazonka.Route53Resolver.GetFirewallDomainList
+import Amazonka.Route53Resolver.GetFirewallRuleGroup
+import Amazonka.Route53Resolver.GetFirewallRuleGroupAssociation
+import Amazonka.Route53Resolver.GetFirewallRuleGroupPolicy
+import Amazonka.Route53Resolver.GetResolverConfig
+import Amazonka.Route53Resolver.GetResolverDnssecConfig
+import Amazonka.Route53Resolver.GetResolverEndpoint
+import Amazonka.Route53Resolver.GetResolverQueryLogConfig
+import Amazonka.Route53Resolver.GetResolverQueryLogConfigAssociation
+import Amazonka.Route53Resolver.GetResolverQueryLogConfigPolicy
+import Amazonka.Route53Resolver.GetResolverRule
+import Amazonka.Route53Resolver.GetResolverRuleAssociation
+import Amazonka.Route53Resolver.GetResolverRulePolicy
+import Amazonka.Route53Resolver.ImportFirewallDomains
+import Amazonka.Route53Resolver.Lens
+import Amazonka.Route53Resolver.ListFirewallConfigs
+import Amazonka.Route53Resolver.ListFirewallDomainLists
+import Amazonka.Route53Resolver.ListFirewallDomains
+import Amazonka.Route53Resolver.ListFirewallRuleGroupAssociations
+import Amazonka.Route53Resolver.ListFirewallRuleGroups
+import Amazonka.Route53Resolver.ListFirewallRules
+import Amazonka.Route53Resolver.ListResolverConfigs
+import Amazonka.Route53Resolver.ListResolverDnssecConfigs
+import Amazonka.Route53Resolver.ListResolverEndpointIpAddresses
+import Amazonka.Route53Resolver.ListResolverEndpoints
+import Amazonka.Route53Resolver.ListResolverQueryLogConfigAssociations
+import Amazonka.Route53Resolver.ListResolverQueryLogConfigs
+import Amazonka.Route53Resolver.ListResolverRuleAssociations
+import Amazonka.Route53Resolver.ListResolverRules
+import Amazonka.Route53Resolver.ListTagsForResource
+import Amazonka.Route53Resolver.PutFirewallRuleGroupPolicy
+import Amazonka.Route53Resolver.PutResolverQueryLogConfigPolicy
+import Amazonka.Route53Resolver.PutResolverRulePolicy
+import Amazonka.Route53Resolver.TagResource
+import Amazonka.Route53Resolver.Types
+import Amazonka.Route53Resolver.UntagResource
+import Amazonka.Route53Resolver.UpdateFirewallConfig
+import Amazonka.Route53Resolver.UpdateFirewallDomains
+import Amazonka.Route53Resolver.UpdateFirewallRule
+import Amazonka.Route53Resolver.UpdateFirewallRuleGroupAssociation
+import Amazonka.Route53Resolver.UpdateResolverConfig
+import Amazonka.Route53Resolver.UpdateResolverDnssecConfig
+import Amazonka.Route53Resolver.UpdateResolverEndpoint
+import Amazonka.Route53Resolver.UpdateResolverRule
+import Amazonka.Route53Resolver.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'Route53Resolver'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/Route53Resolver/AssociateFirewallRuleGroup.hs b/gen/Amazonka/Route53Resolver/AssociateFirewallRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/AssociateFirewallRuleGroup.hs
@@ -0,0 +1,332 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.AssociateFirewallRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for
+-- the VPC.
+module Amazonka.Route53Resolver.AssociateFirewallRuleGroup
+  ( -- * Creating a Request
+    AssociateFirewallRuleGroup (..),
+    newAssociateFirewallRuleGroup,
+
+    -- * Request Lenses
+    associateFirewallRuleGroup_mutationProtection,
+    associateFirewallRuleGroup_tags,
+    associateFirewallRuleGroup_creatorRequestId,
+    associateFirewallRuleGroup_firewallRuleGroupId,
+    associateFirewallRuleGroup_vpcId,
+    associateFirewallRuleGroup_priority,
+    associateFirewallRuleGroup_name,
+
+    -- * Destructuring the Response
+    AssociateFirewallRuleGroupResponse (..),
+    newAssociateFirewallRuleGroupResponse,
+
+    -- * Response Lenses
+    associateFirewallRuleGroupResponse_firewallRuleGroupAssociation,
+    associateFirewallRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newAssociateFirewallRuleGroup' smart constructor.
+data AssociateFirewallRuleGroup = AssociateFirewallRuleGroup'
+  { -- | If enabled, this setting disallows modification or removal of the
+    -- association, to help prevent against accidentally altering DNS firewall
+    -- protections. When you create the association, the default setting is
+    -- @DISABLED@.
+    mutationProtection :: Prelude.Maybe MutationProtectionStatus,
+    -- | A list of the tag keys and values that you want to associate with the
+    -- rule group association.
+    tags :: Prelude.Maybe [Tag],
+    -- | A unique string that identifies the request and that allows failed
+    -- requests to be retried without the risk of running the operation twice.
+    -- @CreatorRequestId@ can be any unique string, for example, a date\/time
+    -- stamp.
+    creatorRequestId :: Prelude.Text,
+    -- | The unique identifier of the firewall rule group.
+    firewallRuleGroupId :: Prelude.Text,
+    -- | The unique identifier of the VPC that you want to associate with the
+    -- rule group.
+    vpcId :: Prelude.Text,
+    -- | The setting that determines the processing order of the rule group among
+    -- the rule groups that you associate with the specified VPC. DNS Firewall
+    -- filters VPC traffic starting from the rule group with the lowest numeric
+    -- priority setting.
+    --
+    -- You must specify a unique priority for each rule group that you
+    -- associate with a single VPC. To make it easier to insert rule groups
+    -- later, leave space between the numbers, for example, use 101, 200, and
+    -- so on. You can change the priority setting for a rule group association
+    -- after you create it.
+    --
+    -- The allowed values for @Priority@ are between 100 and 9900.
+    priority :: Prelude.Int,
+    -- | A name that lets you identify the association, to manage and use it.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateFirewallRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mutationProtection', 'associateFirewallRuleGroup_mutationProtection' - If enabled, this setting disallows modification or removal of the
+-- association, to help prevent against accidentally altering DNS firewall
+-- protections. When you create the association, the default setting is
+-- @DISABLED@.
+--
+-- 'tags', 'associateFirewallRuleGroup_tags' - A list of the tag keys and values that you want to associate with the
+-- rule group association.
+--
+-- 'creatorRequestId', 'associateFirewallRuleGroup_creatorRequestId' - A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+--
+-- 'firewallRuleGroupId', 'associateFirewallRuleGroup_firewallRuleGroupId' - The unique identifier of the firewall rule group.
+--
+-- 'vpcId', 'associateFirewallRuleGroup_vpcId' - The unique identifier of the VPC that you want to associate with the
+-- rule group.
+--
+-- 'priority', 'associateFirewallRuleGroup_priority' - The setting that determines the processing order of the rule group among
+-- the rule groups that you associate with the specified VPC. DNS Firewall
+-- filters VPC traffic starting from the rule group with the lowest numeric
+-- priority setting.
+--
+-- You must specify a unique priority for each rule group that you
+-- associate with a single VPC. To make it easier to insert rule groups
+-- later, leave space between the numbers, for example, use 101, 200, and
+-- so on. You can change the priority setting for a rule group association
+-- after you create it.
+--
+-- The allowed values for @Priority@ are between 100 and 9900.
+--
+-- 'name', 'associateFirewallRuleGroup_name' - A name that lets you identify the association, to manage and use it.
+newAssociateFirewallRuleGroup ::
+  -- | 'creatorRequestId'
+  Prelude.Text ->
+  -- | 'firewallRuleGroupId'
+  Prelude.Text ->
+  -- | 'vpcId'
+  Prelude.Text ->
+  -- | 'priority'
+  Prelude.Int ->
+  -- | 'name'
+  Prelude.Text ->
+  AssociateFirewallRuleGroup
+newAssociateFirewallRuleGroup
+  pCreatorRequestId_
+  pFirewallRuleGroupId_
+  pVpcId_
+  pPriority_
+  pName_ =
+    AssociateFirewallRuleGroup'
+      { mutationProtection =
+          Prelude.Nothing,
+        tags = Prelude.Nothing,
+        creatorRequestId = pCreatorRequestId_,
+        firewallRuleGroupId = pFirewallRuleGroupId_,
+        vpcId = pVpcId_,
+        priority = pPriority_,
+        name = pName_
+      }
+
+-- | If enabled, this setting disallows modification or removal of the
+-- association, to help prevent against accidentally altering DNS firewall
+-- protections. When you create the association, the default setting is
+-- @DISABLED@.
+associateFirewallRuleGroup_mutationProtection :: Lens.Lens' AssociateFirewallRuleGroup (Prelude.Maybe MutationProtectionStatus)
+associateFirewallRuleGroup_mutationProtection = Lens.lens (\AssociateFirewallRuleGroup' {mutationProtection} -> mutationProtection) (\s@AssociateFirewallRuleGroup' {} a -> s {mutationProtection = a} :: AssociateFirewallRuleGroup)
+
+-- | A list of the tag keys and values that you want to associate with the
+-- rule group association.
+associateFirewallRuleGroup_tags :: Lens.Lens' AssociateFirewallRuleGroup (Prelude.Maybe [Tag])
+associateFirewallRuleGroup_tags = Lens.lens (\AssociateFirewallRuleGroup' {tags} -> tags) (\s@AssociateFirewallRuleGroup' {} a -> s {tags = a} :: AssociateFirewallRuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+associateFirewallRuleGroup_creatorRequestId :: Lens.Lens' AssociateFirewallRuleGroup Prelude.Text
+associateFirewallRuleGroup_creatorRequestId = Lens.lens (\AssociateFirewallRuleGroup' {creatorRequestId} -> creatorRequestId) (\s@AssociateFirewallRuleGroup' {} a -> s {creatorRequestId = a} :: AssociateFirewallRuleGroup)
+
+-- | The unique identifier of the firewall rule group.
+associateFirewallRuleGroup_firewallRuleGroupId :: Lens.Lens' AssociateFirewallRuleGroup Prelude.Text
+associateFirewallRuleGroup_firewallRuleGroupId = Lens.lens (\AssociateFirewallRuleGroup' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@AssociateFirewallRuleGroup' {} a -> s {firewallRuleGroupId = a} :: AssociateFirewallRuleGroup)
+
+-- | The unique identifier of the VPC that you want to associate with the
+-- rule group.
+associateFirewallRuleGroup_vpcId :: Lens.Lens' AssociateFirewallRuleGroup Prelude.Text
+associateFirewallRuleGroup_vpcId = Lens.lens (\AssociateFirewallRuleGroup' {vpcId} -> vpcId) (\s@AssociateFirewallRuleGroup' {} a -> s {vpcId = a} :: AssociateFirewallRuleGroup)
+
+-- | The setting that determines the processing order of the rule group among
+-- the rule groups that you associate with the specified VPC. DNS Firewall
+-- filters VPC traffic starting from the rule group with the lowest numeric
+-- priority setting.
+--
+-- You must specify a unique priority for each rule group that you
+-- associate with a single VPC. To make it easier to insert rule groups
+-- later, leave space between the numbers, for example, use 101, 200, and
+-- so on. You can change the priority setting for a rule group association
+-- after you create it.
+--
+-- The allowed values for @Priority@ are between 100 and 9900.
+associateFirewallRuleGroup_priority :: Lens.Lens' AssociateFirewallRuleGroup Prelude.Int
+associateFirewallRuleGroup_priority = Lens.lens (\AssociateFirewallRuleGroup' {priority} -> priority) (\s@AssociateFirewallRuleGroup' {} a -> s {priority = a} :: AssociateFirewallRuleGroup)
+
+-- | A name that lets you identify the association, to manage and use it.
+associateFirewallRuleGroup_name :: Lens.Lens' AssociateFirewallRuleGroup Prelude.Text
+associateFirewallRuleGroup_name = Lens.lens (\AssociateFirewallRuleGroup' {name} -> name) (\s@AssociateFirewallRuleGroup' {} a -> s {name = a} :: AssociateFirewallRuleGroup)
+
+instance Core.AWSRequest AssociateFirewallRuleGroup where
+  type
+    AWSResponse AssociateFirewallRuleGroup =
+      AssociateFirewallRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          AssociateFirewallRuleGroupResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroupAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable AssociateFirewallRuleGroup where
+  hashWithSalt _salt AssociateFirewallRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` mutationProtection
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` firewallRuleGroupId
+      `Prelude.hashWithSalt` vpcId
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData AssociateFirewallRuleGroup where
+  rnf AssociateFirewallRuleGroup' {..} =
+    Prelude.rnf mutationProtection
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf firewallRuleGroupId
+      `Prelude.seq` Prelude.rnf vpcId
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToHeaders AssociateFirewallRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.AssociateFirewallRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateFirewallRuleGroup where
+  toJSON AssociateFirewallRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MutationProtection" Data..=)
+              Prelude.<$> mutationProtection,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just
+              ("CreatorRequestId" Data..= creatorRequestId),
+            Prelude.Just
+              ("FirewallRuleGroupId" Data..= firewallRuleGroupId),
+            Prelude.Just ("VpcId" Data..= vpcId),
+            Prelude.Just ("Priority" Data..= priority),
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
+
+instance Data.ToPath AssociateFirewallRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery AssociateFirewallRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateFirewallRuleGroupResponse' smart constructor.
+data AssociateFirewallRuleGroupResponse = AssociateFirewallRuleGroupResponse'
+  { -- | The association that you just created. The association has an ID that
+    -- you can use to identify it in other requests, like update and delete.
+    firewallRuleGroupAssociation :: Prelude.Maybe FirewallRuleGroupAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateFirewallRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupAssociation', 'associateFirewallRuleGroupResponse_firewallRuleGroupAssociation' - The association that you just created. The association has an ID that
+-- you can use to identify it in other requests, like update and delete.
+--
+-- 'httpStatus', 'associateFirewallRuleGroupResponse_httpStatus' - The response's http status code.
+newAssociateFirewallRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateFirewallRuleGroupResponse
+newAssociateFirewallRuleGroupResponse pHttpStatus_ =
+  AssociateFirewallRuleGroupResponse'
+    { firewallRuleGroupAssociation =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The association that you just created. The association has an ID that
+-- you can use to identify it in other requests, like update and delete.
+associateFirewallRuleGroupResponse_firewallRuleGroupAssociation :: Lens.Lens' AssociateFirewallRuleGroupResponse (Prelude.Maybe FirewallRuleGroupAssociation)
+associateFirewallRuleGroupResponse_firewallRuleGroupAssociation = Lens.lens (\AssociateFirewallRuleGroupResponse' {firewallRuleGroupAssociation} -> firewallRuleGroupAssociation) (\s@AssociateFirewallRuleGroupResponse' {} a -> s {firewallRuleGroupAssociation = a} :: AssociateFirewallRuleGroupResponse)
+
+-- | The response's http status code.
+associateFirewallRuleGroupResponse_httpStatus :: Lens.Lens' AssociateFirewallRuleGroupResponse Prelude.Int
+associateFirewallRuleGroupResponse_httpStatus = Lens.lens (\AssociateFirewallRuleGroupResponse' {httpStatus} -> httpStatus) (\s@AssociateFirewallRuleGroupResponse' {} a -> s {httpStatus = a} :: AssociateFirewallRuleGroupResponse)
+
+instance
+  Prelude.NFData
+    AssociateFirewallRuleGroupResponse
+  where
+  rnf AssociateFirewallRuleGroupResponse' {..} =
+    Prelude.rnf firewallRuleGroupAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/AssociateResolverEndpointIpAddress.hs b/gen/Amazonka/Route53Resolver/AssociateResolverEndpointIpAddress.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/AssociateResolverEndpointIpAddress.hs
@@ -0,0 +1,233 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.AssociateResolverEndpointIpAddress
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds IP addresses to an inbound or an outbound Resolver endpoint. If you
+-- want to add more than one IP address, submit one
+-- @AssociateResolverEndpointIpAddress@ request for each IP address.
+--
+-- To remove an IP address from an endpoint, see
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverEndpointIpAddress.html DisassociateResolverEndpointIpAddress>.
+module Amazonka.Route53Resolver.AssociateResolverEndpointIpAddress
+  ( -- * Creating a Request
+    AssociateResolverEndpointIpAddress (..),
+    newAssociateResolverEndpointIpAddress,
+
+    -- * Request Lenses
+    associateResolverEndpointIpAddress_resolverEndpointId,
+    associateResolverEndpointIpAddress_ipAddress,
+
+    -- * Destructuring the Response
+    AssociateResolverEndpointIpAddressResponse (..),
+    newAssociateResolverEndpointIpAddressResponse,
+
+    -- * Response Lenses
+    associateResolverEndpointIpAddressResponse_resolverEndpoint,
+    associateResolverEndpointIpAddressResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newAssociateResolverEndpointIpAddress' smart constructor.
+data AssociateResolverEndpointIpAddress = AssociateResolverEndpointIpAddress'
+  { -- | The ID of the Resolver endpoint that you want to associate IP addresses
+    -- with.
+    resolverEndpointId :: Prelude.Text,
+    -- | Either the IPv4 address that you want to add to a Resolver endpoint or a
+    -- subnet ID. If you specify a subnet ID, Resolver chooses an IP address
+    -- for you from the available IPs in the specified subnet.
+    ipAddress :: IpAddressUpdate
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateResolverEndpointIpAddress' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpointId', 'associateResolverEndpointIpAddress_resolverEndpointId' - The ID of the Resolver endpoint that you want to associate IP addresses
+-- with.
+--
+-- 'ipAddress', 'associateResolverEndpointIpAddress_ipAddress' - Either the IPv4 address that you want to add to a Resolver endpoint or a
+-- subnet ID. If you specify a subnet ID, Resolver chooses an IP address
+-- for you from the available IPs in the specified subnet.
+newAssociateResolverEndpointIpAddress ::
+  -- | 'resolverEndpointId'
+  Prelude.Text ->
+  -- | 'ipAddress'
+  IpAddressUpdate ->
+  AssociateResolverEndpointIpAddress
+newAssociateResolverEndpointIpAddress
+  pResolverEndpointId_
+  pIpAddress_ =
+    AssociateResolverEndpointIpAddress'
+      { resolverEndpointId =
+          pResolverEndpointId_,
+        ipAddress = pIpAddress_
+      }
+
+-- | The ID of the Resolver endpoint that you want to associate IP addresses
+-- with.
+associateResolverEndpointIpAddress_resolverEndpointId :: Lens.Lens' AssociateResolverEndpointIpAddress Prelude.Text
+associateResolverEndpointIpAddress_resolverEndpointId = Lens.lens (\AssociateResolverEndpointIpAddress' {resolverEndpointId} -> resolverEndpointId) (\s@AssociateResolverEndpointIpAddress' {} a -> s {resolverEndpointId = a} :: AssociateResolverEndpointIpAddress)
+
+-- | Either the IPv4 address that you want to add to a Resolver endpoint or a
+-- subnet ID. If you specify a subnet ID, Resolver chooses an IP address
+-- for you from the available IPs in the specified subnet.
+associateResolverEndpointIpAddress_ipAddress :: Lens.Lens' AssociateResolverEndpointIpAddress IpAddressUpdate
+associateResolverEndpointIpAddress_ipAddress = Lens.lens (\AssociateResolverEndpointIpAddress' {ipAddress} -> ipAddress) (\s@AssociateResolverEndpointIpAddress' {} a -> s {ipAddress = a} :: AssociateResolverEndpointIpAddress)
+
+instance
+  Core.AWSRequest
+    AssociateResolverEndpointIpAddress
+  where
+  type
+    AWSResponse AssociateResolverEndpointIpAddress =
+      AssociateResolverEndpointIpAddressResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          AssociateResolverEndpointIpAddressResponse'
+            Prelude.<$> (x Data..?> "ResolverEndpoint")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    AssociateResolverEndpointIpAddress
+  where
+  hashWithSalt
+    _salt
+    AssociateResolverEndpointIpAddress' {..} =
+      _salt
+        `Prelude.hashWithSalt` resolverEndpointId
+        `Prelude.hashWithSalt` ipAddress
+
+instance
+  Prelude.NFData
+    AssociateResolverEndpointIpAddress
+  where
+  rnf AssociateResolverEndpointIpAddress' {..} =
+    Prelude.rnf resolverEndpointId
+      `Prelude.seq` Prelude.rnf ipAddress
+
+instance
+  Data.ToHeaders
+    AssociateResolverEndpointIpAddress
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.AssociateResolverEndpointIpAddress" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    AssociateResolverEndpointIpAddress
+  where
+  toJSON AssociateResolverEndpointIpAddress' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ResolverEndpointId" Data..= resolverEndpointId),
+            Prelude.Just ("IpAddress" Data..= ipAddress)
+          ]
+      )
+
+instance
+  Data.ToPath
+    AssociateResolverEndpointIpAddress
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    AssociateResolverEndpointIpAddress
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateResolverEndpointIpAddressResponse' smart constructor.
+data AssociateResolverEndpointIpAddressResponse = AssociateResolverEndpointIpAddressResponse'
+  { -- | The response to an @AssociateResolverEndpointIpAddress@ request.
+    resolverEndpoint :: Prelude.Maybe ResolverEndpoint,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateResolverEndpointIpAddressResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpoint', 'associateResolverEndpointIpAddressResponse_resolverEndpoint' - The response to an @AssociateResolverEndpointIpAddress@ request.
+--
+-- 'httpStatus', 'associateResolverEndpointIpAddressResponse_httpStatus' - The response's http status code.
+newAssociateResolverEndpointIpAddressResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateResolverEndpointIpAddressResponse
+newAssociateResolverEndpointIpAddressResponse
+  pHttpStatus_ =
+    AssociateResolverEndpointIpAddressResponse'
+      { resolverEndpoint =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The response to an @AssociateResolverEndpointIpAddress@ request.
+associateResolverEndpointIpAddressResponse_resolverEndpoint :: Lens.Lens' AssociateResolverEndpointIpAddressResponse (Prelude.Maybe ResolverEndpoint)
+associateResolverEndpointIpAddressResponse_resolverEndpoint = Lens.lens (\AssociateResolverEndpointIpAddressResponse' {resolverEndpoint} -> resolverEndpoint) (\s@AssociateResolverEndpointIpAddressResponse' {} a -> s {resolverEndpoint = a} :: AssociateResolverEndpointIpAddressResponse)
+
+-- | The response's http status code.
+associateResolverEndpointIpAddressResponse_httpStatus :: Lens.Lens' AssociateResolverEndpointIpAddressResponse Prelude.Int
+associateResolverEndpointIpAddressResponse_httpStatus = Lens.lens (\AssociateResolverEndpointIpAddressResponse' {httpStatus} -> httpStatus) (\s@AssociateResolverEndpointIpAddressResponse' {} a -> s {httpStatus = a} :: AssociateResolverEndpointIpAddressResponse)
+
+instance
+  Prelude.NFData
+    AssociateResolverEndpointIpAddressResponse
+  where
+  rnf AssociateResolverEndpointIpAddressResponse' {..} =
+    Prelude.rnf resolverEndpoint
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/AssociateResolverQueryLogConfig.hs b/gen/Amazonka/Route53Resolver/AssociateResolverQueryLogConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/AssociateResolverQueryLogConfig.hs
@@ -0,0 +1,237 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.AssociateResolverQueryLogConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Associates an Amazon VPC with a specified query logging configuration.
+-- Route 53 Resolver logs DNS queries that originate in all of the Amazon
+-- VPCs that are associated with a specified query logging configuration.
+-- To associate more than one VPC with a configuration, submit one
+-- @AssociateResolverQueryLogConfig@ request for each VPC.
+--
+-- The VPCs that you associate with a query logging configuration must be
+-- in the same Region as the configuration.
+--
+-- To remove a VPC from a query logging configuration, see
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverQueryLogConfig.html DisassociateResolverQueryLogConfig>.
+module Amazonka.Route53Resolver.AssociateResolverQueryLogConfig
+  ( -- * Creating a Request
+    AssociateResolverQueryLogConfig (..),
+    newAssociateResolverQueryLogConfig,
+
+    -- * Request Lenses
+    associateResolverQueryLogConfig_resolverQueryLogConfigId,
+    associateResolverQueryLogConfig_resourceId,
+
+    -- * Destructuring the Response
+    AssociateResolverQueryLogConfigResponse (..),
+    newAssociateResolverQueryLogConfigResponse,
+
+    -- * Response Lenses
+    associateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation,
+    associateResolverQueryLogConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newAssociateResolverQueryLogConfig' smart constructor.
+data AssociateResolverQueryLogConfig = AssociateResolverQueryLogConfig'
+  { -- | The ID of the query logging configuration that you want to associate a
+    -- VPC with.
+    resolverQueryLogConfigId :: Prelude.Text,
+    -- | The ID of an Amazon VPC that you want this query logging configuration
+    -- to log queries for.
+    --
+    -- The VPCs and the query logging configuration must be in the same Region.
+    resourceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateResolverQueryLogConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigId', 'associateResolverQueryLogConfig_resolverQueryLogConfigId' - The ID of the query logging configuration that you want to associate a
+-- VPC with.
+--
+-- 'resourceId', 'associateResolverQueryLogConfig_resourceId' - The ID of an Amazon VPC that you want this query logging configuration
+-- to log queries for.
+--
+-- The VPCs and the query logging configuration must be in the same Region.
+newAssociateResolverQueryLogConfig ::
+  -- | 'resolverQueryLogConfigId'
+  Prelude.Text ->
+  -- | 'resourceId'
+  Prelude.Text ->
+  AssociateResolverQueryLogConfig
+newAssociateResolverQueryLogConfig
+  pResolverQueryLogConfigId_
+  pResourceId_ =
+    AssociateResolverQueryLogConfig'
+      { resolverQueryLogConfigId =
+          pResolverQueryLogConfigId_,
+        resourceId = pResourceId_
+      }
+
+-- | The ID of the query logging configuration that you want to associate a
+-- VPC with.
+associateResolverQueryLogConfig_resolverQueryLogConfigId :: Lens.Lens' AssociateResolverQueryLogConfig Prelude.Text
+associateResolverQueryLogConfig_resolverQueryLogConfigId = Lens.lens (\AssociateResolverQueryLogConfig' {resolverQueryLogConfigId} -> resolverQueryLogConfigId) (\s@AssociateResolverQueryLogConfig' {} a -> s {resolverQueryLogConfigId = a} :: AssociateResolverQueryLogConfig)
+
+-- | The ID of an Amazon VPC that you want this query logging configuration
+-- to log queries for.
+--
+-- The VPCs and the query logging configuration must be in the same Region.
+associateResolverQueryLogConfig_resourceId :: Lens.Lens' AssociateResolverQueryLogConfig Prelude.Text
+associateResolverQueryLogConfig_resourceId = Lens.lens (\AssociateResolverQueryLogConfig' {resourceId} -> resourceId) (\s@AssociateResolverQueryLogConfig' {} a -> s {resourceId = a} :: AssociateResolverQueryLogConfig)
+
+instance
+  Core.AWSRequest
+    AssociateResolverQueryLogConfig
+  where
+  type
+    AWSResponse AssociateResolverQueryLogConfig =
+      AssociateResolverQueryLogConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          AssociateResolverQueryLogConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverQueryLogConfigAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    AssociateResolverQueryLogConfig
+  where
+  hashWithSalt
+    _salt
+    AssociateResolverQueryLogConfig' {..} =
+      _salt
+        `Prelude.hashWithSalt` resolverQueryLogConfigId
+        `Prelude.hashWithSalt` resourceId
+
+instance
+  Prelude.NFData
+    AssociateResolverQueryLogConfig
+  where
+  rnf AssociateResolverQueryLogConfig' {..} =
+    Prelude.rnf resolverQueryLogConfigId
+      `Prelude.seq` Prelude.rnf resourceId
+
+instance
+  Data.ToHeaders
+    AssociateResolverQueryLogConfig
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.AssociateResolverQueryLogConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateResolverQueryLogConfig where
+  toJSON AssociateResolverQueryLogConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "ResolverQueryLogConfigId"
+                  Data..= resolverQueryLogConfigId
+              ),
+            Prelude.Just ("ResourceId" Data..= resourceId)
+          ]
+      )
+
+instance Data.ToPath AssociateResolverQueryLogConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery AssociateResolverQueryLogConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateResolverQueryLogConfigResponse' smart constructor.
+data AssociateResolverQueryLogConfigResponse = AssociateResolverQueryLogConfigResponse'
+  { -- | A complex type that contains settings for a specified association
+    -- between an Amazon VPC and a query logging configuration.
+    resolverQueryLogConfigAssociation :: Prelude.Maybe ResolverQueryLogConfigAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateResolverQueryLogConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigAssociation', 'associateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation' - A complex type that contains settings for a specified association
+-- between an Amazon VPC and a query logging configuration.
+--
+-- 'httpStatus', 'associateResolverQueryLogConfigResponse_httpStatus' - The response's http status code.
+newAssociateResolverQueryLogConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateResolverQueryLogConfigResponse
+newAssociateResolverQueryLogConfigResponse
+  pHttpStatus_ =
+    AssociateResolverQueryLogConfigResponse'
+      { resolverQueryLogConfigAssociation =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | A complex type that contains settings for a specified association
+-- between an Amazon VPC and a query logging configuration.
+associateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation :: Lens.Lens' AssociateResolverQueryLogConfigResponse (Prelude.Maybe ResolverQueryLogConfigAssociation)
+associateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation = Lens.lens (\AssociateResolverQueryLogConfigResponse' {resolverQueryLogConfigAssociation} -> resolverQueryLogConfigAssociation) (\s@AssociateResolverQueryLogConfigResponse' {} a -> s {resolverQueryLogConfigAssociation = a} :: AssociateResolverQueryLogConfigResponse)
+
+-- | The response's http status code.
+associateResolverQueryLogConfigResponse_httpStatus :: Lens.Lens' AssociateResolverQueryLogConfigResponse Prelude.Int
+associateResolverQueryLogConfigResponse_httpStatus = Lens.lens (\AssociateResolverQueryLogConfigResponse' {httpStatus} -> httpStatus) (\s@AssociateResolverQueryLogConfigResponse' {} a -> s {httpStatus = a} :: AssociateResolverQueryLogConfigResponse)
+
+instance
+  Prelude.NFData
+    AssociateResolverQueryLogConfigResponse
+  where
+  rnf AssociateResolverQueryLogConfigResponse' {..} =
+    Prelude.rnf resolverQueryLogConfigAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/AssociateResolverRule.hs b/gen/Amazonka/Route53Resolver/AssociateResolverRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/AssociateResolverRule.hs
@@ -0,0 +1,219 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.AssociateResolverRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Associates a Resolver rule with a VPC. When you associate a rule with a
+-- VPC, Resolver forwards all DNS queries for the domain name that is
+-- specified in the rule and that originate in the VPC. The queries are
+-- forwarded to the IP addresses for the DNS resolvers that are specified
+-- in the rule. For more information about rules, see
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverRule.html CreateResolverRule>.
+module Amazonka.Route53Resolver.AssociateResolverRule
+  ( -- * Creating a Request
+    AssociateResolverRule (..),
+    newAssociateResolverRule,
+
+    -- * Request Lenses
+    associateResolverRule_name,
+    associateResolverRule_resolverRuleId,
+    associateResolverRule_vPCId,
+
+    -- * Destructuring the Response
+    AssociateResolverRuleResponse (..),
+    newAssociateResolverRuleResponse,
+
+    -- * Response Lenses
+    associateResolverRuleResponse_resolverRuleAssociation,
+    associateResolverRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newAssociateResolverRule' smart constructor.
+data AssociateResolverRule = AssociateResolverRule'
+  { -- | A name for the association that you\'re creating between a Resolver rule
+    -- and a VPC.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Resolver rule that you want to associate with the VPC. To
+    -- list the existing Resolver rules, use
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>.
+    resolverRuleId :: Prelude.Text,
+    -- | The ID of the VPC that you want to associate the Resolver rule with.
+    vPCId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateResolverRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'associateResolverRule_name' - A name for the association that you\'re creating between a Resolver rule
+-- and a VPC.
+--
+-- 'resolverRuleId', 'associateResolverRule_resolverRuleId' - The ID of the Resolver rule that you want to associate with the VPC. To
+-- list the existing Resolver rules, use
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>.
+--
+-- 'vPCId', 'associateResolverRule_vPCId' - The ID of the VPC that you want to associate the Resolver rule with.
+newAssociateResolverRule ::
+  -- | 'resolverRuleId'
+  Prelude.Text ->
+  -- | 'vPCId'
+  Prelude.Text ->
+  AssociateResolverRule
+newAssociateResolverRule pResolverRuleId_ pVPCId_ =
+  AssociateResolverRule'
+    { name = Prelude.Nothing,
+      resolverRuleId = pResolverRuleId_,
+      vPCId = pVPCId_
+    }
+
+-- | A name for the association that you\'re creating between a Resolver rule
+-- and a VPC.
+associateResolverRule_name :: Lens.Lens' AssociateResolverRule (Prelude.Maybe Prelude.Text)
+associateResolverRule_name = Lens.lens (\AssociateResolverRule' {name} -> name) (\s@AssociateResolverRule' {} a -> s {name = a} :: AssociateResolverRule)
+
+-- | The ID of the Resolver rule that you want to associate with the VPC. To
+-- list the existing Resolver rules, use
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>.
+associateResolverRule_resolverRuleId :: Lens.Lens' AssociateResolverRule Prelude.Text
+associateResolverRule_resolverRuleId = Lens.lens (\AssociateResolverRule' {resolverRuleId} -> resolverRuleId) (\s@AssociateResolverRule' {} a -> s {resolverRuleId = a} :: AssociateResolverRule)
+
+-- | The ID of the VPC that you want to associate the Resolver rule with.
+associateResolverRule_vPCId :: Lens.Lens' AssociateResolverRule Prelude.Text
+associateResolverRule_vPCId = Lens.lens (\AssociateResolverRule' {vPCId} -> vPCId) (\s@AssociateResolverRule' {} a -> s {vPCId = a} :: AssociateResolverRule)
+
+instance Core.AWSRequest AssociateResolverRule where
+  type
+    AWSResponse AssociateResolverRule =
+      AssociateResolverRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          AssociateResolverRuleResponse'
+            Prelude.<$> (x Data..?> "ResolverRuleAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable AssociateResolverRule where
+  hashWithSalt _salt AssociateResolverRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` resolverRuleId
+      `Prelude.hashWithSalt` vPCId
+
+instance Prelude.NFData AssociateResolverRule where
+  rnf AssociateResolverRule' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf resolverRuleId
+      `Prelude.seq` Prelude.rnf vPCId
+
+instance Data.ToHeaders AssociateResolverRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.AssociateResolverRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateResolverRule where
+  toJSON AssociateResolverRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            Prelude.Just
+              ("ResolverRuleId" Data..= resolverRuleId),
+            Prelude.Just ("VPCId" Data..= vPCId)
+          ]
+      )
+
+instance Data.ToPath AssociateResolverRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery AssociateResolverRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateResolverRuleResponse' smart constructor.
+data AssociateResolverRuleResponse = AssociateResolverRuleResponse'
+  { -- | Information about the @AssociateResolverRule@ request, including the
+    -- status of the request.
+    resolverRuleAssociation :: Prelude.Maybe ResolverRuleAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateResolverRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRuleAssociation', 'associateResolverRuleResponse_resolverRuleAssociation' - Information about the @AssociateResolverRule@ request, including the
+-- status of the request.
+--
+-- 'httpStatus', 'associateResolverRuleResponse_httpStatus' - The response's http status code.
+newAssociateResolverRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateResolverRuleResponse
+newAssociateResolverRuleResponse pHttpStatus_ =
+  AssociateResolverRuleResponse'
+    { resolverRuleAssociation =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the @AssociateResolverRule@ request, including the
+-- status of the request.
+associateResolverRuleResponse_resolverRuleAssociation :: Lens.Lens' AssociateResolverRuleResponse (Prelude.Maybe ResolverRuleAssociation)
+associateResolverRuleResponse_resolverRuleAssociation = Lens.lens (\AssociateResolverRuleResponse' {resolverRuleAssociation} -> resolverRuleAssociation) (\s@AssociateResolverRuleResponse' {} a -> s {resolverRuleAssociation = a} :: AssociateResolverRuleResponse)
+
+-- | The response's http status code.
+associateResolverRuleResponse_httpStatus :: Lens.Lens' AssociateResolverRuleResponse Prelude.Int
+associateResolverRuleResponse_httpStatus = Lens.lens (\AssociateResolverRuleResponse' {httpStatus} -> httpStatus) (\s@AssociateResolverRuleResponse' {} a -> s {httpStatus = a} :: AssociateResolverRuleResponse)
+
+instance Prelude.NFData AssociateResolverRuleResponse where
+  rnf AssociateResolverRuleResponse' {..} =
+    Prelude.rnf resolverRuleAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/CreateFirewallDomainList.hs b/gen/Amazonka/Route53Resolver/CreateFirewallDomainList.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/CreateFirewallDomainList.hs
@@ -0,0 +1,220 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.CreateFirewallDomainList
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates an empty firewall domain list for use in DNS Firewall rules. You
+-- can populate the domains for the new list with a file, using
+-- ImportFirewallDomains, or with domain strings, using
+-- UpdateFirewallDomains.
+module Amazonka.Route53Resolver.CreateFirewallDomainList
+  ( -- * Creating a Request
+    CreateFirewallDomainList (..),
+    newCreateFirewallDomainList,
+
+    -- * Request Lenses
+    createFirewallDomainList_tags,
+    createFirewallDomainList_creatorRequestId,
+    createFirewallDomainList_name,
+
+    -- * Destructuring the Response
+    CreateFirewallDomainListResponse (..),
+    newCreateFirewallDomainListResponse,
+
+    -- * Response Lenses
+    createFirewallDomainListResponse_firewallDomainList,
+    createFirewallDomainListResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newCreateFirewallDomainList' smart constructor.
+data CreateFirewallDomainList = CreateFirewallDomainList'
+  { -- | A list of the tag keys and values that you want to associate with the
+    -- domain list.
+    tags :: Prelude.Maybe [Tag],
+    -- | A unique string that identifies the request and that allows you to retry
+    -- failed requests without the risk of running the operation twice.
+    -- @CreatorRequestId@ can be any unique string, for example, a date\/time
+    -- stamp.
+    creatorRequestId :: Prelude.Text,
+    -- | A name that lets you identify the domain list to manage and use it.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFirewallDomainList' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'createFirewallDomainList_tags' - A list of the tag keys and values that you want to associate with the
+-- domain list.
+--
+-- 'creatorRequestId', 'createFirewallDomainList_creatorRequestId' - A unique string that identifies the request and that allows you to retry
+-- failed requests without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+--
+-- 'name', 'createFirewallDomainList_name' - A name that lets you identify the domain list to manage and use it.
+newCreateFirewallDomainList ::
+  -- | 'creatorRequestId'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  CreateFirewallDomainList
+newCreateFirewallDomainList pCreatorRequestId_ pName_ =
+  CreateFirewallDomainList'
+    { tags = Prelude.Nothing,
+      creatorRequestId = pCreatorRequestId_,
+      name = pName_
+    }
+
+-- | A list of the tag keys and values that you want to associate with the
+-- domain list.
+createFirewallDomainList_tags :: Lens.Lens' CreateFirewallDomainList (Prelude.Maybe [Tag])
+createFirewallDomainList_tags = Lens.lens (\CreateFirewallDomainList' {tags} -> tags) (\s@CreateFirewallDomainList' {} a -> s {tags = a} :: CreateFirewallDomainList) Prelude.. Lens.mapping Lens.coerced
+
+-- | A unique string that identifies the request and that allows you to retry
+-- failed requests without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+createFirewallDomainList_creatorRequestId :: Lens.Lens' CreateFirewallDomainList Prelude.Text
+createFirewallDomainList_creatorRequestId = Lens.lens (\CreateFirewallDomainList' {creatorRequestId} -> creatorRequestId) (\s@CreateFirewallDomainList' {} a -> s {creatorRequestId = a} :: CreateFirewallDomainList)
+
+-- | A name that lets you identify the domain list to manage and use it.
+createFirewallDomainList_name :: Lens.Lens' CreateFirewallDomainList Prelude.Text
+createFirewallDomainList_name = Lens.lens (\CreateFirewallDomainList' {name} -> name) (\s@CreateFirewallDomainList' {} a -> s {name = a} :: CreateFirewallDomainList)
+
+instance Core.AWSRequest CreateFirewallDomainList where
+  type
+    AWSResponse CreateFirewallDomainList =
+      CreateFirewallDomainListResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateFirewallDomainListResponse'
+            Prelude.<$> (x Data..?> "FirewallDomainList")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateFirewallDomainList where
+  hashWithSalt _salt CreateFirewallDomainList' {..} =
+    _salt
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData CreateFirewallDomainList where
+  rnf CreateFirewallDomainList' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToHeaders CreateFirewallDomainList where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.CreateFirewallDomainList" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateFirewallDomainList where
+  toJSON CreateFirewallDomainList' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just
+              ("CreatorRequestId" Data..= creatorRequestId),
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
+
+instance Data.ToPath CreateFirewallDomainList where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateFirewallDomainList where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateFirewallDomainListResponse' smart constructor.
+data CreateFirewallDomainListResponse = CreateFirewallDomainListResponse'
+  { -- | The domain list that you just created.
+    firewallDomainList :: Prelude.Maybe FirewallDomainList,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFirewallDomainListResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainList', 'createFirewallDomainListResponse_firewallDomainList' - The domain list that you just created.
+--
+-- 'httpStatus', 'createFirewallDomainListResponse_httpStatus' - The response's http status code.
+newCreateFirewallDomainListResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateFirewallDomainListResponse
+newCreateFirewallDomainListResponse pHttpStatus_ =
+  CreateFirewallDomainListResponse'
+    { firewallDomainList =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The domain list that you just created.
+createFirewallDomainListResponse_firewallDomainList :: Lens.Lens' CreateFirewallDomainListResponse (Prelude.Maybe FirewallDomainList)
+createFirewallDomainListResponse_firewallDomainList = Lens.lens (\CreateFirewallDomainListResponse' {firewallDomainList} -> firewallDomainList) (\s@CreateFirewallDomainListResponse' {} a -> s {firewallDomainList = a} :: CreateFirewallDomainListResponse)
+
+-- | The response's http status code.
+createFirewallDomainListResponse_httpStatus :: Lens.Lens' CreateFirewallDomainListResponse Prelude.Int
+createFirewallDomainListResponse_httpStatus = Lens.lens (\CreateFirewallDomainListResponse' {httpStatus} -> httpStatus) (\s@CreateFirewallDomainListResponse' {} a -> s {httpStatus = a} :: CreateFirewallDomainListResponse)
+
+instance
+  Prelude.NFData
+    CreateFirewallDomainListResponse
+  where
+  rnf CreateFirewallDomainListResponse' {..} =
+    Prelude.rnf firewallDomainList
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/CreateFirewallRule.hs b/gen/Amazonka/Route53Resolver/CreateFirewallRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/CreateFirewallRule.hs
@@ -0,0 +1,448 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.CreateFirewallRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a single DNS Firewall rule in the specified rule group, using
+-- the specified domain list.
+module Amazonka.Route53Resolver.CreateFirewallRule
+  ( -- * Creating a Request
+    CreateFirewallRule (..),
+    newCreateFirewallRule,
+
+    -- * Request Lenses
+    createFirewallRule_blockOverrideDnsType,
+    createFirewallRule_blockOverrideDomain,
+    createFirewallRule_blockOverrideTtl,
+    createFirewallRule_blockResponse,
+    createFirewallRule_creatorRequestId,
+    createFirewallRule_firewallRuleGroupId,
+    createFirewallRule_firewallDomainListId,
+    createFirewallRule_priority,
+    createFirewallRule_action,
+    createFirewallRule_name,
+
+    -- * Destructuring the Response
+    CreateFirewallRuleResponse (..),
+    newCreateFirewallRuleResponse,
+
+    -- * Response Lenses
+    createFirewallRuleResponse_firewallRule,
+    createFirewallRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newCreateFirewallRule' smart constructor.
+data CreateFirewallRule = CreateFirewallRule'
+  { -- | The DNS record\'s type. This determines the format of the record value
+    -- that you provided in @BlockOverrideDomain@. Used for the rule action
+    -- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    --
+    -- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+    blockOverrideDnsType :: Prelude.Maybe BlockOverrideDnsType,
+    -- | The custom DNS record to send back in response to the query. Used for
+    -- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    --
+    -- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+    blockOverrideDomain :: Prelude.Maybe Prelude.Text,
+    -- | The recommended amount of time, in seconds, for the DNS resolver or web
+    -- browser to cache the provided override record. Used for the rule action
+    -- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    --
+    -- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+    blockOverrideTtl :: Prelude.Maybe Prelude.Natural,
+    -- | The way that you want DNS Firewall to block the request, used with the
+    -- rule action setting @BLOCK@.
+    --
+    -- -   @NODATA@ - Respond indicating that the query was successful, but no
+    --     response is available for it.
+    --
+    -- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+    --     query doesn\'t exist.
+    --
+    -- -   @OVERRIDE@ - Provide a custom override in the response. This option
+    --     requires custom handling details in the rule\'s @BlockOverride*@
+    --     settings.
+    --
+    -- This setting is required if the rule action setting is @BLOCK@.
+    blockResponse :: Prelude.Maybe BlockResponse,
+    -- | A unique string that identifies the request and that allows you to retry
+    -- failed requests without the risk of running the operation twice.
+    -- @CreatorRequestId@ can be any unique string, for example, a date\/time
+    -- stamp.
+    creatorRequestId :: Prelude.Text,
+    -- | The unique identifier of the firewall rule group where you want to
+    -- create the rule.
+    firewallRuleGroupId :: Prelude.Text,
+    -- | The ID of the domain list that you want to use in the rule.
+    firewallDomainListId :: Prelude.Text,
+    -- | The setting that determines the processing order of the rule in the rule
+    -- group. DNS Firewall processes the rules in a rule group by order of
+    -- priority, starting from the lowest setting.
+    --
+    -- You must specify a unique priority for each rule in a rule group. To
+    -- make it easier to insert rules later, leave space between the numbers,
+    -- for example, use 100, 200, and so on. You can change the priority
+    -- setting for the rules in a rule group at any time.
+    priority :: Prelude.Int,
+    -- | The action that DNS Firewall should take on a DNS query when it matches
+    -- one of the domains in the rule\'s domain list:
+    --
+    -- -   @ALLOW@ - Permit the request to go through.
+    --
+    -- -   @ALERT@ - Permit the request and send metrics and logs to Cloud
+    --     Watch.
+    --
+    -- -   @BLOCK@ - Disallow the request. This option requires additional
+    --     details in the rule\'s @BlockResponse@.
+    action :: Action,
+    -- | A name that lets you identify the rule in the rule group.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFirewallRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'blockOverrideDnsType', 'createFirewallRule_blockOverrideDnsType' - The DNS record\'s type. This determines the format of the record value
+-- that you provided in @BlockOverrideDomain@. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+--
+-- 'blockOverrideDomain', 'createFirewallRule_blockOverrideDomain' - The custom DNS record to send back in response to the query. Used for
+-- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+--
+-- 'blockOverrideTtl', 'createFirewallRule_blockOverrideTtl' - The recommended amount of time, in seconds, for the DNS resolver or web
+-- browser to cache the provided override record. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+--
+-- 'blockResponse', 'createFirewallRule_blockResponse' - The way that you want DNS Firewall to block the request, used with the
+-- rule action setting @BLOCK@.
+--
+-- -   @NODATA@ - Respond indicating that the query was successful, but no
+--     response is available for it.
+--
+-- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+--     query doesn\'t exist.
+--
+-- -   @OVERRIDE@ - Provide a custom override in the response. This option
+--     requires custom handling details in the rule\'s @BlockOverride*@
+--     settings.
+--
+-- This setting is required if the rule action setting is @BLOCK@.
+--
+-- 'creatorRequestId', 'createFirewallRule_creatorRequestId' - A unique string that identifies the request and that allows you to retry
+-- failed requests without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+--
+-- 'firewallRuleGroupId', 'createFirewallRule_firewallRuleGroupId' - The unique identifier of the firewall rule group where you want to
+-- create the rule.
+--
+-- 'firewallDomainListId', 'createFirewallRule_firewallDomainListId' - The ID of the domain list that you want to use in the rule.
+--
+-- 'priority', 'createFirewallRule_priority' - The setting that determines the processing order of the rule in the rule
+-- group. DNS Firewall processes the rules in a rule group by order of
+-- priority, starting from the lowest setting.
+--
+-- You must specify a unique priority for each rule in a rule group. To
+-- make it easier to insert rules later, leave space between the numbers,
+-- for example, use 100, 200, and so on. You can change the priority
+-- setting for the rules in a rule group at any time.
+--
+-- 'action', 'createFirewallRule_action' - The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request and send metrics and logs to Cloud
+--     Watch.
+--
+-- -   @BLOCK@ - Disallow the request. This option requires additional
+--     details in the rule\'s @BlockResponse@.
+--
+-- 'name', 'createFirewallRule_name' - A name that lets you identify the rule in the rule group.
+newCreateFirewallRule ::
+  -- | 'creatorRequestId'
+  Prelude.Text ->
+  -- | 'firewallRuleGroupId'
+  Prelude.Text ->
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  -- | 'priority'
+  Prelude.Int ->
+  -- | 'action'
+  Action ->
+  -- | 'name'
+  Prelude.Text ->
+  CreateFirewallRule
+newCreateFirewallRule
+  pCreatorRequestId_
+  pFirewallRuleGroupId_
+  pFirewallDomainListId_
+  pPriority_
+  pAction_
+  pName_ =
+    CreateFirewallRule'
+      { blockOverrideDnsType =
+          Prelude.Nothing,
+        blockOverrideDomain = Prelude.Nothing,
+        blockOverrideTtl = Prelude.Nothing,
+        blockResponse = Prelude.Nothing,
+        creatorRequestId = pCreatorRequestId_,
+        firewallRuleGroupId = pFirewallRuleGroupId_,
+        firewallDomainListId = pFirewallDomainListId_,
+        priority = pPriority_,
+        action = pAction_,
+        name = pName_
+      }
+
+-- | The DNS record\'s type. This determines the format of the record value
+-- that you provided in @BlockOverrideDomain@. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+createFirewallRule_blockOverrideDnsType :: Lens.Lens' CreateFirewallRule (Prelude.Maybe BlockOverrideDnsType)
+createFirewallRule_blockOverrideDnsType = Lens.lens (\CreateFirewallRule' {blockOverrideDnsType} -> blockOverrideDnsType) (\s@CreateFirewallRule' {} a -> s {blockOverrideDnsType = a} :: CreateFirewallRule)
+
+-- | The custom DNS record to send back in response to the query. Used for
+-- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+createFirewallRule_blockOverrideDomain :: Lens.Lens' CreateFirewallRule (Prelude.Maybe Prelude.Text)
+createFirewallRule_blockOverrideDomain = Lens.lens (\CreateFirewallRule' {blockOverrideDomain} -> blockOverrideDomain) (\s@CreateFirewallRule' {} a -> s {blockOverrideDomain = a} :: CreateFirewallRule)
+
+-- | The recommended amount of time, in seconds, for the DNS resolver or web
+-- browser to cache the provided override record. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- This setting is required if the @BlockResponse@ setting is @OVERRIDE@.
+createFirewallRule_blockOverrideTtl :: Lens.Lens' CreateFirewallRule (Prelude.Maybe Prelude.Natural)
+createFirewallRule_blockOverrideTtl = Lens.lens (\CreateFirewallRule' {blockOverrideTtl} -> blockOverrideTtl) (\s@CreateFirewallRule' {} a -> s {blockOverrideTtl = a} :: CreateFirewallRule)
+
+-- | The way that you want DNS Firewall to block the request, used with the
+-- rule action setting @BLOCK@.
+--
+-- -   @NODATA@ - Respond indicating that the query was successful, but no
+--     response is available for it.
+--
+-- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+--     query doesn\'t exist.
+--
+-- -   @OVERRIDE@ - Provide a custom override in the response. This option
+--     requires custom handling details in the rule\'s @BlockOverride*@
+--     settings.
+--
+-- This setting is required if the rule action setting is @BLOCK@.
+createFirewallRule_blockResponse :: Lens.Lens' CreateFirewallRule (Prelude.Maybe BlockResponse)
+createFirewallRule_blockResponse = Lens.lens (\CreateFirewallRule' {blockResponse} -> blockResponse) (\s@CreateFirewallRule' {} a -> s {blockResponse = a} :: CreateFirewallRule)
+
+-- | A unique string that identifies the request and that allows you to retry
+-- failed requests without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+createFirewallRule_creatorRequestId :: Lens.Lens' CreateFirewallRule Prelude.Text
+createFirewallRule_creatorRequestId = Lens.lens (\CreateFirewallRule' {creatorRequestId} -> creatorRequestId) (\s@CreateFirewallRule' {} a -> s {creatorRequestId = a} :: CreateFirewallRule)
+
+-- | The unique identifier of the firewall rule group where you want to
+-- create the rule.
+createFirewallRule_firewallRuleGroupId :: Lens.Lens' CreateFirewallRule Prelude.Text
+createFirewallRule_firewallRuleGroupId = Lens.lens (\CreateFirewallRule' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@CreateFirewallRule' {} a -> s {firewallRuleGroupId = a} :: CreateFirewallRule)
+
+-- | The ID of the domain list that you want to use in the rule.
+createFirewallRule_firewallDomainListId :: Lens.Lens' CreateFirewallRule Prelude.Text
+createFirewallRule_firewallDomainListId = Lens.lens (\CreateFirewallRule' {firewallDomainListId} -> firewallDomainListId) (\s@CreateFirewallRule' {} a -> s {firewallDomainListId = a} :: CreateFirewallRule)
+
+-- | The setting that determines the processing order of the rule in the rule
+-- group. DNS Firewall processes the rules in a rule group by order of
+-- priority, starting from the lowest setting.
+--
+-- You must specify a unique priority for each rule in a rule group. To
+-- make it easier to insert rules later, leave space between the numbers,
+-- for example, use 100, 200, and so on. You can change the priority
+-- setting for the rules in a rule group at any time.
+createFirewallRule_priority :: Lens.Lens' CreateFirewallRule Prelude.Int
+createFirewallRule_priority = Lens.lens (\CreateFirewallRule' {priority} -> priority) (\s@CreateFirewallRule' {} a -> s {priority = a} :: CreateFirewallRule)
+
+-- | The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request and send metrics and logs to Cloud
+--     Watch.
+--
+-- -   @BLOCK@ - Disallow the request. This option requires additional
+--     details in the rule\'s @BlockResponse@.
+createFirewallRule_action :: Lens.Lens' CreateFirewallRule Action
+createFirewallRule_action = Lens.lens (\CreateFirewallRule' {action} -> action) (\s@CreateFirewallRule' {} a -> s {action = a} :: CreateFirewallRule)
+
+-- | A name that lets you identify the rule in the rule group.
+createFirewallRule_name :: Lens.Lens' CreateFirewallRule Prelude.Text
+createFirewallRule_name = Lens.lens (\CreateFirewallRule' {name} -> name) (\s@CreateFirewallRule' {} a -> s {name = a} :: CreateFirewallRule)
+
+instance Core.AWSRequest CreateFirewallRule where
+  type
+    AWSResponse CreateFirewallRule =
+      CreateFirewallRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateFirewallRuleResponse'
+            Prelude.<$> (x Data..?> "FirewallRule")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateFirewallRule where
+  hashWithSalt _salt CreateFirewallRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` blockOverrideDnsType
+      `Prelude.hashWithSalt` blockOverrideDomain
+      `Prelude.hashWithSalt` blockOverrideTtl
+      `Prelude.hashWithSalt` blockResponse
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` firewallRuleGroupId
+      `Prelude.hashWithSalt` firewallDomainListId
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData CreateFirewallRule where
+  rnf CreateFirewallRule' {..} =
+    Prelude.rnf blockOverrideDnsType
+      `Prelude.seq` Prelude.rnf blockOverrideDomain
+      `Prelude.seq` Prelude.rnf blockOverrideTtl
+      `Prelude.seq` Prelude.rnf blockResponse
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf firewallRuleGroupId
+      `Prelude.seq` Prelude.rnf firewallDomainListId
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf action
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToHeaders CreateFirewallRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.CreateFirewallRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateFirewallRule where
+  toJSON CreateFirewallRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("BlockOverrideDnsType" Data..=)
+              Prelude.<$> blockOverrideDnsType,
+            ("BlockOverrideDomain" Data..=)
+              Prelude.<$> blockOverrideDomain,
+            ("BlockOverrideTtl" Data..=)
+              Prelude.<$> blockOverrideTtl,
+            ("BlockResponse" Data..=) Prelude.<$> blockResponse,
+            Prelude.Just
+              ("CreatorRequestId" Data..= creatorRequestId),
+            Prelude.Just
+              ("FirewallRuleGroupId" Data..= firewallRuleGroupId),
+            Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              ),
+            Prelude.Just ("Priority" Data..= priority),
+            Prelude.Just ("Action" Data..= action),
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
+
+instance Data.ToPath CreateFirewallRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateFirewallRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateFirewallRuleResponse' smart constructor.
+data CreateFirewallRuleResponse = CreateFirewallRuleResponse'
+  { -- | The firewall rule that you just created.
+    firewallRule :: Prelude.Maybe FirewallRule,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFirewallRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRule', 'createFirewallRuleResponse_firewallRule' - The firewall rule that you just created.
+--
+-- 'httpStatus', 'createFirewallRuleResponse_httpStatus' - The response's http status code.
+newCreateFirewallRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateFirewallRuleResponse
+newCreateFirewallRuleResponse pHttpStatus_ =
+  CreateFirewallRuleResponse'
+    { firewallRule =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The firewall rule that you just created.
+createFirewallRuleResponse_firewallRule :: Lens.Lens' CreateFirewallRuleResponse (Prelude.Maybe FirewallRule)
+createFirewallRuleResponse_firewallRule = Lens.lens (\CreateFirewallRuleResponse' {firewallRule} -> firewallRule) (\s@CreateFirewallRuleResponse' {} a -> s {firewallRule = a} :: CreateFirewallRuleResponse)
+
+-- | The response's http status code.
+createFirewallRuleResponse_httpStatus :: Lens.Lens' CreateFirewallRuleResponse Prelude.Int
+createFirewallRuleResponse_httpStatus = Lens.lens (\CreateFirewallRuleResponse' {httpStatus} -> httpStatus) (\s@CreateFirewallRuleResponse' {} a -> s {httpStatus = a} :: CreateFirewallRuleResponse)
+
+instance Prelude.NFData CreateFirewallRuleResponse where
+  rnf CreateFirewallRuleResponse' {..} =
+    Prelude.rnf firewallRule
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/CreateFirewallRuleGroup.hs b/gen/Amazonka/Route53Resolver/CreateFirewallRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/CreateFirewallRuleGroup.hs
@@ -0,0 +1,216 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.CreateFirewallRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates an empty DNS Firewall rule group for filtering DNS network
+-- traffic in a VPC. You can add rules to the new rule group by calling
+-- CreateFirewallRule.
+module Amazonka.Route53Resolver.CreateFirewallRuleGroup
+  ( -- * Creating a Request
+    CreateFirewallRuleGroup (..),
+    newCreateFirewallRuleGroup,
+
+    -- * Request Lenses
+    createFirewallRuleGroup_tags,
+    createFirewallRuleGroup_creatorRequestId,
+    createFirewallRuleGroup_name,
+
+    -- * Destructuring the Response
+    CreateFirewallRuleGroupResponse (..),
+    newCreateFirewallRuleGroupResponse,
+
+    -- * Response Lenses
+    createFirewallRuleGroupResponse_firewallRuleGroup,
+    createFirewallRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newCreateFirewallRuleGroup' smart constructor.
+data CreateFirewallRuleGroup = CreateFirewallRuleGroup'
+  { -- | A list of the tag keys and values that you want to associate with the
+    -- rule group.
+    tags :: Prelude.Maybe [Tag],
+    -- | A unique string defined by you to identify the request. This allows you
+    -- to retry failed requests without the risk of running the operation
+    -- twice. This can be any unique string, for example, a timestamp.
+    creatorRequestId :: Prelude.Text,
+    -- | A name that lets you identify the rule group, to manage and use it.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFirewallRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'createFirewallRuleGroup_tags' - A list of the tag keys and values that you want to associate with the
+-- rule group.
+--
+-- 'creatorRequestId', 'createFirewallRuleGroup_creatorRequestId' - A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+--
+-- 'name', 'createFirewallRuleGroup_name' - A name that lets you identify the rule group, to manage and use it.
+newCreateFirewallRuleGroup ::
+  -- | 'creatorRequestId'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  CreateFirewallRuleGroup
+newCreateFirewallRuleGroup pCreatorRequestId_ pName_ =
+  CreateFirewallRuleGroup'
+    { tags = Prelude.Nothing,
+      creatorRequestId = pCreatorRequestId_,
+      name = pName_
+    }
+
+-- | A list of the tag keys and values that you want to associate with the
+-- rule group.
+createFirewallRuleGroup_tags :: Lens.Lens' CreateFirewallRuleGroup (Prelude.Maybe [Tag])
+createFirewallRuleGroup_tags = Lens.lens (\CreateFirewallRuleGroup' {tags} -> tags) (\s@CreateFirewallRuleGroup' {} a -> s {tags = a} :: CreateFirewallRuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+createFirewallRuleGroup_creatorRequestId :: Lens.Lens' CreateFirewallRuleGroup Prelude.Text
+createFirewallRuleGroup_creatorRequestId = Lens.lens (\CreateFirewallRuleGroup' {creatorRequestId} -> creatorRequestId) (\s@CreateFirewallRuleGroup' {} a -> s {creatorRequestId = a} :: CreateFirewallRuleGroup)
+
+-- | A name that lets you identify the rule group, to manage and use it.
+createFirewallRuleGroup_name :: Lens.Lens' CreateFirewallRuleGroup Prelude.Text
+createFirewallRuleGroup_name = Lens.lens (\CreateFirewallRuleGroup' {name} -> name) (\s@CreateFirewallRuleGroup' {} a -> s {name = a} :: CreateFirewallRuleGroup)
+
+instance Core.AWSRequest CreateFirewallRuleGroup where
+  type
+    AWSResponse CreateFirewallRuleGroup =
+      CreateFirewallRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateFirewallRuleGroupResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroup")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateFirewallRuleGroup where
+  hashWithSalt _salt CreateFirewallRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData CreateFirewallRuleGroup where
+  rnf CreateFirewallRuleGroup' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToHeaders CreateFirewallRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.CreateFirewallRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateFirewallRuleGroup where
+  toJSON CreateFirewallRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just
+              ("CreatorRequestId" Data..= creatorRequestId),
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
+
+instance Data.ToPath CreateFirewallRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateFirewallRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateFirewallRuleGroupResponse' smart constructor.
+data CreateFirewallRuleGroupResponse = CreateFirewallRuleGroupResponse'
+  { -- | A collection of rules used to filter DNS network traffic.
+    firewallRuleGroup :: Prelude.Maybe FirewallRuleGroup,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateFirewallRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroup', 'createFirewallRuleGroupResponse_firewallRuleGroup' - A collection of rules used to filter DNS network traffic.
+--
+-- 'httpStatus', 'createFirewallRuleGroupResponse_httpStatus' - The response's http status code.
+newCreateFirewallRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateFirewallRuleGroupResponse
+newCreateFirewallRuleGroupResponse pHttpStatus_ =
+  CreateFirewallRuleGroupResponse'
+    { firewallRuleGroup =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A collection of rules used to filter DNS network traffic.
+createFirewallRuleGroupResponse_firewallRuleGroup :: Lens.Lens' CreateFirewallRuleGroupResponse (Prelude.Maybe FirewallRuleGroup)
+createFirewallRuleGroupResponse_firewallRuleGroup = Lens.lens (\CreateFirewallRuleGroupResponse' {firewallRuleGroup} -> firewallRuleGroup) (\s@CreateFirewallRuleGroupResponse' {} a -> s {firewallRuleGroup = a} :: CreateFirewallRuleGroupResponse)
+
+-- | The response's http status code.
+createFirewallRuleGroupResponse_httpStatus :: Lens.Lens' CreateFirewallRuleGroupResponse Prelude.Int
+createFirewallRuleGroupResponse_httpStatus = Lens.lens (\CreateFirewallRuleGroupResponse' {httpStatus} -> httpStatus) (\s@CreateFirewallRuleGroupResponse' {} a -> s {httpStatus = a} :: CreateFirewallRuleGroupResponse)
+
+instance
+  Prelude.NFData
+    CreateFirewallRuleGroupResponse
+  where
+  rnf CreateFirewallRuleGroupResponse' {..} =
+    Prelude.rnf firewallRuleGroup
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/CreateResolverEndpoint.hs b/gen/Amazonka/Route53Resolver/CreateResolverEndpoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/CreateResolverEndpoint.hs
@@ -0,0 +1,317 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.CreateResolverEndpoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a Resolver endpoint. There are two types of Resolver endpoints,
+-- inbound and outbound:
+--
+-- -   An /inbound Resolver endpoint/ forwards DNS queries to the DNS
+--     service for a VPC from your network.
+--
+-- -   An /outbound Resolver endpoint/ forwards DNS queries from the DNS
+--     service for a VPC to your network.
+module Amazonka.Route53Resolver.CreateResolverEndpoint
+  ( -- * Creating a Request
+    CreateResolverEndpoint (..),
+    newCreateResolverEndpoint,
+
+    -- * Request Lenses
+    createResolverEndpoint_name,
+    createResolverEndpoint_tags,
+    createResolverEndpoint_creatorRequestId,
+    createResolverEndpoint_securityGroupIds,
+    createResolverEndpoint_direction,
+    createResolverEndpoint_ipAddresses,
+
+    -- * Destructuring the Response
+    CreateResolverEndpointResponse (..),
+    newCreateResolverEndpointResponse,
+
+    -- * Response Lenses
+    createResolverEndpointResponse_resolverEndpoint,
+    createResolverEndpointResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newCreateResolverEndpoint' smart constructor.
+data CreateResolverEndpoint = CreateResolverEndpoint'
+  { -- | A friendly name that lets you easily find a configuration in the
+    -- Resolver dashboard in the Route 53 console.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | A list of the tag keys and values that you want to associate with the
+    -- endpoint.
+    tags :: Prelude.Maybe [Tag],
+    -- | A unique string that identifies the request and that allows failed
+    -- requests to be retried without the risk of running the operation twice.
+    -- @CreatorRequestId@ can be any unique string, for example, a date\/time
+    -- stamp.
+    creatorRequestId :: Prelude.Text,
+    -- | The ID of one or more security groups that you want to use to control
+    -- access to this VPC. The security group that you specify must include one
+    -- or more inbound rules (for inbound Resolver endpoints) or outbound rules
+    -- (for outbound Resolver endpoints). Inbound and outbound rules must allow
+    -- TCP and UDP access. For inbound access, open port 53. For outbound
+    -- access, open the port that you\'re using for DNS queries on your
+    -- network.
+    securityGroupIds :: [Prelude.Text],
+    -- | Specify the applicable value:
+    --
+    -- -   @INBOUND@: Resolver forwards DNS queries to the DNS service for a
+    --     VPC from your network
+    --
+    -- -   @OUTBOUND@: Resolver forwards DNS queries from the DNS service for a
+    --     VPC to your network
+    direction :: ResolverEndpointDirection,
+    -- | The subnets and IP addresses in your VPC that DNS queries originate from
+    -- (for outbound endpoints) or that you forward DNS queries to (for inbound
+    -- endpoints). The subnet ID uniquely identifies a VPC.
+    ipAddresses :: Prelude.NonEmpty IpAddressRequest
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateResolverEndpoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'createResolverEndpoint_name' - A friendly name that lets you easily find a configuration in the
+-- Resolver dashboard in the Route 53 console.
+--
+-- 'tags', 'createResolverEndpoint_tags' - A list of the tag keys and values that you want to associate with the
+-- endpoint.
+--
+-- 'creatorRequestId', 'createResolverEndpoint_creatorRequestId' - A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+--
+-- 'securityGroupIds', 'createResolverEndpoint_securityGroupIds' - The ID of one or more security groups that you want to use to control
+-- access to this VPC. The security group that you specify must include one
+-- or more inbound rules (for inbound Resolver endpoints) or outbound rules
+-- (for outbound Resolver endpoints). Inbound and outbound rules must allow
+-- TCP and UDP access. For inbound access, open port 53. For outbound
+-- access, open the port that you\'re using for DNS queries on your
+-- network.
+--
+-- 'direction', 'createResolverEndpoint_direction' - Specify the applicable value:
+--
+-- -   @INBOUND@: Resolver forwards DNS queries to the DNS service for a
+--     VPC from your network
+--
+-- -   @OUTBOUND@: Resolver forwards DNS queries from the DNS service for a
+--     VPC to your network
+--
+-- 'ipAddresses', 'createResolverEndpoint_ipAddresses' - The subnets and IP addresses in your VPC that DNS queries originate from
+-- (for outbound endpoints) or that you forward DNS queries to (for inbound
+-- endpoints). The subnet ID uniquely identifies a VPC.
+newCreateResolverEndpoint ::
+  -- | 'creatorRequestId'
+  Prelude.Text ->
+  -- | 'direction'
+  ResolverEndpointDirection ->
+  -- | 'ipAddresses'
+  Prelude.NonEmpty IpAddressRequest ->
+  CreateResolverEndpoint
+newCreateResolverEndpoint
+  pCreatorRequestId_
+  pDirection_
+  pIpAddresses_ =
+    CreateResolverEndpoint'
+      { name = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        creatorRequestId = pCreatorRequestId_,
+        securityGroupIds = Prelude.mempty,
+        direction = pDirection_,
+        ipAddresses = Lens.coerced Lens.# pIpAddresses_
+      }
+
+-- | A friendly name that lets you easily find a configuration in the
+-- Resolver dashboard in the Route 53 console.
+createResolverEndpoint_name :: Lens.Lens' CreateResolverEndpoint (Prelude.Maybe Prelude.Text)
+createResolverEndpoint_name = Lens.lens (\CreateResolverEndpoint' {name} -> name) (\s@CreateResolverEndpoint' {} a -> s {name = a} :: CreateResolverEndpoint)
+
+-- | A list of the tag keys and values that you want to associate with the
+-- endpoint.
+createResolverEndpoint_tags :: Lens.Lens' CreateResolverEndpoint (Prelude.Maybe [Tag])
+createResolverEndpoint_tags = Lens.lens (\CreateResolverEndpoint' {tags} -> tags) (\s@CreateResolverEndpoint' {} a -> s {tags = a} :: CreateResolverEndpoint) Prelude.. Lens.mapping Lens.coerced
+
+-- | A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+createResolverEndpoint_creatorRequestId :: Lens.Lens' CreateResolverEndpoint Prelude.Text
+createResolverEndpoint_creatorRequestId = Lens.lens (\CreateResolverEndpoint' {creatorRequestId} -> creatorRequestId) (\s@CreateResolverEndpoint' {} a -> s {creatorRequestId = a} :: CreateResolverEndpoint)
+
+-- | The ID of one or more security groups that you want to use to control
+-- access to this VPC. The security group that you specify must include one
+-- or more inbound rules (for inbound Resolver endpoints) or outbound rules
+-- (for outbound Resolver endpoints). Inbound and outbound rules must allow
+-- TCP and UDP access. For inbound access, open port 53. For outbound
+-- access, open the port that you\'re using for DNS queries on your
+-- network.
+createResolverEndpoint_securityGroupIds :: Lens.Lens' CreateResolverEndpoint [Prelude.Text]
+createResolverEndpoint_securityGroupIds = Lens.lens (\CreateResolverEndpoint' {securityGroupIds} -> securityGroupIds) (\s@CreateResolverEndpoint' {} a -> s {securityGroupIds = a} :: CreateResolverEndpoint) Prelude.. Lens.coerced
+
+-- | Specify the applicable value:
+--
+-- -   @INBOUND@: Resolver forwards DNS queries to the DNS service for a
+--     VPC from your network
+--
+-- -   @OUTBOUND@: Resolver forwards DNS queries from the DNS service for a
+--     VPC to your network
+createResolverEndpoint_direction :: Lens.Lens' CreateResolverEndpoint ResolverEndpointDirection
+createResolverEndpoint_direction = Lens.lens (\CreateResolverEndpoint' {direction} -> direction) (\s@CreateResolverEndpoint' {} a -> s {direction = a} :: CreateResolverEndpoint)
+
+-- | The subnets and IP addresses in your VPC that DNS queries originate from
+-- (for outbound endpoints) or that you forward DNS queries to (for inbound
+-- endpoints). The subnet ID uniquely identifies a VPC.
+createResolverEndpoint_ipAddresses :: Lens.Lens' CreateResolverEndpoint (Prelude.NonEmpty IpAddressRequest)
+createResolverEndpoint_ipAddresses = Lens.lens (\CreateResolverEndpoint' {ipAddresses} -> ipAddresses) (\s@CreateResolverEndpoint' {} a -> s {ipAddresses = a} :: CreateResolverEndpoint) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateResolverEndpoint where
+  type
+    AWSResponse CreateResolverEndpoint =
+      CreateResolverEndpointResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateResolverEndpointResponse'
+            Prelude.<$> (x Data..?> "ResolverEndpoint")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateResolverEndpoint where
+  hashWithSalt _salt CreateResolverEndpoint' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` securityGroupIds
+      `Prelude.hashWithSalt` direction
+      `Prelude.hashWithSalt` ipAddresses
+
+instance Prelude.NFData CreateResolverEndpoint where
+  rnf CreateResolverEndpoint' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf direction
+      `Prelude.seq` Prelude.rnf ipAddresses
+
+instance Data.ToHeaders CreateResolverEndpoint where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.CreateResolverEndpoint" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateResolverEndpoint where
+  toJSON CreateResolverEndpoint' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just
+              ("CreatorRequestId" Data..= creatorRequestId),
+            Prelude.Just
+              ("SecurityGroupIds" Data..= securityGroupIds),
+            Prelude.Just ("Direction" Data..= direction),
+            Prelude.Just ("IpAddresses" Data..= ipAddresses)
+          ]
+      )
+
+instance Data.ToPath CreateResolverEndpoint where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateResolverEndpoint where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateResolverEndpointResponse' smart constructor.
+data CreateResolverEndpointResponse = CreateResolverEndpointResponse'
+  { -- | Information about the @CreateResolverEndpoint@ request, including the
+    -- status of the request.
+    resolverEndpoint :: Prelude.Maybe ResolverEndpoint,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateResolverEndpointResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpoint', 'createResolverEndpointResponse_resolverEndpoint' - Information about the @CreateResolverEndpoint@ request, including the
+-- status of the request.
+--
+-- 'httpStatus', 'createResolverEndpointResponse_httpStatus' - The response's http status code.
+newCreateResolverEndpointResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateResolverEndpointResponse
+newCreateResolverEndpointResponse pHttpStatus_ =
+  CreateResolverEndpointResponse'
+    { resolverEndpoint =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the @CreateResolverEndpoint@ request, including the
+-- status of the request.
+createResolverEndpointResponse_resolverEndpoint :: Lens.Lens' CreateResolverEndpointResponse (Prelude.Maybe ResolverEndpoint)
+createResolverEndpointResponse_resolverEndpoint = Lens.lens (\CreateResolverEndpointResponse' {resolverEndpoint} -> resolverEndpoint) (\s@CreateResolverEndpointResponse' {} a -> s {resolverEndpoint = a} :: CreateResolverEndpointResponse)
+
+-- | The response's http status code.
+createResolverEndpointResponse_httpStatus :: Lens.Lens' CreateResolverEndpointResponse Prelude.Int
+createResolverEndpointResponse_httpStatus = Lens.lens (\CreateResolverEndpointResponse' {httpStatus} -> httpStatus) (\s@CreateResolverEndpointResponse' {} a -> s {httpStatus = a} :: CreateResolverEndpointResponse)
+
+instance
+  Prelude.NFData
+    CreateResolverEndpointResponse
+  where
+  rnf CreateResolverEndpointResponse' {..} =
+    Prelude.rnf resolverEndpoint
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/CreateResolverQueryLogConfig.hs b/gen/Amazonka/Route53Resolver/CreateResolverQueryLogConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/CreateResolverQueryLogConfig.hs
@@ -0,0 +1,313 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.CreateResolverQueryLogConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a Resolver query logging configuration, which defines where you
+-- want Resolver to save DNS query logs that originate in your VPCs.
+-- Resolver can log queries only for VPCs that are in the same Region as
+-- the query logging configuration.
+--
+-- To specify which VPCs you want to log queries for, you use
+-- @AssociateResolverQueryLogConfig@. For more information, see
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverQueryLogConfig.html AssociateResolverQueryLogConfig>.
+--
+-- You can optionally use Resource Access Manager (RAM) to share a query
+-- logging configuration with other Amazon Web Services accounts. The other
+-- accounts can then associate VPCs with the configuration. The query logs
+-- that Resolver creates for a configuration include all DNS queries that
+-- originate in all VPCs that are associated with the configuration.
+module Amazonka.Route53Resolver.CreateResolverQueryLogConfig
+  ( -- * Creating a Request
+    CreateResolverQueryLogConfig (..),
+    newCreateResolverQueryLogConfig,
+
+    -- * Request Lenses
+    createResolverQueryLogConfig_tags,
+    createResolverQueryLogConfig_name,
+    createResolverQueryLogConfig_destinationArn,
+    createResolverQueryLogConfig_creatorRequestId,
+
+    -- * Destructuring the Response
+    CreateResolverQueryLogConfigResponse (..),
+    newCreateResolverQueryLogConfigResponse,
+
+    -- * Response Lenses
+    createResolverQueryLogConfigResponse_resolverQueryLogConfig,
+    createResolverQueryLogConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newCreateResolverQueryLogConfig' smart constructor.
+data CreateResolverQueryLogConfig = CreateResolverQueryLogConfig'
+  { -- | A list of the tag keys and values that you want to associate with the
+    -- query logging configuration.
+    tags :: Prelude.Maybe [Tag],
+    -- | The name that you want to give the query logging configuration.
+    name :: Prelude.Text,
+    -- | The ARN of the resource that you want Resolver to send query logs. You
+    -- can send query logs to an S3 bucket, a CloudWatch Logs log group, or a
+    -- Kinesis Data Firehose delivery stream. Examples of valid values include
+    -- the following:
+    --
+    -- -   __S3 bucket__:
+    --
+    --     @arn:aws:s3:::examplebucket@
+    --
+    --     You can optionally append a file prefix to the end of the ARN.
+    --
+    --     @arn:aws:s3:::examplebucket\/development\/@
+    --
+    -- -   __CloudWatch Logs log group__:
+    --
+    --     @arn:aws:logs:us-west-1:123456789012:log-group:\/mystack-testgroup-12ABC1AB12A1:*@
+    --
+    -- -   __Kinesis Data Firehose delivery stream__:
+    --
+    --     @arn:aws:kinesis:us-east-2:0123456789:stream\/my_stream_name@
+    destinationArn :: Prelude.Text,
+    -- | A unique string that identifies the request and that allows failed
+    -- requests to be retried without the risk of running the operation twice.
+    -- @CreatorRequestId@ can be any unique string, for example, a date\/time
+    -- stamp.
+    creatorRequestId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateResolverQueryLogConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'createResolverQueryLogConfig_tags' - A list of the tag keys and values that you want to associate with the
+-- query logging configuration.
+--
+-- 'name', 'createResolverQueryLogConfig_name' - The name that you want to give the query logging configuration.
+--
+-- 'destinationArn', 'createResolverQueryLogConfig_destinationArn' - The ARN of the resource that you want Resolver to send query logs. You
+-- can send query logs to an S3 bucket, a CloudWatch Logs log group, or a
+-- Kinesis Data Firehose delivery stream. Examples of valid values include
+-- the following:
+--
+-- -   __S3 bucket__:
+--
+--     @arn:aws:s3:::examplebucket@
+--
+--     You can optionally append a file prefix to the end of the ARN.
+--
+--     @arn:aws:s3:::examplebucket\/development\/@
+--
+-- -   __CloudWatch Logs log group__:
+--
+--     @arn:aws:logs:us-west-1:123456789012:log-group:\/mystack-testgroup-12ABC1AB12A1:*@
+--
+-- -   __Kinesis Data Firehose delivery stream__:
+--
+--     @arn:aws:kinesis:us-east-2:0123456789:stream\/my_stream_name@
+--
+-- 'creatorRequestId', 'createResolverQueryLogConfig_creatorRequestId' - A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+newCreateResolverQueryLogConfig ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'destinationArn'
+  Prelude.Text ->
+  -- | 'creatorRequestId'
+  Prelude.Text ->
+  CreateResolverQueryLogConfig
+newCreateResolverQueryLogConfig
+  pName_
+  pDestinationArn_
+  pCreatorRequestId_ =
+    CreateResolverQueryLogConfig'
+      { tags =
+          Prelude.Nothing,
+        name = pName_,
+        destinationArn = pDestinationArn_,
+        creatorRequestId = pCreatorRequestId_
+      }
+
+-- | A list of the tag keys and values that you want to associate with the
+-- query logging configuration.
+createResolverQueryLogConfig_tags :: Lens.Lens' CreateResolverQueryLogConfig (Prelude.Maybe [Tag])
+createResolverQueryLogConfig_tags = Lens.lens (\CreateResolverQueryLogConfig' {tags} -> tags) (\s@CreateResolverQueryLogConfig' {} a -> s {tags = a} :: CreateResolverQueryLogConfig) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name that you want to give the query logging configuration.
+createResolverQueryLogConfig_name :: Lens.Lens' CreateResolverQueryLogConfig Prelude.Text
+createResolverQueryLogConfig_name = Lens.lens (\CreateResolverQueryLogConfig' {name} -> name) (\s@CreateResolverQueryLogConfig' {} a -> s {name = a} :: CreateResolverQueryLogConfig)
+
+-- | The ARN of the resource that you want Resolver to send query logs. You
+-- can send query logs to an S3 bucket, a CloudWatch Logs log group, or a
+-- Kinesis Data Firehose delivery stream. Examples of valid values include
+-- the following:
+--
+-- -   __S3 bucket__:
+--
+--     @arn:aws:s3:::examplebucket@
+--
+--     You can optionally append a file prefix to the end of the ARN.
+--
+--     @arn:aws:s3:::examplebucket\/development\/@
+--
+-- -   __CloudWatch Logs log group__:
+--
+--     @arn:aws:logs:us-west-1:123456789012:log-group:\/mystack-testgroup-12ABC1AB12A1:*@
+--
+-- -   __Kinesis Data Firehose delivery stream__:
+--
+--     @arn:aws:kinesis:us-east-2:0123456789:stream\/my_stream_name@
+createResolverQueryLogConfig_destinationArn :: Lens.Lens' CreateResolverQueryLogConfig Prelude.Text
+createResolverQueryLogConfig_destinationArn = Lens.lens (\CreateResolverQueryLogConfig' {destinationArn} -> destinationArn) (\s@CreateResolverQueryLogConfig' {} a -> s {destinationArn = a} :: CreateResolverQueryLogConfig)
+
+-- | A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+createResolverQueryLogConfig_creatorRequestId :: Lens.Lens' CreateResolverQueryLogConfig Prelude.Text
+createResolverQueryLogConfig_creatorRequestId = Lens.lens (\CreateResolverQueryLogConfig' {creatorRequestId} -> creatorRequestId) (\s@CreateResolverQueryLogConfig' {} a -> s {creatorRequestId = a} :: CreateResolverQueryLogConfig)
+
+instance Core.AWSRequest CreateResolverQueryLogConfig where
+  type
+    AWSResponse CreateResolverQueryLogConfig =
+      CreateResolverQueryLogConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateResolverQueryLogConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverQueryLogConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    CreateResolverQueryLogConfig
+  where
+  hashWithSalt _salt CreateResolverQueryLogConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` destinationArn
+      `Prelude.hashWithSalt` creatorRequestId
+
+instance Prelude.NFData CreateResolverQueryLogConfig where
+  rnf CreateResolverQueryLogConfig' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf destinationArn
+      `Prelude.seq` Prelude.rnf creatorRequestId
+
+instance Data.ToHeaders CreateResolverQueryLogConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.CreateResolverQueryLogConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateResolverQueryLogConfig where
+  toJSON CreateResolverQueryLogConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just
+              ("DestinationArn" Data..= destinationArn),
+            Prelude.Just
+              ("CreatorRequestId" Data..= creatorRequestId)
+          ]
+      )
+
+instance Data.ToPath CreateResolverQueryLogConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateResolverQueryLogConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateResolverQueryLogConfigResponse' smart constructor.
+data CreateResolverQueryLogConfigResponse = CreateResolverQueryLogConfigResponse'
+  { -- | Information about the @CreateResolverQueryLogConfig@ request, including
+    -- the status of the request.
+    resolverQueryLogConfig :: Prelude.Maybe ResolverQueryLogConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateResolverQueryLogConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfig', 'createResolverQueryLogConfigResponse_resolverQueryLogConfig' - Information about the @CreateResolverQueryLogConfig@ request, including
+-- the status of the request.
+--
+-- 'httpStatus', 'createResolverQueryLogConfigResponse_httpStatus' - The response's http status code.
+newCreateResolverQueryLogConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateResolverQueryLogConfigResponse
+newCreateResolverQueryLogConfigResponse pHttpStatus_ =
+  CreateResolverQueryLogConfigResponse'
+    { resolverQueryLogConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the @CreateResolverQueryLogConfig@ request, including
+-- the status of the request.
+createResolverQueryLogConfigResponse_resolverQueryLogConfig :: Lens.Lens' CreateResolverQueryLogConfigResponse (Prelude.Maybe ResolverQueryLogConfig)
+createResolverQueryLogConfigResponse_resolverQueryLogConfig = Lens.lens (\CreateResolverQueryLogConfigResponse' {resolverQueryLogConfig} -> resolverQueryLogConfig) (\s@CreateResolverQueryLogConfigResponse' {} a -> s {resolverQueryLogConfig = a} :: CreateResolverQueryLogConfigResponse)
+
+-- | The response's http status code.
+createResolverQueryLogConfigResponse_httpStatus :: Lens.Lens' CreateResolverQueryLogConfigResponse Prelude.Int
+createResolverQueryLogConfigResponse_httpStatus = Lens.lens (\CreateResolverQueryLogConfigResponse' {httpStatus} -> httpStatus) (\s@CreateResolverQueryLogConfigResponse' {} a -> s {httpStatus = a} :: CreateResolverQueryLogConfigResponse)
+
+instance
+  Prelude.NFData
+    CreateResolverQueryLogConfigResponse
+  where
+  rnf CreateResolverQueryLogConfigResponse' {..} =
+    Prelude.rnf resolverQueryLogConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/CreateResolverRule.hs b/gen/Amazonka/Route53Resolver/CreateResolverRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/CreateResolverRule.hs
@@ -0,0 +1,347 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.CreateResolverRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- For DNS queries that originate in your VPCs, specifies which Resolver
+-- endpoint the queries pass through, one domain name that you want to
+-- forward to your network, and the IP addresses of the DNS resolvers in
+-- your network.
+module Amazonka.Route53Resolver.CreateResolverRule
+  ( -- * Creating a Request
+    CreateResolverRule (..),
+    newCreateResolverRule,
+
+    -- * Request Lenses
+    createResolverRule_name,
+    createResolverRule_resolverEndpointId,
+    createResolverRule_tags,
+    createResolverRule_targetIps,
+    createResolverRule_creatorRequestId,
+    createResolverRule_ruleType,
+    createResolverRule_domainName,
+
+    -- * Destructuring the Response
+    CreateResolverRuleResponse (..),
+    newCreateResolverRuleResponse,
+
+    -- * Response Lenses
+    createResolverRuleResponse_resolverRule,
+    createResolverRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newCreateResolverRule' smart constructor.
+data CreateResolverRule = CreateResolverRule'
+  { -- | A friendly name that lets you easily find a rule in the Resolver
+    -- dashboard in the Route 53 console.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the outbound Resolver endpoint that you want to use to route
+    -- DNS queries to the IP addresses that you specify in @TargetIps@.
+    resolverEndpointId :: Prelude.Maybe Prelude.Text,
+    -- | A list of the tag keys and values that you want to associate with the
+    -- endpoint.
+    tags :: Prelude.Maybe [Tag],
+    -- | The IPs that you want Resolver to forward DNS queries to. You can
+    -- specify only IPv4 addresses. Separate IP addresses with a space.
+    --
+    -- @TargetIps@ is available only when the value of @Rule type@ is
+    -- @FORWARD@.
+    targetIps :: Prelude.Maybe (Prelude.NonEmpty TargetAddress),
+    -- | A unique string that identifies the request and that allows failed
+    -- requests to be retried without the risk of running the operation twice.
+    -- @CreatorRequestId@ can be any unique string, for example, a date\/time
+    -- stamp.
+    creatorRequestId :: Prelude.Text,
+    -- | When you want to forward DNS queries for specified domain name to
+    -- resolvers on your network, specify @FORWARD@.
+    --
+    -- When you have a forwarding rule to forward DNS queries for a domain to
+    -- your network and you want Resolver to process queries for a subdomain of
+    -- that domain, specify @SYSTEM@.
+    --
+    -- For example, to forward DNS queries for example.com to resolvers on your
+    -- network, you create a rule and specify @FORWARD@ for @RuleType@. To then
+    -- have Resolver process queries for apex.example.com, you create a rule
+    -- and specify @SYSTEM@ for @RuleType@.
+    --
+    -- Currently, only Resolver can create rules that have a value of
+    -- @RECURSIVE@ for @RuleType@.
+    ruleType :: RuleTypeOption,
+    -- | DNS queries for this domain name are forwarded to the IP addresses that
+    -- you specify in @TargetIps@. If a query matches multiple Resolver rules
+    -- (example.com and www.example.com), outbound DNS queries are routed using
+    -- the Resolver rule that contains the most specific domain name
+    -- (www.example.com).
+    domainName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateResolverRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'createResolverRule_name' - A friendly name that lets you easily find a rule in the Resolver
+-- dashboard in the Route 53 console.
+--
+-- 'resolverEndpointId', 'createResolverRule_resolverEndpointId' - The ID of the outbound Resolver endpoint that you want to use to route
+-- DNS queries to the IP addresses that you specify in @TargetIps@.
+--
+-- 'tags', 'createResolverRule_tags' - A list of the tag keys and values that you want to associate with the
+-- endpoint.
+--
+-- 'targetIps', 'createResolverRule_targetIps' - The IPs that you want Resolver to forward DNS queries to. You can
+-- specify only IPv4 addresses. Separate IP addresses with a space.
+--
+-- @TargetIps@ is available only when the value of @Rule type@ is
+-- @FORWARD@.
+--
+-- 'creatorRequestId', 'createResolverRule_creatorRequestId' - A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+--
+-- 'ruleType', 'createResolverRule_ruleType' - When you want to forward DNS queries for specified domain name to
+-- resolvers on your network, specify @FORWARD@.
+--
+-- When you have a forwarding rule to forward DNS queries for a domain to
+-- your network and you want Resolver to process queries for a subdomain of
+-- that domain, specify @SYSTEM@.
+--
+-- For example, to forward DNS queries for example.com to resolvers on your
+-- network, you create a rule and specify @FORWARD@ for @RuleType@. To then
+-- have Resolver process queries for apex.example.com, you create a rule
+-- and specify @SYSTEM@ for @RuleType@.
+--
+-- Currently, only Resolver can create rules that have a value of
+-- @RECURSIVE@ for @RuleType@.
+--
+-- 'domainName', 'createResolverRule_domainName' - DNS queries for this domain name are forwarded to the IP addresses that
+-- you specify in @TargetIps@. If a query matches multiple Resolver rules
+-- (example.com and www.example.com), outbound DNS queries are routed using
+-- the Resolver rule that contains the most specific domain name
+-- (www.example.com).
+newCreateResolverRule ::
+  -- | 'creatorRequestId'
+  Prelude.Text ->
+  -- | 'ruleType'
+  RuleTypeOption ->
+  -- | 'domainName'
+  Prelude.Text ->
+  CreateResolverRule
+newCreateResolverRule
+  pCreatorRequestId_
+  pRuleType_
+  pDomainName_ =
+    CreateResolverRule'
+      { name = Prelude.Nothing,
+        resolverEndpointId = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        targetIps = Prelude.Nothing,
+        creatorRequestId = pCreatorRequestId_,
+        ruleType = pRuleType_,
+        domainName = pDomainName_
+      }
+
+-- | A friendly name that lets you easily find a rule in the Resolver
+-- dashboard in the Route 53 console.
+createResolverRule_name :: Lens.Lens' CreateResolverRule (Prelude.Maybe Prelude.Text)
+createResolverRule_name = Lens.lens (\CreateResolverRule' {name} -> name) (\s@CreateResolverRule' {} a -> s {name = a} :: CreateResolverRule)
+
+-- | The ID of the outbound Resolver endpoint that you want to use to route
+-- DNS queries to the IP addresses that you specify in @TargetIps@.
+createResolverRule_resolverEndpointId :: Lens.Lens' CreateResolverRule (Prelude.Maybe Prelude.Text)
+createResolverRule_resolverEndpointId = Lens.lens (\CreateResolverRule' {resolverEndpointId} -> resolverEndpointId) (\s@CreateResolverRule' {} a -> s {resolverEndpointId = a} :: CreateResolverRule)
+
+-- | A list of the tag keys and values that you want to associate with the
+-- endpoint.
+createResolverRule_tags :: Lens.Lens' CreateResolverRule (Prelude.Maybe [Tag])
+createResolverRule_tags = Lens.lens (\CreateResolverRule' {tags} -> tags) (\s@CreateResolverRule' {} a -> s {tags = a} :: CreateResolverRule) Prelude.. Lens.mapping Lens.coerced
+
+-- | The IPs that you want Resolver to forward DNS queries to. You can
+-- specify only IPv4 addresses. Separate IP addresses with a space.
+--
+-- @TargetIps@ is available only when the value of @Rule type@ is
+-- @FORWARD@.
+createResolverRule_targetIps :: Lens.Lens' CreateResolverRule (Prelude.Maybe (Prelude.NonEmpty TargetAddress))
+createResolverRule_targetIps = Lens.lens (\CreateResolverRule' {targetIps} -> targetIps) (\s@CreateResolverRule' {} a -> s {targetIps = a} :: CreateResolverRule) Prelude.. Lens.mapping Lens.coerced
+
+-- | A unique string that identifies the request and that allows failed
+-- requests to be retried without the risk of running the operation twice.
+-- @CreatorRequestId@ can be any unique string, for example, a date\/time
+-- stamp.
+createResolverRule_creatorRequestId :: Lens.Lens' CreateResolverRule Prelude.Text
+createResolverRule_creatorRequestId = Lens.lens (\CreateResolverRule' {creatorRequestId} -> creatorRequestId) (\s@CreateResolverRule' {} a -> s {creatorRequestId = a} :: CreateResolverRule)
+
+-- | When you want to forward DNS queries for specified domain name to
+-- resolvers on your network, specify @FORWARD@.
+--
+-- When you have a forwarding rule to forward DNS queries for a domain to
+-- your network and you want Resolver to process queries for a subdomain of
+-- that domain, specify @SYSTEM@.
+--
+-- For example, to forward DNS queries for example.com to resolvers on your
+-- network, you create a rule and specify @FORWARD@ for @RuleType@. To then
+-- have Resolver process queries for apex.example.com, you create a rule
+-- and specify @SYSTEM@ for @RuleType@.
+--
+-- Currently, only Resolver can create rules that have a value of
+-- @RECURSIVE@ for @RuleType@.
+createResolverRule_ruleType :: Lens.Lens' CreateResolverRule RuleTypeOption
+createResolverRule_ruleType = Lens.lens (\CreateResolverRule' {ruleType} -> ruleType) (\s@CreateResolverRule' {} a -> s {ruleType = a} :: CreateResolverRule)
+
+-- | DNS queries for this domain name are forwarded to the IP addresses that
+-- you specify in @TargetIps@. If a query matches multiple Resolver rules
+-- (example.com and www.example.com), outbound DNS queries are routed using
+-- the Resolver rule that contains the most specific domain name
+-- (www.example.com).
+createResolverRule_domainName :: Lens.Lens' CreateResolverRule Prelude.Text
+createResolverRule_domainName = Lens.lens (\CreateResolverRule' {domainName} -> domainName) (\s@CreateResolverRule' {} a -> s {domainName = a} :: CreateResolverRule)
+
+instance Core.AWSRequest CreateResolverRule where
+  type
+    AWSResponse CreateResolverRule =
+      CreateResolverRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateResolverRuleResponse'
+            Prelude.<$> (x Data..?> "ResolverRule")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateResolverRule where
+  hashWithSalt _salt CreateResolverRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` resolverEndpointId
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` targetIps
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` ruleType
+      `Prelude.hashWithSalt` domainName
+
+instance Prelude.NFData CreateResolverRule where
+  rnf CreateResolverRule' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf resolverEndpointId
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf targetIps
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf ruleType
+      `Prelude.seq` Prelude.rnf domainName
+
+instance Data.ToHeaders CreateResolverRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.CreateResolverRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateResolverRule where
+  toJSON CreateResolverRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("ResolverEndpointId" Data..=)
+              Prelude.<$> resolverEndpointId,
+            ("Tags" Data..=) Prelude.<$> tags,
+            ("TargetIps" Data..=) Prelude.<$> targetIps,
+            Prelude.Just
+              ("CreatorRequestId" Data..= creatorRequestId),
+            Prelude.Just ("RuleType" Data..= ruleType),
+            Prelude.Just ("DomainName" Data..= domainName)
+          ]
+      )
+
+instance Data.ToPath CreateResolverRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateResolverRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateResolverRuleResponse' smart constructor.
+data CreateResolverRuleResponse = CreateResolverRuleResponse'
+  { -- | Information about the @CreateResolverRule@ request, including the status
+    -- of the request.
+    resolverRule :: Prelude.Maybe ResolverRule,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateResolverRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRule', 'createResolverRuleResponse_resolverRule' - Information about the @CreateResolverRule@ request, including the status
+-- of the request.
+--
+-- 'httpStatus', 'createResolverRuleResponse_httpStatus' - The response's http status code.
+newCreateResolverRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateResolverRuleResponse
+newCreateResolverRuleResponse pHttpStatus_ =
+  CreateResolverRuleResponse'
+    { resolverRule =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the @CreateResolverRule@ request, including the status
+-- of the request.
+createResolverRuleResponse_resolverRule :: Lens.Lens' CreateResolverRuleResponse (Prelude.Maybe ResolverRule)
+createResolverRuleResponse_resolverRule = Lens.lens (\CreateResolverRuleResponse' {resolverRule} -> resolverRule) (\s@CreateResolverRuleResponse' {} a -> s {resolverRule = a} :: CreateResolverRuleResponse)
+
+-- | The response's http status code.
+createResolverRuleResponse_httpStatus :: Lens.Lens' CreateResolverRuleResponse Prelude.Int
+createResolverRuleResponse_httpStatus = Lens.lens (\CreateResolverRuleResponse' {httpStatus} -> httpStatus) (\s@CreateResolverRuleResponse' {} a -> s {httpStatus = a} :: CreateResolverRuleResponse)
+
+instance Prelude.NFData CreateResolverRuleResponse where
+  rnf CreateResolverRuleResponse' {..} =
+    Prelude.rnf resolverRule
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DeleteFirewallDomainList.hs b/gen/Amazonka/Route53Resolver/DeleteFirewallDomainList.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DeleteFirewallDomainList.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DeleteFirewallDomainList
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified domain list.
+module Amazonka.Route53Resolver.DeleteFirewallDomainList
+  ( -- * Creating a Request
+    DeleteFirewallDomainList (..),
+    newDeleteFirewallDomainList,
+
+    -- * Request Lenses
+    deleteFirewallDomainList_firewallDomainListId,
+
+    -- * Destructuring the Response
+    DeleteFirewallDomainListResponse (..),
+    newDeleteFirewallDomainListResponse,
+
+    -- * Response Lenses
+    deleteFirewallDomainListResponse_firewallDomainList,
+    deleteFirewallDomainListResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDeleteFirewallDomainList' smart constructor.
+data DeleteFirewallDomainList = DeleteFirewallDomainList'
+  { -- | The ID of the domain list that you want to delete.
+    firewallDomainListId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallDomainList' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainListId', 'deleteFirewallDomainList_firewallDomainListId' - The ID of the domain list that you want to delete.
+newDeleteFirewallDomainList ::
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  DeleteFirewallDomainList
+newDeleteFirewallDomainList pFirewallDomainListId_ =
+  DeleteFirewallDomainList'
+    { firewallDomainListId =
+        pFirewallDomainListId_
+    }
+
+-- | The ID of the domain list that you want to delete.
+deleteFirewallDomainList_firewallDomainListId :: Lens.Lens' DeleteFirewallDomainList Prelude.Text
+deleteFirewallDomainList_firewallDomainListId = Lens.lens (\DeleteFirewallDomainList' {firewallDomainListId} -> firewallDomainListId) (\s@DeleteFirewallDomainList' {} a -> s {firewallDomainListId = a} :: DeleteFirewallDomainList)
+
+instance Core.AWSRequest DeleteFirewallDomainList where
+  type
+    AWSResponse DeleteFirewallDomainList =
+      DeleteFirewallDomainListResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteFirewallDomainListResponse'
+            Prelude.<$> (x Data..?> "FirewallDomainList")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteFirewallDomainList where
+  hashWithSalt _salt DeleteFirewallDomainList' {..} =
+    _salt `Prelude.hashWithSalt` firewallDomainListId
+
+instance Prelude.NFData DeleteFirewallDomainList where
+  rnf DeleteFirewallDomainList' {..} =
+    Prelude.rnf firewallDomainListId
+
+instance Data.ToHeaders DeleteFirewallDomainList where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DeleteFirewallDomainList" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteFirewallDomainList where
+  toJSON DeleteFirewallDomainList' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              )
+          ]
+      )
+
+instance Data.ToPath DeleteFirewallDomainList where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteFirewallDomainList where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteFirewallDomainListResponse' smart constructor.
+data DeleteFirewallDomainListResponse = DeleteFirewallDomainListResponse'
+  { -- | The domain list that you just deleted.
+    firewallDomainList :: Prelude.Maybe FirewallDomainList,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallDomainListResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainList', 'deleteFirewallDomainListResponse_firewallDomainList' - The domain list that you just deleted.
+--
+-- 'httpStatus', 'deleteFirewallDomainListResponse_httpStatus' - The response's http status code.
+newDeleteFirewallDomainListResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteFirewallDomainListResponse
+newDeleteFirewallDomainListResponse pHttpStatus_ =
+  DeleteFirewallDomainListResponse'
+    { firewallDomainList =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The domain list that you just deleted.
+deleteFirewallDomainListResponse_firewallDomainList :: Lens.Lens' DeleteFirewallDomainListResponse (Prelude.Maybe FirewallDomainList)
+deleteFirewallDomainListResponse_firewallDomainList = Lens.lens (\DeleteFirewallDomainListResponse' {firewallDomainList} -> firewallDomainList) (\s@DeleteFirewallDomainListResponse' {} a -> s {firewallDomainList = a} :: DeleteFirewallDomainListResponse)
+
+-- | The response's http status code.
+deleteFirewallDomainListResponse_httpStatus :: Lens.Lens' DeleteFirewallDomainListResponse Prelude.Int
+deleteFirewallDomainListResponse_httpStatus = Lens.lens (\DeleteFirewallDomainListResponse' {httpStatus} -> httpStatus) (\s@DeleteFirewallDomainListResponse' {} a -> s {httpStatus = a} :: DeleteFirewallDomainListResponse)
+
+instance
+  Prelude.NFData
+    DeleteFirewallDomainListResponse
+  where
+  rnf DeleteFirewallDomainListResponse' {..} =
+    Prelude.rnf firewallDomainList
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DeleteFirewallRule.hs b/gen/Amazonka/Route53Resolver/DeleteFirewallRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DeleteFirewallRule.hs
@@ -0,0 +1,198 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DeleteFirewallRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified firewall rule.
+module Amazonka.Route53Resolver.DeleteFirewallRule
+  ( -- * Creating a Request
+    DeleteFirewallRule (..),
+    newDeleteFirewallRule,
+
+    -- * Request Lenses
+    deleteFirewallRule_firewallRuleGroupId,
+    deleteFirewallRule_firewallDomainListId,
+
+    -- * Destructuring the Response
+    DeleteFirewallRuleResponse (..),
+    newDeleteFirewallRuleResponse,
+
+    -- * Response Lenses
+    deleteFirewallRuleResponse_firewallRule,
+    deleteFirewallRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDeleteFirewallRule' smart constructor.
+data DeleteFirewallRule = DeleteFirewallRule'
+  { -- | The unique identifier of the firewall rule group that you want to delete
+    -- the rule from.
+    firewallRuleGroupId :: Prelude.Text,
+    -- | The ID of the domain list that\'s used in the rule.
+    firewallDomainListId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupId', 'deleteFirewallRule_firewallRuleGroupId' - The unique identifier of the firewall rule group that you want to delete
+-- the rule from.
+--
+-- 'firewallDomainListId', 'deleteFirewallRule_firewallDomainListId' - The ID of the domain list that\'s used in the rule.
+newDeleteFirewallRule ::
+  -- | 'firewallRuleGroupId'
+  Prelude.Text ->
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  DeleteFirewallRule
+newDeleteFirewallRule
+  pFirewallRuleGroupId_
+  pFirewallDomainListId_ =
+    DeleteFirewallRule'
+      { firewallRuleGroupId =
+          pFirewallRuleGroupId_,
+        firewallDomainListId = pFirewallDomainListId_
+      }
+
+-- | The unique identifier of the firewall rule group that you want to delete
+-- the rule from.
+deleteFirewallRule_firewallRuleGroupId :: Lens.Lens' DeleteFirewallRule Prelude.Text
+deleteFirewallRule_firewallRuleGroupId = Lens.lens (\DeleteFirewallRule' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@DeleteFirewallRule' {} a -> s {firewallRuleGroupId = a} :: DeleteFirewallRule)
+
+-- | The ID of the domain list that\'s used in the rule.
+deleteFirewallRule_firewallDomainListId :: Lens.Lens' DeleteFirewallRule Prelude.Text
+deleteFirewallRule_firewallDomainListId = Lens.lens (\DeleteFirewallRule' {firewallDomainListId} -> firewallDomainListId) (\s@DeleteFirewallRule' {} a -> s {firewallDomainListId = a} :: DeleteFirewallRule)
+
+instance Core.AWSRequest DeleteFirewallRule where
+  type
+    AWSResponse DeleteFirewallRule =
+      DeleteFirewallRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteFirewallRuleResponse'
+            Prelude.<$> (x Data..?> "FirewallRule")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteFirewallRule where
+  hashWithSalt _salt DeleteFirewallRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` firewallRuleGroupId
+      `Prelude.hashWithSalt` firewallDomainListId
+
+instance Prelude.NFData DeleteFirewallRule where
+  rnf DeleteFirewallRule' {..} =
+    Prelude.rnf firewallRuleGroupId
+      `Prelude.seq` Prelude.rnf firewallDomainListId
+
+instance Data.ToHeaders DeleteFirewallRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DeleteFirewallRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteFirewallRule where
+  toJSON DeleteFirewallRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("FirewallRuleGroupId" Data..= firewallRuleGroupId),
+            Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              )
+          ]
+      )
+
+instance Data.ToPath DeleteFirewallRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteFirewallRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteFirewallRuleResponse' smart constructor.
+data DeleteFirewallRuleResponse = DeleteFirewallRuleResponse'
+  { -- | The specification for the firewall rule that you just deleted.
+    firewallRule :: Prelude.Maybe FirewallRule,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRule', 'deleteFirewallRuleResponse_firewallRule' - The specification for the firewall rule that you just deleted.
+--
+-- 'httpStatus', 'deleteFirewallRuleResponse_httpStatus' - The response's http status code.
+newDeleteFirewallRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteFirewallRuleResponse
+newDeleteFirewallRuleResponse pHttpStatus_ =
+  DeleteFirewallRuleResponse'
+    { firewallRule =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The specification for the firewall rule that you just deleted.
+deleteFirewallRuleResponse_firewallRule :: Lens.Lens' DeleteFirewallRuleResponse (Prelude.Maybe FirewallRule)
+deleteFirewallRuleResponse_firewallRule = Lens.lens (\DeleteFirewallRuleResponse' {firewallRule} -> firewallRule) (\s@DeleteFirewallRuleResponse' {} a -> s {firewallRule = a} :: DeleteFirewallRuleResponse)
+
+-- | The response's http status code.
+deleteFirewallRuleResponse_httpStatus :: Lens.Lens' DeleteFirewallRuleResponse Prelude.Int
+deleteFirewallRuleResponse_httpStatus = Lens.lens (\DeleteFirewallRuleResponse' {httpStatus} -> httpStatus) (\s@DeleteFirewallRuleResponse' {} a -> s {httpStatus = a} :: DeleteFirewallRuleResponse)
+
+instance Prelude.NFData DeleteFirewallRuleResponse where
+  rnf DeleteFirewallRuleResponse' {..} =
+    Prelude.rnf firewallRule
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DeleteFirewallRuleGroup.hs b/gen/Amazonka/Route53Resolver/DeleteFirewallRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DeleteFirewallRuleGroup.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DeleteFirewallRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified firewall rule group.
+module Amazonka.Route53Resolver.DeleteFirewallRuleGroup
+  ( -- * Creating a Request
+    DeleteFirewallRuleGroup (..),
+    newDeleteFirewallRuleGroup,
+
+    -- * Request Lenses
+    deleteFirewallRuleGroup_firewallRuleGroupId,
+
+    -- * Destructuring the Response
+    DeleteFirewallRuleGroupResponse (..),
+    newDeleteFirewallRuleGroupResponse,
+
+    -- * Response Lenses
+    deleteFirewallRuleGroupResponse_firewallRuleGroup,
+    deleteFirewallRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDeleteFirewallRuleGroup' smart constructor.
+data DeleteFirewallRuleGroup = DeleteFirewallRuleGroup'
+  { -- | The unique identifier of the firewall rule group that you want to
+    -- delete.
+    firewallRuleGroupId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupId', 'deleteFirewallRuleGroup_firewallRuleGroupId' - The unique identifier of the firewall rule group that you want to
+-- delete.
+newDeleteFirewallRuleGroup ::
+  -- | 'firewallRuleGroupId'
+  Prelude.Text ->
+  DeleteFirewallRuleGroup
+newDeleteFirewallRuleGroup pFirewallRuleGroupId_ =
+  DeleteFirewallRuleGroup'
+    { firewallRuleGroupId =
+        pFirewallRuleGroupId_
+    }
+
+-- | The unique identifier of the firewall rule group that you want to
+-- delete.
+deleteFirewallRuleGroup_firewallRuleGroupId :: Lens.Lens' DeleteFirewallRuleGroup Prelude.Text
+deleteFirewallRuleGroup_firewallRuleGroupId = Lens.lens (\DeleteFirewallRuleGroup' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@DeleteFirewallRuleGroup' {} a -> s {firewallRuleGroupId = a} :: DeleteFirewallRuleGroup)
+
+instance Core.AWSRequest DeleteFirewallRuleGroup where
+  type
+    AWSResponse DeleteFirewallRuleGroup =
+      DeleteFirewallRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteFirewallRuleGroupResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroup")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteFirewallRuleGroup where
+  hashWithSalt _salt DeleteFirewallRuleGroup' {..} =
+    _salt `Prelude.hashWithSalt` firewallRuleGroupId
+
+instance Prelude.NFData DeleteFirewallRuleGroup where
+  rnf DeleteFirewallRuleGroup' {..} =
+    Prelude.rnf firewallRuleGroupId
+
+instance Data.ToHeaders DeleteFirewallRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DeleteFirewallRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteFirewallRuleGroup where
+  toJSON DeleteFirewallRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("FirewallRuleGroupId" Data..= firewallRuleGroupId)
+          ]
+      )
+
+instance Data.ToPath DeleteFirewallRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteFirewallRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteFirewallRuleGroupResponse' smart constructor.
+data DeleteFirewallRuleGroupResponse = DeleteFirewallRuleGroupResponse'
+  { -- | A collection of rules used to filter DNS network traffic.
+    firewallRuleGroup :: Prelude.Maybe FirewallRuleGroup,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroup', 'deleteFirewallRuleGroupResponse_firewallRuleGroup' - A collection of rules used to filter DNS network traffic.
+--
+-- 'httpStatus', 'deleteFirewallRuleGroupResponse_httpStatus' - The response's http status code.
+newDeleteFirewallRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteFirewallRuleGroupResponse
+newDeleteFirewallRuleGroupResponse pHttpStatus_ =
+  DeleteFirewallRuleGroupResponse'
+    { firewallRuleGroup =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A collection of rules used to filter DNS network traffic.
+deleteFirewallRuleGroupResponse_firewallRuleGroup :: Lens.Lens' DeleteFirewallRuleGroupResponse (Prelude.Maybe FirewallRuleGroup)
+deleteFirewallRuleGroupResponse_firewallRuleGroup = Lens.lens (\DeleteFirewallRuleGroupResponse' {firewallRuleGroup} -> firewallRuleGroup) (\s@DeleteFirewallRuleGroupResponse' {} a -> s {firewallRuleGroup = a} :: DeleteFirewallRuleGroupResponse)
+
+-- | The response's http status code.
+deleteFirewallRuleGroupResponse_httpStatus :: Lens.Lens' DeleteFirewallRuleGroupResponse Prelude.Int
+deleteFirewallRuleGroupResponse_httpStatus = Lens.lens (\DeleteFirewallRuleGroupResponse' {httpStatus} -> httpStatus) (\s@DeleteFirewallRuleGroupResponse' {} a -> s {httpStatus = a} :: DeleteFirewallRuleGroupResponse)
+
+instance
+  Prelude.NFData
+    DeleteFirewallRuleGroupResponse
+  where
+  rnf DeleteFirewallRuleGroupResponse' {..} =
+    Prelude.rnf firewallRuleGroup
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DeleteResolverEndpoint.hs b/gen/Amazonka/Route53Resolver/DeleteResolverEndpoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DeleteResolverEndpoint.hs
@@ -0,0 +1,187 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DeleteResolverEndpoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a Resolver endpoint. The effect of deleting a Resolver endpoint
+-- depends on whether it\'s an inbound or an outbound Resolver endpoint:
+--
+-- -   __Inbound__: DNS queries from your network are no longer routed to
+--     the DNS service for the specified VPC.
+--
+-- -   __Outbound__: DNS queries from a VPC are no longer routed to your
+--     network.
+module Amazonka.Route53Resolver.DeleteResolverEndpoint
+  ( -- * Creating a Request
+    DeleteResolverEndpoint (..),
+    newDeleteResolverEndpoint,
+
+    -- * Request Lenses
+    deleteResolverEndpoint_resolverEndpointId,
+
+    -- * Destructuring the Response
+    DeleteResolverEndpointResponse (..),
+    newDeleteResolverEndpointResponse,
+
+    -- * Response Lenses
+    deleteResolverEndpointResponse_resolverEndpoint,
+    deleteResolverEndpointResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDeleteResolverEndpoint' smart constructor.
+data DeleteResolverEndpoint = DeleteResolverEndpoint'
+  { -- | The ID of the Resolver endpoint that you want to delete.
+    resolverEndpointId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteResolverEndpoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpointId', 'deleteResolverEndpoint_resolverEndpointId' - The ID of the Resolver endpoint that you want to delete.
+newDeleteResolverEndpoint ::
+  -- | 'resolverEndpointId'
+  Prelude.Text ->
+  DeleteResolverEndpoint
+newDeleteResolverEndpoint pResolverEndpointId_ =
+  DeleteResolverEndpoint'
+    { resolverEndpointId =
+        pResolverEndpointId_
+    }
+
+-- | The ID of the Resolver endpoint that you want to delete.
+deleteResolverEndpoint_resolverEndpointId :: Lens.Lens' DeleteResolverEndpoint Prelude.Text
+deleteResolverEndpoint_resolverEndpointId = Lens.lens (\DeleteResolverEndpoint' {resolverEndpointId} -> resolverEndpointId) (\s@DeleteResolverEndpoint' {} a -> s {resolverEndpointId = a} :: DeleteResolverEndpoint)
+
+instance Core.AWSRequest DeleteResolverEndpoint where
+  type
+    AWSResponse DeleteResolverEndpoint =
+      DeleteResolverEndpointResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteResolverEndpointResponse'
+            Prelude.<$> (x Data..?> "ResolverEndpoint")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteResolverEndpoint where
+  hashWithSalt _salt DeleteResolverEndpoint' {..} =
+    _salt `Prelude.hashWithSalt` resolverEndpointId
+
+instance Prelude.NFData DeleteResolverEndpoint where
+  rnf DeleteResolverEndpoint' {..} =
+    Prelude.rnf resolverEndpointId
+
+instance Data.ToHeaders DeleteResolverEndpoint where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DeleteResolverEndpoint" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteResolverEndpoint where
+  toJSON DeleteResolverEndpoint' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ResolverEndpointId" Data..= resolverEndpointId)
+          ]
+      )
+
+instance Data.ToPath DeleteResolverEndpoint where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteResolverEndpoint where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteResolverEndpointResponse' smart constructor.
+data DeleteResolverEndpointResponse = DeleteResolverEndpointResponse'
+  { -- | Information about the @DeleteResolverEndpoint@ request, including the
+    -- status of the request.
+    resolverEndpoint :: Prelude.Maybe ResolverEndpoint,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteResolverEndpointResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpoint', 'deleteResolverEndpointResponse_resolverEndpoint' - Information about the @DeleteResolverEndpoint@ request, including the
+-- status of the request.
+--
+-- 'httpStatus', 'deleteResolverEndpointResponse_httpStatus' - The response's http status code.
+newDeleteResolverEndpointResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteResolverEndpointResponse
+newDeleteResolverEndpointResponse pHttpStatus_ =
+  DeleteResolverEndpointResponse'
+    { resolverEndpoint =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the @DeleteResolverEndpoint@ request, including the
+-- status of the request.
+deleteResolverEndpointResponse_resolverEndpoint :: Lens.Lens' DeleteResolverEndpointResponse (Prelude.Maybe ResolverEndpoint)
+deleteResolverEndpointResponse_resolverEndpoint = Lens.lens (\DeleteResolverEndpointResponse' {resolverEndpoint} -> resolverEndpoint) (\s@DeleteResolverEndpointResponse' {} a -> s {resolverEndpoint = a} :: DeleteResolverEndpointResponse)
+
+-- | The response's http status code.
+deleteResolverEndpointResponse_httpStatus :: Lens.Lens' DeleteResolverEndpointResponse Prelude.Int
+deleteResolverEndpointResponse_httpStatus = Lens.lens (\DeleteResolverEndpointResponse' {httpStatus} -> httpStatus) (\s@DeleteResolverEndpointResponse' {} a -> s {httpStatus = a} :: DeleteResolverEndpointResponse)
+
+instance
+  Prelude.NFData
+    DeleteResolverEndpointResponse
+  where
+  rnf DeleteResolverEndpointResponse' {..} =
+    Prelude.rnf resolverEndpoint
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DeleteResolverQueryLogConfig.hs b/gen/Amazonka/Route53Resolver/DeleteResolverQueryLogConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DeleteResolverQueryLogConfig.hs
@@ -0,0 +1,204 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DeleteResolverQueryLogConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a query logging configuration. When you delete a configuration,
+-- Resolver stops logging DNS queries for all of the Amazon VPCs that are
+-- associated with the configuration. This also applies if the query
+-- logging configuration is shared with other Amazon Web Services accounts,
+-- and the other accounts have associated VPCs with the shared
+-- configuration.
+--
+-- Before you can delete a query logging configuration, you must first
+-- disassociate all VPCs from the configuration. See
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverQueryLogConfig.html DisassociateResolverQueryLogConfig>.
+--
+-- If you used Resource Access Manager (RAM) to share a query logging
+-- configuration with other accounts, you must stop sharing the
+-- configuration before you can delete a configuration. The accounts that
+-- you shared the configuration with can first disassociate VPCs that they
+-- associated with the configuration, but that\'s not necessary. If you
+-- stop sharing the configuration, those VPCs are automatically
+-- disassociated from the configuration.
+module Amazonka.Route53Resolver.DeleteResolverQueryLogConfig
+  ( -- * Creating a Request
+    DeleteResolverQueryLogConfig (..),
+    newDeleteResolverQueryLogConfig,
+
+    -- * Request Lenses
+    deleteResolverQueryLogConfig_resolverQueryLogConfigId,
+
+    -- * Destructuring the Response
+    DeleteResolverQueryLogConfigResponse (..),
+    newDeleteResolverQueryLogConfigResponse,
+
+    -- * Response Lenses
+    deleteResolverQueryLogConfigResponse_resolverQueryLogConfig,
+    deleteResolverQueryLogConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDeleteResolverQueryLogConfig' smart constructor.
+data DeleteResolverQueryLogConfig = DeleteResolverQueryLogConfig'
+  { -- | The ID of the query logging configuration that you want to delete.
+    resolverQueryLogConfigId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteResolverQueryLogConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigId', 'deleteResolverQueryLogConfig_resolverQueryLogConfigId' - The ID of the query logging configuration that you want to delete.
+newDeleteResolverQueryLogConfig ::
+  -- | 'resolverQueryLogConfigId'
+  Prelude.Text ->
+  DeleteResolverQueryLogConfig
+newDeleteResolverQueryLogConfig
+  pResolverQueryLogConfigId_ =
+    DeleteResolverQueryLogConfig'
+      { resolverQueryLogConfigId =
+          pResolverQueryLogConfigId_
+      }
+
+-- | The ID of the query logging configuration that you want to delete.
+deleteResolverQueryLogConfig_resolverQueryLogConfigId :: Lens.Lens' DeleteResolverQueryLogConfig Prelude.Text
+deleteResolverQueryLogConfig_resolverQueryLogConfigId = Lens.lens (\DeleteResolverQueryLogConfig' {resolverQueryLogConfigId} -> resolverQueryLogConfigId) (\s@DeleteResolverQueryLogConfig' {} a -> s {resolverQueryLogConfigId = a} :: DeleteResolverQueryLogConfig)
+
+instance Core.AWSRequest DeleteResolverQueryLogConfig where
+  type
+    AWSResponse DeleteResolverQueryLogConfig =
+      DeleteResolverQueryLogConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteResolverQueryLogConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverQueryLogConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DeleteResolverQueryLogConfig
+  where
+  hashWithSalt _salt DeleteResolverQueryLogConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` resolverQueryLogConfigId
+
+instance Prelude.NFData DeleteResolverQueryLogConfig where
+  rnf DeleteResolverQueryLogConfig' {..} =
+    Prelude.rnf resolverQueryLogConfigId
+
+instance Data.ToHeaders DeleteResolverQueryLogConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DeleteResolverQueryLogConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteResolverQueryLogConfig where
+  toJSON DeleteResolverQueryLogConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "ResolverQueryLogConfigId"
+                  Data..= resolverQueryLogConfigId
+              )
+          ]
+      )
+
+instance Data.ToPath DeleteResolverQueryLogConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteResolverQueryLogConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteResolverQueryLogConfigResponse' smart constructor.
+data DeleteResolverQueryLogConfigResponse = DeleteResolverQueryLogConfigResponse'
+  { -- | Information about the query logging configuration that you deleted,
+    -- including the status of the request.
+    resolverQueryLogConfig :: Prelude.Maybe ResolverQueryLogConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteResolverQueryLogConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfig', 'deleteResolverQueryLogConfigResponse_resolverQueryLogConfig' - Information about the query logging configuration that you deleted,
+-- including the status of the request.
+--
+-- 'httpStatus', 'deleteResolverQueryLogConfigResponse_httpStatus' - The response's http status code.
+newDeleteResolverQueryLogConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteResolverQueryLogConfigResponse
+newDeleteResolverQueryLogConfigResponse pHttpStatus_ =
+  DeleteResolverQueryLogConfigResponse'
+    { resolverQueryLogConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the query logging configuration that you deleted,
+-- including the status of the request.
+deleteResolverQueryLogConfigResponse_resolverQueryLogConfig :: Lens.Lens' DeleteResolverQueryLogConfigResponse (Prelude.Maybe ResolverQueryLogConfig)
+deleteResolverQueryLogConfigResponse_resolverQueryLogConfig = Lens.lens (\DeleteResolverQueryLogConfigResponse' {resolverQueryLogConfig} -> resolverQueryLogConfig) (\s@DeleteResolverQueryLogConfigResponse' {} a -> s {resolverQueryLogConfig = a} :: DeleteResolverQueryLogConfigResponse)
+
+-- | The response's http status code.
+deleteResolverQueryLogConfigResponse_httpStatus :: Lens.Lens' DeleteResolverQueryLogConfigResponse Prelude.Int
+deleteResolverQueryLogConfigResponse_httpStatus = Lens.lens (\DeleteResolverQueryLogConfigResponse' {httpStatus} -> httpStatus) (\s@DeleteResolverQueryLogConfigResponse' {} a -> s {httpStatus = a} :: DeleteResolverQueryLogConfigResponse)
+
+instance
+  Prelude.NFData
+    DeleteResolverQueryLogConfigResponse
+  where
+  rnf DeleteResolverQueryLogConfigResponse' {..} =
+    Prelude.rnf resolverQueryLogConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DeleteResolverRule.hs b/gen/Amazonka/Route53Resolver/DeleteResolverRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DeleteResolverRule.hs
@@ -0,0 +1,180 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DeleteResolverRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes a Resolver rule. Before you can delete a Resolver rule, you must
+-- disassociate it from all the VPCs that you associated the Resolver rule
+-- with. For more information, see
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverRule.html DisassociateResolverRule>.
+module Amazonka.Route53Resolver.DeleteResolverRule
+  ( -- * Creating a Request
+    DeleteResolverRule (..),
+    newDeleteResolverRule,
+
+    -- * Request Lenses
+    deleteResolverRule_resolverRuleId,
+
+    -- * Destructuring the Response
+    DeleteResolverRuleResponse (..),
+    newDeleteResolverRuleResponse,
+
+    -- * Response Lenses
+    deleteResolverRuleResponse_resolverRule,
+    deleteResolverRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDeleteResolverRule' smart constructor.
+data DeleteResolverRule = DeleteResolverRule'
+  { -- | The ID of the Resolver rule that you want to delete.
+    resolverRuleId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteResolverRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRuleId', 'deleteResolverRule_resolverRuleId' - The ID of the Resolver rule that you want to delete.
+newDeleteResolverRule ::
+  -- | 'resolverRuleId'
+  Prelude.Text ->
+  DeleteResolverRule
+newDeleteResolverRule pResolverRuleId_ =
+  DeleteResolverRule'
+    { resolverRuleId =
+        pResolverRuleId_
+    }
+
+-- | The ID of the Resolver rule that you want to delete.
+deleteResolverRule_resolverRuleId :: Lens.Lens' DeleteResolverRule Prelude.Text
+deleteResolverRule_resolverRuleId = Lens.lens (\DeleteResolverRule' {resolverRuleId} -> resolverRuleId) (\s@DeleteResolverRule' {} a -> s {resolverRuleId = a} :: DeleteResolverRule)
+
+instance Core.AWSRequest DeleteResolverRule where
+  type
+    AWSResponse DeleteResolverRule =
+      DeleteResolverRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteResolverRuleResponse'
+            Prelude.<$> (x Data..?> "ResolverRule")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteResolverRule where
+  hashWithSalt _salt DeleteResolverRule' {..} =
+    _salt `Prelude.hashWithSalt` resolverRuleId
+
+instance Prelude.NFData DeleteResolverRule where
+  rnf DeleteResolverRule' {..} =
+    Prelude.rnf resolverRuleId
+
+instance Data.ToHeaders DeleteResolverRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DeleteResolverRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteResolverRule where
+  toJSON DeleteResolverRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ResolverRuleId" Data..= resolverRuleId)
+          ]
+      )
+
+instance Data.ToPath DeleteResolverRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteResolverRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteResolverRuleResponse' smart constructor.
+data DeleteResolverRuleResponse = DeleteResolverRuleResponse'
+  { -- | Information about the @DeleteResolverRule@ request, including the status
+    -- of the request.
+    resolverRule :: Prelude.Maybe ResolverRule,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteResolverRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRule', 'deleteResolverRuleResponse_resolverRule' - Information about the @DeleteResolverRule@ request, including the status
+-- of the request.
+--
+-- 'httpStatus', 'deleteResolverRuleResponse_httpStatus' - The response's http status code.
+newDeleteResolverRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteResolverRuleResponse
+newDeleteResolverRuleResponse pHttpStatus_ =
+  DeleteResolverRuleResponse'
+    { resolverRule =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the @DeleteResolverRule@ request, including the status
+-- of the request.
+deleteResolverRuleResponse_resolverRule :: Lens.Lens' DeleteResolverRuleResponse (Prelude.Maybe ResolverRule)
+deleteResolverRuleResponse_resolverRule = Lens.lens (\DeleteResolverRuleResponse' {resolverRule} -> resolverRule) (\s@DeleteResolverRuleResponse' {} a -> s {resolverRule = a} :: DeleteResolverRuleResponse)
+
+-- | The response's http status code.
+deleteResolverRuleResponse_httpStatus :: Lens.Lens' DeleteResolverRuleResponse Prelude.Int
+deleteResolverRuleResponse_httpStatus = Lens.lens (\DeleteResolverRuleResponse' {httpStatus} -> httpStatus) (\s@DeleteResolverRuleResponse' {} a -> s {httpStatus = a} :: DeleteResolverRuleResponse)
+
+instance Prelude.NFData DeleteResolverRuleResponse where
+  rnf DeleteResolverRuleResponse' {..} =
+    Prelude.rnf resolverRule
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DisassociateFirewallRuleGroup.hs b/gen/Amazonka/Route53Resolver/DisassociateFirewallRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DisassociateFirewallRuleGroup.hs
@@ -0,0 +1,188 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DisassociateFirewallRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering
+-- from the VPC.
+module Amazonka.Route53Resolver.DisassociateFirewallRuleGroup
+  ( -- * Creating a Request
+    DisassociateFirewallRuleGroup (..),
+    newDisassociateFirewallRuleGroup,
+
+    -- * Request Lenses
+    disassociateFirewallRuleGroup_firewallRuleGroupAssociationId,
+
+    -- * Destructuring the Response
+    DisassociateFirewallRuleGroupResponse (..),
+    newDisassociateFirewallRuleGroupResponse,
+
+    -- * Response Lenses
+    disassociateFirewallRuleGroupResponse_firewallRuleGroupAssociation,
+    disassociateFirewallRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDisassociateFirewallRuleGroup' smart constructor.
+data DisassociateFirewallRuleGroup = DisassociateFirewallRuleGroup'
+  { -- | The identifier of the FirewallRuleGroupAssociation.
+    firewallRuleGroupAssociationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateFirewallRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupAssociationId', 'disassociateFirewallRuleGroup_firewallRuleGroupAssociationId' - The identifier of the FirewallRuleGroupAssociation.
+newDisassociateFirewallRuleGroup ::
+  -- | 'firewallRuleGroupAssociationId'
+  Prelude.Text ->
+  DisassociateFirewallRuleGroup
+newDisassociateFirewallRuleGroup
+  pFirewallRuleGroupAssociationId_ =
+    DisassociateFirewallRuleGroup'
+      { firewallRuleGroupAssociationId =
+          pFirewallRuleGroupAssociationId_
+      }
+
+-- | The identifier of the FirewallRuleGroupAssociation.
+disassociateFirewallRuleGroup_firewallRuleGroupAssociationId :: Lens.Lens' DisassociateFirewallRuleGroup Prelude.Text
+disassociateFirewallRuleGroup_firewallRuleGroupAssociationId = Lens.lens (\DisassociateFirewallRuleGroup' {firewallRuleGroupAssociationId} -> firewallRuleGroupAssociationId) (\s@DisassociateFirewallRuleGroup' {} a -> s {firewallRuleGroupAssociationId = a} :: DisassociateFirewallRuleGroup)
+
+instance
+  Core.AWSRequest
+    DisassociateFirewallRuleGroup
+  where
+  type
+    AWSResponse DisassociateFirewallRuleGroup =
+      DisassociateFirewallRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DisassociateFirewallRuleGroupResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroupAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisassociateFirewallRuleGroup
+  where
+  hashWithSalt _salt DisassociateFirewallRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` firewallRuleGroupAssociationId
+
+instance Prelude.NFData DisassociateFirewallRuleGroup where
+  rnf DisassociateFirewallRuleGroup' {..} =
+    Prelude.rnf firewallRuleGroupAssociationId
+
+instance Data.ToHeaders DisassociateFirewallRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DisassociateFirewallRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateFirewallRuleGroup where
+  toJSON DisassociateFirewallRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "FirewallRuleGroupAssociationId"
+                  Data..= firewallRuleGroupAssociationId
+              )
+          ]
+      )
+
+instance Data.ToPath DisassociateFirewallRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DisassociateFirewallRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateFirewallRuleGroupResponse' smart constructor.
+data DisassociateFirewallRuleGroupResponse = DisassociateFirewallRuleGroupResponse'
+  { -- | The firewall rule group association that you just removed.
+    firewallRuleGroupAssociation :: Prelude.Maybe FirewallRuleGroupAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateFirewallRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupAssociation', 'disassociateFirewallRuleGroupResponse_firewallRuleGroupAssociation' - The firewall rule group association that you just removed.
+--
+-- 'httpStatus', 'disassociateFirewallRuleGroupResponse_httpStatus' - The response's http status code.
+newDisassociateFirewallRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateFirewallRuleGroupResponse
+newDisassociateFirewallRuleGroupResponse pHttpStatus_ =
+  DisassociateFirewallRuleGroupResponse'
+    { firewallRuleGroupAssociation =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The firewall rule group association that you just removed.
+disassociateFirewallRuleGroupResponse_firewallRuleGroupAssociation :: Lens.Lens' DisassociateFirewallRuleGroupResponse (Prelude.Maybe FirewallRuleGroupAssociation)
+disassociateFirewallRuleGroupResponse_firewallRuleGroupAssociation = Lens.lens (\DisassociateFirewallRuleGroupResponse' {firewallRuleGroupAssociation} -> firewallRuleGroupAssociation) (\s@DisassociateFirewallRuleGroupResponse' {} a -> s {firewallRuleGroupAssociation = a} :: DisassociateFirewallRuleGroupResponse)
+
+-- | The response's http status code.
+disassociateFirewallRuleGroupResponse_httpStatus :: Lens.Lens' DisassociateFirewallRuleGroupResponse Prelude.Int
+disassociateFirewallRuleGroupResponse_httpStatus = Lens.lens (\DisassociateFirewallRuleGroupResponse' {httpStatus} -> httpStatus) (\s@DisassociateFirewallRuleGroupResponse' {} a -> s {httpStatus = a} :: DisassociateFirewallRuleGroupResponse)
+
+instance
+  Prelude.NFData
+    DisassociateFirewallRuleGroupResponse
+  where
+  rnf DisassociateFirewallRuleGroupResponse' {..} =
+    Prelude.rnf firewallRuleGroupAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DisassociateResolverEndpointIpAddress.hs b/gen/Amazonka/Route53Resolver/DisassociateResolverEndpointIpAddress.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DisassociateResolverEndpointIpAddress.hs
@@ -0,0 +1,229 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DisassociateResolverEndpointIpAddress
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes IP addresses from an inbound or an outbound Resolver endpoint.
+-- If you want to remove more than one IP address, submit one
+-- @DisassociateResolverEndpointIpAddress@ request for each IP address.
+--
+-- To add an IP address to an endpoint, see
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverEndpointIpAddress.html AssociateResolverEndpointIpAddress>.
+module Amazonka.Route53Resolver.DisassociateResolverEndpointIpAddress
+  ( -- * Creating a Request
+    DisassociateResolverEndpointIpAddress (..),
+    newDisassociateResolverEndpointIpAddress,
+
+    -- * Request Lenses
+    disassociateResolverEndpointIpAddress_resolverEndpointId,
+    disassociateResolverEndpointIpAddress_ipAddress,
+
+    -- * Destructuring the Response
+    DisassociateResolverEndpointIpAddressResponse (..),
+    newDisassociateResolverEndpointIpAddressResponse,
+
+    -- * Response Lenses
+    disassociateResolverEndpointIpAddressResponse_resolverEndpoint,
+    disassociateResolverEndpointIpAddressResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDisassociateResolverEndpointIpAddress' smart constructor.
+data DisassociateResolverEndpointIpAddress = DisassociateResolverEndpointIpAddress'
+  { -- | The ID of the Resolver endpoint that you want to disassociate an IP
+    -- address from.
+    resolverEndpointId :: Prelude.Text,
+    -- | The IPv4 address that you want to remove from a Resolver endpoint.
+    ipAddress :: IpAddressUpdate
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateResolverEndpointIpAddress' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpointId', 'disassociateResolverEndpointIpAddress_resolverEndpointId' - The ID of the Resolver endpoint that you want to disassociate an IP
+-- address from.
+--
+-- 'ipAddress', 'disassociateResolverEndpointIpAddress_ipAddress' - The IPv4 address that you want to remove from a Resolver endpoint.
+newDisassociateResolverEndpointIpAddress ::
+  -- | 'resolverEndpointId'
+  Prelude.Text ->
+  -- | 'ipAddress'
+  IpAddressUpdate ->
+  DisassociateResolverEndpointIpAddress
+newDisassociateResolverEndpointIpAddress
+  pResolverEndpointId_
+  pIpAddress_ =
+    DisassociateResolverEndpointIpAddress'
+      { resolverEndpointId =
+          pResolverEndpointId_,
+        ipAddress = pIpAddress_
+      }
+
+-- | The ID of the Resolver endpoint that you want to disassociate an IP
+-- address from.
+disassociateResolverEndpointIpAddress_resolverEndpointId :: Lens.Lens' DisassociateResolverEndpointIpAddress Prelude.Text
+disassociateResolverEndpointIpAddress_resolverEndpointId = Lens.lens (\DisassociateResolverEndpointIpAddress' {resolverEndpointId} -> resolverEndpointId) (\s@DisassociateResolverEndpointIpAddress' {} a -> s {resolverEndpointId = a} :: DisassociateResolverEndpointIpAddress)
+
+-- | The IPv4 address that you want to remove from a Resolver endpoint.
+disassociateResolverEndpointIpAddress_ipAddress :: Lens.Lens' DisassociateResolverEndpointIpAddress IpAddressUpdate
+disassociateResolverEndpointIpAddress_ipAddress = Lens.lens (\DisassociateResolverEndpointIpAddress' {ipAddress} -> ipAddress) (\s@DisassociateResolverEndpointIpAddress' {} a -> s {ipAddress = a} :: DisassociateResolverEndpointIpAddress)
+
+instance
+  Core.AWSRequest
+    DisassociateResolverEndpointIpAddress
+  where
+  type
+    AWSResponse
+      DisassociateResolverEndpointIpAddress =
+      DisassociateResolverEndpointIpAddressResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DisassociateResolverEndpointIpAddressResponse'
+            Prelude.<$> (x Data..?> "ResolverEndpoint")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisassociateResolverEndpointIpAddress
+  where
+  hashWithSalt
+    _salt
+    DisassociateResolverEndpointIpAddress' {..} =
+      _salt
+        `Prelude.hashWithSalt` resolverEndpointId
+        `Prelude.hashWithSalt` ipAddress
+
+instance
+  Prelude.NFData
+    DisassociateResolverEndpointIpAddress
+  where
+  rnf DisassociateResolverEndpointIpAddress' {..} =
+    Prelude.rnf resolverEndpointId
+      `Prelude.seq` Prelude.rnf ipAddress
+
+instance
+  Data.ToHeaders
+    DisassociateResolverEndpointIpAddress
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DisassociateResolverEndpointIpAddress" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DisassociateResolverEndpointIpAddress
+  where
+  toJSON DisassociateResolverEndpointIpAddress' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ResolverEndpointId" Data..= resolverEndpointId),
+            Prelude.Just ("IpAddress" Data..= ipAddress)
+          ]
+      )
+
+instance
+  Data.ToPath
+    DisassociateResolverEndpointIpAddress
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DisassociateResolverEndpointIpAddress
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateResolverEndpointIpAddressResponse' smart constructor.
+data DisassociateResolverEndpointIpAddressResponse = DisassociateResolverEndpointIpAddressResponse'
+  { -- | The response to an @DisassociateResolverEndpointIpAddress@ request.
+    resolverEndpoint :: Prelude.Maybe ResolverEndpoint,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateResolverEndpointIpAddressResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpoint', 'disassociateResolverEndpointIpAddressResponse_resolverEndpoint' - The response to an @DisassociateResolverEndpointIpAddress@ request.
+--
+-- 'httpStatus', 'disassociateResolverEndpointIpAddressResponse_httpStatus' - The response's http status code.
+newDisassociateResolverEndpointIpAddressResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateResolverEndpointIpAddressResponse
+newDisassociateResolverEndpointIpAddressResponse
+  pHttpStatus_ =
+    DisassociateResolverEndpointIpAddressResponse'
+      { resolverEndpoint =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The response to an @DisassociateResolverEndpointIpAddress@ request.
+disassociateResolverEndpointIpAddressResponse_resolverEndpoint :: Lens.Lens' DisassociateResolverEndpointIpAddressResponse (Prelude.Maybe ResolverEndpoint)
+disassociateResolverEndpointIpAddressResponse_resolverEndpoint = Lens.lens (\DisassociateResolverEndpointIpAddressResponse' {resolverEndpoint} -> resolverEndpoint) (\s@DisassociateResolverEndpointIpAddressResponse' {} a -> s {resolverEndpoint = a} :: DisassociateResolverEndpointIpAddressResponse)
+
+-- | The response's http status code.
+disassociateResolverEndpointIpAddressResponse_httpStatus :: Lens.Lens' DisassociateResolverEndpointIpAddressResponse Prelude.Int
+disassociateResolverEndpointIpAddressResponse_httpStatus = Lens.lens (\DisassociateResolverEndpointIpAddressResponse' {httpStatus} -> httpStatus) (\s@DisassociateResolverEndpointIpAddressResponse' {} a -> s {httpStatus = a} :: DisassociateResolverEndpointIpAddressResponse)
+
+instance
+  Prelude.NFData
+    DisassociateResolverEndpointIpAddressResponse
+  where
+  rnf
+    DisassociateResolverEndpointIpAddressResponse' {..} =
+      Prelude.rnf resolverEndpoint
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DisassociateResolverQueryLogConfig.hs b/gen/Amazonka/Route53Resolver/DisassociateResolverQueryLogConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DisassociateResolverQueryLogConfig.hs
@@ -0,0 +1,241 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DisassociateResolverQueryLogConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates a VPC from a query logging configuration.
+--
+-- Before you can delete a query logging configuration, you must first
+-- disassociate all VPCs from the configuration. If you used Resource
+-- Access Manager (RAM) to share a query logging configuration with other
+-- accounts, VPCs can be disassociated from the configuration in the
+-- following ways:
+--
+-- -   The accounts that you shared the configuration with can disassociate
+--     VPCs from the configuration.
+--
+-- -   You can stop sharing the configuration.
+module Amazonka.Route53Resolver.DisassociateResolverQueryLogConfig
+  ( -- * Creating a Request
+    DisassociateResolverQueryLogConfig (..),
+    newDisassociateResolverQueryLogConfig,
+
+    -- * Request Lenses
+    disassociateResolverQueryLogConfig_resolverQueryLogConfigId,
+    disassociateResolverQueryLogConfig_resourceId,
+
+    -- * Destructuring the Response
+    DisassociateResolverQueryLogConfigResponse (..),
+    newDisassociateResolverQueryLogConfigResponse,
+
+    -- * Response Lenses
+    disassociateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation,
+    disassociateResolverQueryLogConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDisassociateResolverQueryLogConfig' smart constructor.
+data DisassociateResolverQueryLogConfig = DisassociateResolverQueryLogConfig'
+  { -- | The ID of the query logging configuration that you want to disassociate
+    -- a specified VPC from.
+    resolverQueryLogConfigId :: Prelude.Text,
+    -- | The ID of the Amazon VPC that you want to disassociate from a specified
+    -- query logging configuration.
+    resourceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateResolverQueryLogConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigId', 'disassociateResolverQueryLogConfig_resolverQueryLogConfigId' - The ID of the query logging configuration that you want to disassociate
+-- a specified VPC from.
+--
+-- 'resourceId', 'disassociateResolverQueryLogConfig_resourceId' - The ID of the Amazon VPC that you want to disassociate from a specified
+-- query logging configuration.
+newDisassociateResolverQueryLogConfig ::
+  -- | 'resolverQueryLogConfigId'
+  Prelude.Text ->
+  -- | 'resourceId'
+  Prelude.Text ->
+  DisassociateResolverQueryLogConfig
+newDisassociateResolverQueryLogConfig
+  pResolverQueryLogConfigId_
+  pResourceId_ =
+    DisassociateResolverQueryLogConfig'
+      { resolverQueryLogConfigId =
+          pResolverQueryLogConfigId_,
+        resourceId = pResourceId_
+      }
+
+-- | The ID of the query logging configuration that you want to disassociate
+-- a specified VPC from.
+disassociateResolverQueryLogConfig_resolverQueryLogConfigId :: Lens.Lens' DisassociateResolverQueryLogConfig Prelude.Text
+disassociateResolverQueryLogConfig_resolverQueryLogConfigId = Lens.lens (\DisassociateResolverQueryLogConfig' {resolverQueryLogConfigId} -> resolverQueryLogConfigId) (\s@DisassociateResolverQueryLogConfig' {} a -> s {resolverQueryLogConfigId = a} :: DisassociateResolverQueryLogConfig)
+
+-- | The ID of the Amazon VPC that you want to disassociate from a specified
+-- query logging configuration.
+disassociateResolverQueryLogConfig_resourceId :: Lens.Lens' DisassociateResolverQueryLogConfig Prelude.Text
+disassociateResolverQueryLogConfig_resourceId = Lens.lens (\DisassociateResolverQueryLogConfig' {resourceId} -> resourceId) (\s@DisassociateResolverQueryLogConfig' {} a -> s {resourceId = a} :: DisassociateResolverQueryLogConfig)
+
+instance
+  Core.AWSRequest
+    DisassociateResolverQueryLogConfig
+  where
+  type
+    AWSResponse DisassociateResolverQueryLogConfig =
+      DisassociateResolverQueryLogConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DisassociateResolverQueryLogConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverQueryLogConfigAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisassociateResolverQueryLogConfig
+  where
+  hashWithSalt
+    _salt
+    DisassociateResolverQueryLogConfig' {..} =
+      _salt
+        `Prelude.hashWithSalt` resolverQueryLogConfigId
+        `Prelude.hashWithSalt` resourceId
+
+instance
+  Prelude.NFData
+    DisassociateResolverQueryLogConfig
+  where
+  rnf DisassociateResolverQueryLogConfig' {..} =
+    Prelude.rnf resolverQueryLogConfigId
+      `Prelude.seq` Prelude.rnf resourceId
+
+instance
+  Data.ToHeaders
+    DisassociateResolverQueryLogConfig
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DisassociateResolverQueryLogConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DisassociateResolverQueryLogConfig
+  where
+  toJSON DisassociateResolverQueryLogConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "ResolverQueryLogConfigId"
+                  Data..= resolverQueryLogConfigId
+              ),
+            Prelude.Just ("ResourceId" Data..= resourceId)
+          ]
+      )
+
+instance
+  Data.ToPath
+    DisassociateResolverQueryLogConfig
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DisassociateResolverQueryLogConfig
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateResolverQueryLogConfigResponse' smart constructor.
+data DisassociateResolverQueryLogConfigResponse = DisassociateResolverQueryLogConfigResponse'
+  { -- | A complex type that contains settings for the association that you
+    -- deleted between an Amazon VPC and a query logging configuration.
+    resolverQueryLogConfigAssociation :: Prelude.Maybe ResolverQueryLogConfigAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateResolverQueryLogConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigAssociation', 'disassociateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation' - A complex type that contains settings for the association that you
+-- deleted between an Amazon VPC and a query logging configuration.
+--
+-- 'httpStatus', 'disassociateResolverQueryLogConfigResponse_httpStatus' - The response's http status code.
+newDisassociateResolverQueryLogConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateResolverQueryLogConfigResponse
+newDisassociateResolverQueryLogConfigResponse
+  pHttpStatus_ =
+    DisassociateResolverQueryLogConfigResponse'
+      { resolverQueryLogConfigAssociation =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | A complex type that contains settings for the association that you
+-- deleted between an Amazon VPC and a query logging configuration.
+disassociateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation :: Lens.Lens' DisassociateResolverQueryLogConfigResponse (Prelude.Maybe ResolverQueryLogConfigAssociation)
+disassociateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation = Lens.lens (\DisassociateResolverQueryLogConfigResponse' {resolverQueryLogConfigAssociation} -> resolverQueryLogConfigAssociation) (\s@DisassociateResolverQueryLogConfigResponse' {} a -> s {resolverQueryLogConfigAssociation = a} :: DisassociateResolverQueryLogConfigResponse)
+
+-- | The response's http status code.
+disassociateResolverQueryLogConfigResponse_httpStatus :: Lens.Lens' DisassociateResolverQueryLogConfigResponse Prelude.Int
+disassociateResolverQueryLogConfigResponse_httpStatus = Lens.lens (\DisassociateResolverQueryLogConfigResponse' {httpStatus} -> httpStatus) (\s@DisassociateResolverQueryLogConfigResponse' {} a -> s {httpStatus = a} :: DisassociateResolverQueryLogConfigResponse)
+
+instance
+  Prelude.NFData
+    DisassociateResolverQueryLogConfigResponse
+  where
+  rnf DisassociateResolverQueryLogConfigResponse' {..} =
+    Prelude.rnf resolverQueryLogConfigAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/DisassociateResolverRule.hs b/gen/Amazonka/Route53Resolver/DisassociateResolverRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/DisassociateResolverRule.hs
@@ -0,0 +1,203 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.DisassociateResolverRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes the association between a specified Resolver rule and a
+-- specified VPC.
+--
+-- If you disassociate a Resolver rule from a VPC, Resolver stops
+-- forwarding DNS queries for the domain name that you specified in the
+-- Resolver rule.
+module Amazonka.Route53Resolver.DisassociateResolverRule
+  ( -- * Creating a Request
+    DisassociateResolverRule (..),
+    newDisassociateResolverRule,
+
+    -- * Request Lenses
+    disassociateResolverRule_vPCId,
+    disassociateResolverRule_resolverRuleId,
+
+    -- * Destructuring the Response
+    DisassociateResolverRuleResponse (..),
+    newDisassociateResolverRuleResponse,
+
+    -- * Response Lenses
+    disassociateResolverRuleResponse_resolverRuleAssociation,
+    disassociateResolverRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newDisassociateResolverRule' smart constructor.
+data DisassociateResolverRule = DisassociateResolverRule'
+  { -- | The ID of the VPC that you want to disassociate the Resolver rule from.
+    vPCId :: Prelude.Text,
+    -- | The ID of the Resolver rule that you want to disassociate from the
+    -- specified VPC.
+    resolverRuleId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateResolverRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'vPCId', 'disassociateResolverRule_vPCId' - The ID of the VPC that you want to disassociate the Resolver rule from.
+--
+-- 'resolverRuleId', 'disassociateResolverRule_resolverRuleId' - The ID of the Resolver rule that you want to disassociate from the
+-- specified VPC.
+newDisassociateResolverRule ::
+  -- | 'vPCId'
+  Prelude.Text ->
+  -- | 'resolverRuleId'
+  Prelude.Text ->
+  DisassociateResolverRule
+newDisassociateResolverRule pVPCId_ pResolverRuleId_ =
+  DisassociateResolverRule'
+    { vPCId = pVPCId_,
+      resolverRuleId = pResolverRuleId_
+    }
+
+-- | The ID of the VPC that you want to disassociate the Resolver rule from.
+disassociateResolverRule_vPCId :: Lens.Lens' DisassociateResolverRule Prelude.Text
+disassociateResolverRule_vPCId = Lens.lens (\DisassociateResolverRule' {vPCId} -> vPCId) (\s@DisassociateResolverRule' {} a -> s {vPCId = a} :: DisassociateResolverRule)
+
+-- | The ID of the Resolver rule that you want to disassociate from the
+-- specified VPC.
+disassociateResolverRule_resolverRuleId :: Lens.Lens' DisassociateResolverRule Prelude.Text
+disassociateResolverRule_resolverRuleId = Lens.lens (\DisassociateResolverRule' {resolverRuleId} -> resolverRuleId) (\s@DisassociateResolverRule' {} a -> s {resolverRuleId = a} :: DisassociateResolverRule)
+
+instance Core.AWSRequest DisassociateResolverRule where
+  type
+    AWSResponse DisassociateResolverRule =
+      DisassociateResolverRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DisassociateResolverRuleResponse'
+            Prelude.<$> (x Data..?> "ResolverRuleAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisassociateResolverRule where
+  hashWithSalt _salt DisassociateResolverRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` vPCId
+      `Prelude.hashWithSalt` resolverRuleId
+
+instance Prelude.NFData DisassociateResolverRule where
+  rnf DisassociateResolverRule' {..} =
+    Prelude.rnf vPCId
+      `Prelude.seq` Prelude.rnf resolverRuleId
+
+instance Data.ToHeaders DisassociateResolverRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.DisassociateResolverRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateResolverRule where
+  toJSON DisassociateResolverRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("VPCId" Data..= vPCId),
+            Prelude.Just
+              ("ResolverRuleId" Data..= resolverRuleId)
+          ]
+      )
+
+instance Data.ToPath DisassociateResolverRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DisassociateResolverRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateResolverRuleResponse' smart constructor.
+data DisassociateResolverRuleResponse = DisassociateResolverRuleResponse'
+  { -- | Information about the @DisassociateResolverRule@ request, including the
+    -- status of the request.
+    resolverRuleAssociation :: Prelude.Maybe ResolverRuleAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateResolverRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRuleAssociation', 'disassociateResolverRuleResponse_resolverRuleAssociation' - Information about the @DisassociateResolverRule@ request, including the
+-- status of the request.
+--
+-- 'httpStatus', 'disassociateResolverRuleResponse_httpStatus' - The response's http status code.
+newDisassociateResolverRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateResolverRuleResponse
+newDisassociateResolverRuleResponse pHttpStatus_ =
+  DisassociateResolverRuleResponse'
+    { resolverRuleAssociation =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the @DisassociateResolverRule@ request, including the
+-- status of the request.
+disassociateResolverRuleResponse_resolverRuleAssociation :: Lens.Lens' DisassociateResolverRuleResponse (Prelude.Maybe ResolverRuleAssociation)
+disassociateResolverRuleResponse_resolverRuleAssociation = Lens.lens (\DisassociateResolverRuleResponse' {resolverRuleAssociation} -> resolverRuleAssociation) (\s@DisassociateResolverRuleResponse' {} a -> s {resolverRuleAssociation = a} :: DisassociateResolverRuleResponse)
+
+-- | The response's http status code.
+disassociateResolverRuleResponse_httpStatus :: Lens.Lens' DisassociateResolverRuleResponse Prelude.Int
+disassociateResolverRuleResponse_httpStatus = Lens.lens (\DisassociateResolverRuleResponse' {httpStatus} -> httpStatus) (\s@DisassociateResolverRuleResponse' {} a -> s {httpStatus = a} :: DisassociateResolverRuleResponse)
+
+instance
+  Prelude.NFData
+    DisassociateResolverRuleResponse
+  where
+  rnf DisassociateResolverRuleResponse' {..} =
+    Prelude.rnf resolverRuleAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetFirewallConfig.hs b/gen/Amazonka/Route53Resolver/GetFirewallConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetFirewallConfig.hs
@@ -0,0 +1,173 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetFirewallConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the configuration of the firewall behavior provided by DNS
+-- Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon
+-- VPC).
+module Amazonka.Route53Resolver.GetFirewallConfig
+  ( -- * Creating a Request
+    GetFirewallConfig (..),
+    newGetFirewallConfig,
+
+    -- * Request Lenses
+    getFirewallConfig_resourceId,
+
+    -- * Destructuring the Response
+    GetFirewallConfigResponse (..),
+    newGetFirewallConfigResponse,
+
+    -- * Response Lenses
+    getFirewallConfigResponse_firewallConfig,
+    getFirewallConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetFirewallConfig' smart constructor.
+data GetFirewallConfig = GetFirewallConfig'
+  { -- | The ID of the VPC from Amazon VPC that the configuration is for.
+    resourceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceId', 'getFirewallConfig_resourceId' - The ID of the VPC from Amazon VPC that the configuration is for.
+newGetFirewallConfig ::
+  -- | 'resourceId'
+  Prelude.Text ->
+  GetFirewallConfig
+newGetFirewallConfig pResourceId_ =
+  GetFirewallConfig' {resourceId = pResourceId_}
+
+-- | The ID of the VPC from Amazon VPC that the configuration is for.
+getFirewallConfig_resourceId :: Lens.Lens' GetFirewallConfig Prelude.Text
+getFirewallConfig_resourceId = Lens.lens (\GetFirewallConfig' {resourceId} -> resourceId) (\s@GetFirewallConfig' {} a -> s {resourceId = a} :: GetFirewallConfig)
+
+instance Core.AWSRequest GetFirewallConfig where
+  type
+    AWSResponse GetFirewallConfig =
+      GetFirewallConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFirewallConfigResponse'
+            Prelude.<$> (x Data..?> "FirewallConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetFirewallConfig where
+  hashWithSalt _salt GetFirewallConfig' {..} =
+    _salt `Prelude.hashWithSalt` resourceId
+
+instance Prelude.NFData GetFirewallConfig where
+  rnf GetFirewallConfig' {..} = Prelude.rnf resourceId
+
+instance Data.ToHeaders GetFirewallConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetFirewallConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFirewallConfig where
+  toJSON GetFirewallConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceId" Data..= resourceId)]
+      )
+
+instance Data.ToPath GetFirewallConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetFirewallConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFirewallConfigResponse' smart constructor.
+data GetFirewallConfigResponse = GetFirewallConfigResponse'
+  { -- | Configuration of the firewall behavior provided by DNS Firewall for a
+    -- single VPC from AmazonVPC.
+    firewallConfig :: Prelude.Maybe FirewallConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallConfig', 'getFirewallConfigResponse_firewallConfig' - Configuration of the firewall behavior provided by DNS Firewall for a
+-- single VPC from AmazonVPC.
+--
+-- 'httpStatus', 'getFirewallConfigResponse_httpStatus' - The response's http status code.
+newGetFirewallConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFirewallConfigResponse
+newGetFirewallConfigResponse pHttpStatus_ =
+  GetFirewallConfigResponse'
+    { firewallConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Configuration of the firewall behavior provided by DNS Firewall for a
+-- single VPC from AmazonVPC.
+getFirewallConfigResponse_firewallConfig :: Lens.Lens' GetFirewallConfigResponse (Prelude.Maybe FirewallConfig)
+getFirewallConfigResponse_firewallConfig = Lens.lens (\GetFirewallConfigResponse' {firewallConfig} -> firewallConfig) (\s@GetFirewallConfigResponse' {} a -> s {firewallConfig = a} :: GetFirewallConfigResponse)
+
+-- | The response's http status code.
+getFirewallConfigResponse_httpStatus :: Lens.Lens' GetFirewallConfigResponse Prelude.Int
+getFirewallConfigResponse_httpStatus = Lens.lens (\GetFirewallConfigResponse' {httpStatus} -> httpStatus) (\s@GetFirewallConfigResponse' {} a -> s {httpStatus = a} :: GetFirewallConfigResponse)
+
+instance Prelude.NFData GetFirewallConfigResponse where
+  rnf GetFirewallConfigResponse' {..} =
+    Prelude.rnf firewallConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetFirewallDomainList.hs b/gen/Amazonka/Route53Resolver/GetFirewallDomainList.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetFirewallDomainList.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetFirewallDomainList
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the specified firewall domain list.
+module Amazonka.Route53Resolver.GetFirewallDomainList
+  ( -- * Creating a Request
+    GetFirewallDomainList (..),
+    newGetFirewallDomainList,
+
+    -- * Request Lenses
+    getFirewallDomainList_firewallDomainListId,
+
+    -- * Destructuring the Response
+    GetFirewallDomainListResponse (..),
+    newGetFirewallDomainListResponse,
+
+    -- * Response Lenses
+    getFirewallDomainListResponse_firewallDomainList,
+    getFirewallDomainListResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetFirewallDomainList' smart constructor.
+data GetFirewallDomainList = GetFirewallDomainList'
+  { -- | The ID of the domain list.
+    firewallDomainListId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallDomainList' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainListId', 'getFirewallDomainList_firewallDomainListId' - The ID of the domain list.
+newGetFirewallDomainList ::
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  GetFirewallDomainList
+newGetFirewallDomainList pFirewallDomainListId_ =
+  GetFirewallDomainList'
+    { firewallDomainListId =
+        pFirewallDomainListId_
+    }
+
+-- | The ID of the domain list.
+getFirewallDomainList_firewallDomainListId :: Lens.Lens' GetFirewallDomainList Prelude.Text
+getFirewallDomainList_firewallDomainListId = Lens.lens (\GetFirewallDomainList' {firewallDomainListId} -> firewallDomainListId) (\s@GetFirewallDomainList' {} a -> s {firewallDomainListId = a} :: GetFirewallDomainList)
+
+instance Core.AWSRequest GetFirewallDomainList where
+  type
+    AWSResponse GetFirewallDomainList =
+      GetFirewallDomainListResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFirewallDomainListResponse'
+            Prelude.<$> (x Data..?> "FirewallDomainList")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetFirewallDomainList where
+  hashWithSalt _salt GetFirewallDomainList' {..} =
+    _salt `Prelude.hashWithSalt` firewallDomainListId
+
+instance Prelude.NFData GetFirewallDomainList where
+  rnf GetFirewallDomainList' {..} =
+    Prelude.rnf firewallDomainListId
+
+instance Data.ToHeaders GetFirewallDomainList where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetFirewallDomainList" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFirewallDomainList where
+  toJSON GetFirewallDomainList' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              )
+          ]
+      )
+
+instance Data.ToPath GetFirewallDomainList where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetFirewallDomainList where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFirewallDomainListResponse' smart constructor.
+data GetFirewallDomainListResponse = GetFirewallDomainListResponse'
+  { -- | The domain list that you requested.
+    firewallDomainList :: Prelude.Maybe FirewallDomainList,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallDomainListResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainList', 'getFirewallDomainListResponse_firewallDomainList' - The domain list that you requested.
+--
+-- 'httpStatus', 'getFirewallDomainListResponse_httpStatus' - The response's http status code.
+newGetFirewallDomainListResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFirewallDomainListResponse
+newGetFirewallDomainListResponse pHttpStatus_ =
+  GetFirewallDomainListResponse'
+    { firewallDomainList =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The domain list that you requested.
+getFirewallDomainListResponse_firewallDomainList :: Lens.Lens' GetFirewallDomainListResponse (Prelude.Maybe FirewallDomainList)
+getFirewallDomainListResponse_firewallDomainList = Lens.lens (\GetFirewallDomainListResponse' {firewallDomainList} -> firewallDomainList) (\s@GetFirewallDomainListResponse' {} a -> s {firewallDomainList = a} :: GetFirewallDomainListResponse)
+
+-- | The response's http status code.
+getFirewallDomainListResponse_httpStatus :: Lens.Lens' GetFirewallDomainListResponse Prelude.Int
+getFirewallDomainListResponse_httpStatus = Lens.lens (\GetFirewallDomainListResponse' {httpStatus} -> httpStatus) (\s@GetFirewallDomainListResponse' {} a -> s {httpStatus = a} :: GetFirewallDomainListResponse)
+
+instance Prelude.NFData GetFirewallDomainListResponse where
+  rnf GetFirewallDomainListResponse' {..} =
+    Prelude.rnf firewallDomainList
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetFirewallRuleGroup.hs b/gen/Amazonka/Route53Resolver/GetFirewallRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetFirewallRuleGroup.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetFirewallRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the specified firewall rule group.
+module Amazonka.Route53Resolver.GetFirewallRuleGroup
+  ( -- * Creating a Request
+    GetFirewallRuleGroup (..),
+    newGetFirewallRuleGroup,
+
+    -- * Request Lenses
+    getFirewallRuleGroup_firewallRuleGroupId,
+
+    -- * Destructuring the Response
+    GetFirewallRuleGroupResponse (..),
+    newGetFirewallRuleGroupResponse,
+
+    -- * Response Lenses
+    getFirewallRuleGroupResponse_firewallRuleGroup,
+    getFirewallRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetFirewallRuleGroup' smart constructor.
+data GetFirewallRuleGroup = GetFirewallRuleGroup'
+  { -- | The unique identifier of the firewall rule group.
+    firewallRuleGroupId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupId', 'getFirewallRuleGroup_firewallRuleGroupId' - The unique identifier of the firewall rule group.
+newGetFirewallRuleGroup ::
+  -- | 'firewallRuleGroupId'
+  Prelude.Text ->
+  GetFirewallRuleGroup
+newGetFirewallRuleGroup pFirewallRuleGroupId_ =
+  GetFirewallRuleGroup'
+    { firewallRuleGroupId =
+        pFirewallRuleGroupId_
+    }
+
+-- | The unique identifier of the firewall rule group.
+getFirewallRuleGroup_firewallRuleGroupId :: Lens.Lens' GetFirewallRuleGroup Prelude.Text
+getFirewallRuleGroup_firewallRuleGroupId = Lens.lens (\GetFirewallRuleGroup' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@GetFirewallRuleGroup' {} a -> s {firewallRuleGroupId = a} :: GetFirewallRuleGroup)
+
+instance Core.AWSRequest GetFirewallRuleGroup where
+  type
+    AWSResponse GetFirewallRuleGroup =
+      GetFirewallRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFirewallRuleGroupResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroup")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetFirewallRuleGroup where
+  hashWithSalt _salt GetFirewallRuleGroup' {..} =
+    _salt `Prelude.hashWithSalt` firewallRuleGroupId
+
+instance Prelude.NFData GetFirewallRuleGroup where
+  rnf GetFirewallRuleGroup' {..} =
+    Prelude.rnf firewallRuleGroupId
+
+instance Data.ToHeaders GetFirewallRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetFirewallRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFirewallRuleGroup where
+  toJSON GetFirewallRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("FirewallRuleGroupId" Data..= firewallRuleGroupId)
+          ]
+      )
+
+instance Data.ToPath GetFirewallRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetFirewallRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFirewallRuleGroupResponse' smart constructor.
+data GetFirewallRuleGroupResponse = GetFirewallRuleGroupResponse'
+  { -- | A collection of rules used to filter DNS network traffic.
+    firewallRuleGroup :: Prelude.Maybe FirewallRuleGroup,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroup', 'getFirewallRuleGroupResponse_firewallRuleGroup' - A collection of rules used to filter DNS network traffic.
+--
+-- 'httpStatus', 'getFirewallRuleGroupResponse_httpStatus' - The response's http status code.
+newGetFirewallRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFirewallRuleGroupResponse
+newGetFirewallRuleGroupResponse pHttpStatus_ =
+  GetFirewallRuleGroupResponse'
+    { firewallRuleGroup =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A collection of rules used to filter DNS network traffic.
+getFirewallRuleGroupResponse_firewallRuleGroup :: Lens.Lens' GetFirewallRuleGroupResponse (Prelude.Maybe FirewallRuleGroup)
+getFirewallRuleGroupResponse_firewallRuleGroup = Lens.lens (\GetFirewallRuleGroupResponse' {firewallRuleGroup} -> firewallRuleGroup) (\s@GetFirewallRuleGroupResponse' {} a -> s {firewallRuleGroup = a} :: GetFirewallRuleGroupResponse)
+
+-- | The response's http status code.
+getFirewallRuleGroupResponse_httpStatus :: Lens.Lens' GetFirewallRuleGroupResponse Prelude.Int
+getFirewallRuleGroupResponse_httpStatus = Lens.lens (\GetFirewallRuleGroupResponse' {httpStatus} -> httpStatus) (\s@GetFirewallRuleGroupResponse' {} a -> s {httpStatus = a} :: GetFirewallRuleGroupResponse)
+
+instance Prelude.NFData GetFirewallRuleGroupResponse where
+  rnf GetFirewallRuleGroupResponse' {..} =
+    Prelude.rnf firewallRuleGroup
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetFirewallRuleGroupAssociation.hs b/gen/Amazonka/Route53Resolver/GetFirewallRuleGroupAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetFirewallRuleGroupAssociation.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetFirewallRuleGroupAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a firewall rule group association, which enables DNS filtering
+-- for a VPC with one rule group. A VPC can have more than one firewall
+-- rule group association, and a rule group can be associated with more
+-- than one VPC.
+module Amazonka.Route53Resolver.GetFirewallRuleGroupAssociation
+  ( -- * Creating a Request
+    GetFirewallRuleGroupAssociation (..),
+    newGetFirewallRuleGroupAssociation,
+
+    -- * Request Lenses
+    getFirewallRuleGroupAssociation_firewallRuleGroupAssociationId,
+
+    -- * Destructuring the Response
+    GetFirewallRuleGroupAssociationResponse (..),
+    newGetFirewallRuleGroupAssociationResponse,
+
+    -- * Response Lenses
+    getFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation,
+    getFirewallRuleGroupAssociationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetFirewallRuleGroupAssociation' smart constructor.
+data GetFirewallRuleGroupAssociation = GetFirewallRuleGroupAssociation'
+  { -- | The identifier of the FirewallRuleGroupAssociation.
+    firewallRuleGroupAssociationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallRuleGroupAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupAssociationId', 'getFirewallRuleGroupAssociation_firewallRuleGroupAssociationId' - The identifier of the FirewallRuleGroupAssociation.
+newGetFirewallRuleGroupAssociation ::
+  -- | 'firewallRuleGroupAssociationId'
+  Prelude.Text ->
+  GetFirewallRuleGroupAssociation
+newGetFirewallRuleGroupAssociation
+  pFirewallRuleGroupAssociationId_ =
+    GetFirewallRuleGroupAssociation'
+      { firewallRuleGroupAssociationId =
+          pFirewallRuleGroupAssociationId_
+      }
+
+-- | The identifier of the FirewallRuleGroupAssociation.
+getFirewallRuleGroupAssociation_firewallRuleGroupAssociationId :: Lens.Lens' GetFirewallRuleGroupAssociation Prelude.Text
+getFirewallRuleGroupAssociation_firewallRuleGroupAssociationId = Lens.lens (\GetFirewallRuleGroupAssociation' {firewallRuleGroupAssociationId} -> firewallRuleGroupAssociationId) (\s@GetFirewallRuleGroupAssociation' {} a -> s {firewallRuleGroupAssociationId = a} :: GetFirewallRuleGroupAssociation)
+
+instance
+  Core.AWSRequest
+    GetFirewallRuleGroupAssociation
+  where
+  type
+    AWSResponse GetFirewallRuleGroupAssociation =
+      GetFirewallRuleGroupAssociationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFirewallRuleGroupAssociationResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroupAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    GetFirewallRuleGroupAssociation
+  where
+  hashWithSalt
+    _salt
+    GetFirewallRuleGroupAssociation' {..} =
+      _salt
+        `Prelude.hashWithSalt` firewallRuleGroupAssociationId
+
+instance
+  Prelude.NFData
+    GetFirewallRuleGroupAssociation
+  where
+  rnf GetFirewallRuleGroupAssociation' {..} =
+    Prelude.rnf firewallRuleGroupAssociationId
+
+instance
+  Data.ToHeaders
+    GetFirewallRuleGroupAssociation
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetFirewallRuleGroupAssociation" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFirewallRuleGroupAssociation where
+  toJSON GetFirewallRuleGroupAssociation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "FirewallRuleGroupAssociationId"
+                  Data..= firewallRuleGroupAssociationId
+              )
+          ]
+      )
+
+instance Data.ToPath GetFirewallRuleGroupAssociation where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetFirewallRuleGroupAssociation where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFirewallRuleGroupAssociationResponse' smart constructor.
+data GetFirewallRuleGroupAssociationResponse = GetFirewallRuleGroupAssociationResponse'
+  { -- | The association that you requested.
+    firewallRuleGroupAssociation :: Prelude.Maybe FirewallRuleGroupAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallRuleGroupAssociationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupAssociation', 'getFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation' - The association that you requested.
+--
+-- 'httpStatus', 'getFirewallRuleGroupAssociationResponse_httpStatus' - The response's http status code.
+newGetFirewallRuleGroupAssociationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFirewallRuleGroupAssociationResponse
+newGetFirewallRuleGroupAssociationResponse
+  pHttpStatus_ =
+    GetFirewallRuleGroupAssociationResponse'
+      { firewallRuleGroupAssociation =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The association that you requested.
+getFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation :: Lens.Lens' GetFirewallRuleGroupAssociationResponse (Prelude.Maybe FirewallRuleGroupAssociation)
+getFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation = Lens.lens (\GetFirewallRuleGroupAssociationResponse' {firewallRuleGroupAssociation} -> firewallRuleGroupAssociation) (\s@GetFirewallRuleGroupAssociationResponse' {} a -> s {firewallRuleGroupAssociation = a} :: GetFirewallRuleGroupAssociationResponse)
+
+-- | The response's http status code.
+getFirewallRuleGroupAssociationResponse_httpStatus :: Lens.Lens' GetFirewallRuleGroupAssociationResponse Prelude.Int
+getFirewallRuleGroupAssociationResponse_httpStatus = Lens.lens (\GetFirewallRuleGroupAssociationResponse' {httpStatus} -> httpStatus) (\s@GetFirewallRuleGroupAssociationResponse' {} a -> s {httpStatus = a} :: GetFirewallRuleGroupAssociationResponse)
+
+instance
+  Prelude.NFData
+    GetFirewallRuleGroupAssociationResponse
+  where
+  rnf GetFirewallRuleGroupAssociationResponse' {..} =
+    Prelude.rnf firewallRuleGroupAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetFirewallRuleGroupPolicy.hs b/gen/Amazonka/Route53Resolver/GetFirewallRuleGroupPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetFirewallRuleGroupPolicy.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetFirewallRuleGroupPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the Identity and Access Management (Amazon Web Services IAM)
+-- policy for sharing the specified rule group. You can use the policy to
+-- share the rule group using Resource Access Manager (RAM).
+module Amazonka.Route53Resolver.GetFirewallRuleGroupPolicy
+  ( -- * Creating a Request
+    GetFirewallRuleGroupPolicy (..),
+    newGetFirewallRuleGroupPolicy,
+
+    -- * Request Lenses
+    getFirewallRuleGroupPolicy_arn,
+
+    -- * Destructuring the Response
+    GetFirewallRuleGroupPolicyResponse (..),
+    newGetFirewallRuleGroupPolicyResponse,
+
+    -- * Response Lenses
+    getFirewallRuleGroupPolicyResponse_firewallRuleGroupPolicy,
+    getFirewallRuleGroupPolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetFirewallRuleGroupPolicy' smart constructor.
+data GetFirewallRuleGroupPolicy = GetFirewallRuleGroupPolicy'
+  { -- | The ARN (Amazon Resource Name) for the rule group.
+    arn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallRuleGroupPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'getFirewallRuleGroupPolicy_arn' - The ARN (Amazon Resource Name) for the rule group.
+newGetFirewallRuleGroupPolicy ::
+  -- | 'arn'
+  Prelude.Text ->
+  GetFirewallRuleGroupPolicy
+newGetFirewallRuleGroupPolicy pArn_ =
+  GetFirewallRuleGroupPolicy' {arn = pArn_}
+
+-- | The ARN (Amazon Resource Name) for the rule group.
+getFirewallRuleGroupPolicy_arn :: Lens.Lens' GetFirewallRuleGroupPolicy Prelude.Text
+getFirewallRuleGroupPolicy_arn = Lens.lens (\GetFirewallRuleGroupPolicy' {arn} -> arn) (\s@GetFirewallRuleGroupPolicy' {} a -> s {arn = a} :: GetFirewallRuleGroupPolicy)
+
+instance Core.AWSRequest GetFirewallRuleGroupPolicy where
+  type
+    AWSResponse GetFirewallRuleGroupPolicy =
+      GetFirewallRuleGroupPolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetFirewallRuleGroupPolicyResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroupPolicy")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetFirewallRuleGroupPolicy where
+  hashWithSalt _salt GetFirewallRuleGroupPolicy' {..} =
+    _salt `Prelude.hashWithSalt` arn
+
+instance Prelude.NFData GetFirewallRuleGroupPolicy where
+  rnf GetFirewallRuleGroupPolicy' {..} = Prelude.rnf arn
+
+instance Data.ToHeaders GetFirewallRuleGroupPolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetFirewallRuleGroupPolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetFirewallRuleGroupPolicy where
+  toJSON GetFirewallRuleGroupPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Arn" Data..= arn)]
+      )
+
+instance Data.ToPath GetFirewallRuleGroupPolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetFirewallRuleGroupPolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetFirewallRuleGroupPolicyResponse' smart constructor.
+data GetFirewallRuleGroupPolicyResponse = GetFirewallRuleGroupPolicyResponse'
+  { -- | The Identity and Access Management (Amazon Web Services IAM) policy for
+    -- sharing the specified rule group. You can use the policy to share the
+    -- rule group using Resource Access Manager (RAM).
+    firewallRuleGroupPolicy :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetFirewallRuleGroupPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupPolicy', 'getFirewallRuleGroupPolicyResponse_firewallRuleGroupPolicy' - The Identity and Access Management (Amazon Web Services IAM) policy for
+-- sharing the specified rule group. You can use the policy to share the
+-- rule group using Resource Access Manager (RAM).
+--
+-- 'httpStatus', 'getFirewallRuleGroupPolicyResponse_httpStatus' - The response's http status code.
+newGetFirewallRuleGroupPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetFirewallRuleGroupPolicyResponse
+newGetFirewallRuleGroupPolicyResponse pHttpStatus_ =
+  GetFirewallRuleGroupPolicyResponse'
+    { firewallRuleGroupPolicy =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The Identity and Access Management (Amazon Web Services IAM) policy for
+-- sharing the specified rule group. You can use the policy to share the
+-- rule group using Resource Access Manager (RAM).
+getFirewallRuleGroupPolicyResponse_firewallRuleGroupPolicy :: Lens.Lens' GetFirewallRuleGroupPolicyResponse (Prelude.Maybe Prelude.Text)
+getFirewallRuleGroupPolicyResponse_firewallRuleGroupPolicy = Lens.lens (\GetFirewallRuleGroupPolicyResponse' {firewallRuleGroupPolicy} -> firewallRuleGroupPolicy) (\s@GetFirewallRuleGroupPolicyResponse' {} a -> s {firewallRuleGroupPolicy = a} :: GetFirewallRuleGroupPolicyResponse)
+
+-- | The response's http status code.
+getFirewallRuleGroupPolicyResponse_httpStatus :: Lens.Lens' GetFirewallRuleGroupPolicyResponse Prelude.Int
+getFirewallRuleGroupPolicyResponse_httpStatus = Lens.lens (\GetFirewallRuleGroupPolicyResponse' {httpStatus} -> httpStatus) (\s@GetFirewallRuleGroupPolicyResponse' {} a -> s {httpStatus = a} :: GetFirewallRuleGroupPolicyResponse)
+
+instance
+  Prelude.NFData
+    GetFirewallRuleGroupPolicyResponse
+  where
+  rnf GetFirewallRuleGroupPolicyResponse' {..} =
+    Prelude.rnf firewallRuleGroupPolicy
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverConfig.hs b/gen/Amazonka/Route53Resolver/GetResolverConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverConfig.hs
@@ -0,0 +1,172 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the behavior configuration of Route 53 Resolver behavior for a
+-- single VPC from Amazon Virtual Private Cloud.
+module Amazonka.Route53Resolver.GetResolverConfig
+  ( -- * Creating a Request
+    GetResolverConfig (..),
+    newGetResolverConfig,
+
+    -- * Request Lenses
+    getResolverConfig_resourceId,
+
+    -- * Destructuring the Response
+    GetResolverConfigResponse (..),
+    newGetResolverConfigResponse,
+
+    -- * Response Lenses
+    getResolverConfigResponse_resolverConfig,
+    getResolverConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverConfig' smart constructor.
+data GetResolverConfig = GetResolverConfig'
+  { -- | Resource ID of the Amazon VPC that you want to get information about.
+    resourceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceId', 'getResolverConfig_resourceId' - Resource ID of the Amazon VPC that you want to get information about.
+newGetResolverConfig ::
+  -- | 'resourceId'
+  Prelude.Text ->
+  GetResolverConfig
+newGetResolverConfig pResourceId_ =
+  GetResolverConfig' {resourceId = pResourceId_}
+
+-- | Resource ID of the Amazon VPC that you want to get information about.
+getResolverConfig_resourceId :: Lens.Lens' GetResolverConfig Prelude.Text
+getResolverConfig_resourceId = Lens.lens (\GetResolverConfig' {resourceId} -> resourceId) (\s@GetResolverConfig' {} a -> s {resourceId = a} :: GetResolverConfig)
+
+instance Core.AWSRequest GetResolverConfig where
+  type
+    AWSResponse GetResolverConfig =
+      GetResolverConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetResolverConfig where
+  hashWithSalt _salt GetResolverConfig' {..} =
+    _salt `Prelude.hashWithSalt` resourceId
+
+instance Prelude.NFData GetResolverConfig where
+  rnf GetResolverConfig' {..} = Prelude.rnf resourceId
+
+instance Data.ToHeaders GetResolverConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverConfig where
+  toJSON GetResolverConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceId" Data..= resourceId)]
+      )
+
+instance Data.ToPath GetResolverConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverConfigResponse' smart constructor.
+data GetResolverConfigResponse = GetResolverConfigResponse'
+  { -- | Information about the behavior configuration of Route 53 Resolver
+    -- behavior for the VPC you specified in the @GetResolverConfig@ request.
+    resolverConfig :: Prelude.Maybe ResolverConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverConfig', 'getResolverConfigResponse_resolverConfig' - Information about the behavior configuration of Route 53 Resolver
+-- behavior for the VPC you specified in the @GetResolverConfig@ request.
+--
+-- 'httpStatus', 'getResolverConfigResponse_httpStatus' - The response's http status code.
+newGetResolverConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverConfigResponse
+newGetResolverConfigResponse pHttpStatus_ =
+  GetResolverConfigResponse'
+    { resolverConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the behavior configuration of Route 53 Resolver
+-- behavior for the VPC you specified in the @GetResolverConfig@ request.
+getResolverConfigResponse_resolverConfig :: Lens.Lens' GetResolverConfigResponse (Prelude.Maybe ResolverConfig)
+getResolverConfigResponse_resolverConfig = Lens.lens (\GetResolverConfigResponse' {resolverConfig} -> resolverConfig) (\s@GetResolverConfigResponse' {} a -> s {resolverConfig = a} :: GetResolverConfigResponse)
+
+-- | The response's http status code.
+getResolverConfigResponse_httpStatus :: Lens.Lens' GetResolverConfigResponse Prelude.Int
+getResolverConfigResponse_httpStatus = Lens.lens (\GetResolverConfigResponse' {httpStatus} -> httpStatus) (\s@GetResolverConfigResponse' {} a -> s {httpStatus = a} :: GetResolverConfigResponse)
+
+instance Prelude.NFData GetResolverConfigResponse where
+  rnf GetResolverConfigResponse' {..} =
+    Prelude.rnf resolverConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverDnssecConfig.hs b/gen/Amazonka/Route53Resolver/GetResolverDnssecConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverDnssecConfig.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverDnssecConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets DNSSEC validation information for a specified resource.
+module Amazonka.Route53Resolver.GetResolverDnssecConfig
+  ( -- * Creating a Request
+    GetResolverDnssecConfig (..),
+    newGetResolverDnssecConfig,
+
+    -- * Request Lenses
+    getResolverDnssecConfig_resourceId,
+
+    -- * Destructuring the Response
+    GetResolverDnssecConfigResponse (..),
+    newGetResolverDnssecConfigResponse,
+
+    -- * Response Lenses
+    getResolverDnssecConfigResponse_resolverDNSSECConfig,
+    getResolverDnssecConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverDnssecConfig' smart constructor.
+data GetResolverDnssecConfig = GetResolverDnssecConfig'
+  { -- | The ID of the virtual private cloud (VPC) for the DNSSEC validation
+    -- status.
+    resourceId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverDnssecConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceId', 'getResolverDnssecConfig_resourceId' - The ID of the virtual private cloud (VPC) for the DNSSEC validation
+-- status.
+newGetResolverDnssecConfig ::
+  -- | 'resourceId'
+  Prelude.Text ->
+  GetResolverDnssecConfig
+newGetResolverDnssecConfig pResourceId_ =
+  GetResolverDnssecConfig' {resourceId = pResourceId_}
+
+-- | The ID of the virtual private cloud (VPC) for the DNSSEC validation
+-- status.
+getResolverDnssecConfig_resourceId :: Lens.Lens' GetResolverDnssecConfig Prelude.Text
+getResolverDnssecConfig_resourceId = Lens.lens (\GetResolverDnssecConfig' {resourceId} -> resourceId) (\s@GetResolverDnssecConfig' {} a -> s {resourceId = a} :: GetResolverDnssecConfig)
+
+instance Core.AWSRequest GetResolverDnssecConfig where
+  type
+    AWSResponse GetResolverDnssecConfig =
+      GetResolverDnssecConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverDnssecConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverDNSSECConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetResolverDnssecConfig where
+  hashWithSalt _salt GetResolverDnssecConfig' {..} =
+    _salt `Prelude.hashWithSalt` resourceId
+
+instance Prelude.NFData GetResolverDnssecConfig where
+  rnf GetResolverDnssecConfig' {..} =
+    Prelude.rnf resourceId
+
+instance Data.ToHeaders GetResolverDnssecConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverDnssecConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverDnssecConfig where
+  toJSON GetResolverDnssecConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceId" Data..= resourceId)]
+      )
+
+instance Data.ToPath GetResolverDnssecConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverDnssecConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverDnssecConfigResponse' smart constructor.
+data GetResolverDnssecConfigResponse = GetResolverDnssecConfigResponse'
+  { -- | The information about a configuration for DNSSEC validation.
+    resolverDNSSECConfig :: Prelude.Maybe ResolverDnssecConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverDnssecConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverDNSSECConfig', 'getResolverDnssecConfigResponse_resolverDNSSECConfig' - The information about a configuration for DNSSEC validation.
+--
+-- 'httpStatus', 'getResolverDnssecConfigResponse_httpStatus' - The response's http status code.
+newGetResolverDnssecConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverDnssecConfigResponse
+newGetResolverDnssecConfigResponse pHttpStatus_ =
+  GetResolverDnssecConfigResponse'
+    { resolverDNSSECConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The information about a configuration for DNSSEC validation.
+getResolverDnssecConfigResponse_resolverDNSSECConfig :: Lens.Lens' GetResolverDnssecConfigResponse (Prelude.Maybe ResolverDnssecConfig)
+getResolverDnssecConfigResponse_resolverDNSSECConfig = Lens.lens (\GetResolverDnssecConfigResponse' {resolverDNSSECConfig} -> resolverDNSSECConfig) (\s@GetResolverDnssecConfigResponse' {} a -> s {resolverDNSSECConfig = a} :: GetResolverDnssecConfigResponse)
+
+-- | The response's http status code.
+getResolverDnssecConfigResponse_httpStatus :: Lens.Lens' GetResolverDnssecConfigResponse Prelude.Int
+getResolverDnssecConfigResponse_httpStatus = Lens.lens (\GetResolverDnssecConfigResponse' {httpStatus} -> httpStatus) (\s@GetResolverDnssecConfigResponse' {} a -> s {httpStatus = a} :: GetResolverDnssecConfigResponse)
+
+instance
+  Prelude.NFData
+    GetResolverDnssecConfigResponse
+  where
+  rnf GetResolverDnssecConfigResponse' {..} =
+    Prelude.rnf resolverDNSSECConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverEndpoint.hs b/gen/Amazonka/Route53Resolver/GetResolverEndpoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverEndpoint.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverEndpoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about a specified Resolver endpoint, such as whether
+-- it\'s an inbound or an outbound Resolver endpoint, and the current
+-- status of the endpoint.
+module Amazonka.Route53Resolver.GetResolverEndpoint
+  ( -- * Creating a Request
+    GetResolverEndpoint (..),
+    newGetResolverEndpoint,
+
+    -- * Request Lenses
+    getResolverEndpoint_resolverEndpointId,
+
+    -- * Destructuring the Response
+    GetResolverEndpointResponse (..),
+    newGetResolverEndpointResponse,
+
+    -- * Response Lenses
+    getResolverEndpointResponse_resolverEndpoint,
+    getResolverEndpointResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverEndpoint' smart constructor.
+data GetResolverEndpoint = GetResolverEndpoint'
+  { -- | The ID of the Resolver endpoint that you want to get information about.
+    resolverEndpointId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverEndpoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpointId', 'getResolverEndpoint_resolverEndpointId' - The ID of the Resolver endpoint that you want to get information about.
+newGetResolverEndpoint ::
+  -- | 'resolverEndpointId'
+  Prelude.Text ->
+  GetResolverEndpoint
+newGetResolverEndpoint pResolverEndpointId_ =
+  GetResolverEndpoint'
+    { resolverEndpointId =
+        pResolverEndpointId_
+    }
+
+-- | The ID of the Resolver endpoint that you want to get information about.
+getResolverEndpoint_resolverEndpointId :: Lens.Lens' GetResolverEndpoint Prelude.Text
+getResolverEndpoint_resolverEndpointId = Lens.lens (\GetResolverEndpoint' {resolverEndpointId} -> resolverEndpointId) (\s@GetResolverEndpoint' {} a -> s {resolverEndpointId = a} :: GetResolverEndpoint)
+
+instance Core.AWSRequest GetResolverEndpoint where
+  type
+    AWSResponse GetResolverEndpoint =
+      GetResolverEndpointResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverEndpointResponse'
+            Prelude.<$> (x Data..?> "ResolverEndpoint")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetResolverEndpoint where
+  hashWithSalt _salt GetResolverEndpoint' {..} =
+    _salt `Prelude.hashWithSalt` resolverEndpointId
+
+instance Prelude.NFData GetResolverEndpoint where
+  rnf GetResolverEndpoint' {..} =
+    Prelude.rnf resolverEndpointId
+
+instance Data.ToHeaders GetResolverEndpoint where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverEndpoint" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverEndpoint where
+  toJSON GetResolverEndpoint' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ResolverEndpointId" Data..= resolverEndpointId)
+          ]
+      )
+
+instance Data.ToPath GetResolverEndpoint where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverEndpoint where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverEndpointResponse' smart constructor.
+data GetResolverEndpointResponse = GetResolverEndpointResponse'
+  { -- | Information about the Resolver endpoint that you specified in a
+    -- @GetResolverEndpoint@ request.
+    resolverEndpoint :: Prelude.Maybe ResolverEndpoint,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverEndpointResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpoint', 'getResolverEndpointResponse_resolverEndpoint' - Information about the Resolver endpoint that you specified in a
+-- @GetResolverEndpoint@ request.
+--
+-- 'httpStatus', 'getResolverEndpointResponse_httpStatus' - The response's http status code.
+newGetResolverEndpointResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverEndpointResponse
+newGetResolverEndpointResponse pHttpStatus_ =
+  GetResolverEndpointResponse'
+    { resolverEndpoint =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the Resolver endpoint that you specified in a
+-- @GetResolverEndpoint@ request.
+getResolverEndpointResponse_resolverEndpoint :: Lens.Lens' GetResolverEndpointResponse (Prelude.Maybe ResolverEndpoint)
+getResolverEndpointResponse_resolverEndpoint = Lens.lens (\GetResolverEndpointResponse' {resolverEndpoint} -> resolverEndpoint) (\s@GetResolverEndpointResponse' {} a -> s {resolverEndpoint = a} :: GetResolverEndpointResponse)
+
+-- | The response's http status code.
+getResolverEndpointResponse_httpStatus :: Lens.Lens' GetResolverEndpointResponse Prelude.Int
+getResolverEndpointResponse_httpStatus = Lens.lens (\GetResolverEndpointResponse' {httpStatus} -> httpStatus) (\s@GetResolverEndpointResponse' {} a -> s {httpStatus = a} :: GetResolverEndpointResponse)
+
+instance Prelude.NFData GetResolverEndpointResponse where
+  rnf GetResolverEndpointResponse' {..} =
+    Prelude.rnf resolverEndpoint
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfig.hs b/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfig.hs
@@ -0,0 +1,189 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverQueryLogConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about a specified Resolver query logging configuration,
+-- such as the number of VPCs that the configuration is logging queries for
+-- and the location that logs are sent to.
+module Amazonka.Route53Resolver.GetResolverQueryLogConfig
+  ( -- * Creating a Request
+    GetResolverQueryLogConfig (..),
+    newGetResolverQueryLogConfig,
+
+    -- * Request Lenses
+    getResolverQueryLogConfig_resolverQueryLogConfigId,
+
+    -- * Destructuring the Response
+    GetResolverQueryLogConfigResponse (..),
+    newGetResolverQueryLogConfigResponse,
+
+    -- * Response Lenses
+    getResolverQueryLogConfigResponse_resolverQueryLogConfig,
+    getResolverQueryLogConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverQueryLogConfig' smart constructor.
+data GetResolverQueryLogConfig = GetResolverQueryLogConfig'
+  { -- | The ID of the Resolver query logging configuration that you want to get
+    -- information about.
+    resolverQueryLogConfigId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverQueryLogConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigId', 'getResolverQueryLogConfig_resolverQueryLogConfigId' - The ID of the Resolver query logging configuration that you want to get
+-- information about.
+newGetResolverQueryLogConfig ::
+  -- | 'resolverQueryLogConfigId'
+  Prelude.Text ->
+  GetResolverQueryLogConfig
+newGetResolverQueryLogConfig
+  pResolverQueryLogConfigId_ =
+    GetResolverQueryLogConfig'
+      { resolverQueryLogConfigId =
+          pResolverQueryLogConfigId_
+      }
+
+-- | The ID of the Resolver query logging configuration that you want to get
+-- information about.
+getResolverQueryLogConfig_resolverQueryLogConfigId :: Lens.Lens' GetResolverQueryLogConfig Prelude.Text
+getResolverQueryLogConfig_resolverQueryLogConfigId = Lens.lens (\GetResolverQueryLogConfig' {resolverQueryLogConfigId} -> resolverQueryLogConfigId) (\s@GetResolverQueryLogConfig' {} a -> s {resolverQueryLogConfigId = a} :: GetResolverQueryLogConfig)
+
+instance Core.AWSRequest GetResolverQueryLogConfig where
+  type
+    AWSResponse GetResolverQueryLogConfig =
+      GetResolverQueryLogConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverQueryLogConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverQueryLogConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetResolverQueryLogConfig where
+  hashWithSalt _salt GetResolverQueryLogConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` resolverQueryLogConfigId
+
+instance Prelude.NFData GetResolverQueryLogConfig where
+  rnf GetResolverQueryLogConfig' {..} =
+    Prelude.rnf resolverQueryLogConfigId
+
+instance Data.ToHeaders GetResolverQueryLogConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverQueryLogConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverQueryLogConfig where
+  toJSON GetResolverQueryLogConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "ResolverQueryLogConfigId"
+                  Data..= resolverQueryLogConfigId
+              )
+          ]
+      )
+
+instance Data.ToPath GetResolverQueryLogConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverQueryLogConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverQueryLogConfigResponse' smart constructor.
+data GetResolverQueryLogConfigResponse = GetResolverQueryLogConfigResponse'
+  { -- | Information about the Resolver query logging configuration that you
+    -- specified in a @GetQueryLogConfig@ request.
+    resolverQueryLogConfig :: Prelude.Maybe ResolverQueryLogConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverQueryLogConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfig', 'getResolverQueryLogConfigResponse_resolverQueryLogConfig' - Information about the Resolver query logging configuration that you
+-- specified in a @GetQueryLogConfig@ request.
+--
+-- 'httpStatus', 'getResolverQueryLogConfigResponse_httpStatus' - The response's http status code.
+newGetResolverQueryLogConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverQueryLogConfigResponse
+newGetResolverQueryLogConfigResponse pHttpStatus_ =
+  GetResolverQueryLogConfigResponse'
+    { resolverQueryLogConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the Resolver query logging configuration that you
+-- specified in a @GetQueryLogConfig@ request.
+getResolverQueryLogConfigResponse_resolverQueryLogConfig :: Lens.Lens' GetResolverQueryLogConfigResponse (Prelude.Maybe ResolverQueryLogConfig)
+getResolverQueryLogConfigResponse_resolverQueryLogConfig = Lens.lens (\GetResolverQueryLogConfigResponse' {resolverQueryLogConfig} -> resolverQueryLogConfig) (\s@GetResolverQueryLogConfigResponse' {} a -> s {resolverQueryLogConfig = a} :: GetResolverQueryLogConfigResponse)
+
+-- | The response's http status code.
+getResolverQueryLogConfigResponse_httpStatus :: Lens.Lens' GetResolverQueryLogConfigResponse Prelude.Int
+getResolverQueryLogConfigResponse_httpStatus = Lens.lens (\GetResolverQueryLogConfigResponse' {httpStatus} -> httpStatus) (\s@GetResolverQueryLogConfigResponse' {} a -> s {httpStatus = a} :: GetResolverQueryLogConfigResponse)
+
+instance
+  Prelude.NFData
+    GetResolverQueryLogConfigResponse
+  where
+  rnf GetResolverQueryLogConfigResponse' {..} =
+    Prelude.rnf resolverQueryLogConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfigAssociation.hs b/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfigAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfigAssociation.hs
@@ -0,0 +1,214 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverQueryLogConfigAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about a specified association between a Resolver query
+-- logging configuration and an Amazon VPC. When you associate a VPC with a
+-- query logging configuration, Resolver logs DNS queries that originate in
+-- that VPC.
+module Amazonka.Route53Resolver.GetResolverQueryLogConfigAssociation
+  ( -- * Creating a Request
+    GetResolverQueryLogConfigAssociation (..),
+    newGetResolverQueryLogConfigAssociation,
+
+    -- * Request Lenses
+    getResolverQueryLogConfigAssociation_resolverQueryLogConfigAssociationId,
+
+    -- * Destructuring the Response
+    GetResolverQueryLogConfigAssociationResponse (..),
+    newGetResolverQueryLogConfigAssociationResponse,
+
+    -- * Response Lenses
+    getResolverQueryLogConfigAssociationResponse_resolverQueryLogConfigAssociation,
+    getResolverQueryLogConfigAssociationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverQueryLogConfigAssociation' smart constructor.
+data GetResolverQueryLogConfigAssociation = GetResolverQueryLogConfigAssociation'
+  { -- | The ID of the Resolver query logging configuration association that you
+    -- want to get information about.
+    resolverQueryLogConfigAssociationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverQueryLogConfigAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigAssociationId', 'getResolverQueryLogConfigAssociation_resolverQueryLogConfigAssociationId' - The ID of the Resolver query logging configuration association that you
+-- want to get information about.
+newGetResolverQueryLogConfigAssociation ::
+  -- | 'resolverQueryLogConfigAssociationId'
+  Prelude.Text ->
+  GetResolverQueryLogConfigAssociation
+newGetResolverQueryLogConfigAssociation
+  pResolverQueryLogConfigAssociationId_ =
+    GetResolverQueryLogConfigAssociation'
+      { resolverQueryLogConfigAssociationId =
+          pResolverQueryLogConfigAssociationId_
+      }
+
+-- | The ID of the Resolver query logging configuration association that you
+-- want to get information about.
+getResolverQueryLogConfigAssociation_resolverQueryLogConfigAssociationId :: Lens.Lens' GetResolverQueryLogConfigAssociation Prelude.Text
+getResolverQueryLogConfigAssociation_resolverQueryLogConfigAssociationId = Lens.lens (\GetResolverQueryLogConfigAssociation' {resolverQueryLogConfigAssociationId} -> resolverQueryLogConfigAssociationId) (\s@GetResolverQueryLogConfigAssociation' {} a -> s {resolverQueryLogConfigAssociationId = a} :: GetResolverQueryLogConfigAssociation)
+
+instance
+  Core.AWSRequest
+    GetResolverQueryLogConfigAssociation
+  where
+  type
+    AWSResponse GetResolverQueryLogConfigAssociation =
+      GetResolverQueryLogConfigAssociationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverQueryLogConfigAssociationResponse'
+            Prelude.<$> (x Data..?> "ResolverQueryLogConfigAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    GetResolverQueryLogConfigAssociation
+  where
+  hashWithSalt
+    _salt
+    GetResolverQueryLogConfigAssociation' {..} =
+      _salt
+        `Prelude.hashWithSalt` resolverQueryLogConfigAssociationId
+
+instance
+  Prelude.NFData
+    GetResolverQueryLogConfigAssociation
+  where
+  rnf GetResolverQueryLogConfigAssociation' {..} =
+    Prelude.rnf resolverQueryLogConfigAssociationId
+
+instance
+  Data.ToHeaders
+    GetResolverQueryLogConfigAssociation
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverQueryLogConfigAssociation" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    GetResolverQueryLogConfigAssociation
+  where
+  toJSON GetResolverQueryLogConfigAssociation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "ResolverQueryLogConfigAssociationId"
+                  Data..= resolverQueryLogConfigAssociationId
+              )
+          ]
+      )
+
+instance
+  Data.ToPath
+    GetResolverQueryLogConfigAssociation
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    GetResolverQueryLogConfigAssociation
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverQueryLogConfigAssociationResponse' smart constructor.
+data GetResolverQueryLogConfigAssociationResponse = GetResolverQueryLogConfigAssociationResponse'
+  { -- | Information about the Resolver query logging configuration association
+    -- that you specified in a @GetQueryLogConfigAssociation@ request.
+    resolverQueryLogConfigAssociation :: Prelude.Maybe ResolverQueryLogConfigAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverQueryLogConfigAssociationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigAssociation', 'getResolverQueryLogConfigAssociationResponse_resolverQueryLogConfigAssociation' - Information about the Resolver query logging configuration association
+-- that you specified in a @GetQueryLogConfigAssociation@ request.
+--
+-- 'httpStatus', 'getResolverQueryLogConfigAssociationResponse_httpStatus' - The response's http status code.
+newGetResolverQueryLogConfigAssociationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverQueryLogConfigAssociationResponse
+newGetResolverQueryLogConfigAssociationResponse
+  pHttpStatus_ =
+    GetResolverQueryLogConfigAssociationResponse'
+      { resolverQueryLogConfigAssociation =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | Information about the Resolver query logging configuration association
+-- that you specified in a @GetQueryLogConfigAssociation@ request.
+getResolverQueryLogConfigAssociationResponse_resolverQueryLogConfigAssociation :: Lens.Lens' GetResolverQueryLogConfigAssociationResponse (Prelude.Maybe ResolverQueryLogConfigAssociation)
+getResolverQueryLogConfigAssociationResponse_resolverQueryLogConfigAssociation = Lens.lens (\GetResolverQueryLogConfigAssociationResponse' {resolverQueryLogConfigAssociation} -> resolverQueryLogConfigAssociation) (\s@GetResolverQueryLogConfigAssociationResponse' {} a -> s {resolverQueryLogConfigAssociation = a} :: GetResolverQueryLogConfigAssociationResponse)
+
+-- | The response's http status code.
+getResolverQueryLogConfigAssociationResponse_httpStatus :: Lens.Lens' GetResolverQueryLogConfigAssociationResponse Prelude.Int
+getResolverQueryLogConfigAssociationResponse_httpStatus = Lens.lens (\GetResolverQueryLogConfigAssociationResponse' {httpStatus} -> httpStatus) (\s@GetResolverQueryLogConfigAssociationResponse' {} a -> s {httpStatus = a} :: GetResolverQueryLogConfigAssociationResponse)
+
+instance
+  Prelude.NFData
+    GetResolverQueryLogConfigAssociationResponse
+  where
+  rnf GetResolverQueryLogConfigAssociationResponse' {..} =
+    Prelude.rnf resolverQueryLogConfigAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfigPolicy.hs b/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfigPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverQueryLogConfigPolicy.hs
@@ -0,0 +1,198 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverQueryLogConfigPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about a query logging policy. A query logging policy
+-- specifies the Resolver query logging operations and resources that you
+-- want to allow another Amazon Web Services account to be able to use.
+module Amazonka.Route53Resolver.GetResolverQueryLogConfigPolicy
+  ( -- * Creating a Request
+    GetResolverQueryLogConfigPolicy (..),
+    newGetResolverQueryLogConfigPolicy,
+
+    -- * Request Lenses
+    getResolverQueryLogConfigPolicy_arn,
+
+    -- * Destructuring the Response
+    GetResolverQueryLogConfigPolicyResponse (..),
+    newGetResolverQueryLogConfigPolicyResponse,
+
+    -- * Response Lenses
+    getResolverQueryLogConfigPolicyResponse_resolverQueryLogConfigPolicy,
+    getResolverQueryLogConfigPolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverQueryLogConfigPolicy' smart constructor.
+data GetResolverQueryLogConfigPolicy = GetResolverQueryLogConfigPolicy'
+  { -- | The ARN of the query logging configuration that you want to get the
+    -- query logging policy for.
+    arn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverQueryLogConfigPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'getResolverQueryLogConfigPolicy_arn' - The ARN of the query logging configuration that you want to get the
+-- query logging policy for.
+newGetResolverQueryLogConfigPolicy ::
+  -- | 'arn'
+  Prelude.Text ->
+  GetResolverQueryLogConfigPolicy
+newGetResolverQueryLogConfigPolicy pArn_ =
+  GetResolverQueryLogConfigPolicy' {arn = pArn_}
+
+-- | The ARN of the query logging configuration that you want to get the
+-- query logging policy for.
+getResolverQueryLogConfigPolicy_arn :: Lens.Lens' GetResolverQueryLogConfigPolicy Prelude.Text
+getResolverQueryLogConfigPolicy_arn = Lens.lens (\GetResolverQueryLogConfigPolicy' {arn} -> arn) (\s@GetResolverQueryLogConfigPolicy' {} a -> s {arn = a} :: GetResolverQueryLogConfigPolicy)
+
+instance
+  Core.AWSRequest
+    GetResolverQueryLogConfigPolicy
+  where
+  type
+    AWSResponse GetResolverQueryLogConfigPolicy =
+      GetResolverQueryLogConfigPolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverQueryLogConfigPolicyResponse'
+            Prelude.<$> (x Data..?> "ResolverQueryLogConfigPolicy")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    GetResolverQueryLogConfigPolicy
+  where
+  hashWithSalt
+    _salt
+    GetResolverQueryLogConfigPolicy' {..} =
+      _salt `Prelude.hashWithSalt` arn
+
+instance
+  Prelude.NFData
+    GetResolverQueryLogConfigPolicy
+  where
+  rnf GetResolverQueryLogConfigPolicy' {..} =
+    Prelude.rnf arn
+
+instance
+  Data.ToHeaders
+    GetResolverQueryLogConfigPolicy
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverQueryLogConfigPolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverQueryLogConfigPolicy where
+  toJSON GetResolverQueryLogConfigPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Arn" Data..= arn)]
+      )
+
+instance Data.ToPath GetResolverQueryLogConfigPolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverQueryLogConfigPolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverQueryLogConfigPolicyResponse' smart constructor.
+data GetResolverQueryLogConfigPolicyResponse = GetResolverQueryLogConfigPolicyResponse'
+  { -- | Information about the query logging policy for the query logging
+    -- configuration that you specified in a @GetResolverQueryLogConfigPolicy@
+    -- request.
+    resolverQueryLogConfigPolicy :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverQueryLogConfigPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverQueryLogConfigPolicy', 'getResolverQueryLogConfigPolicyResponse_resolverQueryLogConfigPolicy' - Information about the query logging policy for the query logging
+-- configuration that you specified in a @GetResolverQueryLogConfigPolicy@
+-- request.
+--
+-- 'httpStatus', 'getResolverQueryLogConfigPolicyResponse_httpStatus' - The response's http status code.
+newGetResolverQueryLogConfigPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverQueryLogConfigPolicyResponse
+newGetResolverQueryLogConfigPolicyResponse
+  pHttpStatus_ =
+    GetResolverQueryLogConfigPolicyResponse'
+      { resolverQueryLogConfigPolicy =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | Information about the query logging policy for the query logging
+-- configuration that you specified in a @GetResolverQueryLogConfigPolicy@
+-- request.
+getResolverQueryLogConfigPolicyResponse_resolverQueryLogConfigPolicy :: Lens.Lens' GetResolverQueryLogConfigPolicyResponse (Prelude.Maybe Prelude.Text)
+getResolverQueryLogConfigPolicyResponse_resolverQueryLogConfigPolicy = Lens.lens (\GetResolverQueryLogConfigPolicyResponse' {resolverQueryLogConfigPolicy} -> resolverQueryLogConfigPolicy) (\s@GetResolverQueryLogConfigPolicyResponse' {} a -> s {resolverQueryLogConfigPolicy = a} :: GetResolverQueryLogConfigPolicyResponse)
+
+-- | The response's http status code.
+getResolverQueryLogConfigPolicyResponse_httpStatus :: Lens.Lens' GetResolverQueryLogConfigPolicyResponse Prelude.Int
+getResolverQueryLogConfigPolicyResponse_httpStatus = Lens.lens (\GetResolverQueryLogConfigPolicyResponse' {httpStatus} -> httpStatus) (\s@GetResolverQueryLogConfigPolicyResponse' {} a -> s {httpStatus = a} :: GetResolverQueryLogConfigPolicyResponse)
+
+instance
+  Prelude.NFData
+    GetResolverQueryLogConfigPolicyResponse
+  where
+  rnf GetResolverQueryLogConfigPolicyResponse' {..} =
+    Prelude.rnf resolverQueryLogConfigPolicy
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverRule.hs b/gen/Amazonka/Route53Resolver/GetResolverRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverRule.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about a specified Resolver rule, such as the domain
+-- name that the rule forwards DNS queries for and the ID of the outbound
+-- Resolver endpoint that the rule is associated with.
+module Amazonka.Route53Resolver.GetResolverRule
+  ( -- * Creating a Request
+    GetResolverRule (..),
+    newGetResolverRule,
+
+    -- * Request Lenses
+    getResolverRule_resolverRuleId,
+
+    -- * Destructuring the Response
+    GetResolverRuleResponse (..),
+    newGetResolverRuleResponse,
+
+    -- * Response Lenses
+    getResolverRuleResponse_resolverRule,
+    getResolverRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverRule' smart constructor.
+data GetResolverRule = GetResolverRule'
+  { -- | The ID of the Resolver rule that you want to get information about.
+    resolverRuleId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRuleId', 'getResolverRule_resolverRuleId' - The ID of the Resolver rule that you want to get information about.
+newGetResolverRule ::
+  -- | 'resolverRuleId'
+  Prelude.Text ->
+  GetResolverRule
+newGetResolverRule pResolverRuleId_ =
+  GetResolverRule' {resolverRuleId = pResolverRuleId_}
+
+-- | The ID of the Resolver rule that you want to get information about.
+getResolverRule_resolverRuleId :: Lens.Lens' GetResolverRule Prelude.Text
+getResolverRule_resolverRuleId = Lens.lens (\GetResolverRule' {resolverRuleId} -> resolverRuleId) (\s@GetResolverRule' {} a -> s {resolverRuleId = a} :: GetResolverRule)
+
+instance Core.AWSRequest GetResolverRule where
+  type
+    AWSResponse GetResolverRule =
+      GetResolverRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverRuleResponse'
+            Prelude.<$> (x Data..?> "ResolverRule")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetResolverRule where
+  hashWithSalt _salt GetResolverRule' {..} =
+    _salt `Prelude.hashWithSalt` resolverRuleId
+
+instance Prelude.NFData GetResolverRule where
+  rnf GetResolverRule' {..} = Prelude.rnf resolverRuleId
+
+instance Data.ToHeaders GetResolverRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverRule where
+  toJSON GetResolverRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ResolverRuleId" Data..= resolverRuleId)
+          ]
+      )
+
+instance Data.ToPath GetResolverRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverRuleResponse' smart constructor.
+data GetResolverRuleResponse = GetResolverRuleResponse'
+  { -- | Information about the Resolver rule that you specified in a
+    -- @GetResolverRule@ request.
+    resolverRule :: Prelude.Maybe ResolverRule,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRule', 'getResolverRuleResponse_resolverRule' - Information about the Resolver rule that you specified in a
+-- @GetResolverRule@ request.
+--
+-- 'httpStatus', 'getResolverRuleResponse_httpStatus' - The response's http status code.
+newGetResolverRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverRuleResponse
+newGetResolverRuleResponse pHttpStatus_ =
+  GetResolverRuleResponse'
+    { resolverRule =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the Resolver rule that you specified in a
+-- @GetResolverRule@ request.
+getResolverRuleResponse_resolverRule :: Lens.Lens' GetResolverRuleResponse (Prelude.Maybe ResolverRule)
+getResolverRuleResponse_resolverRule = Lens.lens (\GetResolverRuleResponse' {resolverRule} -> resolverRule) (\s@GetResolverRuleResponse' {} a -> s {resolverRule = a} :: GetResolverRuleResponse)
+
+-- | The response's http status code.
+getResolverRuleResponse_httpStatus :: Lens.Lens' GetResolverRuleResponse Prelude.Int
+getResolverRuleResponse_httpStatus = Lens.lens (\GetResolverRuleResponse' {httpStatus} -> httpStatus) (\s@GetResolverRuleResponse' {} a -> s {httpStatus = a} :: GetResolverRuleResponse)
+
+instance Prelude.NFData GetResolverRuleResponse where
+  rnf GetResolverRuleResponse' {..} =
+    Prelude.rnf resolverRule
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverRuleAssociation.hs b/gen/Amazonka/Route53Resolver/GetResolverRuleAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverRuleAssociation.hs
@@ -0,0 +1,189 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverRuleAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about an association between a specified Resolver rule
+-- and a VPC. You associate a Resolver rule and a VPC using
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html AssociateResolverRule>.
+module Amazonka.Route53Resolver.GetResolverRuleAssociation
+  ( -- * Creating a Request
+    GetResolverRuleAssociation (..),
+    newGetResolverRuleAssociation,
+
+    -- * Request Lenses
+    getResolverRuleAssociation_resolverRuleAssociationId,
+
+    -- * Destructuring the Response
+    GetResolverRuleAssociationResponse (..),
+    newGetResolverRuleAssociationResponse,
+
+    -- * Response Lenses
+    getResolverRuleAssociationResponse_resolverRuleAssociation,
+    getResolverRuleAssociationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverRuleAssociation' smart constructor.
+data GetResolverRuleAssociation = GetResolverRuleAssociation'
+  { -- | The ID of the Resolver rule association that you want to get information
+    -- about.
+    resolverRuleAssociationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverRuleAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRuleAssociationId', 'getResolverRuleAssociation_resolverRuleAssociationId' - The ID of the Resolver rule association that you want to get information
+-- about.
+newGetResolverRuleAssociation ::
+  -- | 'resolverRuleAssociationId'
+  Prelude.Text ->
+  GetResolverRuleAssociation
+newGetResolverRuleAssociation
+  pResolverRuleAssociationId_ =
+    GetResolverRuleAssociation'
+      { resolverRuleAssociationId =
+          pResolverRuleAssociationId_
+      }
+
+-- | The ID of the Resolver rule association that you want to get information
+-- about.
+getResolverRuleAssociation_resolverRuleAssociationId :: Lens.Lens' GetResolverRuleAssociation Prelude.Text
+getResolverRuleAssociation_resolverRuleAssociationId = Lens.lens (\GetResolverRuleAssociation' {resolverRuleAssociationId} -> resolverRuleAssociationId) (\s@GetResolverRuleAssociation' {} a -> s {resolverRuleAssociationId = a} :: GetResolverRuleAssociation)
+
+instance Core.AWSRequest GetResolverRuleAssociation where
+  type
+    AWSResponse GetResolverRuleAssociation =
+      GetResolverRuleAssociationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverRuleAssociationResponse'
+            Prelude.<$> (x Data..?> "ResolverRuleAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetResolverRuleAssociation where
+  hashWithSalt _salt GetResolverRuleAssociation' {..} =
+    _salt
+      `Prelude.hashWithSalt` resolverRuleAssociationId
+
+instance Prelude.NFData GetResolverRuleAssociation where
+  rnf GetResolverRuleAssociation' {..} =
+    Prelude.rnf resolverRuleAssociationId
+
+instance Data.ToHeaders GetResolverRuleAssociation where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverRuleAssociation" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverRuleAssociation where
+  toJSON GetResolverRuleAssociation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "ResolverRuleAssociationId"
+                  Data..= resolverRuleAssociationId
+              )
+          ]
+      )
+
+instance Data.ToPath GetResolverRuleAssociation where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverRuleAssociation where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverRuleAssociationResponse' smart constructor.
+data GetResolverRuleAssociationResponse = GetResolverRuleAssociationResponse'
+  { -- | Information about the Resolver rule association that you specified in a
+    -- @GetResolverRuleAssociation@ request.
+    resolverRuleAssociation :: Prelude.Maybe ResolverRuleAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverRuleAssociationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRuleAssociation', 'getResolverRuleAssociationResponse_resolverRuleAssociation' - Information about the Resolver rule association that you specified in a
+-- @GetResolverRuleAssociation@ request.
+--
+-- 'httpStatus', 'getResolverRuleAssociationResponse_httpStatus' - The response's http status code.
+newGetResolverRuleAssociationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverRuleAssociationResponse
+newGetResolverRuleAssociationResponse pHttpStatus_ =
+  GetResolverRuleAssociationResponse'
+    { resolverRuleAssociation =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information about the Resolver rule association that you specified in a
+-- @GetResolverRuleAssociation@ request.
+getResolverRuleAssociationResponse_resolverRuleAssociation :: Lens.Lens' GetResolverRuleAssociationResponse (Prelude.Maybe ResolverRuleAssociation)
+getResolverRuleAssociationResponse_resolverRuleAssociation = Lens.lens (\GetResolverRuleAssociationResponse' {resolverRuleAssociation} -> resolverRuleAssociation) (\s@GetResolverRuleAssociationResponse' {} a -> s {resolverRuleAssociation = a} :: GetResolverRuleAssociationResponse)
+
+-- | The response's http status code.
+getResolverRuleAssociationResponse_httpStatus :: Lens.Lens' GetResolverRuleAssociationResponse Prelude.Int
+getResolverRuleAssociationResponse_httpStatus = Lens.lens (\GetResolverRuleAssociationResponse' {httpStatus} -> httpStatus) (\s@GetResolverRuleAssociationResponse' {} a -> s {httpStatus = a} :: GetResolverRuleAssociationResponse)
+
+instance
+  Prelude.NFData
+    GetResolverRuleAssociationResponse
+  where
+  rnf GetResolverRuleAssociationResponse' {..} =
+    Prelude.rnf resolverRuleAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/GetResolverRulePolicy.hs b/gen/Amazonka/Route53Resolver/GetResolverRulePolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/GetResolverRulePolicy.hs
@@ -0,0 +1,177 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.GetResolverRulePolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about the Resolver rule policy for a specified rule. A
+-- Resolver rule policy includes the rule that you want to share with
+-- another account, the account that you want to share the rule with, and
+-- the Resolver operations that you want to allow the account to use.
+module Amazonka.Route53Resolver.GetResolverRulePolicy
+  ( -- * Creating a Request
+    GetResolverRulePolicy (..),
+    newGetResolverRulePolicy,
+
+    -- * Request Lenses
+    getResolverRulePolicy_arn,
+
+    -- * Destructuring the Response
+    GetResolverRulePolicyResponse (..),
+    newGetResolverRulePolicyResponse,
+
+    -- * Response Lenses
+    getResolverRulePolicyResponse_resolverRulePolicy,
+    getResolverRulePolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newGetResolverRulePolicy' smart constructor.
+data GetResolverRulePolicy = GetResolverRulePolicy'
+  { -- | The ID of the Resolver rule that you want to get the Resolver rule
+    -- policy for.
+    arn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverRulePolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'getResolverRulePolicy_arn' - The ID of the Resolver rule that you want to get the Resolver rule
+-- policy for.
+newGetResolverRulePolicy ::
+  -- | 'arn'
+  Prelude.Text ->
+  GetResolverRulePolicy
+newGetResolverRulePolicy pArn_ =
+  GetResolverRulePolicy' {arn = pArn_}
+
+-- | The ID of the Resolver rule that you want to get the Resolver rule
+-- policy for.
+getResolverRulePolicy_arn :: Lens.Lens' GetResolverRulePolicy Prelude.Text
+getResolverRulePolicy_arn = Lens.lens (\GetResolverRulePolicy' {arn} -> arn) (\s@GetResolverRulePolicy' {} a -> s {arn = a} :: GetResolverRulePolicy)
+
+instance Core.AWSRequest GetResolverRulePolicy where
+  type
+    AWSResponse GetResolverRulePolicy =
+      GetResolverRulePolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetResolverRulePolicyResponse'
+            Prelude.<$> (x Data..?> "ResolverRulePolicy")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetResolverRulePolicy where
+  hashWithSalt _salt GetResolverRulePolicy' {..} =
+    _salt `Prelude.hashWithSalt` arn
+
+instance Prelude.NFData GetResolverRulePolicy where
+  rnf GetResolverRulePolicy' {..} = Prelude.rnf arn
+
+instance Data.ToHeaders GetResolverRulePolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.GetResolverRulePolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetResolverRulePolicy where
+  toJSON GetResolverRulePolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Arn" Data..= arn)]
+      )
+
+instance Data.ToPath GetResolverRulePolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetResolverRulePolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetResolverRulePolicyResponse' smart constructor.
+data GetResolverRulePolicyResponse = GetResolverRulePolicyResponse'
+  { -- | The Resolver rule policy for the rule that you specified in a
+    -- @GetResolverRulePolicy@ request.
+    resolverRulePolicy :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetResolverRulePolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRulePolicy', 'getResolverRulePolicyResponse_resolverRulePolicy' - The Resolver rule policy for the rule that you specified in a
+-- @GetResolverRulePolicy@ request.
+--
+-- 'httpStatus', 'getResolverRulePolicyResponse_httpStatus' - The response's http status code.
+newGetResolverRulePolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetResolverRulePolicyResponse
+newGetResolverRulePolicyResponse pHttpStatus_ =
+  GetResolverRulePolicyResponse'
+    { resolverRulePolicy =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The Resolver rule policy for the rule that you specified in a
+-- @GetResolverRulePolicy@ request.
+getResolverRulePolicyResponse_resolverRulePolicy :: Lens.Lens' GetResolverRulePolicyResponse (Prelude.Maybe Prelude.Text)
+getResolverRulePolicyResponse_resolverRulePolicy = Lens.lens (\GetResolverRulePolicyResponse' {resolverRulePolicy} -> resolverRulePolicy) (\s@GetResolverRulePolicyResponse' {} a -> s {resolverRulePolicy = a} :: GetResolverRulePolicyResponse)
+
+-- | The response's http status code.
+getResolverRulePolicyResponse_httpStatus :: Lens.Lens' GetResolverRulePolicyResponse Prelude.Int
+getResolverRulePolicyResponse_httpStatus = Lens.lens (\GetResolverRulePolicyResponse' {httpStatus} -> httpStatus) (\s@GetResolverRulePolicyResponse' {} a -> s {httpStatus = a} :: GetResolverRulePolicyResponse)
+
+instance Prelude.NFData GetResolverRulePolicyResponse where
+  rnf GetResolverRulePolicyResponse' {..} =
+    Prelude.rnf resolverRulePolicy
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ImportFirewallDomains.hs b/gen/Amazonka/Route53Resolver/ImportFirewallDomains.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ImportFirewallDomains.hs
@@ -0,0 +1,280 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ImportFirewallDomains
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Imports domain names from a file into a domain list, for use in a DNS
+-- firewall rule group.
+--
+-- Each domain specification in your domain list must satisfy the following
+-- requirements:
+--
+-- -   It can optionally start with @*@ (asterisk).
+--
+-- -   With the exception of the optional starting asterisk, it must only
+--     contain the following characters: @A-Z@, @a-z@, @0-9@, @-@ (hyphen).
+--
+-- -   It must be from 1-255 characters in length.
+module Amazonka.Route53Resolver.ImportFirewallDomains
+  ( -- * Creating a Request
+    ImportFirewallDomains (..),
+    newImportFirewallDomains,
+
+    -- * Request Lenses
+    importFirewallDomains_firewallDomainListId,
+    importFirewallDomains_operation,
+    importFirewallDomains_domainFileUrl,
+
+    -- * Destructuring the Response
+    ImportFirewallDomainsResponse (..),
+    newImportFirewallDomainsResponse,
+
+    -- * Response Lenses
+    importFirewallDomainsResponse_id,
+    importFirewallDomainsResponse_name,
+    importFirewallDomainsResponse_status,
+    importFirewallDomainsResponse_statusMessage,
+    importFirewallDomainsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newImportFirewallDomains' smart constructor.
+data ImportFirewallDomains = ImportFirewallDomains'
+  { -- | The ID of the domain list that you want to modify with the import
+    -- operation.
+    firewallDomainListId :: Prelude.Text,
+    -- | What you want DNS Firewall to do with the domains that are listed in the
+    -- file. This must be set to @REPLACE@, which updates the domain list to
+    -- exactly match the list in the file.
+    operation :: FirewallDomainImportOperation,
+    -- | The fully qualified URL or URI of the file stored in Amazon Simple
+    -- Storage Service (Amazon S3) that contains the list of domains to import.
+    --
+    -- The file must be in an S3 bucket that\'s in the same Region as your DNS
+    -- Firewall. The file must be a text file and must contain a single domain
+    -- per line.
+    domainFileUrl :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ImportFirewallDomains' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainListId', 'importFirewallDomains_firewallDomainListId' - The ID of the domain list that you want to modify with the import
+-- operation.
+--
+-- 'operation', 'importFirewallDomains_operation' - What you want DNS Firewall to do with the domains that are listed in the
+-- file. This must be set to @REPLACE@, which updates the domain list to
+-- exactly match the list in the file.
+--
+-- 'domainFileUrl', 'importFirewallDomains_domainFileUrl' - The fully qualified URL or URI of the file stored in Amazon Simple
+-- Storage Service (Amazon S3) that contains the list of domains to import.
+--
+-- The file must be in an S3 bucket that\'s in the same Region as your DNS
+-- Firewall. The file must be a text file and must contain a single domain
+-- per line.
+newImportFirewallDomains ::
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  -- | 'operation'
+  FirewallDomainImportOperation ->
+  -- | 'domainFileUrl'
+  Prelude.Text ->
+  ImportFirewallDomains
+newImportFirewallDomains
+  pFirewallDomainListId_
+  pOperation_
+  pDomainFileUrl_ =
+    ImportFirewallDomains'
+      { firewallDomainListId =
+          pFirewallDomainListId_,
+        operation = pOperation_,
+        domainFileUrl = pDomainFileUrl_
+      }
+
+-- | The ID of the domain list that you want to modify with the import
+-- operation.
+importFirewallDomains_firewallDomainListId :: Lens.Lens' ImportFirewallDomains Prelude.Text
+importFirewallDomains_firewallDomainListId = Lens.lens (\ImportFirewallDomains' {firewallDomainListId} -> firewallDomainListId) (\s@ImportFirewallDomains' {} a -> s {firewallDomainListId = a} :: ImportFirewallDomains)
+
+-- | What you want DNS Firewall to do with the domains that are listed in the
+-- file. This must be set to @REPLACE@, which updates the domain list to
+-- exactly match the list in the file.
+importFirewallDomains_operation :: Lens.Lens' ImportFirewallDomains FirewallDomainImportOperation
+importFirewallDomains_operation = Lens.lens (\ImportFirewallDomains' {operation} -> operation) (\s@ImportFirewallDomains' {} a -> s {operation = a} :: ImportFirewallDomains)
+
+-- | The fully qualified URL or URI of the file stored in Amazon Simple
+-- Storage Service (Amazon S3) that contains the list of domains to import.
+--
+-- The file must be in an S3 bucket that\'s in the same Region as your DNS
+-- Firewall. The file must be a text file and must contain a single domain
+-- per line.
+importFirewallDomains_domainFileUrl :: Lens.Lens' ImportFirewallDomains Prelude.Text
+importFirewallDomains_domainFileUrl = Lens.lens (\ImportFirewallDomains' {domainFileUrl} -> domainFileUrl) (\s@ImportFirewallDomains' {} a -> s {domainFileUrl = a} :: ImportFirewallDomains)
+
+instance Core.AWSRequest ImportFirewallDomains where
+  type
+    AWSResponse ImportFirewallDomains =
+      ImportFirewallDomainsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ImportFirewallDomainsResponse'
+            Prelude.<$> (x Data..?> "Id")
+            Prelude.<*> (x Data..?> "Name")
+            Prelude.<*> (x Data..?> "Status")
+            Prelude.<*> (x Data..?> "StatusMessage")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ImportFirewallDomains where
+  hashWithSalt _salt ImportFirewallDomains' {..} =
+    _salt
+      `Prelude.hashWithSalt` firewallDomainListId
+      `Prelude.hashWithSalt` operation
+      `Prelude.hashWithSalt` domainFileUrl
+
+instance Prelude.NFData ImportFirewallDomains where
+  rnf ImportFirewallDomains' {..} =
+    Prelude.rnf firewallDomainListId
+      `Prelude.seq` Prelude.rnf operation
+      `Prelude.seq` Prelude.rnf domainFileUrl
+
+instance Data.ToHeaders ImportFirewallDomains where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ImportFirewallDomains" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ImportFirewallDomains where
+  toJSON ImportFirewallDomains' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              ),
+            Prelude.Just ("Operation" Data..= operation),
+            Prelude.Just
+              ("DomainFileUrl" Data..= domainFileUrl)
+          ]
+      )
+
+instance Data.ToPath ImportFirewallDomains where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ImportFirewallDomains where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newImportFirewallDomainsResponse' smart constructor.
+data ImportFirewallDomainsResponse = ImportFirewallDomainsResponse'
+  { -- | The Id of the firewall domain list that DNS Firewall just updated.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the domain list.
+    name :: Prelude.Maybe Prelude.Text,
+    status :: Prelude.Maybe FirewallDomainListStatus,
+    -- | Additional information about the status of the list, if available.
+    statusMessage :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ImportFirewallDomainsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'importFirewallDomainsResponse_id' - The Id of the firewall domain list that DNS Firewall just updated.
+--
+-- 'name', 'importFirewallDomainsResponse_name' - The name of the domain list.
+--
+-- 'status', 'importFirewallDomainsResponse_status' -
+--
+-- 'statusMessage', 'importFirewallDomainsResponse_statusMessage' - Additional information about the status of the list, if available.
+--
+-- 'httpStatus', 'importFirewallDomainsResponse_httpStatus' - The response's http status code.
+newImportFirewallDomainsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ImportFirewallDomainsResponse
+newImportFirewallDomainsResponse pHttpStatus_ =
+  ImportFirewallDomainsResponse'
+    { id =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The Id of the firewall domain list that DNS Firewall just updated.
+importFirewallDomainsResponse_id :: Lens.Lens' ImportFirewallDomainsResponse (Prelude.Maybe Prelude.Text)
+importFirewallDomainsResponse_id = Lens.lens (\ImportFirewallDomainsResponse' {id} -> id) (\s@ImportFirewallDomainsResponse' {} a -> s {id = a} :: ImportFirewallDomainsResponse)
+
+-- | The name of the domain list.
+importFirewallDomainsResponse_name :: Lens.Lens' ImportFirewallDomainsResponse (Prelude.Maybe Prelude.Text)
+importFirewallDomainsResponse_name = Lens.lens (\ImportFirewallDomainsResponse' {name} -> name) (\s@ImportFirewallDomainsResponse' {} a -> s {name = a} :: ImportFirewallDomainsResponse)
+
+importFirewallDomainsResponse_status :: Lens.Lens' ImportFirewallDomainsResponse (Prelude.Maybe FirewallDomainListStatus)
+importFirewallDomainsResponse_status = Lens.lens (\ImportFirewallDomainsResponse' {status} -> status) (\s@ImportFirewallDomainsResponse' {} a -> s {status = a} :: ImportFirewallDomainsResponse)
+
+-- | Additional information about the status of the list, if available.
+importFirewallDomainsResponse_statusMessage :: Lens.Lens' ImportFirewallDomainsResponse (Prelude.Maybe Prelude.Text)
+importFirewallDomainsResponse_statusMessage = Lens.lens (\ImportFirewallDomainsResponse' {statusMessage} -> statusMessage) (\s@ImportFirewallDomainsResponse' {} a -> s {statusMessage = a} :: ImportFirewallDomainsResponse)
+
+-- | The response's http status code.
+importFirewallDomainsResponse_httpStatus :: Lens.Lens' ImportFirewallDomainsResponse Prelude.Int
+importFirewallDomainsResponse_httpStatus = Lens.lens (\ImportFirewallDomainsResponse' {httpStatus} -> httpStatus) (\s@ImportFirewallDomainsResponse' {} a -> s {httpStatus = a} :: ImportFirewallDomainsResponse)
+
+instance Prelude.NFData ImportFirewallDomainsResponse where
+  rnf ImportFirewallDomainsResponse' {..} =
+    Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/Lens.hs b/gen/Amazonka/Route53Resolver/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Lens.hs
@@ -0,0 +1,728 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Lens
+  ( -- * Operations
+
+    -- ** AssociateFirewallRuleGroup
+    associateFirewallRuleGroup_mutationProtection,
+    associateFirewallRuleGroup_tags,
+    associateFirewallRuleGroup_creatorRequestId,
+    associateFirewallRuleGroup_firewallRuleGroupId,
+    associateFirewallRuleGroup_vpcId,
+    associateFirewallRuleGroup_priority,
+    associateFirewallRuleGroup_name,
+    associateFirewallRuleGroupResponse_firewallRuleGroupAssociation,
+    associateFirewallRuleGroupResponse_httpStatus,
+
+    -- ** AssociateResolverEndpointIpAddress
+    associateResolverEndpointIpAddress_resolverEndpointId,
+    associateResolverEndpointIpAddress_ipAddress,
+    associateResolverEndpointIpAddressResponse_resolverEndpoint,
+    associateResolverEndpointIpAddressResponse_httpStatus,
+
+    -- ** AssociateResolverQueryLogConfig
+    associateResolverQueryLogConfig_resolverQueryLogConfigId,
+    associateResolverQueryLogConfig_resourceId,
+    associateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation,
+    associateResolverQueryLogConfigResponse_httpStatus,
+
+    -- ** AssociateResolverRule
+    associateResolverRule_name,
+    associateResolverRule_resolverRuleId,
+    associateResolverRule_vPCId,
+    associateResolverRuleResponse_resolverRuleAssociation,
+    associateResolverRuleResponse_httpStatus,
+
+    -- ** CreateFirewallDomainList
+    createFirewallDomainList_tags,
+    createFirewallDomainList_creatorRequestId,
+    createFirewallDomainList_name,
+    createFirewallDomainListResponse_firewallDomainList,
+    createFirewallDomainListResponse_httpStatus,
+
+    -- ** CreateFirewallRule
+    createFirewallRule_blockOverrideDnsType,
+    createFirewallRule_blockOverrideDomain,
+    createFirewallRule_blockOverrideTtl,
+    createFirewallRule_blockResponse,
+    createFirewallRule_creatorRequestId,
+    createFirewallRule_firewallRuleGroupId,
+    createFirewallRule_firewallDomainListId,
+    createFirewallRule_priority,
+    createFirewallRule_action,
+    createFirewallRule_name,
+    createFirewallRuleResponse_firewallRule,
+    createFirewallRuleResponse_httpStatus,
+
+    -- ** CreateFirewallRuleGroup
+    createFirewallRuleGroup_tags,
+    createFirewallRuleGroup_creatorRequestId,
+    createFirewallRuleGroup_name,
+    createFirewallRuleGroupResponse_firewallRuleGroup,
+    createFirewallRuleGroupResponse_httpStatus,
+
+    -- ** CreateResolverEndpoint
+    createResolverEndpoint_name,
+    createResolverEndpoint_tags,
+    createResolverEndpoint_creatorRequestId,
+    createResolverEndpoint_securityGroupIds,
+    createResolverEndpoint_direction,
+    createResolverEndpoint_ipAddresses,
+    createResolverEndpointResponse_resolverEndpoint,
+    createResolverEndpointResponse_httpStatus,
+
+    -- ** CreateResolverQueryLogConfig
+    createResolverQueryLogConfig_tags,
+    createResolverQueryLogConfig_name,
+    createResolverQueryLogConfig_destinationArn,
+    createResolverQueryLogConfig_creatorRequestId,
+    createResolverQueryLogConfigResponse_resolverQueryLogConfig,
+    createResolverQueryLogConfigResponse_httpStatus,
+
+    -- ** CreateResolverRule
+    createResolverRule_name,
+    createResolverRule_resolverEndpointId,
+    createResolverRule_tags,
+    createResolverRule_targetIps,
+    createResolverRule_creatorRequestId,
+    createResolverRule_ruleType,
+    createResolverRule_domainName,
+    createResolverRuleResponse_resolverRule,
+    createResolverRuleResponse_httpStatus,
+
+    -- ** DeleteFirewallDomainList
+    deleteFirewallDomainList_firewallDomainListId,
+    deleteFirewallDomainListResponse_firewallDomainList,
+    deleteFirewallDomainListResponse_httpStatus,
+
+    -- ** DeleteFirewallRule
+    deleteFirewallRule_firewallRuleGroupId,
+    deleteFirewallRule_firewallDomainListId,
+    deleteFirewallRuleResponse_firewallRule,
+    deleteFirewallRuleResponse_httpStatus,
+
+    -- ** DeleteFirewallRuleGroup
+    deleteFirewallRuleGroup_firewallRuleGroupId,
+    deleteFirewallRuleGroupResponse_firewallRuleGroup,
+    deleteFirewallRuleGroupResponse_httpStatus,
+
+    -- ** DeleteResolverEndpoint
+    deleteResolverEndpoint_resolverEndpointId,
+    deleteResolverEndpointResponse_resolverEndpoint,
+    deleteResolverEndpointResponse_httpStatus,
+
+    -- ** DeleteResolverQueryLogConfig
+    deleteResolverQueryLogConfig_resolverQueryLogConfigId,
+    deleteResolverQueryLogConfigResponse_resolverQueryLogConfig,
+    deleteResolverQueryLogConfigResponse_httpStatus,
+
+    -- ** DeleteResolverRule
+    deleteResolverRule_resolverRuleId,
+    deleteResolverRuleResponse_resolverRule,
+    deleteResolverRuleResponse_httpStatus,
+
+    -- ** DisassociateFirewallRuleGroup
+    disassociateFirewallRuleGroup_firewallRuleGroupAssociationId,
+    disassociateFirewallRuleGroupResponse_firewallRuleGroupAssociation,
+    disassociateFirewallRuleGroupResponse_httpStatus,
+
+    -- ** DisassociateResolverEndpointIpAddress
+    disassociateResolverEndpointIpAddress_resolverEndpointId,
+    disassociateResolverEndpointIpAddress_ipAddress,
+    disassociateResolverEndpointIpAddressResponse_resolverEndpoint,
+    disassociateResolverEndpointIpAddressResponse_httpStatus,
+
+    -- ** DisassociateResolverQueryLogConfig
+    disassociateResolverQueryLogConfig_resolverQueryLogConfigId,
+    disassociateResolverQueryLogConfig_resourceId,
+    disassociateResolverQueryLogConfigResponse_resolverQueryLogConfigAssociation,
+    disassociateResolverQueryLogConfigResponse_httpStatus,
+
+    -- ** DisassociateResolverRule
+    disassociateResolverRule_vPCId,
+    disassociateResolverRule_resolverRuleId,
+    disassociateResolverRuleResponse_resolverRuleAssociation,
+    disassociateResolverRuleResponse_httpStatus,
+
+    -- ** GetFirewallConfig
+    getFirewallConfig_resourceId,
+    getFirewallConfigResponse_firewallConfig,
+    getFirewallConfigResponse_httpStatus,
+
+    -- ** GetFirewallDomainList
+    getFirewallDomainList_firewallDomainListId,
+    getFirewallDomainListResponse_firewallDomainList,
+    getFirewallDomainListResponse_httpStatus,
+
+    -- ** GetFirewallRuleGroup
+    getFirewallRuleGroup_firewallRuleGroupId,
+    getFirewallRuleGroupResponse_firewallRuleGroup,
+    getFirewallRuleGroupResponse_httpStatus,
+
+    -- ** GetFirewallRuleGroupAssociation
+    getFirewallRuleGroupAssociation_firewallRuleGroupAssociationId,
+    getFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation,
+    getFirewallRuleGroupAssociationResponse_httpStatus,
+
+    -- ** GetFirewallRuleGroupPolicy
+    getFirewallRuleGroupPolicy_arn,
+    getFirewallRuleGroupPolicyResponse_firewallRuleGroupPolicy,
+    getFirewallRuleGroupPolicyResponse_httpStatus,
+
+    -- ** GetResolverConfig
+    getResolverConfig_resourceId,
+    getResolverConfigResponse_resolverConfig,
+    getResolverConfigResponse_httpStatus,
+
+    -- ** GetResolverDnssecConfig
+    getResolverDnssecConfig_resourceId,
+    getResolverDnssecConfigResponse_resolverDNSSECConfig,
+    getResolverDnssecConfigResponse_httpStatus,
+
+    -- ** GetResolverEndpoint
+    getResolverEndpoint_resolverEndpointId,
+    getResolverEndpointResponse_resolverEndpoint,
+    getResolverEndpointResponse_httpStatus,
+
+    -- ** GetResolverQueryLogConfig
+    getResolverQueryLogConfig_resolverQueryLogConfigId,
+    getResolverQueryLogConfigResponse_resolverQueryLogConfig,
+    getResolverQueryLogConfigResponse_httpStatus,
+
+    -- ** GetResolverQueryLogConfigAssociation
+    getResolverQueryLogConfigAssociation_resolverQueryLogConfigAssociationId,
+    getResolverQueryLogConfigAssociationResponse_resolverQueryLogConfigAssociation,
+    getResolverQueryLogConfigAssociationResponse_httpStatus,
+
+    -- ** GetResolverQueryLogConfigPolicy
+    getResolverQueryLogConfigPolicy_arn,
+    getResolverQueryLogConfigPolicyResponse_resolverQueryLogConfigPolicy,
+    getResolverQueryLogConfigPolicyResponse_httpStatus,
+
+    -- ** GetResolverRule
+    getResolverRule_resolverRuleId,
+    getResolverRuleResponse_resolverRule,
+    getResolverRuleResponse_httpStatus,
+
+    -- ** GetResolverRuleAssociation
+    getResolverRuleAssociation_resolverRuleAssociationId,
+    getResolverRuleAssociationResponse_resolverRuleAssociation,
+    getResolverRuleAssociationResponse_httpStatus,
+
+    -- ** GetResolverRulePolicy
+    getResolverRulePolicy_arn,
+    getResolverRulePolicyResponse_resolverRulePolicy,
+    getResolverRulePolicyResponse_httpStatus,
+
+    -- ** ImportFirewallDomains
+    importFirewallDomains_firewallDomainListId,
+    importFirewallDomains_operation,
+    importFirewallDomains_domainFileUrl,
+    importFirewallDomainsResponse_id,
+    importFirewallDomainsResponse_name,
+    importFirewallDomainsResponse_status,
+    importFirewallDomainsResponse_statusMessage,
+    importFirewallDomainsResponse_httpStatus,
+
+    -- ** ListFirewallConfigs
+    listFirewallConfigs_maxResults,
+    listFirewallConfigs_nextToken,
+    listFirewallConfigsResponse_firewallConfigs,
+    listFirewallConfigsResponse_nextToken,
+    listFirewallConfigsResponse_httpStatus,
+
+    -- ** ListFirewallDomainLists
+    listFirewallDomainLists_maxResults,
+    listFirewallDomainLists_nextToken,
+    listFirewallDomainListsResponse_firewallDomainLists,
+    listFirewallDomainListsResponse_nextToken,
+    listFirewallDomainListsResponse_httpStatus,
+
+    -- ** ListFirewallDomains
+    listFirewallDomains_maxResults,
+    listFirewallDomains_nextToken,
+    listFirewallDomains_firewallDomainListId,
+    listFirewallDomainsResponse_domains,
+    listFirewallDomainsResponse_nextToken,
+    listFirewallDomainsResponse_httpStatus,
+
+    -- ** ListFirewallRuleGroupAssociations
+    listFirewallRuleGroupAssociations_firewallRuleGroupId,
+    listFirewallRuleGroupAssociations_maxResults,
+    listFirewallRuleGroupAssociations_nextToken,
+    listFirewallRuleGroupAssociations_priority,
+    listFirewallRuleGroupAssociations_status,
+    listFirewallRuleGroupAssociations_vpcId,
+    listFirewallRuleGroupAssociationsResponse_firewallRuleGroupAssociations,
+    listFirewallRuleGroupAssociationsResponse_nextToken,
+    listFirewallRuleGroupAssociationsResponse_httpStatus,
+
+    -- ** ListFirewallRuleGroups
+    listFirewallRuleGroups_maxResults,
+    listFirewallRuleGroups_nextToken,
+    listFirewallRuleGroupsResponse_firewallRuleGroups,
+    listFirewallRuleGroupsResponse_nextToken,
+    listFirewallRuleGroupsResponse_httpStatus,
+
+    -- ** ListFirewallRules
+    listFirewallRules_action,
+    listFirewallRules_maxResults,
+    listFirewallRules_nextToken,
+    listFirewallRules_priority,
+    listFirewallRules_firewallRuleGroupId,
+    listFirewallRulesResponse_firewallRules,
+    listFirewallRulesResponse_nextToken,
+    listFirewallRulesResponse_httpStatus,
+
+    -- ** ListResolverConfigs
+    listResolverConfigs_maxResults,
+    listResolverConfigs_nextToken,
+    listResolverConfigsResponse_nextToken,
+    listResolverConfigsResponse_resolverConfigs,
+    listResolverConfigsResponse_httpStatus,
+
+    -- ** ListResolverDnssecConfigs
+    listResolverDnssecConfigs_filters,
+    listResolverDnssecConfigs_maxResults,
+    listResolverDnssecConfigs_nextToken,
+    listResolverDnssecConfigsResponse_nextToken,
+    listResolverDnssecConfigsResponse_resolverDnssecConfigs,
+    listResolverDnssecConfigsResponse_httpStatus,
+
+    -- ** ListResolverEndpointIpAddresses
+    listResolverEndpointIpAddresses_maxResults,
+    listResolverEndpointIpAddresses_nextToken,
+    listResolverEndpointIpAddresses_resolverEndpointId,
+    listResolverEndpointIpAddressesResponse_ipAddresses,
+    listResolverEndpointIpAddressesResponse_maxResults,
+    listResolverEndpointIpAddressesResponse_nextToken,
+    listResolverEndpointIpAddressesResponse_httpStatus,
+
+    -- ** ListResolverEndpoints
+    listResolverEndpoints_filters,
+    listResolverEndpoints_maxResults,
+    listResolverEndpoints_nextToken,
+    listResolverEndpointsResponse_maxResults,
+    listResolverEndpointsResponse_nextToken,
+    listResolverEndpointsResponse_resolverEndpoints,
+    listResolverEndpointsResponse_httpStatus,
+
+    -- ** ListResolverQueryLogConfigAssociations
+    listResolverQueryLogConfigAssociations_filters,
+    listResolverQueryLogConfigAssociations_maxResults,
+    listResolverQueryLogConfigAssociations_nextToken,
+    listResolverQueryLogConfigAssociations_sortBy,
+    listResolverQueryLogConfigAssociations_sortOrder,
+    listResolverQueryLogConfigAssociationsResponse_nextToken,
+    listResolverQueryLogConfigAssociationsResponse_resolverQueryLogConfigAssociations,
+    listResolverQueryLogConfigAssociationsResponse_totalCount,
+    listResolverQueryLogConfigAssociationsResponse_totalFilteredCount,
+    listResolverQueryLogConfigAssociationsResponse_httpStatus,
+
+    -- ** ListResolverQueryLogConfigs
+    listResolverQueryLogConfigs_filters,
+    listResolverQueryLogConfigs_maxResults,
+    listResolverQueryLogConfigs_nextToken,
+    listResolverQueryLogConfigs_sortBy,
+    listResolverQueryLogConfigs_sortOrder,
+    listResolverQueryLogConfigsResponse_nextToken,
+    listResolverQueryLogConfigsResponse_resolverQueryLogConfigs,
+    listResolverQueryLogConfigsResponse_totalCount,
+    listResolverQueryLogConfigsResponse_totalFilteredCount,
+    listResolverQueryLogConfigsResponse_httpStatus,
+
+    -- ** ListResolverRuleAssociations
+    listResolverRuleAssociations_filters,
+    listResolverRuleAssociations_maxResults,
+    listResolverRuleAssociations_nextToken,
+    listResolverRuleAssociationsResponse_maxResults,
+    listResolverRuleAssociationsResponse_nextToken,
+    listResolverRuleAssociationsResponse_resolverRuleAssociations,
+    listResolverRuleAssociationsResponse_httpStatus,
+
+    -- ** ListResolverRules
+    listResolverRules_filters,
+    listResolverRules_maxResults,
+    listResolverRules_nextToken,
+    listResolverRulesResponse_maxResults,
+    listResolverRulesResponse_nextToken,
+    listResolverRulesResponse_resolverRules,
+    listResolverRulesResponse_httpStatus,
+
+    -- ** ListTagsForResource
+    listTagsForResource_maxResults,
+    listTagsForResource_nextToken,
+    listTagsForResource_resourceArn,
+    listTagsForResourceResponse_nextToken,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** PutFirewallRuleGroupPolicy
+    putFirewallRuleGroupPolicy_arn,
+    putFirewallRuleGroupPolicy_firewallRuleGroupPolicy,
+    putFirewallRuleGroupPolicyResponse_returnValue,
+    putFirewallRuleGroupPolicyResponse_httpStatus,
+
+    -- ** PutResolverQueryLogConfigPolicy
+    putResolverQueryLogConfigPolicy_arn,
+    putResolverQueryLogConfigPolicy_resolverQueryLogConfigPolicy,
+    putResolverQueryLogConfigPolicyResponse_returnValue,
+    putResolverQueryLogConfigPolicyResponse_httpStatus,
+
+    -- ** PutResolverRulePolicy
+    putResolverRulePolicy_arn,
+    putResolverRulePolicy_resolverRulePolicy,
+    putResolverRulePolicyResponse_returnValue,
+    putResolverRulePolicyResponse_httpStatus,
+
+    -- ** TagResource
+    tagResource_resourceArn,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateFirewallConfig
+    updateFirewallConfig_resourceId,
+    updateFirewallConfig_firewallFailOpen,
+    updateFirewallConfigResponse_firewallConfig,
+    updateFirewallConfigResponse_httpStatus,
+
+    -- ** UpdateFirewallDomains
+    updateFirewallDomains_firewallDomainListId,
+    updateFirewallDomains_operation,
+    updateFirewallDomains_domains,
+    updateFirewallDomainsResponse_id,
+    updateFirewallDomainsResponse_name,
+    updateFirewallDomainsResponse_status,
+    updateFirewallDomainsResponse_statusMessage,
+    updateFirewallDomainsResponse_httpStatus,
+
+    -- ** UpdateFirewallRule
+    updateFirewallRule_action,
+    updateFirewallRule_blockOverrideDnsType,
+    updateFirewallRule_blockOverrideDomain,
+    updateFirewallRule_blockOverrideTtl,
+    updateFirewallRule_blockResponse,
+    updateFirewallRule_name,
+    updateFirewallRule_priority,
+    updateFirewallRule_firewallRuleGroupId,
+    updateFirewallRule_firewallDomainListId,
+    updateFirewallRuleResponse_firewallRule,
+    updateFirewallRuleResponse_httpStatus,
+
+    -- ** UpdateFirewallRuleGroupAssociation
+    updateFirewallRuleGroupAssociation_mutationProtection,
+    updateFirewallRuleGroupAssociation_name,
+    updateFirewallRuleGroupAssociation_priority,
+    updateFirewallRuleGroupAssociation_firewallRuleGroupAssociationId,
+    updateFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation,
+    updateFirewallRuleGroupAssociationResponse_httpStatus,
+
+    -- ** UpdateResolverConfig
+    updateResolverConfig_resourceId,
+    updateResolverConfig_autodefinedReverseFlag,
+    updateResolverConfigResponse_resolverConfig,
+    updateResolverConfigResponse_httpStatus,
+
+    -- ** UpdateResolverDnssecConfig
+    updateResolverDnssecConfig_resourceId,
+    updateResolverDnssecConfig_validation,
+    updateResolverDnssecConfigResponse_resolverDNSSECConfig,
+    updateResolverDnssecConfigResponse_httpStatus,
+
+    -- ** UpdateResolverEndpoint
+    updateResolverEndpoint_name,
+    updateResolverEndpoint_resolverEndpointId,
+    updateResolverEndpointResponse_resolverEndpoint,
+    updateResolverEndpointResponse_httpStatus,
+
+    -- ** UpdateResolverRule
+    updateResolverRule_resolverRuleId,
+    updateResolverRule_config,
+    updateResolverRuleResponse_resolverRule,
+    updateResolverRuleResponse_httpStatus,
+
+    -- * Types
+
+    -- ** Filter
+    filter_name,
+    filter_values,
+
+    -- ** FirewallConfig
+    firewallConfig_firewallFailOpen,
+    firewallConfig_id,
+    firewallConfig_ownerId,
+    firewallConfig_resourceId,
+
+    -- ** FirewallDomainList
+    firewallDomainList_arn,
+    firewallDomainList_creationTime,
+    firewallDomainList_creatorRequestId,
+    firewallDomainList_domainCount,
+    firewallDomainList_id,
+    firewallDomainList_managedOwnerName,
+    firewallDomainList_modificationTime,
+    firewallDomainList_name,
+    firewallDomainList_status,
+    firewallDomainList_statusMessage,
+
+    -- ** FirewallDomainListMetadata
+    firewallDomainListMetadata_arn,
+    firewallDomainListMetadata_creatorRequestId,
+    firewallDomainListMetadata_id,
+    firewallDomainListMetadata_managedOwnerName,
+    firewallDomainListMetadata_name,
+
+    -- ** FirewallRule
+    firewallRule_action,
+    firewallRule_blockOverrideDnsType,
+    firewallRule_blockOverrideDomain,
+    firewallRule_blockOverrideTtl,
+    firewallRule_blockResponse,
+    firewallRule_creationTime,
+    firewallRule_creatorRequestId,
+    firewallRule_firewallDomainListId,
+    firewallRule_firewallRuleGroupId,
+    firewallRule_modificationTime,
+    firewallRule_name,
+    firewallRule_priority,
+
+    -- ** FirewallRuleGroup
+    firewallRuleGroup_arn,
+    firewallRuleGroup_creationTime,
+    firewallRuleGroup_creatorRequestId,
+    firewallRuleGroup_id,
+    firewallRuleGroup_modificationTime,
+    firewallRuleGroup_name,
+    firewallRuleGroup_ownerId,
+    firewallRuleGroup_ruleCount,
+    firewallRuleGroup_shareStatus,
+    firewallRuleGroup_status,
+    firewallRuleGroup_statusMessage,
+
+    -- ** FirewallRuleGroupAssociation
+    firewallRuleGroupAssociation_arn,
+    firewallRuleGroupAssociation_creationTime,
+    firewallRuleGroupAssociation_creatorRequestId,
+    firewallRuleGroupAssociation_firewallRuleGroupId,
+    firewallRuleGroupAssociation_id,
+    firewallRuleGroupAssociation_managedOwnerName,
+    firewallRuleGroupAssociation_modificationTime,
+    firewallRuleGroupAssociation_mutationProtection,
+    firewallRuleGroupAssociation_name,
+    firewallRuleGroupAssociation_priority,
+    firewallRuleGroupAssociation_status,
+    firewallRuleGroupAssociation_statusMessage,
+    firewallRuleGroupAssociation_vpcId,
+
+    -- ** FirewallRuleGroupMetadata
+    firewallRuleGroupMetadata_arn,
+    firewallRuleGroupMetadata_creatorRequestId,
+    firewallRuleGroupMetadata_id,
+    firewallRuleGroupMetadata_name,
+    firewallRuleGroupMetadata_ownerId,
+    firewallRuleGroupMetadata_shareStatus,
+
+    -- ** IpAddressRequest
+    ipAddressRequest_ip,
+    ipAddressRequest_subnetId,
+
+    -- ** IpAddressResponse
+    ipAddressResponse_creationTime,
+    ipAddressResponse_ip,
+    ipAddressResponse_ipId,
+    ipAddressResponse_modificationTime,
+    ipAddressResponse_status,
+    ipAddressResponse_statusMessage,
+    ipAddressResponse_subnetId,
+
+    -- ** IpAddressUpdate
+    ipAddressUpdate_ip,
+    ipAddressUpdate_ipId,
+    ipAddressUpdate_subnetId,
+
+    -- ** ResolverConfig
+    resolverConfig_autodefinedReverse,
+    resolverConfig_id,
+    resolverConfig_ownerId,
+    resolverConfig_resourceId,
+
+    -- ** ResolverDnssecConfig
+    resolverDnssecConfig_id,
+    resolverDnssecConfig_ownerId,
+    resolverDnssecConfig_resourceId,
+    resolverDnssecConfig_validationStatus,
+
+    -- ** ResolverEndpoint
+    resolverEndpoint_arn,
+    resolverEndpoint_creationTime,
+    resolverEndpoint_creatorRequestId,
+    resolverEndpoint_direction,
+    resolverEndpoint_hostVPCId,
+    resolverEndpoint_id,
+    resolverEndpoint_ipAddressCount,
+    resolverEndpoint_modificationTime,
+    resolverEndpoint_name,
+    resolverEndpoint_securityGroupIds,
+    resolverEndpoint_status,
+    resolverEndpoint_statusMessage,
+
+    -- ** ResolverQueryLogConfig
+    resolverQueryLogConfig_arn,
+    resolverQueryLogConfig_associationCount,
+    resolverQueryLogConfig_creationTime,
+    resolverQueryLogConfig_creatorRequestId,
+    resolverQueryLogConfig_destinationArn,
+    resolverQueryLogConfig_id,
+    resolverQueryLogConfig_name,
+    resolverQueryLogConfig_ownerId,
+    resolverQueryLogConfig_shareStatus,
+    resolverQueryLogConfig_status,
+
+    -- ** ResolverQueryLogConfigAssociation
+    resolverQueryLogConfigAssociation_creationTime,
+    resolverQueryLogConfigAssociation_error,
+    resolverQueryLogConfigAssociation_errorMessage,
+    resolverQueryLogConfigAssociation_id,
+    resolverQueryLogConfigAssociation_resolverQueryLogConfigId,
+    resolverQueryLogConfigAssociation_resourceId,
+    resolverQueryLogConfigAssociation_status,
+
+    -- ** ResolverRule
+    resolverRule_arn,
+    resolverRule_creationTime,
+    resolverRule_creatorRequestId,
+    resolverRule_domainName,
+    resolverRule_id,
+    resolverRule_modificationTime,
+    resolverRule_name,
+    resolverRule_ownerId,
+    resolverRule_resolverEndpointId,
+    resolverRule_ruleType,
+    resolverRule_shareStatus,
+    resolverRule_status,
+    resolverRule_statusMessage,
+    resolverRule_targetIps,
+
+    -- ** ResolverRuleAssociation
+    resolverRuleAssociation_id,
+    resolverRuleAssociation_name,
+    resolverRuleAssociation_resolverRuleId,
+    resolverRuleAssociation_status,
+    resolverRuleAssociation_statusMessage,
+    resolverRuleAssociation_vPCId,
+
+    -- ** ResolverRuleConfig
+    resolverRuleConfig_name,
+    resolverRuleConfig_resolverEndpointId,
+    resolverRuleConfig_targetIps,
+
+    -- ** Tag
+    tag_key,
+    tag_value,
+
+    -- ** TargetAddress
+    targetAddress_port,
+    targetAddress_ip,
+  )
+where
+
+import Amazonka.Route53Resolver.AssociateFirewallRuleGroup
+import Amazonka.Route53Resolver.AssociateResolverEndpointIpAddress
+import Amazonka.Route53Resolver.AssociateResolverQueryLogConfig
+import Amazonka.Route53Resolver.AssociateResolverRule
+import Amazonka.Route53Resolver.CreateFirewallDomainList
+import Amazonka.Route53Resolver.CreateFirewallRule
+import Amazonka.Route53Resolver.CreateFirewallRuleGroup
+import Amazonka.Route53Resolver.CreateResolverEndpoint
+import Amazonka.Route53Resolver.CreateResolverQueryLogConfig
+import Amazonka.Route53Resolver.CreateResolverRule
+import Amazonka.Route53Resolver.DeleteFirewallDomainList
+import Amazonka.Route53Resolver.DeleteFirewallRule
+import Amazonka.Route53Resolver.DeleteFirewallRuleGroup
+import Amazonka.Route53Resolver.DeleteResolverEndpoint
+import Amazonka.Route53Resolver.DeleteResolverQueryLogConfig
+import Amazonka.Route53Resolver.DeleteResolverRule
+import Amazonka.Route53Resolver.DisassociateFirewallRuleGroup
+import Amazonka.Route53Resolver.DisassociateResolverEndpointIpAddress
+import Amazonka.Route53Resolver.DisassociateResolverQueryLogConfig
+import Amazonka.Route53Resolver.DisassociateResolverRule
+import Amazonka.Route53Resolver.GetFirewallConfig
+import Amazonka.Route53Resolver.GetFirewallDomainList
+import Amazonka.Route53Resolver.GetFirewallRuleGroup
+import Amazonka.Route53Resolver.GetFirewallRuleGroupAssociation
+import Amazonka.Route53Resolver.GetFirewallRuleGroupPolicy
+import Amazonka.Route53Resolver.GetResolverConfig
+import Amazonka.Route53Resolver.GetResolverDnssecConfig
+import Amazonka.Route53Resolver.GetResolverEndpoint
+import Amazonka.Route53Resolver.GetResolverQueryLogConfig
+import Amazonka.Route53Resolver.GetResolverQueryLogConfigAssociation
+import Amazonka.Route53Resolver.GetResolverQueryLogConfigPolicy
+import Amazonka.Route53Resolver.GetResolverRule
+import Amazonka.Route53Resolver.GetResolverRuleAssociation
+import Amazonka.Route53Resolver.GetResolverRulePolicy
+import Amazonka.Route53Resolver.ImportFirewallDomains
+import Amazonka.Route53Resolver.ListFirewallConfigs
+import Amazonka.Route53Resolver.ListFirewallDomainLists
+import Amazonka.Route53Resolver.ListFirewallDomains
+import Amazonka.Route53Resolver.ListFirewallRuleGroupAssociations
+import Amazonka.Route53Resolver.ListFirewallRuleGroups
+import Amazonka.Route53Resolver.ListFirewallRules
+import Amazonka.Route53Resolver.ListResolverConfigs
+import Amazonka.Route53Resolver.ListResolverDnssecConfigs
+import Amazonka.Route53Resolver.ListResolverEndpointIpAddresses
+import Amazonka.Route53Resolver.ListResolverEndpoints
+import Amazonka.Route53Resolver.ListResolverQueryLogConfigAssociations
+import Amazonka.Route53Resolver.ListResolverQueryLogConfigs
+import Amazonka.Route53Resolver.ListResolverRuleAssociations
+import Amazonka.Route53Resolver.ListResolverRules
+import Amazonka.Route53Resolver.ListTagsForResource
+import Amazonka.Route53Resolver.PutFirewallRuleGroupPolicy
+import Amazonka.Route53Resolver.PutResolverQueryLogConfigPolicy
+import Amazonka.Route53Resolver.PutResolverRulePolicy
+import Amazonka.Route53Resolver.TagResource
+import Amazonka.Route53Resolver.Types.Filter
+import Amazonka.Route53Resolver.Types.FirewallConfig
+import Amazonka.Route53Resolver.Types.FirewallDomainList
+import Amazonka.Route53Resolver.Types.FirewallDomainListMetadata
+import Amazonka.Route53Resolver.Types.FirewallRule
+import Amazonka.Route53Resolver.Types.FirewallRuleGroup
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociation
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupMetadata
+import Amazonka.Route53Resolver.Types.IpAddressRequest
+import Amazonka.Route53Resolver.Types.IpAddressResponse
+import Amazonka.Route53Resolver.Types.IpAddressUpdate
+import Amazonka.Route53Resolver.Types.ResolverConfig
+import Amazonka.Route53Resolver.Types.ResolverDnssecConfig
+import Amazonka.Route53Resolver.Types.ResolverEndpoint
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfig
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociation
+import Amazonka.Route53Resolver.Types.ResolverRule
+import Amazonka.Route53Resolver.Types.ResolverRuleAssociation
+import Amazonka.Route53Resolver.Types.ResolverRuleConfig
+import Amazonka.Route53Resolver.Types.Tag
+import Amazonka.Route53Resolver.Types.TargetAddress
+import Amazonka.Route53Resolver.UntagResource
+import Amazonka.Route53Resolver.UpdateFirewallConfig
+import Amazonka.Route53Resolver.UpdateFirewallDomains
+import Amazonka.Route53Resolver.UpdateFirewallRule
+import Amazonka.Route53Resolver.UpdateFirewallRuleGroupAssociation
+import Amazonka.Route53Resolver.UpdateResolverConfig
+import Amazonka.Route53Resolver.UpdateResolverDnssecConfig
+import Amazonka.Route53Resolver.UpdateResolverEndpoint
+import Amazonka.Route53Resolver.UpdateResolverRule
diff --git a/gen/Amazonka/Route53Resolver/ListFirewallConfigs.hs b/gen/Amazonka/Route53Resolver/ListFirewallConfigs.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListFirewallConfigs.hs
@@ -0,0 +1,273 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListFirewallConfigs
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the firewall configurations that you have defined. DNS
+-- Firewall uses the configurations to manage firewall behavior for your
+-- VPCs.
+--
+-- A single call might return only a partial list of the configurations.
+-- For information, see @MaxResults@.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListFirewallConfigs
+  ( -- * Creating a Request
+    ListFirewallConfigs (..),
+    newListFirewallConfigs,
+
+    -- * Request Lenses
+    listFirewallConfigs_maxResults,
+    listFirewallConfigs_nextToken,
+
+    -- * Destructuring the Response
+    ListFirewallConfigsResponse (..),
+    newListFirewallConfigsResponse,
+
+    -- * Response Lenses
+    listFirewallConfigsResponse_firewallConfigs,
+    listFirewallConfigsResponse_nextToken,
+    listFirewallConfigsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListFirewallConfigs' smart constructor.
+data ListFirewallConfigs = ListFirewallConfigs'
+  { -- | The maximum number of objects that you want Resolver to return for this
+    -- request. If more objects are available, in the response, Resolver
+    -- provides a @NextToken@ value that you can use in a subsequent call to
+    -- get the next batch of objects.
+    --
+    -- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+    -- 100 objects.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first call to this list request, omit this value.
+    --
+    -- When you request a list of objects, Resolver returns at most the number
+    -- of objects specified in @MaxResults@. If more objects are available for
+    -- retrieval, Resolver returns a @NextToken@ value in the response. To
+    -- retrieve the next batch of objects, use the token that was returned for
+    -- the prior request in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallConfigs' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listFirewallConfigs_maxResults' - The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+--
+-- 'nextToken', 'listFirewallConfigs_nextToken' - For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+newListFirewallConfigs ::
+  ListFirewallConfigs
+newListFirewallConfigs =
+  ListFirewallConfigs'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+listFirewallConfigs_maxResults :: Lens.Lens' ListFirewallConfigs (Prelude.Maybe Prelude.Natural)
+listFirewallConfigs_maxResults = Lens.lens (\ListFirewallConfigs' {maxResults} -> maxResults) (\s@ListFirewallConfigs' {} a -> s {maxResults = a} :: ListFirewallConfigs)
+
+-- | For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+listFirewallConfigs_nextToken :: Lens.Lens' ListFirewallConfigs (Prelude.Maybe Prelude.Text)
+listFirewallConfigs_nextToken = Lens.lens (\ListFirewallConfigs' {nextToken} -> nextToken) (\s@ListFirewallConfigs' {} a -> s {nextToken = a} :: ListFirewallConfigs)
+
+instance Core.AWSPager ListFirewallConfigs where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallConfigsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallConfigsResponse_firewallConfigs
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFirewallConfigs_nextToken
+          Lens..~ rs
+          Lens.^? listFirewallConfigsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFirewallConfigs where
+  type
+    AWSResponse ListFirewallConfigs =
+      ListFirewallConfigsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFirewallConfigsResponse'
+            Prelude.<$> ( x
+                            Data..?> "FirewallConfigs"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListFirewallConfigs where
+  hashWithSalt _salt ListFirewallConfigs' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListFirewallConfigs where
+  rnf ListFirewallConfigs' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListFirewallConfigs where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListFirewallConfigs" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListFirewallConfigs where
+  toJSON ListFirewallConfigs' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListFirewallConfigs where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListFirewallConfigs where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListFirewallConfigsResponse' smart constructor.
+data ListFirewallConfigsResponse = ListFirewallConfigsResponse'
+  { -- | The configurations for the firewall behavior provided by DNS Firewall
+    -- for VPCs from Amazon Virtual Private Cloud (Amazon VPC).
+    firewallConfigs :: Prelude.Maybe [FirewallConfig],
+    -- | If objects are still available for retrieval, Resolver returns this
+    -- token in the response. To retrieve the next batch of objects, provide
+    -- this token in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallConfigsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallConfigs', 'listFirewallConfigsResponse_firewallConfigs' - The configurations for the firewall behavior provided by DNS Firewall
+-- for VPCs from Amazon Virtual Private Cloud (Amazon VPC).
+--
+-- 'nextToken', 'listFirewallConfigsResponse_nextToken' - If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+--
+-- 'httpStatus', 'listFirewallConfigsResponse_httpStatus' - The response's http status code.
+newListFirewallConfigsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFirewallConfigsResponse
+newListFirewallConfigsResponse pHttpStatus_ =
+  ListFirewallConfigsResponse'
+    { firewallConfigs =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The configurations for the firewall behavior provided by DNS Firewall
+-- for VPCs from Amazon Virtual Private Cloud (Amazon VPC).
+listFirewallConfigsResponse_firewallConfigs :: Lens.Lens' ListFirewallConfigsResponse (Prelude.Maybe [FirewallConfig])
+listFirewallConfigsResponse_firewallConfigs = Lens.lens (\ListFirewallConfigsResponse' {firewallConfigs} -> firewallConfigs) (\s@ListFirewallConfigsResponse' {} a -> s {firewallConfigs = a} :: ListFirewallConfigsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+listFirewallConfigsResponse_nextToken :: Lens.Lens' ListFirewallConfigsResponse (Prelude.Maybe Prelude.Text)
+listFirewallConfigsResponse_nextToken = Lens.lens (\ListFirewallConfigsResponse' {nextToken} -> nextToken) (\s@ListFirewallConfigsResponse' {} a -> s {nextToken = a} :: ListFirewallConfigsResponse)
+
+-- | The response's http status code.
+listFirewallConfigsResponse_httpStatus :: Lens.Lens' ListFirewallConfigsResponse Prelude.Int
+listFirewallConfigsResponse_httpStatus = Lens.lens (\ListFirewallConfigsResponse' {httpStatus} -> httpStatus) (\s@ListFirewallConfigsResponse' {} a -> s {httpStatus = a} :: ListFirewallConfigsResponse)
+
+instance Prelude.NFData ListFirewallConfigsResponse where
+  rnf ListFirewallConfigsResponse' {..} =
+    Prelude.rnf firewallConfigs
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListFirewallDomainLists.hs b/gen/Amazonka/Route53Resolver/ListFirewallDomainLists.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListFirewallDomainLists.hs
@@ -0,0 +1,283 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListFirewallDomainLists
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the firewall domain lists that you have defined. For each
+-- firewall domain list, you can retrieve the domains that are defined for
+-- a list by calling ListFirewallDomains.
+--
+-- A single call to this list operation might return only a partial list of
+-- the domain lists. For information, see @MaxResults@.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListFirewallDomainLists
+  ( -- * Creating a Request
+    ListFirewallDomainLists (..),
+    newListFirewallDomainLists,
+
+    -- * Request Lenses
+    listFirewallDomainLists_maxResults,
+    listFirewallDomainLists_nextToken,
+
+    -- * Destructuring the Response
+    ListFirewallDomainListsResponse (..),
+    newListFirewallDomainListsResponse,
+
+    -- * Response Lenses
+    listFirewallDomainListsResponse_firewallDomainLists,
+    listFirewallDomainListsResponse_nextToken,
+    listFirewallDomainListsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListFirewallDomainLists' smart constructor.
+data ListFirewallDomainLists = ListFirewallDomainLists'
+  { -- | The maximum number of objects that you want Resolver to return for this
+    -- request. If more objects are available, in the response, Resolver
+    -- provides a @NextToken@ value that you can use in a subsequent call to
+    -- get the next batch of objects.
+    --
+    -- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+    -- 100 objects.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first call to this list request, omit this value.
+    --
+    -- When you request a list of objects, Resolver returns at most the number
+    -- of objects specified in @MaxResults@. If more objects are available for
+    -- retrieval, Resolver returns a @NextToken@ value in the response. To
+    -- retrieve the next batch of objects, use the token that was returned for
+    -- the prior request in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallDomainLists' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listFirewallDomainLists_maxResults' - The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+--
+-- 'nextToken', 'listFirewallDomainLists_nextToken' - For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+newListFirewallDomainLists ::
+  ListFirewallDomainLists
+newListFirewallDomainLists =
+  ListFirewallDomainLists'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+listFirewallDomainLists_maxResults :: Lens.Lens' ListFirewallDomainLists (Prelude.Maybe Prelude.Natural)
+listFirewallDomainLists_maxResults = Lens.lens (\ListFirewallDomainLists' {maxResults} -> maxResults) (\s@ListFirewallDomainLists' {} a -> s {maxResults = a} :: ListFirewallDomainLists)
+
+-- | For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+listFirewallDomainLists_nextToken :: Lens.Lens' ListFirewallDomainLists (Prelude.Maybe Prelude.Text)
+listFirewallDomainLists_nextToken = Lens.lens (\ListFirewallDomainLists' {nextToken} -> nextToken) (\s@ListFirewallDomainLists' {} a -> s {nextToken = a} :: ListFirewallDomainLists)
+
+instance Core.AWSPager ListFirewallDomainLists where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallDomainListsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallDomainListsResponse_firewallDomainLists
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFirewallDomainLists_nextToken
+          Lens..~ rs
+          Lens.^? listFirewallDomainListsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFirewallDomainLists where
+  type
+    AWSResponse ListFirewallDomainLists =
+      ListFirewallDomainListsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFirewallDomainListsResponse'
+            Prelude.<$> ( x
+                            Data..?> "FirewallDomainLists"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListFirewallDomainLists where
+  hashWithSalt _salt ListFirewallDomainLists' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListFirewallDomainLists where
+  rnf ListFirewallDomainLists' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListFirewallDomainLists where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListFirewallDomainLists" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListFirewallDomainLists where
+  toJSON ListFirewallDomainLists' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListFirewallDomainLists where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListFirewallDomainLists where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListFirewallDomainListsResponse' smart constructor.
+data ListFirewallDomainListsResponse = ListFirewallDomainListsResponse'
+  { -- | A list of the domain lists that you have defined.
+    --
+    -- This might be a partial list of the domain lists that you\'ve defined.
+    -- For information, see @MaxResults@.
+    firewallDomainLists :: Prelude.Maybe [FirewallDomainListMetadata],
+    -- | If objects are still available for retrieval, Resolver returns this
+    -- token in the response. To retrieve the next batch of objects, provide
+    -- this token in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallDomainListsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainLists', 'listFirewallDomainListsResponse_firewallDomainLists' - A list of the domain lists that you have defined.
+--
+-- This might be a partial list of the domain lists that you\'ve defined.
+-- For information, see @MaxResults@.
+--
+-- 'nextToken', 'listFirewallDomainListsResponse_nextToken' - If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+--
+-- 'httpStatus', 'listFirewallDomainListsResponse_httpStatus' - The response's http status code.
+newListFirewallDomainListsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFirewallDomainListsResponse
+newListFirewallDomainListsResponse pHttpStatus_ =
+  ListFirewallDomainListsResponse'
+    { firewallDomainLists =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of the domain lists that you have defined.
+--
+-- This might be a partial list of the domain lists that you\'ve defined.
+-- For information, see @MaxResults@.
+listFirewallDomainListsResponse_firewallDomainLists :: Lens.Lens' ListFirewallDomainListsResponse (Prelude.Maybe [FirewallDomainListMetadata])
+listFirewallDomainListsResponse_firewallDomainLists = Lens.lens (\ListFirewallDomainListsResponse' {firewallDomainLists} -> firewallDomainLists) (\s@ListFirewallDomainListsResponse' {} a -> s {firewallDomainLists = a} :: ListFirewallDomainListsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+listFirewallDomainListsResponse_nextToken :: Lens.Lens' ListFirewallDomainListsResponse (Prelude.Maybe Prelude.Text)
+listFirewallDomainListsResponse_nextToken = Lens.lens (\ListFirewallDomainListsResponse' {nextToken} -> nextToken) (\s@ListFirewallDomainListsResponse' {} a -> s {nextToken = a} :: ListFirewallDomainListsResponse)
+
+-- | The response's http status code.
+listFirewallDomainListsResponse_httpStatus :: Lens.Lens' ListFirewallDomainListsResponse Prelude.Int
+listFirewallDomainListsResponse_httpStatus = Lens.lens (\ListFirewallDomainListsResponse' {httpStatus} -> httpStatus) (\s@ListFirewallDomainListsResponse' {} a -> s {httpStatus = a} :: ListFirewallDomainListsResponse)
+
+instance
+  Prelude.NFData
+    ListFirewallDomainListsResponse
+  where
+  rnf ListFirewallDomainListsResponse' {..} =
+    Prelude.rnf firewallDomainLists
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListFirewallDomains.hs b/gen/Amazonka/Route53Resolver/ListFirewallDomains.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListFirewallDomains.hs
@@ -0,0 +1,293 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListFirewallDomains
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the domains that you have defined for the specified firewall
+-- domain list.
+--
+-- A single call might return only a partial list of the domains. For
+-- information, see @MaxResults@.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListFirewallDomains
+  ( -- * Creating a Request
+    ListFirewallDomains (..),
+    newListFirewallDomains,
+
+    -- * Request Lenses
+    listFirewallDomains_maxResults,
+    listFirewallDomains_nextToken,
+    listFirewallDomains_firewallDomainListId,
+
+    -- * Destructuring the Response
+    ListFirewallDomainsResponse (..),
+    newListFirewallDomainsResponse,
+
+    -- * Response Lenses
+    listFirewallDomainsResponse_domains,
+    listFirewallDomainsResponse_nextToken,
+    listFirewallDomainsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListFirewallDomains' smart constructor.
+data ListFirewallDomains = ListFirewallDomains'
+  { -- | The maximum number of objects that you want Resolver to return for this
+    -- request. If more objects are available, in the response, Resolver
+    -- provides a @NextToken@ value that you can use in a subsequent call to
+    -- get the next batch of objects.
+    --
+    -- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+    -- 100 objects.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first call to this list request, omit this value.
+    --
+    -- When you request a list of objects, Resolver returns at most the number
+    -- of objects specified in @MaxResults@. If more objects are available for
+    -- retrieval, Resolver returns a @NextToken@ value in the response. To
+    -- retrieve the next batch of objects, use the token that was returned for
+    -- the prior request in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the domain list whose domains you want to retrieve.
+    firewallDomainListId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallDomains' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listFirewallDomains_maxResults' - The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+--
+-- 'nextToken', 'listFirewallDomains_nextToken' - For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+--
+-- 'firewallDomainListId', 'listFirewallDomains_firewallDomainListId' - The ID of the domain list whose domains you want to retrieve.
+newListFirewallDomains ::
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  ListFirewallDomains
+newListFirewallDomains pFirewallDomainListId_ =
+  ListFirewallDomains'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      firewallDomainListId = pFirewallDomainListId_
+    }
+
+-- | The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+listFirewallDomains_maxResults :: Lens.Lens' ListFirewallDomains (Prelude.Maybe Prelude.Natural)
+listFirewallDomains_maxResults = Lens.lens (\ListFirewallDomains' {maxResults} -> maxResults) (\s@ListFirewallDomains' {} a -> s {maxResults = a} :: ListFirewallDomains)
+
+-- | For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+listFirewallDomains_nextToken :: Lens.Lens' ListFirewallDomains (Prelude.Maybe Prelude.Text)
+listFirewallDomains_nextToken = Lens.lens (\ListFirewallDomains' {nextToken} -> nextToken) (\s@ListFirewallDomains' {} a -> s {nextToken = a} :: ListFirewallDomains)
+
+-- | The ID of the domain list whose domains you want to retrieve.
+listFirewallDomains_firewallDomainListId :: Lens.Lens' ListFirewallDomains Prelude.Text
+listFirewallDomains_firewallDomainListId = Lens.lens (\ListFirewallDomains' {firewallDomainListId} -> firewallDomainListId) (\s@ListFirewallDomains' {} a -> s {firewallDomainListId = a} :: ListFirewallDomains)
+
+instance Core.AWSPager ListFirewallDomains where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallDomainsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallDomainsResponse_domains
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFirewallDomains_nextToken
+          Lens..~ rs
+          Lens.^? listFirewallDomainsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFirewallDomains where
+  type
+    AWSResponse ListFirewallDomains =
+      ListFirewallDomainsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFirewallDomainsResponse'
+            Prelude.<$> (x Data..?> "Domains" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListFirewallDomains where
+  hashWithSalt _salt ListFirewallDomains' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` firewallDomainListId
+
+instance Prelude.NFData ListFirewallDomains where
+  rnf ListFirewallDomains' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf firewallDomainListId
+
+instance Data.ToHeaders ListFirewallDomains where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListFirewallDomains" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListFirewallDomains where
+  toJSON ListFirewallDomains' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              )
+          ]
+      )
+
+instance Data.ToPath ListFirewallDomains where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListFirewallDomains where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListFirewallDomainsResponse' smart constructor.
+data ListFirewallDomainsResponse = ListFirewallDomainsResponse'
+  { -- | A list of the domains in the firewall domain list.
+    --
+    -- This might be a partial list of the domains that you\'ve defined in the
+    -- domain list. For information, see @MaxResults@.
+    domains :: Prelude.Maybe [Prelude.Text],
+    -- | If objects are still available for retrieval, Resolver returns this
+    -- token in the response. To retrieve the next batch of objects, provide
+    -- this token in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallDomainsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'domains', 'listFirewallDomainsResponse_domains' - A list of the domains in the firewall domain list.
+--
+-- This might be a partial list of the domains that you\'ve defined in the
+-- domain list. For information, see @MaxResults@.
+--
+-- 'nextToken', 'listFirewallDomainsResponse_nextToken' - If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+--
+-- 'httpStatus', 'listFirewallDomainsResponse_httpStatus' - The response's http status code.
+newListFirewallDomainsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFirewallDomainsResponse
+newListFirewallDomainsResponse pHttpStatus_ =
+  ListFirewallDomainsResponse'
+    { domains =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of the domains in the firewall domain list.
+--
+-- This might be a partial list of the domains that you\'ve defined in the
+-- domain list. For information, see @MaxResults@.
+listFirewallDomainsResponse_domains :: Lens.Lens' ListFirewallDomainsResponse (Prelude.Maybe [Prelude.Text])
+listFirewallDomainsResponse_domains = Lens.lens (\ListFirewallDomainsResponse' {domains} -> domains) (\s@ListFirewallDomainsResponse' {} a -> s {domains = a} :: ListFirewallDomainsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+listFirewallDomainsResponse_nextToken :: Lens.Lens' ListFirewallDomainsResponse (Prelude.Maybe Prelude.Text)
+listFirewallDomainsResponse_nextToken = Lens.lens (\ListFirewallDomainsResponse' {nextToken} -> nextToken) (\s@ListFirewallDomainsResponse' {} a -> s {nextToken = a} :: ListFirewallDomainsResponse)
+
+-- | The response's http status code.
+listFirewallDomainsResponse_httpStatus :: Lens.Lens' ListFirewallDomainsResponse Prelude.Int
+listFirewallDomainsResponse_httpStatus = Lens.lens (\ListFirewallDomainsResponse' {httpStatus} -> httpStatus) (\s@ListFirewallDomainsResponse' {} a -> s {httpStatus = a} :: ListFirewallDomainsResponse)
+
+instance Prelude.NFData ListFirewallDomainsResponse where
+  rnf ListFirewallDomainsResponse' {..} =
+    Prelude.rnf domains
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListFirewallRuleGroupAssociations.hs b/gen/Amazonka/Route53Resolver/ListFirewallRuleGroupAssociations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListFirewallRuleGroupAssociations.hs
@@ -0,0 +1,386 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListFirewallRuleGroupAssociations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the firewall rule group associations that you have defined.
+-- Each association enables DNS filtering for a VPC with one rule group.
+--
+-- A single call might return only a partial list of the associations. For
+-- information, see @MaxResults@.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListFirewallRuleGroupAssociations
+  ( -- * Creating a Request
+    ListFirewallRuleGroupAssociations (..),
+    newListFirewallRuleGroupAssociations,
+
+    -- * Request Lenses
+    listFirewallRuleGroupAssociations_firewallRuleGroupId,
+    listFirewallRuleGroupAssociations_maxResults,
+    listFirewallRuleGroupAssociations_nextToken,
+    listFirewallRuleGroupAssociations_priority,
+    listFirewallRuleGroupAssociations_status,
+    listFirewallRuleGroupAssociations_vpcId,
+
+    -- * Destructuring the Response
+    ListFirewallRuleGroupAssociationsResponse (..),
+    newListFirewallRuleGroupAssociationsResponse,
+
+    -- * Response Lenses
+    listFirewallRuleGroupAssociationsResponse_firewallRuleGroupAssociations,
+    listFirewallRuleGroupAssociationsResponse_nextToken,
+    listFirewallRuleGroupAssociationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListFirewallRuleGroupAssociations' smart constructor.
+data ListFirewallRuleGroupAssociations = ListFirewallRuleGroupAssociations'
+  { -- | The unique identifier of the firewall rule group that you want to
+    -- retrieve the associations for. Leave this blank to retrieve associations
+    -- for any rule group.
+    firewallRuleGroupId :: Prelude.Maybe Prelude.Text,
+    -- | The maximum number of objects that you want Resolver to return for this
+    -- request. If more objects are available, in the response, Resolver
+    -- provides a @NextToken@ value that you can use in a subsequent call to
+    -- get the next batch of objects.
+    --
+    -- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+    -- 100 objects.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first call to this list request, omit this value.
+    --
+    -- When you request a list of objects, Resolver returns at most the number
+    -- of objects specified in @MaxResults@. If more objects are available for
+    -- retrieval, Resolver returns a @NextToken@ value in the response. To
+    -- retrieve the next batch of objects, use the token that was returned for
+    -- the prior request in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The setting that determines the processing order of the rule group among
+    -- the rule groups that are associated with a single VPC. DNS Firewall
+    -- filters VPC traffic starting from the rule group with the lowest numeric
+    -- priority setting.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The association @Status@ setting that you want DNS Firewall to filter on
+    -- for the list. If you don\'t specify this, then DNS Firewall returns all
+    -- associations, regardless of status.
+    status :: Prelude.Maybe FirewallRuleGroupAssociationStatus,
+    -- | The unique identifier of the VPC that you want to retrieve the
+    -- associations for. Leave this blank to retrieve associations for any VPC.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallRuleGroupAssociations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupId', 'listFirewallRuleGroupAssociations_firewallRuleGroupId' - The unique identifier of the firewall rule group that you want to
+-- retrieve the associations for. Leave this blank to retrieve associations
+-- for any rule group.
+--
+-- 'maxResults', 'listFirewallRuleGroupAssociations_maxResults' - The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+--
+-- 'nextToken', 'listFirewallRuleGroupAssociations_nextToken' - For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+--
+-- 'priority', 'listFirewallRuleGroupAssociations_priority' - The setting that determines the processing order of the rule group among
+-- the rule groups that are associated with a single VPC. DNS Firewall
+-- filters VPC traffic starting from the rule group with the lowest numeric
+-- priority setting.
+--
+-- 'status', 'listFirewallRuleGroupAssociations_status' - The association @Status@ setting that you want DNS Firewall to filter on
+-- for the list. If you don\'t specify this, then DNS Firewall returns all
+-- associations, regardless of status.
+--
+-- 'vpcId', 'listFirewallRuleGroupAssociations_vpcId' - The unique identifier of the VPC that you want to retrieve the
+-- associations for. Leave this blank to retrieve associations for any VPC.
+newListFirewallRuleGroupAssociations ::
+  ListFirewallRuleGroupAssociations
+newListFirewallRuleGroupAssociations =
+  ListFirewallRuleGroupAssociations'
+    { firewallRuleGroupId =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      priority = Prelude.Nothing,
+      status = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The unique identifier of the firewall rule group that you want to
+-- retrieve the associations for. Leave this blank to retrieve associations
+-- for any rule group.
+listFirewallRuleGroupAssociations_firewallRuleGroupId :: Lens.Lens' ListFirewallRuleGroupAssociations (Prelude.Maybe Prelude.Text)
+listFirewallRuleGroupAssociations_firewallRuleGroupId = Lens.lens (\ListFirewallRuleGroupAssociations' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@ListFirewallRuleGroupAssociations' {} a -> s {firewallRuleGroupId = a} :: ListFirewallRuleGroupAssociations)
+
+-- | The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+listFirewallRuleGroupAssociations_maxResults :: Lens.Lens' ListFirewallRuleGroupAssociations (Prelude.Maybe Prelude.Natural)
+listFirewallRuleGroupAssociations_maxResults = Lens.lens (\ListFirewallRuleGroupAssociations' {maxResults} -> maxResults) (\s@ListFirewallRuleGroupAssociations' {} a -> s {maxResults = a} :: ListFirewallRuleGroupAssociations)
+
+-- | For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+listFirewallRuleGroupAssociations_nextToken :: Lens.Lens' ListFirewallRuleGroupAssociations (Prelude.Maybe Prelude.Text)
+listFirewallRuleGroupAssociations_nextToken = Lens.lens (\ListFirewallRuleGroupAssociations' {nextToken} -> nextToken) (\s@ListFirewallRuleGroupAssociations' {} a -> s {nextToken = a} :: ListFirewallRuleGroupAssociations)
+
+-- | The setting that determines the processing order of the rule group among
+-- the rule groups that are associated with a single VPC. DNS Firewall
+-- filters VPC traffic starting from the rule group with the lowest numeric
+-- priority setting.
+listFirewallRuleGroupAssociations_priority :: Lens.Lens' ListFirewallRuleGroupAssociations (Prelude.Maybe Prelude.Int)
+listFirewallRuleGroupAssociations_priority = Lens.lens (\ListFirewallRuleGroupAssociations' {priority} -> priority) (\s@ListFirewallRuleGroupAssociations' {} a -> s {priority = a} :: ListFirewallRuleGroupAssociations)
+
+-- | The association @Status@ setting that you want DNS Firewall to filter on
+-- for the list. If you don\'t specify this, then DNS Firewall returns all
+-- associations, regardless of status.
+listFirewallRuleGroupAssociations_status :: Lens.Lens' ListFirewallRuleGroupAssociations (Prelude.Maybe FirewallRuleGroupAssociationStatus)
+listFirewallRuleGroupAssociations_status = Lens.lens (\ListFirewallRuleGroupAssociations' {status} -> status) (\s@ListFirewallRuleGroupAssociations' {} a -> s {status = a} :: ListFirewallRuleGroupAssociations)
+
+-- | The unique identifier of the VPC that you want to retrieve the
+-- associations for. Leave this blank to retrieve associations for any VPC.
+listFirewallRuleGroupAssociations_vpcId :: Lens.Lens' ListFirewallRuleGroupAssociations (Prelude.Maybe Prelude.Text)
+listFirewallRuleGroupAssociations_vpcId = Lens.lens (\ListFirewallRuleGroupAssociations' {vpcId} -> vpcId) (\s@ListFirewallRuleGroupAssociations' {} a -> s {vpcId = a} :: ListFirewallRuleGroupAssociations)
+
+instance
+  Core.AWSPager
+    ListFirewallRuleGroupAssociations
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallRuleGroupAssociationsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallRuleGroupAssociationsResponse_firewallRuleGroupAssociations
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFirewallRuleGroupAssociations_nextToken
+          Lens..~ rs
+          Lens.^? listFirewallRuleGroupAssociationsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListFirewallRuleGroupAssociations
+  where
+  type
+    AWSResponse ListFirewallRuleGroupAssociations =
+      ListFirewallRuleGroupAssociationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFirewallRuleGroupAssociationsResponse'
+            Prelude.<$> ( x
+                            Data..?> "FirewallRuleGroupAssociations"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListFirewallRuleGroupAssociations
+  where
+  hashWithSalt
+    _salt
+    ListFirewallRuleGroupAssociations' {..} =
+      _salt
+        `Prelude.hashWithSalt` firewallRuleGroupId
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` priority
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` vpcId
+
+instance
+  Prelude.NFData
+    ListFirewallRuleGroupAssociations
+  where
+  rnf ListFirewallRuleGroupAssociations' {..} =
+    Prelude.rnf firewallRuleGroupId
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf vpcId
+
+instance
+  Data.ToHeaders
+    ListFirewallRuleGroupAssociations
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListFirewallRuleGroupAssociations" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListFirewallRuleGroupAssociations
+  where
+  toJSON ListFirewallRuleGroupAssociations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FirewallRuleGroupId" Data..=)
+              Prelude.<$> firewallRuleGroupId,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("Priority" Data..=) Prelude.<$> priority,
+            ("Status" Data..=) Prelude.<$> status,
+            ("VpcId" Data..=) Prelude.<$> vpcId
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListFirewallRuleGroupAssociations
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListFirewallRuleGroupAssociations
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListFirewallRuleGroupAssociationsResponse' smart constructor.
+data ListFirewallRuleGroupAssociationsResponse = ListFirewallRuleGroupAssociationsResponse'
+  { -- | A list of your firewall rule group associations.
+    --
+    -- This might be a partial list of the associations that you have defined.
+    -- For information, see @MaxResults@.
+    firewallRuleGroupAssociations :: Prelude.Maybe [FirewallRuleGroupAssociation],
+    -- | If objects are still available for retrieval, Resolver returns this
+    -- token in the response. To retrieve the next batch of objects, provide
+    -- this token in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallRuleGroupAssociationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupAssociations', 'listFirewallRuleGroupAssociationsResponse_firewallRuleGroupAssociations' - A list of your firewall rule group associations.
+--
+-- This might be a partial list of the associations that you have defined.
+-- For information, see @MaxResults@.
+--
+-- 'nextToken', 'listFirewallRuleGroupAssociationsResponse_nextToken' - If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+--
+-- 'httpStatus', 'listFirewallRuleGroupAssociationsResponse_httpStatus' - The response's http status code.
+newListFirewallRuleGroupAssociationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFirewallRuleGroupAssociationsResponse
+newListFirewallRuleGroupAssociationsResponse
+  pHttpStatus_ =
+    ListFirewallRuleGroupAssociationsResponse'
+      { firewallRuleGroupAssociations =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | A list of your firewall rule group associations.
+--
+-- This might be a partial list of the associations that you have defined.
+-- For information, see @MaxResults@.
+listFirewallRuleGroupAssociationsResponse_firewallRuleGroupAssociations :: Lens.Lens' ListFirewallRuleGroupAssociationsResponse (Prelude.Maybe [FirewallRuleGroupAssociation])
+listFirewallRuleGroupAssociationsResponse_firewallRuleGroupAssociations = Lens.lens (\ListFirewallRuleGroupAssociationsResponse' {firewallRuleGroupAssociations} -> firewallRuleGroupAssociations) (\s@ListFirewallRuleGroupAssociationsResponse' {} a -> s {firewallRuleGroupAssociations = a} :: ListFirewallRuleGroupAssociationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+listFirewallRuleGroupAssociationsResponse_nextToken :: Lens.Lens' ListFirewallRuleGroupAssociationsResponse (Prelude.Maybe Prelude.Text)
+listFirewallRuleGroupAssociationsResponse_nextToken = Lens.lens (\ListFirewallRuleGroupAssociationsResponse' {nextToken} -> nextToken) (\s@ListFirewallRuleGroupAssociationsResponse' {} a -> s {nextToken = a} :: ListFirewallRuleGroupAssociationsResponse)
+
+-- | The response's http status code.
+listFirewallRuleGroupAssociationsResponse_httpStatus :: Lens.Lens' ListFirewallRuleGroupAssociationsResponse Prelude.Int
+listFirewallRuleGroupAssociationsResponse_httpStatus = Lens.lens (\ListFirewallRuleGroupAssociationsResponse' {httpStatus} -> httpStatus) (\s@ListFirewallRuleGroupAssociationsResponse' {} a -> s {httpStatus = a} :: ListFirewallRuleGroupAssociationsResponse)
+
+instance
+  Prelude.NFData
+    ListFirewallRuleGroupAssociationsResponse
+  where
+  rnf ListFirewallRuleGroupAssociationsResponse' {..} =
+    Prelude.rnf firewallRuleGroupAssociations
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListFirewallRuleGroups.hs b/gen/Amazonka/Route53Resolver/ListFirewallRuleGroups.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListFirewallRuleGroups.hs
@@ -0,0 +1,282 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListFirewallRuleGroups
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the minimal high-level information for the rule groups that
+-- you have defined.
+--
+-- A single call might return only a partial list of the rule groups. For
+-- information, see @MaxResults@.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListFirewallRuleGroups
+  ( -- * Creating a Request
+    ListFirewallRuleGroups (..),
+    newListFirewallRuleGroups,
+
+    -- * Request Lenses
+    listFirewallRuleGroups_maxResults,
+    listFirewallRuleGroups_nextToken,
+
+    -- * Destructuring the Response
+    ListFirewallRuleGroupsResponse (..),
+    newListFirewallRuleGroupsResponse,
+
+    -- * Response Lenses
+    listFirewallRuleGroupsResponse_firewallRuleGroups,
+    listFirewallRuleGroupsResponse_nextToken,
+    listFirewallRuleGroupsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListFirewallRuleGroups' smart constructor.
+data ListFirewallRuleGroups = ListFirewallRuleGroups'
+  { -- | The maximum number of objects that you want Resolver to return for this
+    -- request. If more objects are available, in the response, Resolver
+    -- provides a @NextToken@ value that you can use in a subsequent call to
+    -- get the next batch of objects.
+    --
+    -- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+    -- 100 objects.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first call to this list request, omit this value.
+    --
+    -- When you request a list of objects, Resolver returns at most the number
+    -- of objects specified in @MaxResults@. If more objects are available for
+    -- retrieval, Resolver returns a @NextToken@ value in the response. To
+    -- retrieve the next batch of objects, use the token that was returned for
+    -- the prior request in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallRuleGroups' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listFirewallRuleGroups_maxResults' - The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+--
+-- 'nextToken', 'listFirewallRuleGroups_nextToken' - For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+newListFirewallRuleGroups ::
+  ListFirewallRuleGroups
+newListFirewallRuleGroups =
+  ListFirewallRuleGroups'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+listFirewallRuleGroups_maxResults :: Lens.Lens' ListFirewallRuleGroups (Prelude.Maybe Prelude.Natural)
+listFirewallRuleGroups_maxResults = Lens.lens (\ListFirewallRuleGroups' {maxResults} -> maxResults) (\s@ListFirewallRuleGroups' {} a -> s {maxResults = a} :: ListFirewallRuleGroups)
+
+-- | For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+listFirewallRuleGroups_nextToken :: Lens.Lens' ListFirewallRuleGroups (Prelude.Maybe Prelude.Text)
+listFirewallRuleGroups_nextToken = Lens.lens (\ListFirewallRuleGroups' {nextToken} -> nextToken) (\s@ListFirewallRuleGroups' {} a -> s {nextToken = a} :: ListFirewallRuleGroups)
+
+instance Core.AWSPager ListFirewallRuleGroups where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallRuleGroupsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallRuleGroupsResponse_firewallRuleGroups
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFirewallRuleGroups_nextToken
+          Lens..~ rs
+          Lens.^? listFirewallRuleGroupsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFirewallRuleGroups where
+  type
+    AWSResponse ListFirewallRuleGroups =
+      ListFirewallRuleGroupsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFirewallRuleGroupsResponse'
+            Prelude.<$> ( x
+                            Data..?> "FirewallRuleGroups"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListFirewallRuleGroups where
+  hashWithSalt _salt ListFirewallRuleGroups' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListFirewallRuleGroups where
+  rnf ListFirewallRuleGroups' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListFirewallRuleGroups where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListFirewallRuleGroups" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListFirewallRuleGroups where
+  toJSON ListFirewallRuleGroups' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListFirewallRuleGroups where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListFirewallRuleGroups where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListFirewallRuleGroupsResponse' smart constructor.
+data ListFirewallRuleGroupsResponse = ListFirewallRuleGroupsResponse'
+  { -- | A list of your firewall rule groups.
+    --
+    -- This might be a partial list of the rule groups that you have defined.
+    -- For information, see @MaxResults@.
+    firewallRuleGroups :: Prelude.Maybe [FirewallRuleGroupMetadata],
+    -- | If objects are still available for retrieval, Resolver returns this
+    -- token in the response. To retrieve the next batch of objects, provide
+    -- this token in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallRuleGroupsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroups', 'listFirewallRuleGroupsResponse_firewallRuleGroups' - A list of your firewall rule groups.
+--
+-- This might be a partial list of the rule groups that you have defined.
+-- For information, see @MaxResults@.
+--
+-- 'nextToken', 'listFirewallRuleGroupsResponse_nextToken' - If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+--
+-- 'httpStatus', 'listFirewallRuleGroupsResponse_httpStatus' - The response's http status code.
+newListFirewallRuleGroupsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFirewallRuleGroupsResponse
+newListFirewallRuleGroupsResponse pHttpStatus_ =
+  ListFirewallRuleGroupsResponse'
+    { firewallRuleGroups =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of your firewall rule groups.
+--
+-- This might be a partial list of the rule groups that you have defined.
+-- For information, see @MaxResults@.
+listFirewallRuleGroupsResponse_firewallRuleGroups :: Lens.Lens' ListFirewallRuleGroupsResponse (Prelude.Maybe [FirewallRuleGroupMetadata])
+listFirewallRuleGroupsResponse_firewallRuleGroups = Lens.lens (\ListFirewallRuleGroupsResponse' {firewallRuleGroups} -> firewallRuleGroups) (\s@ListFirewallRuleGroupsResponse' {} a -> s {firewallRuleGroups = a} :: ListFirewallRuleGroupsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+listFirewallRuleGroupsResponse_nextToken :: Lens.Lens' ListFirewallRuleGroupsResponse (Prelude.Maybe Prelude.Text)
+listFirewallRuleGroupsResponse_nextToken = Lens.lens (\ListFirewallRuleGroupsResponse' {nextToken} -> nextToken) (\s@ListFirewallRuleGroupsResponse' {} a -> s {nextToken = a} :: ListFirewallRuleGroupsResponse)
+
+-- | The response's http status code.
+listFirewallRuleGroupsResponse_httpStatus :: Lens.Lens' ListFirewallRuleGroupsResponse Prelude.Int
+listFirewallRuleGroupsResponse_httpStatus = Lens.lens (\ListFirewallRuleGroupsResponse' {httpStatus} -> httpStatus) (\s@ListFirewallRuleGroupsResponse' {} a -> s {httpStatus = a} :: ListFirewallRuleGroupsResponse)
+
+instance
+  Prelude.NFData
+    ListFirewallRuleGroupsResponse
+  where
+  rnf ListFirewallRuleGroupsResponse' {..} =
+    Prelude.rnf firewallRuleGroups
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListFirewallRules.hs b/gen/Amazonka/Route53Resolver/ListFirewallRules.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListFirewallRules.hs
@@ -0,0 +1,369 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListFirewallRules
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the firewall rules that you have defined for the specified
+-- firewall rule group. DNS Firewall uses the rules in a rule group to
+-- filter DNS network traffic for a VPC.
+--
+-- A single call might return only a partial list of the rules. For
+-- information, see @MaxResults@.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListFirewallRules
+  ( -- * Creating a Request
+    ListFirewallRules (..),
+    newListFirewallRules,
+
+    -- * Request Lenses
+    listFirewallRules_action,
+    listFirewallRules_maxResults,
+    listFirewallRules_nextToken,
+    listFirewallRules_priority,
+    listFirewallRules_firewallRuleGroupId,
+
+    -- * Destructuring the Response
+    ListFirewallRulesResponse (..),
+    newListFirewallRulesResponse,
+
+    -- * Response Lenses
+    listFirewallRulesResponse_firewallRules,
+    listFirewallRulesResponse_nextToken,
+    listFirewallRulesResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListFirewallRules' smart constructor.
+data ListFirewallRules = ListFirewallRules'
+  { -- | Optional additional filter for the rules to retrieve.
+    --
+    -- The action that DNS Firewall should take on a DNS query when it matches
+    -- one of the domains in the rule\'s domain list:
+    --
+    -- -   @ALLOW@ - Permit the request to go through.
+    --
+    -- -   @ALERT@ - Permit the request to go through but send an alert to the
+    --     logs.
+    --
+    -- -   @BLOCK@ - Disallow the request. If this is specified, additional
+    --     handling details are provided in the rule\'s @BlockResponse@
+    --     setting.
+    action :: Prelude.Maybe Action,
+    -- | The maximum number of objects that you want Resolver to return for this
+    -- request. If more objects are available, in the response, Resolver
+    -- provides a @NextToken@ value that you can use in a subsequent call to
+    -- get the next batch of objects.
+    --
+    -- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+    -- 100 objects.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first call to this list request, omit this value.
+    --
+    -- When you request a list of objects, Resolver returns at most the number
+    -- of objects specified in @MaxResults@. If more objects are available for
+    -- retrieval, Resolver returns a @NextToken@ value in the response. To
+    -- retrieve the next batch of objects, use the token that was returned for
+    -- the prior request in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | Optional additional filter for the rules to retrieve.
+    --
+    -- The setting that determines the processing order of the rules in a rule
+    -- group. DNS Firewall processes the rules in a rule group by order of
+    -- priority, starting from the lowest setting.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The unique identifier of the firewall rule group that you want to
+    -- retrieve the rules for.
+    firewallRuleGroupId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallRules' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'listFirewallRules_action' - Optional additional filter for the rules to retrieve.
+--
+-- The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request to go through but send an alert to the
+--     logs.
+--
+-- -   @BLOCK@ - Disallow the request. If this is specified, additional
+--     handling details are provided in the rule\'s @BlockResponse@
+--     setting.
+--
+-- 'maxResults', 'listFirewallRules_maxResults' - The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+--
+-- 'nextToken', 'listFirewallRules_nextToken' - For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+--
+-- 'priority', 'listFirewallRules_priority' - Optional additional filter for the rules to retrieve.
+--
+-- The setting that determines the processing order of the rules in a rule
+-- group. DNS Firewall processes the rules in a rule group by order of
+-- priority, starting from the lowest setting.
+--
+-- 'firewallRuleGroupId', 'listFirewallRules_firewallRuleGroupId' - The unique identifier of the firewall rule group that you want to
+-- retrieve the rules for.
+newListFirewallRules ::
+  -- | 'firewallRuleGroupId'
+  Prelude.Text ->
+  ListFirewallRules
+newListFirewallRules pFirewallRuleGroupId_ =
+  ListFirewallRules'
+    { action = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      priority = Prelude.Nothing,
+      firewallRuleGroupId = pFirewallRuleGroupId_
+    }
+
+-- | Optional additional filter for the rules to retrieve.
+--
+-- The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request to go through but send an alert to the
+--     logs.
+--
+-- -   @BLOCK@ - Disallow the request. If this is specified, additional
+--     handling details are provided in the rule\'s @BlockResponse@
+--     setting.
+listFirewallRules_action :: Lens.Lens' ListFirewallRules (Prelude.Maybe Action)
+listFirewallRules_action = Lens.lens (\ListFirewallRules' {action} -> action) (\s@ListFirewallRules' {} a -> s {action = a} :: ListFirewallRules)
+
+-- | The maximum number of objects that you want Resolver to return for this
+-- request. If more objects are available, in the response, Resolver
+-- provides a @NextToken@ value that you can use in a subsequent call to
+-- get the next batch of objects.
+--
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 objects.
+listFirewallRules_maxResults :: Lens.Lens' ListFirewallRules (Prelude.Maybe Prelude.Natural)
+listFirewallRules_maxResults = Lens.lens (\ListFirewallRules' {maxResults} -> maxResults) (\s@ListFirewallRules' {} a -> s {maxResults = a} :: ListFirewallRules)
+
+-- | For the first call to this list request, omit this value.
+--
+-- When you request a list of objects, Resolver returns at most the number
+-- of objects specified in @MaxResults@. If more objects are available for
+-- retrieval, Resolver returns a @NextToken@ value in the response. To
+-- retrieve the next batch of objects, use the token that was returned for
+-- the prior request in your next request.
+listFirewallRules_nextToken :: Lens.Lens' ListFirewallRules (Prelude.Maybe Prelude.Text)
+listFirewallRules_nextToken = Lens.lens (\ListFirewallRules' {nextToken} -> nextToken) (\s@ListFirewallRules' {} a -> s {nextToken = a} :: ListFirewallRules)
+
+-- | Optional additional filter for the rules to retrieve.
+--
+-- The setting that determines the processing order of the rules in a rule
+-- group. DNS Firewall processes the rules in a rule group by order of
+-- priority, starting from the lowest setting.
+listFirewallRules_priority :: Lens.Lens' ListFirewallRules (Prelude.Maybe Prelude.Int)
+listFirewallRules_priority = Lens.lens (\ListFirewallRules' {priority} -> priority) (\s@ListFirewallRules' {} a -> s {priority = a} :: ListFirewallRules)
+
+-- | The unique identifier of the firewall rule group that you want to
+-- retrieve the rules for.
+listFirewallRules_firewallRuleGroupId :: Lens.Lens' ListFirewallRules Prelude.Text
+listFirewallRules_firewallRuleGroupId = Lens.lens (\ListFirewallRules' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@ListFirewallRules' {} a -> s {firewallRuleGroupId = a} :: ListFirewallRules)
+
+instance Core.AWSPager ListFirewallRules where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallRulesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listFirewallRulesResponse_firewallRules
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listFirewallRules_nextToken
+          Lens..~ rs
+          Lens.^? listFirewallRulesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListFirewallRules where
+  type
+    AWSResponse ListFirewallRules =
+      ListFirewallRulesResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListFirewallRulesResponse'
+            Prelude.<$> (x Data..?> "FirewallRules" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListFirewallRules where
+  hashWithSalt _salt ListFirewallRules' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` firewallRuleGroupId
+
+instance Prelude.NFData ListFirewallRules where
+  rnf ListFirewallRules' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf firewallRuleGroupId
+
+instance Data.ToHeaders ListFirewallRules where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListFirewallRules" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListFirewallRules where
+  toJSON ListFirewallRules' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("Priority" Data..=) Prelude.<$> priority,
+            Prelude.Just
+              ("FirewallRuleGroupId" Data..= firewallRuleGroupId)
+          ]
+      )
+
+instance Data.ToPath ListFirewallRules where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListFirewallRules where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListFirewallRulesResponse' smart constructor.
+data ListFirewallRulesResponse = ListFirewallRulesResponse'
+  { -- | A list of the rules that you have defined.
+    --
+    -- This might be a partial list of the firewall rules that you\'ve defined.
+    -- For information, see @MaxResults@.
+    firewallRules :: Prelude.Maybe [FirewallRule],
+    -- | If objects are still available for retrieval, Resolver returns this
+    -- token in the response. To retrieve the next batch of objects, provide
+    -- this token in your next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListFirewallRulesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRules', 'listFirewallRulesResponse_firewallRules' - A list of the rules that you have defined.
+--
+-- This might be a partial list of the firewall rules that you\'ve defined.
+-- For information, see @MaxResults@.
+--
+-- 'nextToken', 'listFirewallRulesResponse_nextToken' - If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+--
+-- 'httpStatus', 'listFirewallRulesResponse_httpStatus' - The response's http status code.
+newListFirewallRulesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListFirewallRulesResponse
+newListFirewallRulesResponse pHttpStatus_ =
+  ListFirewallRulesResponse'
+    { firewallRules =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of the rules that you have defined.
+--
+-- This might be a partial list of the firewall rules that you\'ve defined.
+-- For information, see @MaxResults@.
+listFirewallRulesResponse_firewallRules :: Lens.Lens' ListFirewallRulesResponse (Prelude.Maybe [FirewallRule])
+listFirewallRulesResponse_firewallRules = Lens.lens (\ListFirewallRulesResponse' {firewallRules} -> firewallRules) (\s@ListFirewallRulesResponse' {} a -> s {firewallRules = a} :: ListFirewallRulesResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | If objects are still available for retrieval, Resolver returns this
+-- token in the response. To retrieve the next batch of objects, provide
+-- this token in your next request.
+listFirewallRulesResponse_nextToken :: Lens.Lens' ListFirewallRulesResponse (Prelude.Maybe Prelude.Text)
+listFirewallRulesResponse_nextToken = Lens.lens (\ListFirewallRulesResponse' {nextToken} -> nextToken) (\s@ListFirewallRulesResponse' {} a -> s {nextToken = a} :: ListFirewallRulesResponse)
+
+-- | The response's http status code.
+listFirewallRulesResponse_httpStatus :: Lens.Lens' ListFirewallRulesResponse Prelude.Int
+listFirewallRulesResponse_httpStatus = Lens.lens (\ListFirewallRulesResponse' {httpStatus} -> httpStatus) (\s@ListFirewallRulesResponse' {} a -> s {httpStatus = a} :: ListFirewallRulesResponse)
+
+instance Prelude.NFData ListFirewallRulesResponse where
+  rnf ListFirewallRulesResponse' {..} =
+    Prelude.rnf firewallRules
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverConfigs.hs b/gen/Amazonka/Route53Resolver/ListResolverConfigs.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverConfigs.hs
@@ -0,0 +1,282 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverConfigs
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the Resolver configurations that you have defined. Route 53
+-- Resolver uses the configurations to manage DNS resolution behavior for
+-- your VPCs.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverConfigs
+  ( -- * Creating a Request
+    ListResolverConfigs (..),
+    newListResolverConfigs,
+
+    -- * Request Lenses
+    listResolverConfigs_maxResults,
+    listResolverConfigs_nextToken,
+
+    -- * Destructuring the Response
+    ListResolverConfigsResponse (..),
+    newListResolverConfigsResponse,
+
+    -- * Response Lenses
+    listResolverConfigsResponse_nextToken,
+    listResolverConfigsResponse_resolverConfigs,
+    listResolverConfigsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverConfigs' smart constructor.
+data ListResolverConfigs = ListResolverConfigs'
+  { -- | The maximum number of Resolver configurations that you want to return in
+    -- the response to a @ListResolverConfigs@ request. If you don\'t specify a
+    -- value for @MaxResults@, up to 100 Resolver configurations are returned.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | (Optional) If the current Amazon Web Services account has more than
+    -- @MaxResults@ Resolver configurations, use @NextToken@ to get the second
+    -- and subsequent pages of results.
+    --
+    -- For the first @ListResolverConfigs@ request, omit this value.
+    --
+    -- For the second and subsequent requests, get the value of @NextToken@
+    -- from the previous response and specify that value for @NextToken@ in the
+    -- request.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverConfigs' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listResolverConfigs_maxResults' - The maximum number of Resolver configurations that you want to return in
+-- the response to a @ListResolverConfigs@ request. If you don\'t specify a
+-- value for @MaxResults@, up to 100 Resolver configurations are returned.
+--
+-- 'nextToken', 'listResolverConfigs_nextToken' - (Optional) If the current Amazon Web Services account has more than
+-- @MaxResults@ Resolver configurations, use @NextToken@ to get the second
+-- and subsequent pages of results.
+--
+-- For the first @ListResolverConfigs@ request, omit this value.
+--
+-- For the second and subsequent requests, get the value of @NextToken@
+-- from the previous response and specify that value for @NextToken@ in the
+-- request.
+newListResolverConfigs ::
+  ListResolverConfigs
+newListResolverConfigs =
+  ListResolverConfigs'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | The maximum number of Resolver configurations that you want to return in
+-- the response to a @ListResolverConfigs@ request. If you don\'t specify a
+-- value for @MaxResults@, up to 100 Resolver configurations are returned.
+listResolverConfigs_maxResults :: Lens.Lens' ListResolverConfigs (Prelude.Maybe Prelude.Natural)
+listResolverConfigs_maxResults = Lens.lens (\ListResolverConfigs' {maxResults} -> maxResults) (\s@ListResolverConfigs' {} a -> s {maxResults = a} :: ListResolverConfigs)
+
+-- | (Optional) If the current Amazon Web Services account has more than
+-- @MaxResults@ Resolver configurations, use @NextToken@ to get the second
+-- and subsequent pages of results.
+--
+-- For the first @ListResolverConfigs@ request, omit this value.
+--
+-- For the second and subsequent requests, get the value of @NextToken@
+-- from the previous response and specify that value for @NextToken@ in the
+-- request.
+listResolverConfigs_nextToken :: Lens.Lens' ListResolverConfigs (Prelude.Maybe Prelude.Text)
+listResolverConfigs_nextToken = Lens.lens (\ListResolverConfigs' {nextToken} -> nextToken) (\s@ListResolverConfigs' {} a -> s {nextToken = a} :: ListResolverConfigs)
+
+instance Core.AWSPager ListResolverConfigs where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverConfigsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverConfigsResponse_resolverConfigs
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverConfigs_nextToken
+          Lens..~ rs
+          Lens.^? listResolverConfigsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListResolverConfigs where
+  type
+    AWSResponse ListResolverConfigs =
+      ListResolverConfigsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverConfigsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "ResolverConfigs"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListResolverConfigs where
+  hashWithSalt _salt ListResolverConfigs' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListResolverConfigs where
+  rnf ListResolverConfigs' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListResolverConfigs where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverConfigs" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResolverConfigs where
+  toJSON ListResolverConfigs' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListResolverConfigs where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResolverConfigs where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverConfigsResponse' smart constructor.
+data ListResolverConfigsResponse = ListResolverConfigsResponse'
+  { -- | If a response includes the last of the Resolver configurations that are
+    -- associated with the current Amazon Web Services account, @NextToken@
+    -- doesn\'t appear in the response.
+    --
+    -- If a response doesn\'t include the last of the configurations, you can
+    -- get more configurations by submitting another @ListResolverConfigs@
+    -- request. Get the value of @NextToken@ that Amazon Route 53 returned in
+    -- the previous response and include it in @NextToken@ in the next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | An array that contains one @ResolverConfigs@ element for each Resolver
+    -- configuration that is associated with the current Amazon Web Services
+    -- account.
+    resolverConfigs :: Prelude.Maybe [ResolverConfig],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverConfigsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listResolverConfigsResponse_nextToken' - If a response includes the last of the Resolver configurations that are
+-- associated with the current Amazon Web Services account, @NextToken@
+-- doesn\'t appear in the response.
+--
+-- If a response doesn\'t include the last of the configurations, you can
+-- get more configurations by submitting another @ListResolverConfigs@
+-- request. Get the value of @NextToken@ that Amazon Route 53 returned in
+-- the previous response and include it in @NextToken@ in the next request.
+--
+-- 'resolverConfigs', 'listResolverConfigsResponse_resolverConfigs' - An array that contains one @ResolverConfigs@ element for each Resolver
+-- configuration that is associated with the current Amazon Web Services
+-- account.
+--
+-- 'httpStatus', 'listResolverConfigsResponse_httpStatus' - The response's http status code.
+newListResolverConfigsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverConfigsResponse
+newListResolverConfigsResponse pHttpStatus_ =
+  ListResolverConfigsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      resolverConfigs = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | If a response includes the last of the Resolver configurations that are
+-- associated with the current Amazon Web Services account, @NextToken@
+-- doesn\'t appear in the response.
+--
+-- If a response doesn\'t include the last of the configurations, you can
+-- get more configurations by submitting another @ListResolverConfigs@
+-- request. Get the value of @NextToken@ that Amazon Route 53 returned in
+-- the previous response and include it in @NextToken@ in the next request.
+listResolverConfigsResponse_nextToken :: Lens.Lens' ListResolverConfigsResponse (Prelude.Maybe Prelude.Text)
+listResolverConfigsResponse_nextToken = Lens.lens (\ListResolverConfigsResponse' {nextToken} -> nextToken) (\s@ListResolverConfigsResponse' {} a -> s {nextToken = a} :: ListResolverConfigsResponse)
+
+-- | An array that contains one @ResolverConfigs@ element for each Resolver
+-- configuration that is associated with the current Amazon Web Services
+-- account.
+listResolverConfigsResponse_resolverConfigs :: Lens.Lens' ListResolverConfigsResponse (Prelude.Maybe [ResolverConfig])
+listResolverConfigsResponse_resolverConfigs = Lens.lens (\ListResolverConfigsResponse' {resolverConfigs} -> resolverConfigs) (\s@ListResolverConfigsResponse' {} a -> s {resolverConfigs = a} :: ListResolverConfigsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listResolverConfigsResponse_httpStatus :: Lens.Lens' ListResolverConfigsResponse Prelude.Int
+listResolverConfigsResponse_httpStatus = Lens.lens (\ListResolverConfigsResponse' {httpStatus} -> httpStatus) (\s@ListResolverConfigsResponse' {} a -> s {httpStatus = a} :: ListResolverConfigsResponse)
+
+instance Prelude.NFData ListResolverConfigsResponse where
+  rnf ListResolverConfigsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resolverConfigs
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverDnssecConfigs.hs b/gen/Amazonka/Route53Resolver/ListResolverDnssecConfigs.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverDnssecConfigs.hs
@@ -0,0 +1,307 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverDnssecConfigs
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the configurations for DNSSEC validation that are associated with
+-- the current Amazon Web Services account.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverDnssecConfigs
+  ( -- * Creating a Request
+    ListResolverDnssecConfigs (..),
+    newListResolverDnssecConfigs,
+
+    -- * Request Lenses
+    listResolverDnssecConfigs_filters,
+    listResolverDnssecConfigs_maxResults,
+    listResolverDnssecConfigs_nextToken,
+
+    -- * Destructuring the Response
+    ListResolverDnssecConfigsResponse (..),
+    newListResolverDnssecConfigsResponse,
+
+    -- * Response Lenses
+    listResolverDnssecConfigsResponse_nextToken,
+    listResolverDnssecConfigsResponse_resolverDnssecConfigs,
+    listResolverDnssecConfigsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverDnssecConfigs' smart constructor.
+data ListResolverDnssecConfigs = ListResolverDnssecConfigs'
+  { -- | An optional specification to return a subset of objects.
+    filters :: Prelude.Maybe [Filter],
+    -- | /Optional/: An integer that specifies the maximum number of DNSSEC
+    -- configuration results that you want Amazon Route 53 to return. If you
+    -- don\'t specify a value for @MaxResults@, Route 53 returns up to 100
+    -- configuration per page.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | (Optional) If the current Amazon Web Services account has more than
+    -- @MaxResults@ DNSSEC configurations, use @NextToken@ to get the second
+    -- and subsequent pages of results.
+    --
+    -- For the first @ListResolverDnssecConfigs@ request, omit this value.
+    --
+    -- For the second and subsequent requests, get the value of @NextToken@
+    -- from the previous response and specify that value for @NextToken@ in the
+    -- request.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverDnssecConfigs' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'listResolverDnssecConfigs_filters' - An optional specification to return a subset of objects.
+--
+-- 'maxResults', 'listResolverDnssecConfigs_maxResults' - /Optional/: An integer that specifies the maximum number of DNSSEC
+-- configuration results that you want Amazon Route 53 to return. If you
+-- don\'t specify a value for @MaxResults@, Route 53 returns up to 100
+-- configuration per page.
+--
+-- 'nextToken', 'listResolverDnssecConfigs_nextToken' - (Optional) If the current Amazon Web Services account has more than
+-- @MaxResults@ DNSSEC configurations, use @NextToken@ to get the second
+-- and subsequent pages of results.
+--
+-- For the first @ListResolverDnssecConfigs@ request, omit this value.
+--
+-- For the second and subsequent requests, get the value of @NextToken@
+-- from the previous response and specify that value for @NextToken@ in the
+-- request.
+newListResolverDnssecConfigs ::
+  ListResolverDnssecConfigs
+newListResolverDnssecConfigs =
+  ListResolverDnssecConfigs'
+    { filters =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | An optional specification to return a subset of objects.
+listResolverDnssecConfigs_filters :: Lens.Lens' ListResolverDnssecConfigs (Prelude.Maybe [Filter])
+listResolverDnssecConfigs_filters = Lens.lens (\ListResolverDnssecConfigs' {filters} -> filters) (\s@ListResolverDnssecConfigs' {} a -> s {filters = a} :: ListResolverDnssecConfigs) Prelude.. Lens.mapping Lens.coerced
+
+-- | /Optional/: An integer that specifies the maximum number of DNSSEC
+-- configuration results that you want Amazon Route 53 to return. If you
+-- don\'t specify a value for @MaxResults@, Route 53 returns up to 100
+-- configuration per page.
+listResolverDnssecConfigs_maxResults :: Lens.Lens' ListResolverDnssecConfigs (Prelude.Maybe Prelude.Natural)
+listResolverDnssecConfigs_maxResults = Lens.lens (\ListResolverDnssecConfigs' {maxResults} -> maxResults) (\s@ListResolverDnssecConfigs' {} a -> s {maxResults = a} :: ListResolverDnssecConfigs)
+
+-- | (Optional) If the current Amazon Web Services account has more than
+-- @MaxResults@ DNSSEC configurations, use @NextToken@ to get the second
+-- and subsequent pages of results.
+--
+-- For the first @ListResolverDnssecConfigs@ request, omit this value.
+--
+-- For the second and subsequent requests, get the value of @NextToken@
+-- from the previous response and specify that value for @NextToken@ in the
+-- request.
+listResolverDnssecConfigs_nextToken :: Lens.Lens' ListResolverDnssecConfigs (Prelude.Maybe Prelude.Text)
+listResolverDnssecConfigs_nextToken = Lens.lens (\ListResolverDnssecConfigs' {nextToken} -> nextToken) (\s@ListResolverDnssecConfigs' {} a -> s {nextToken = a} :: ListResolverDnssecConfigs)
+
+instance Core.AWSPager ListResolverDnssecConfigs where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverDnssecConfigsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverDnssecConfigsResponse_resolverDnssecConfigs
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverDnssecConfigs_nextToken
+          Lens..~ rs
+          Lens.^? listResolverDnssecConfigsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListResolverDnssecConfigs where
+  type
+    AWSResponse ListResolverDnssecConfigs =
+      ListResolverDnssecConfigsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverDnssecConfigsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "ResolverDnssecConfigs"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListResolverDnssecConfigs where
+  hashWithSalt _salt ListResolverDnssecConfigs' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListResolverDnssecConfigs where
+  rnf ListResolverDnssecConfigs' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListResolverDnssecConfigs where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverDnssecConfigs" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResolverDnssecConfigs where
+  toJSON ListResolverDnssecConfigs' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListResolverDnssecConfigs where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResolverDnssecConfigs where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverDnssecConfigsResponse' smart constructor.
+data ListResolverDnssecConfigsResponse = ListResolverDnssecConfigsResponse'
+  { -- | If a response includes the last of the DNSSEC configurations that are
+    -- associated with the current Amazon Web Services account, @NextToken@
+    -- doesn\'t appear in the response.
+    --
+    -- If a response doesn\'t include the last of the configurations, you can
+    -- get more configurations by submitting another
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListResolverDnssecConfigs.html ListResolverDnssecConfigs>
+    -- request. Get the value of @NextToken@ that Amazon Route 53 returned in
+    -- the previous response and include it in @NextToken@ in the next request.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | An array that contains one
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_ResolverDnssecConfig.html ResolverDnssecConfig>
+    -- element for each configuration for DNSSEC validation that is associated
+    -- with the current Amazon Web Services account.
+    resolverDnssecConfigs :: Prelude.Maybe [ResolverDnssecConfig],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverDnssecConfigsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listResolverDnssecConfigsResponse_nextToken' - If a response includes the last of the DNSSEC configurations that are
+-- associated with the current Amazon Web Services account, @NextToken@
+-- doesn\'t appear in the response.
+--
+-- If a response doesn\'t include the last of the configurations, you can
+-- get more configurations by submitting another
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListResolverDnssecConfigs.html ListResolverDnssecConfigs>
+-- request. Get the value of @NextToken@ that Amazon Route 53 returned in
+-- the previous response and include it in @NextToken@ in the next request.
+--
+-- 'resolverDnssecConfigs', 'listResolverDnssecConfigsResponse_resolverDnssecConfigs' - An array that contains one
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_ResolverDnssecConfig.html ResolverDnssecConfig>
+-- element for each configuration for DNSSEC validation that is associated
+-- with the current Amazon Web Services account.
+--
+-- 'httpStatus', 'listResolverDnssecConfigsResponse_httpStatus' - The response's http status code.
+newListResolverDnssecConfigsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverDnssecConfigsResponse
+newListResolverDnssecConfigsResponse pHttpStatus_ =
+  ListResolverDnssecConfigsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      resolverDnssecConfigs = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | If a response includes the last of the DNSSEC configurations that are
+-- associated with the current Amazon Web Services account, @NextToken@
+-- doesn\'t appear in the response.
+--
+-- If a response doesn\'t include the last of the configurations, you can
+-- get more configurations by submitting another
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListResolverDnssecConfigs.html ListResolverDnssecConfigs>
+-- request. Get the value of @NextToken@ that Amazon Route 53 returned in
+-- the previous response and include it in @NextToken@ in the next request.
+listResolverDnssecConfigsResponse_nextToken :: Lens.Lens' ListResolverDnssecConfigsResponse (Prelude.Maybe Prelude.Text)
+listResolverDnssecConfigsResponse_nextToken = Lens.lens (\ListResolverDnssecConfigsResponse' {nextToken} -> nextToken) (\s@ListResolverDnssecConfigsResponse' {} a -> s {nextToken = a} :: ListResolverDnssecConfigsResponse)
+
+-- | An array that contains one
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_ResolverDnssecConfig.html ResolverDnssecConfig>
+-- element for each configuration for DNSSEC validation that is associated
+-- with the current Amazon Web Services account.
+listResolverDnssecConfigsResponse_resolverDnssecConfigs :: Lens.Lens' ListResolverDnssecConfigsResponse (Prelude.Maybe [ResolverDnssecConfig])
+listResolverDnssecConfigsResponse_resolverDnssecConfigs = Lens.lens (\ListResolverDnssecConfigsResponse' {resolverDnssecConfigs} -> resolverDnssecConfigs) (\s@ListResolverDnssecConfigsResponse' {} a -> s {resolverDnssecConfigs = a} :: ListResolverDnssecConfigsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listResolverDnssecConfigsResponse_httpStatus :: Lens.Lens' ListResolverDnssecConfigsResponse Prelude.Int
+listResolverDnssecConfigsResponse_httpStatus = Lens.lens (\ListResolverDnssecConfigsResponse' {httpStatus} -> httpStatus) (\s@ListResolverDnssecConfigsResponse' {} a -> s {httpStatus = a} :: ListResolverDnssecConfigsResponse)
+
+instance
+  Prelude.NFData
+    ListResolverDnssecConfigsResponse
+  where
+  rnf ListResolverDnssecConfigsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resolverDnssecConfigs
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverEndpointIpAddresses.hs b/gen/Amazonka/Route53Resolver/ListResolverEndpointIpAddresses.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverEndpointIpAddresses.hs
@@ -0,0 +1,313 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverEndpointIpAddresses
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets the IP addresses for a specified Resolver endpoint.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverEndpointIpAddresses
+  ( -- * Creating a Request
+    ListResolverEndpointIpAddresses (..),
+    newListResolverEndpointIpAddresses,
+
+    -- * Request Lenses
+    listResolverEndpointIpAddresses_maxResults,
+    listResolverEndpointIpAddresses_nextToken,
+    listResolverEndpointIpAddresses_resolverEndpointId,
+
+    -- * Destructuring the Response
+    ListResolverEndpointIpAddressesResponse (..),
+    newListResolverEndpointIpAddressesResponse,
+
+    -- * Response Lenses
+    listResolverEndpointIpAddressesResponse_ipAddresses,
+    listResolverEndpointIpAddressesResponse_maxResults,
+    listResolverEndpointIpAddressesResponse_nextToken,
+    listResolverEndpointIpAddressesResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverEndpointIpAddresses' smart constructor.
+data ListResolverEndpointIpAddresses = ListResolverEndpointIpAddresses'
+  { -- | The maximum number of IP addresses that you want to return in the
+    -- response to a @ListResolverEndpointIpAddresses@ request. If you don\'t
+    -- specify a value for @MaxResults@, Resolver returns up to 100 IP
+    -- addresses.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first @ListResolverEndpointIpAddresses@ request, omit this
+    -- value.
+    --
+    -- If the specified Resolver endpoint has more than @MaxResults@ IP
+    -- addresses, you can submit another @ListResolverEndpointIpAddresses@
+    -- request to get the next group of IP addresses. In the next request,
+    -- specify the value of @NextToken@ from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Resolver endpoint that you want to get IP addresses for.
+    resolverEndpointId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverEndpointIpAddresses' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listResolverEndpointIpAddresses_maxResults' - The maximum number of IP addresses that you want to return in the
+-- response to a @ListResolverEndpointIpAddresses@ request. If you don\'t
+-- specify a value for @MaxResults@, Resolver returns up to 100 IP
+-- addresses.
+--
+-- 'nextToken', 'listResolverEndpointIpAddresses_nextToken' - For the first @ListResolverEndpointIpAddresses@ request, omit this
+-- value.
+--
+-- If the specified Resolver endpoint has more than @MaxResults@ IP
+-- addresses, you can submit another @ListResolverEndpointIpAddresses@
+-- request to get the next group of IP addresses. In the next request,
+-- specify the value of @NextToken@ from the previous response.
+--
+-- 'resolverEndpointId', 'listResolverEndpointIpAddresses_resolverEndpointId' - The ID of the Resolver endpoint that you want to get IP addresses for.
+newListResolverEndpointIpAddresses ::
+  -- | 'resolverEndpointId'
+  Prelude.Text ->
+  ListResolverEndpointIpAddresses
+newListResolverEndpointIpAddresses
+  pResolverEndpointId_ =
+    ListResolverEndpointIpAddresses'
+      { maxResults =
+          Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        resolverEndpointId = pResolverEndpointId_
+      }
+
+-- | The maximum number of IP addresses that you want to return in the
+-- response to a @ListResolverEndpointIpAddresses@ request. If you don\'t
+-- specify a value for @MaxResults@, Resolver returns up to 100 IP
+-- addresses.
+listResolverEndpointIpAddresses_maxResults :: Lens.Lens' ListResolverEndpointIpAddresses (Prelude.Maybe Prelude.Natural)
+listResolverEndpointIpAddresses_maxResults = Lens.lens (\ListResolverEndpointIpAddresses' {maxResults} -> maxResults) (\s@ListResolverEndpointIpAddresses' {} a -> s {maxResults = a} :: ListResolverEndpointIpAddresses)
+
+-- | For the first @ListResolverEndpointIpAddresses@ request, omit this
+-- value.
+--
+-- If the specified Resolver endpoint has more than @MaxResults@ IP
+-- addresses, you can submit another @ListResolverEndpointIpAddresses@
+-- request to get the next group of IP addresses. In the next request,
+-- specify the value of @NextToken@ from the previous response.
+listResolverEndpointIpAddresses_nextToken :: Lens.Lens' ListResolverEndpointIpAddresses (Prelude.Maybe Prelude.Text)
+listResolverEndpointIpAddresses_nextToken = Lens.lens (\ListResolverEndpointIpAddresses' {nextToken} -> nextToken) (\s@ListResolverEndpointIpAddresses' {} a -> s {nextToken = a} :: ListResolverEndpointIpAddresses)
+
+-- | The ID of the Resolver endpoint that you want to get IP addresses for.
+listResolverEndpointIpAddresses_resolverEndpointId :: Lens.Lens' ListResolverEndpointIpAddresses Prelude.Text
+listResolverEndpointIpAddresses_resolverEndpointId = Lens.lens (\ListResolverEndpointIpAddresses' {resolverEndpointId} -> resolverEndpointId) (\s@ListResolverEndpointIpAddresses' {} a -> s {resolverEndpointId = a} :: ListResolverEndpointIpAddresses)
+
+instance
+  Core.AWSPager
+    ListResolverEndpointIpAddresses
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverEndpointIpAddressesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverEndpointIpAddressesResponse_ipAddresses
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverEndpointIpAddresses_nextToken
+          Lens..~ rs
+          Lens.^? listResolverEndpointIpAddressesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListResolverEndpointIpAddresses
+  where
+  type
+    AWSResponse ListResolverEndpointIpAddresses =
+      ListResolverEndpointIpAddressesResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverEndpointIpAddressesResponse'
+            Prelude.<$> (x Data..?> "IpAddresses" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "MaxResults")
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListResolverEndpointIpAddresses
+  where
+  hashWithSalt
+    _salt
+    ListResolverEndpointIpAddresses' {..} =
+      _salt
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` resolverEndpointId
+
+instance
+  Prelude.NFData
+    ListResolverEndpointIpAddresses
+  where
+  rnf ListResolverEndpointIpAddresses' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resolverEndpointId
+
+instance
+  Data.ToHeaders
+    ListResolverEndpointIpAddresses
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverEndpointIpAddresses" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResolverEndpointIpAddresses where
+  toJSON ListResolverEndpointIpAddresses' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just
+              ("ResolverEndpointId" Data..= resolverEndpointId)
+          ]
+      )
+
+instance Data.ToPath ListResolverEndpointIpAddresses where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResolverEndpointIpAddresses where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverEndpointIpAddressesResponse' smart constructor.
+data ListResolverEndpointIpAddressesResponse = ListResolverEndpointIpAddressesResponse'
+  { -- | Information about the IP addresses in your VPC that DNS queries
+    -- originate from (for outbound endpoints) or that you forward DNS queries
+    -- to (for inbound endpoints).
+    ipAddresses :: Prelude.Maybe [IpAddressResponse],
+    -- | The value that you specified for @MaxResults@ in the request.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | If the specified endpoint has more than @MaxResults@ IP addresses, you
+    -- can submit another @ListResolverEndpointIpAddresses@ request to get the
+    -- next group of IP addresses. In the next request, specify the value of
+    -- @NextToken@ from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverEndpointIpAddressesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ipAddresses', 'listResolverEndpointIpAddressesResponse_ipAddresses' - Information about the IP addresses in your VPC that DNS queries
+-- originate from (for outbound endpoints) or that you forward DNS queries
+-- to (for inbound endpoints).
+--
+-- 'maxResults', 'listResolverEndpointIpAddressesResponse_maxResults' - The value that you specified for @MaxResults@ in the request.
+--
+-- 'nextToken', 'listResolverEndpointIpAddressesResponse_nextToken' - If the specified endpoint has more than @MaxResults@ IP addresses, you
+-- can submit another @ListResolverEndpointIpAddresses@ request to get the
+-- next group of IP addresses. In the next request, specify the value of
+-- @NextToken@ from the previous response.
+--
+-- 'httpStatus', 'listResolverEndpointIpAddressesResponse_httpStatus' - The response's http status code.
+newListResolverEndpointIpAddressesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverEndpointIpAddressesResponse
+newListResolverEndpointIpAddressesResponse
+  pHttpStatus_ =
+    ListResolverEndpointIpAddressesResponse'
+      { ipAddresses =
+          Prelude.Nothing,
+        maxResults = Prelude.Nothing,
+        nextToken = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | Information about the IP addresses in your VPC that DNS queries
+-- originate from (for outbound endpoints) or that you forward DNS queries
+-- to (for inbound endpoints).
+listResolverEndpointIpAddressesResponse_ipAddresses :: Lens.Lens' ListResolverEndpointIpAddressesResponse (Prelude.Maybe [IpAddressResponse])
+listResolverEndpointIpAddressesResponse_ipAddresses = Lens.lens (\ListResolverEndpointIpAddressesResponse' {ipAddresses} -> ipAddresses) (\s@ListResolverEndpointIpAddressesResponse' {} a -> s {ipAddresses = a} :: ListResolverEndpointIpAddressesResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The value that you specified for @MaxResults@ in the request.
+listResolverEndpointIpAddressesResponse_maxResults :: Lens.Lens' ListResolverEndpointIpAddressesResponse (Prelude.Maybe Prelude.Natural)
+listResolverEndpointIpAddressesResponse_maxResults = Lens.lens (\ListResolverEndpointIpAddressesResponse' {maxResults} -> maxResults) (\s@ListResolverEndpointIpAddressesResponse' {} a -> s {maxResults = a} :: ListResolverEndpointIpAddressesResponse)
+
+-- | If the specified endpoint has more than @MaxResults@ IP addresses, you
+-- can submit another @ListResolverEndpointIpAddresses@ request to get the
+-- next group of IP addresses. In the next request, specify the value of
+-- @NextToken@ from the previous response.
+listResolverEndpointIpAddressesResponse_nextToken :: Lens.Lens' ListResolverEndpointIpAddressesResponse (Prelude.Maybe Prelude.Text)
+listResolverEndpointIpAddressesResponse_nextToken = Lens.lens (\ListResolverEndpointIpAddressesResponse' {nextToken} -> nextToken) (\s@ListResolverEndpointIpAddressesResponse' {} a -> s {nextToken = a} :: ListResolverEndpointIpAddressesResponse)
+
+-- | The response's http status code.
+listResolverEndpointIpAddressesResponse_httpStatus :: Lens.Lens' ListResolverEndpointIpAddressesResponse Prelude.Int
+listResolverEndpointIpAddressesResponse_httpStatus = Lens.lens (\ListResolverEndpointIpAddressesResponse' {httpStatus} -> httpStatus) (\s@ListResolverEndpointIpAddressesResponse' {} a -> s {httpStatus = a} :: ListResolverEndpointIpAddressesResponse)
+
+instance
+  Prelude.NFData
+    ListResolverEndpointIpAddressesResponse
+  where
+  rnf ListResolverEndpointIpAddressesResponse' {..} =
+    Prelude.rnf ipAddresses
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverEndpoints.hs b/gen/Amazonka/Route53Resolver/ListResolverEndpoints.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverEndpoints.hs
@@ -0,0 +1,297 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverEndpoints
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists all the Resolver endpoints that were created using the current
+-- Amazon Web Services account.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverEndpoints
+  ( -- * Creating a Request
+    ListResolverEndpoints (..),
+    newListResolverEndpoints,
+
+    -- * Request Lenses
+    listResolverEndpoints_filters,
+    listResolverEndpoints_maxResults,
+    listResolverEndpoints_nextToken,
+
+    -- * Destructuring the Response
+    ListResolverEndpointsResponse (..),
+    newListResolverEndpointsResponse,
+
+    -- * Response Lenses
+    listResolverEndpointsResponse_maxResults,
+    listResolverEndpointsResponse_nextToken,
+    listResolverEndpointsResponse_resolverEndpoints,
+    listResolverEndpointsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverEndpoints' smart constructor.
+data ListResolverEndpoints = ListResolverEndpoints'
+  { -- | An optional specification to return a subset of Resolver endpoints, such
+    -- as all inbound Resolver endpoints.
+    --
+    -- If you submit a second or subsequent @ListResolverEndpoints@ request and
+    -- specify the @NextToken@ parameter, you must use the same values for
+    -- @Filters@, if any, as in the previous request.
+    filters :: Prelude.Maybe [Filter],
+    -- | The maximum number of Resolver endpoints that you want to return in the
+    -- response to a @ListResolverEndpoints@ request. If you don\'t specify a
+    -- value for @MaxResults@, Resolver returns up to 100 Resolver endpoints.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first @ListResolverEndpoints@ request, omit this value.
+    --
+    -- If you have more than @MaxResults@ Resolver endpoints, you can submit
+    -- another @ListResolverEndpoints@ request to get the next group of
+    -- Resolver endpoints. In the next request, specify the value of
+    -- @NextToken@ from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverEndpoints' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'listResolverEndpoints_filters' - An optional specification to return a subset of Resolver endpoints, such
+-- as all inbound Resolver endpoints.
+--
+-- If you submit a second or subsequent @ListResolverEndpoints@ request and
+-- specify the @NextToken@ parameter, you must use the same values for
+-- @Filters@, if any, as in the previous request.
+--
+-- 'maxResults', 'listResolverEndpoints_maxResults' - The maximum number of Resolver endpoints that you want to return in the
+-- response to a @ListResolverEndpoints@ request. If you don\'t specify a
+-- value for @MaxResults@, Resolver returns up to 100 Resolver endpoints.
+--
+-- 'nextToken', 'listResolverEndpoints_nextToken' - For the first @ListResolverEndpoints@ request, omit this value.
+--
+-- If you have more than @MaxResults@ Resolver endpoints, you can submit
+-- another @ListResolverEndpoints@ request to get the next group of
+-- Resolver endpoints. In the next request, specify the value of
+-- @NextToken@ from the previous response.
+newListResolverEndpoints ::
+  ListResolverEndpoints
+newListResolverEndpoints =
+  ListResolverEndpoints'
+    { filters = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | An optional specification to return a subset of Resolver endpoints, such
+-- as all inbound Resolver endpoints.
+--
+-- If you submit a second or subsequent @ListResolverEndpoints@ request and
+-- specify the @NextToken@ parameter, you must use the same values for
+-- @Filters@, if any, as in the previous request.
+listResolverEndpoints_filters :: Lens.Lens' ListResolverEndpoints (Prelude.Maybe [Filter])
+listResolverEndpoints_filters = Lens.lens (\ListResolverEndpoints' {filters} -> filters) (\s@ListResolverEndpoints' {} a -> s {filters = a} :: ListResolverEndpoints) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of Resolver endpoints that you want to return in the
+-- response to a @ListResolverEndpoints@ request. If you don\'t specify a
+-- value for @MaxResults@, Resolver returns up to 100 Resolver endpoints.
+listResolverEndpoints_maxResults :: Lens.Lens' ListResolverEndpoints (Prelude.Maybe Prelude.Natural)
+listResolverEndpoints_maxResults = Lens.lens (\ListResolverEndpoints' {maxResults} -> maxResults) (\s@ListResolverEndpoints' {} a -> s {maxResults = a} :: ListResolverEndpoints)
+
+-- | For the first @ListResolverEndpoints@ request, omit this value.
+--
+-- If you have more than @MaxResults@ Resolver endpoints, you can submit
+-- another @ListResolverEndpoints@ request to get the next group of
+-- Resolver endpoints. In the next request, specify the value of
+-- @NextToken@ from the previous response.
+listResolverEndpoints_nextToken :: Lens.Lens' ListResolverEndpoints (Prelude.Maybe Prelude.Text)
+listResolverEndpoints_nextToken = Lens.lens (\ListResolverEndpoints' {nextToken} -> nextToken) (\s@ListResolverEndpoints' {} a -> s {nextToken = a} :: ListResolverEndpoints)
+
+instance Core.AWSPager ListResolverEndpoints where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverEndpointsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverEndpointsResponse_resolverEndpoints
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverEndpoints_nextToken
+          Lens..~ rs
+          Lens.^? listResolverEndpointsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListResolverEndpoints where
+  type
+    AWSResponse ListResolverEndpoints =
+      ListResolverEndpointsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverEndpointsResponse'
+            Prelude.<$> (x Data..?> "MaxResults")
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "ResolverEndpoints"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListResolverEndpoints where
+  hashWithSalt _salt ListResolverEndpoints' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListResolverEndpoints where
+  rnf ListResolverEndpoints' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListResolverEndpoints where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverEndpoints" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResolverEndpoints where
+  toJSON ListResolverEndpoints' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListResolverEndpoints where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResolverEndpoints where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverEndpointsResponse' smart constructor.
+data ListResolverEndpointsResponse = ListResolverEndpointsResponse'
+  { -- | The value that you specified for @MaxResults@ in the request.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | If more than @MaxResults@ IP addresses match the specified criteria, you
+    -- can submit another @ListResolverEndpoint@ request to get the next group
+    -- of results. In the next request, specify the value of @NextToken@ from
+    -- the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The Resolver endpoints that were created by using the current Amazon Web
+    -- Services account, and that match the specified filters, if any.
+    resolverEndpoints :: Prelude.Maybe [ResolverEndpoint],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverEndpointsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listResolverEndpointsResponse_maxResults' - The value that you specified for @MaxResults@ in the request.
+--
+-- 'nextToken', 'listResolverEndpointsResponse_nextToken' - If more than @MaxResults@ IP addresses match the specified criteria, you
+-- can submit another @ListResolverEndpoint@ request to get the next group
+-- of results. In the next request, specify the value of @NextToken@ from
+-- the previous response.
+--
+-- 'resolverEndpoints', 'listResolverEndpointsResponse_resolverEndpoints' - The Resolver endpoints that were created by using the current Amazon Web
+-- Services account, and that match the specified filters, if any.
+--
+-- 'httpStatus', 'listResolverEndpointsResponse_httpStatus' - The response's http status code.
+newListResolverEndpointsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverEndpointsResponse
+newListResolverEndpointsResponse pHttpStatus_ =
+  ListResolverEndpointsResponse'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      resolverEndpoints = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The value that you specified for @MaxResults@ in the request.
+listResolverEndpointsResponse_maxResults :: Lens.Lens' ListResolverEndpointsResponse (Prelude.Maybe Prelude.Natural)
+listResolverEndpointsResponse_maxResults = Lens.lens (\ListResolverEndpointsResponse' {maxResults} -> maxResults) (\s@ListResolverEndpointsResponse' {} a -> s {maxResults = a} :: ListResolverEndpointsResponse)
+
+-- | If more than @MaxResults@ IP addresses match the specified criteria, you
+-- can submit another @ListResolverEndpoint@ request to get the next group
+-- of results. In the next request, specify the value of @NextToken@ from
+-- the previous response.
+listResolverEndpointsResponse_nextToken :: Lens.Lens' ListResolverEndpointsResponse (Prelude.Maybe Prelude.Text)
+listResolverEndpointsResponse_nextToken = Lens.lens (\ListResolverEndpointsResponse' {nextToken} -> nextToken) (\s@ListResolverEndpointsResponse' {} a -> s {nextToken = a} :: ListResolverEndpointsResponse)
+
+-- | The Resolver endpoints that were created by using the current Amazon Web
+-- Services account, and that match the specified filters, if any.
+listResolverEndpointsResponse_resolverEndpoints :: Lens.Lens' ListResolverEndpointsResponse (Prelude.Maybe [ResolverEndpoint])
+listResolverEndpointsResponse_resolverEndpoints = Lens.lens (\ListResolverEndpointsResponse' {resolverEndpoints} -> resolverEndpoints) (\s@ListResolverEndpointsResponse' {} a -> s {resolverEndpoints = a} :: ListResolverEndpointsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listResolverEndpointsResponse_httpStatus :: Lens.Lens' ListResolverEndpointsResponse Prelude.Int
+listResolverEndpointsResponse_httpStatus = Lens.lens (\ListResolverEndpointsResponse' {httpStatus} -> httpStatus) (\s@ListResolverEndpointsResponse' {} a -> s {httpStatus = a} :: ListResolverEndpointsResponse)
+
+instance Prelude.NFData ListResolverEndpointsResponse where
+  rnf ListResolverEndpointsResponse' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resolverEndpoints
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverQueryLogConfigAssociations.hs b/gen/Amazonka/Route53Resolver/ListResolverQueryLogConfigAssociations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverQueryLogConfigAssociations.hs
@@ -0,0 +1,575 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverQueryLogConfigAssociations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists information about associations between Amazon VPCs and query
+-- logging configurations.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverQueryLogConfigAssociations
+  ( -- * Creating a Request
+    ListResolverQueryLogConfigAssociations (..),
+    newListResolverQueryLogConfigAssociations,
+
+    -- * Request Lenses
+    listResolverQueryLogConfigAssociations_filters,
+    listResolverQueryLogConfigAssociations_maxResults,
+    listResolverQueryLogConfigAssociations_nextToken,
+    listResolverQueryLogConfigAssociations_sortBy,
+    listResolverQueryLogConfigAssociations_sortOrder,
+
+    -- * Destructuring the Response
+    ListResolverQueryLogConfigAssociationsResponse (..),
+    newListResolverQueryLogConfigAssociationsResponse,
+
+    -- * Response Lenses
+    listResolverQueryLogConfigAssociationsResponse_nextToken,
+    listResolverQueryLogConfigAssociationsResponse_resolverQueryLogConfigAssociations,
+    listResolverQueryLogConfigAssociationsResponse_totalCount,
+    listResolverQueryLogConfigAssociationsResponse_totalFilteredCount,
+    listResolverQueryLogConfigAssociationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverQueryLogConfigAssociations' smart constructor.
+data ListResolverQueryLogConfigAssociations = ListResolverQueryLogConfigAssociations'
+  { -- | An optional specification to return a subset of query logging
+    -- associations.
+    --
+    -- If you submit a second or subsequent
+    -- @ListResolverQueryLogConfigAssociations@ request and specify the
+    -- @NextToken@ parameter, you must use the same values for @Filters@, if
+    -- any, as in the previous request.
+    filters :: Prelude.Maybe [Filter],
+    -- | The maximum number of query logging associations that you want to return
+    -- in the response to a @ListResolverQueryLogConfigAssociations@ request.
+    -- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+    -- 100 query logging associations.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first @ListResolverQueryLogConfigAssociations@ request, omit
+    -- this value.
+    --
+    -- If there are more than @MaxResults@ query logging associations that
+    -- match the values that you specify for @Filters@, you can submit another
+    -- @ListResolverQueryLogConfigAssociations@ request to get the next group
+    -- of associations. In the next request, specify the value of @NextToken@
+    -- from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The element that you want Resolver to sort query logging associations
+    -- by.
+    --
+    -- If you submit a second or subsequent
+    -- @ListResolverQueryLogConfigAssociations@ request and specify the
+    -- @NextToken@ parameter, you must use the same value for @SortBy@, if any,
+    -- as in the previous request.
+    --
+    -- Valid values include the following elements:
+    --
+    -- -   @CreationTime@: The ID of the query logging association.
+    --
+    -- -   @Error@: If the value of @Status@ is @FAILED@, the value of @Error@
+    --     indicates the cause:
+    --
+    --     -   @DESTINATION_NOT_FOUND@: The specified destination (for example,
+    --         an Amazon S3 bucket) was deleted.
+    --
+    --     -   @ACCESS_DENIED@: Permissions don\'t allow sending logs to the
+    --         destination.
+    --
+    --     If @Status@ is a value other than @FAILED@, @ERROR@ is null.
+    --
+    -- -   @Id@: The ID of the query logging association
+    --
+    -- -   @ResolverQueryLogConfigId@: The ID of the query logging
+    --     configuration
+    --
+    -- -   @ResourceId@: The ID of the VPC that is associated with the query
+    --     logging configuration
+    --
+    -- -   @Status@: The current status of the configuration. Valid values
+    --     include the following:
+    --
+    --     -   @CREATING@: Resolver is creating an association between an
+    --         Amazon VPC and a query logging configuration.
+    --
+    --     -   @CREATED@: The association between an Amazon VPC and a query
+    --         logging configuration was successfully created. Resolver is
+    --         logging queries that originate in the specified VPC.
+    --
+    --     -   @DELETING@: Resolver is deleting this query logging association.
+    --
+    --     -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete
+    --         the query logging association. Here are two common causes:
+    --
+    --         -   The specified destination (for example, an Amazon S3 bucket)
+    --             was deleted.
+    --
+    --         -   Permissions don\'t allow sending logs to the destination.
+    sortBy :: Prelude.Maybe Prelude.Text,
+    -- | If you specified a value for @SortBy@, the order that you want query
+    -- logging associations to be listed in, @ASCENDING@ or @DESCENDING@.
+    --
+    -- If you submit a second or subsequent
+    -- @ListResolverQueryLogConfigAssociations@ request and specify the
+    -- @NextToken@ parameter, you must use the same value for @SortOrder@, if
+    -- any, as in the previous request.
+    sortOrder :: Prelude.Maybe SortOrder
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverQueryLogConfigAssociations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'listResolverQueryLogConfigAssociations_filters' - An optional specification to return a subset of query logging
+-- associations.
+--
+-- If you submit a second or subsequent
+-- @ListResolverQueryLogConfigAssociations@ request and specify the
+-- @NextToken@ parameter, you must use the same values for @Filters@, if
+-- any, as in the previous request.
+--
+-- 'maxResults', 'listResolverQueryLogConfigAssociations_maxResults' - The maximum number of query logging associations that you want to return
+-- in the response to a @ListResolverQueryLogConfigAssociations@ request.
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 query logging associations.
+--
+-- 'nextToken', 'listResolverQueryLogConfigAssociations_nextToken' - For the first @ListResolverQueryLogConfigAssociations@ request, omit
+-- this value.
+--
+-- If there are more than @MaxResults@ query logging associations that
+-- match the values that you specify for @Filters@, you can submit another
+-- @ListResolverQueryLogConfigAssociations@ request to get the next group
+-- of associations. In the next request, specify the value of @NextToken@
+-- from the previous response.
+--
+-- 'sortBy', 'listResolverQueryLogConfigAssociations_sortBy' - The element that you want Resolver to sort query logging associations
+-- by.
+--
+-- If you submit a second or subsequent
+-- @ListResolverQueryLogConfigAssociations@ request and specify the
+-- @NextToken@ parameter, you must use the same value for @SortBy@, if any,
+-- as in the previous request.
+--
+-- Valid values include the following elements:
+--
+-- -   @CreationTime@: The ID of the query logging association.
+--
+-- -   @Error@: If the value of @Status@ is @FAILED@, the value of @Error@
+--     indicates the cause:
+--
+--     -   @DESTINATION_NOT_FOUND@: The specified destination (for example,
+--         an Amazon S3 bucket) was deleted.
+--
+--     -   @ACCESS_DENIED@: Permissions don\'t allow sending logs to the
+--         destination.
+--
+--     If @Status@ is a value other than @FAILED@, @ERROR@ is null.
+--
+-- -   @Id@: The ID of the query logging association
+--
+-- -   @ResolverQueryLogConfigId@: The ID of the query logging
+--     configuration
+--
+-- -   @ResourceId@: The ID of the VPC that is associated with the query
+--     logging configuration
+--
+-- -   @Status@: The current status of the configuration. Valid values
+--     include the following:
+--
+--     -   @CREATING@: Resolver is creating an association between an
+--         Amazon VPC and a query logging configuration.
+--
+--     -   @CREATED@: The association between an Amazon VPC and a query
+--         logging configuration was successfully created. Resolver is
+--         logging queries that originate in the specified VPC.
+--
+--     -   @DELETING@: Resolver is deleting this query logging association.
+--
+--     -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete
+--         the query logging association. Here are two common causes:
+--
+--         -   The specified destination (for example, an Amazon S3 bucket)
+--             was deleted.
+--
+--         -   Permissions don\'t allow sending logs to the destination.
+--
+-- 'sortOrder', 'listResolverQueryLogConfigAssociations_sortOrder' - If you specified a value for @SortBy@, the order that you want query
+-- logging associations to be listed in, @ASCENDING@ or @DESCENDING@.
+--
+-- If you submit a second or subsequent
+-- @ListResolverQueryLogConfigAssociations@ request and specify the
+-- @NextToken@ parameter, you must use the same value for @SortOrder@, if
+-- any, as in the previous request.
+newListResolverQueryLogConfigAssociations ::
+  ListResolverQueryLogConfigAssociations
+newListResolverQueryLogConfigAssociations =
+  ListResolverQueryLogConfigAssociations'
+    { filters =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      sortBy = Prelude.Nothing,
+      sortOrder = Prelude.Nothing
+    }
+
+-- | An optional specification to return a subset of query logging
+-- associations.
+--
+-- If you submit a second or subsequent
+-- @ListResolverQueryLogConfigAssociations@ request and specify the
+-- @NextToken@ parameter, you must use the same values for @Filters@, if
+-- any, as in the previous request.
+listResolverQueryLogConfigAssociations_filters :: Lens.Lens' ListResolverQueryLogConfigAssociations (Prelude.Maybe [Filter])
+listResolverQueryLogConfigAssociations_filters = Lens.lens (\ListResolverQueryLogConfigAssociations' {filters} -> filters) (\s@ListResolverQueryLogConfigAssociations' {} a -> s {filters = a} :: ListResolverQueryLogConfigAssociations) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of query logging associations that you want to return
+-- in the response to a @ListResolverQueryLogConfigAssociations@ request.
+-- If you don\'t specify a value for @MaxResults@, Resolver returns up to
+-- 100 query logging associations.
+listResolverQueryLogConfigAssociations_maxResults :: Lens.Lens' ListResolverQueryLogConfigAssociations (Prelude.Maybe Prelude.Natural)
+listResolverQueryLogConfigAssociations_maxResults = Lens.lens (\ListResolverQueryLogConfigAssociations' {maxResults} -> maxResults) (\s@ListResolverQueryLogConfigAssociations' {} a -> s {maxResults = a} :: ListResolverQueryLogConfigAssociations)
+
+-- | For the first @ListResolverQueryLogConfigAssociations@ request, omit
+-- this value.
+--
+-- If there are more than @MaxResults@ query logging associations that
+-- match the values that you specify for @Filters@, you can submit another
+-- @ListResolverQueryLogConfigAssociations@ request to get the next group
+-- of associations. In the next request, specify the value of @NextToken@
+-- from the previous response.
+listResolverQueryLogConfigAssociations_nextToken :: Lens.Lens' ListResolverQueryLogConfigAssociations (Prelude.Maybe Prelude.Text)
+listResolverQueryLogConfigAssociations_nextToken = Lens.lens (\ListResolverQueryLogConfigAssociations' {nextToken} -> nextToken) (\s@ListResolverQueryLogConfigAssociations' {} a -> s {nextToken = a} :: ListResolverQueryLogConfigAssociations)
+
+-- | The element that you want Resolver to sort query logging associations
+-- by.
+--
+-- If you submit a second or subsequent
+-- @ListResolverQueryLogConfigAssociations@ request and specify the
+-- @NextToken@ parameter, you must use the same value for @SortBy@, if any,
+-- as in the previous request.
+--
+-- Valid values include the following elements:
+--
+-- -   @CreationTime@: The ID of the query logging association.
+--
+-- -   @Error@: If the value of @Status@ is @FAILED@, the value of @Error@
+--     indicates the cause:
+--
+--     -   @DESTINATION_NOT_FOUND@: The specified destination (for example,
+--         an Amazon S3 bucket) was deleted.
+--
+--     -   @ACCESS_DENIED@: Permissions don\'t allow sending logs to the
+--         destination.
+--
+--     If @Status@ is a value other than @FAILED@, @ERROR@ is null.
+--
+-- -   @Id@: The ID of the query logging association
+--
+-- -   @ResolverQueryLogConfigId@: The ID of the query logging
+--     configuration
+--
+-- -   @ResourceId@: The ID of the VPC that is associated with the query
+--     logging configuration
+--
+-- -   @Status@: The current status of the configuration. Valid values
+--     include the following:
+--
+--     -   @CREATING@: Resolver is creating an association between an
+--         Amazon VPC and a query logging configuration.
+--
+--     -   @CREATED@: The association between an Amazon VPC and a query
+--         logging configuration was successfully created. Resolver is
+--         logging queries that originate in the specified VPC.
+--
+--     -   @DELETING@: Resolver is deleting this query logging association.
+--
+--     -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete
+--         the query logging association. Here are two common causes:
+--
+--         -   The specified destination (for example, an Amazon S3 bucket)
+--             was deleted.
+--
+--         -   Permissions don\'t allow sending logs to the destination.
+listResolverQueryLogConfigAssociations_sortBy :: Lens.Lens' ListResolverQueryLogConfigAssociations (Prelude.Maybe Prelude.Text)
+listResolverQueryLogConfigAssociations_sortBy = Lens.lens (\ListResolverQueryLogConfigAssociations' {sortBy} -> sortBy) (\s@ListResolverQueryLogConfigAssociations' {} a -> s {sortBy = a} :: ListResolverQueryLogConfigAssociations)
+
+-- | If you specified a value for @SortBy@, the order that you want query
+-- logging associations to be listed in, @ASCENDING@ or @DESCENDING@.
+--
+-- If you submit a second or subsequent
+-- @ListResolverQueryLogConfigAssociations@ request and specify the
+-- @NextToken@ parameter, you must use the same value for @SortOrder@, if
+-- any, as in the previous request.
+listResolverQueryLogConfigAssociations_sortOrder :: Lens.Lens' ListResolverQueryLogConfigAssociations (Prelude.Maybe SortOrder)
+listResolverQueryLogConfigAssociations_sortOrder = Lens.lens (\ListResolverQueryLogConfigAssociations' {sortOrder} -> sortOrder) (\s@ListResolverQueryLogConfigAssociations' {} a -> s {sortOrder = a} :: ListResolverQueryLogConfigAssociations)
+
+instance
+  Core.AWSPager
+    ListResolverQueryLogConfigAssociations
+  where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverQueryLogConfigAssociationsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverQueryLogConfigAssociationsResponse_resolverQueryLogConfigAssociations
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverQueryLogConfigAssociations_nextToken
+          Lens..~ rs
+          Lens.^? listResolverQueryLogConfigAssociationsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance
+  Core.AWSRequest
+    ListResolverQueryLogConfigAssociations
+  where
+  type
+    AWSResponse
+      ListResolverQueryLogConfigAssociations =
+      ListResolverQueryLogConfigAssociationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverQueryLogConfigAssociationsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "ResolverQueryLogConfigAssociations"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "TotalCount")
+            Prelude.<*> (x Data..?> "TotalFilteredCount")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListResolverQueryLogConfigAssociations
+  where
+  hashWithSalt
+    _salt
+    ListResolverQueryLogConfigAssociations' {..} =
+      _salt
+        `Prelude.hashWithSalt` filters
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` sortBy
+        `Prelude.hashWithSalt` sortOrder
+
+instance
+  Prelude.NFData
+    ListResolverQueryLogConfigAssociations
+  where
+  rnf ListResolverQueryLogConfigAssociations' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf sortBy
+      `Prelude.seq` Prelude.rnf sortOrder
+
+instance
+  Data.ToHeaders
+    ListResolverQueryLogConfigAssociations
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverQueryLogConfigAssociations" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListResolverQueryLogConfigAssociations
+  where
+  toJSON ListResolverQueryLogConfigAssociations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("SortBy" Data..=) Prelude.<$> sortBy,
+            ("SortOrder" Data..=) Prelude.<$> sortOrder
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListResolverQueryLogConfigAssociations
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListResolverQueryLogConfigAssociations
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverQueryLogConfigAssociationsResponse' smart constructor.
+data ListResolverQueryLogConfigAssociationsResponse = ListResolverQueryLogConfigAssociationsResponse'
+  { -- | If there are more than @MaxResults@ query logging associations, you can
+    -- submit another @ListResolverQueryLogConfigAssociations@ request to get
+    -- the next group of associations. In the next request, specify the value
+    -- of @NextToken@ from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A list that contains one @ResolverQueryLogConfigAssociations@ element
+    -- for each query logging association that matches the values that you
+    -- specified for @Filter@.
+    resolverQueryLogConfigAssociations :: Prelude.Maybe [ResolverQueryLogConfigAssociation],
+    -- | The total number of query logging associations that were created by the
+    -- current account in the specified Region. This count can differ from the
+    -- number of associations that are returned in a
+    -- @ListResolverQueryLogConfigAssociations@ response, depending on the
+    -- values that you specify in the request.
+    totalCount :: Prelude.Maybe Prelude.Int,
+    -- | The total number of query logging associations that were created by the
+    -- current account in the specified Region and that match the filters that
+    -- were specified in the @ListResolverQueryLogConfigAssociations@ request.
+    -- For the total number of associations that were created by the current
+    -- account in the specified Region, see @TotalCount@.
+    totalFilteredCount :: Prelude.Maybe Prelude.Int,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverQueryLogConfigAssociationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listResolverQueryLogConfigAssociationsResponse_nextToken' - If there are more than @MaxResults@ query logging associations, you can
+-- submit another @ListResolverQueryLogConfigAssociations@ request to get
+-- the next group of associations. In the next request, specify the value
+-- of @NextToken@ from the previous response.
+--
+-- 'resolverQueryLogConfigAssociations', 'listResolverQueryLogConfigAssociationsResponse_resolverQueryLogConfigAssociations' - A list that contains one @ResolverQueryLogConfigAssociations@ element
+-- for each query logging association that matches the values that you
+-- specified for @Filter@.
+--
+-- 'totalCount', 'listResolverQueryLogConfigAssociationsResponse_totalCount' - The total number of query logging associations that were created by the
+-- current account in the specified Region. This count can differ from the
+-- number of associations that are returned in a
+-- @ListResolverQueryLogConfigAssociations@ response, depending on the
+-- values that you specify in the request.
+--
+-- 'totalFilteredCount', 'listResolverQueryLogConfigAssociationsResponse_totalFilteredCount' - The total number of query logging associations that were created by the
+-- current account in the specified Region and that match the filters that
+-- were specified in the @ListResolverQueryLogConfigAssociations@ request.
+-- For the total number of associations that were created by the current
+-- account in the specified Region, see @TotalCount@.
+--
+-- 'httpStatus', 'listResolverQueryLogConfigAssociationsResponse_httpStatus' - The response's http status code.
+newListResolverQueryLogConfigAssociationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverQueryLogConfigAssociationsResponse
+newListResolverQueryLogConfigAssociationsResponse
+  pHttpStatus_ =
+    ListResolverQueryLogConfigAssociationsResponse'
+      { nextToken =
+          Prelude.Nothing,
+        resolverQueryLogConfigAssociations =
+          Prelude.Nothing,
+        totalCount =
+          Prelude.Nothing,
+        totalFilteredCount =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | If there are more than @MaxResults@ query logging associations, you can
+-- submit another @ListResolverQueryLogConfigAssociations@ request to get
+-- the next group of associations. In the next request, specify the value
+-- of @NextToken@ from the previous response.
+listResolverQueryLogConfigAssociationsResponse_nextToken :: Lens.Lens' ListResolverQueryLogConfigAssociationsResponse (Prelude.Maybe Prelude.Text)
+listResolverQueryLogConfigAssociationsResponse_nextToken = Lens.lens (\ListResolverQueryLogConfigAssociationsResponse' {nextToken} -> nextToken) (\s@ListResolverQueryLogConfigAssociationsResponse' {} a -> s {nextToken = a} :: ListResolverQueryLogConfigAssociationsResponse)
+
+-- | A list that contains one @ResolverQueryLogConfigAssociations@ element
+-- for each query logging association that matches the values that you
+-- specified for @Filter@.
+listResolverQueryLogConfigAssociationsResponse_resolverQueryLogConfigAssociations :: Lens.Lens' ListResolverQueryLogConfigAssociationsResponse (Prelude.Maybe [ResolverQueryLogConfigAssociation])
+listResolverQueryLogConfigAssociationsResponse_resolverQueryLogConfigAssociations = Lens.lens (\ListResolverQueryLogConfigAssociationsResponse' {resolverQueryLogConfigAssociations} -> resolverQueryLogConfigAssociations) (\s@ListResolverQueryLogConfigAssociationsResponse' {} a -> s {resolverQueryLogConfigAssociations = a} :: ListResolverQueryLogConfigAssociationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The total number of query logging associations that were created by the
+-- current account in the specified Region. This count can differ from the
+-- number of associations that are returned in a
+-- @ListResolverQueryLogConfigAssociations@ response, depending on the
+-- values that you specify in the request.
+listResolverQueryLogConfigAssociationsResponse_totalCount :: Lens.Lens' ListResolverQueryLogConfigAssociationsResponse (Prelude.Maybe Prelude.Int)
+listResolverQueryLogConfigAssociationsResponse_totalCount = Lens.lens (\ListResolverQueryLogConfigAssociationsResponse' {totalCount} -> totalCount) (\s@ListResolverQueryLogConfigAssociationsResponse' {} a -> s {totalCount = a} :: ListResolverQueryLogConfigAssociationsResponse)
+
+-- | The total number of query logging associations that were created by the
+-- current account in the specified Region and that match the filters that
+-- were specified in the @ListResolverQueryLogConfigAssociations@ request.
+-- For the total number of associations that were created by the current
+-- account in the specified Region, see @TotalCount@.
+listResolverQueryLogConfigAssociationsResponse_totalFilteredCount :: Lens.Lens' ListResolverQueryLogConfigAssociationsResponse (Prelude.Maybe Prelude.Int)
+listResolverQueryLogConfigAssociationsResponse_totalFilteredCount = Lens.lens (\ListResolverQueryLogConfigAssociationsResponse' {totalFilteredCount} -> totalFilteredCount) (\s@ListResolverQueryLogConfigAssociationsResponse' {} a -> s {totalFilteredCount = a} :: ListResolverQueryLogConfigAssociationsResponse)
+
+-- | The response's http status code.
+listResolverQueryLogConfigAssociationsResponse_httpStatus :: Lens.Lens' ListResolverQueryLogConfigAssociationsResponse Prelude.Int
+listResolverQueryLogConfigAssociationsResponse_httpStatus = Lens.lens (\ListResolverQueryLogConfigAssociationsResponse' {httpStatus} -> httpStatus) (\s@ListResolverQueryLogConfigAssociationsResponse' {} a -> s {httpStatus = a} :: ListResolverQueryLogConfigAssociationsResponse)
+
+instance
+  Prelude.NFData
+    ListResolverQueryLogConfigAssociationsResponse
+  where
+  rnf
+    ListResolverQueryLogConfigAssociationsResponse' {..} =
+      Prelude.rnf nextToken
+        `Prelude.seq` Prelude.rnf resolverQueryLogConfigAssociations
+        `Prelude.seq` Prelude.rnf totalCount
+        `Prelude.seq` Prelude.rnf totalFilteredCount
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverQueryLogConfigs.hs b/gen/Amazonka/Route53Resolver/ListResolverQueryLogConfigs.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverQueryLogConfigs.hs
@@ -0,0 +1,548 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverQueryLogConfigs
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists information about the specified query logging configurations. Each
+-- configuration defines where you want Resolver to save DNS query logs and
+-- specifies the VPCs that you want to log queries for.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverQueryLogConfigs
+  ( -- * Creating a Request
+    ListResolverQueryLogConfigs (..),
+    newListResolverQueryLogConfigs,
+
+    -- * Request Lenses
+    listResolverQueryLogConfigs_filters,
+    listResolverQueryLogConfigs_maxResults,
+    listResolverQueryLogConfigs_nextToken,
+    listResolverQueryLogConfigs_sortBy,
+    listResolverQueryLogConfigs_sortOrder,
+
+    -- * Destructuring the Response
+    ListResolverQueryLogConfigsResponse (..),
+    newListResolverQueryLogConfigsResponse,
+
+    -- * Response Lenses
+    listResolverQueryLogConfigsResponse_nextToken,
+    listResolverQueryLogConfigsResponse_resolverQueryLogConfigs,
+    listResolverQueryLogConfigsResponse_totalCount,
+    listResolverQueryLogConfigsResponse_totalFilteredCount,
+    listResolverQueryLogConfigsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverQueryLogConfigs' smart constructor.
+data ListResolverQueryLogConfigs = ListResolverQueryLogConfigs'
+  { -- | An optional specification to return a subset of query logging
+    -- configurations.
+    --
+    -- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+    -- request and specify the @NextToken@ parameter, you must use the same
+    -- values for @Filters@, if any, as in the previous request.
+    filters :: Prelude.Maybe [Filter],
+    -- | The maximum number of query logging configurations that you want to
+    -- return in the response to a @ListResolverQueryLogConfigs@ request. If
+    -- you don\'t specify a value for @MaxResults@, Resolver returns up to 100
+    -- query logging configurations.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first @ListResolverQueryLogConfigs@ request, omit this value.
+    --
+    -- If there are more than @MaxResults@ query logging configurations that
+    -- match the values that you specify for @Filters@, you can submit another
+    -- @ListResolverQueryLogConfigs@ request to get the next group of
+    -- configurations. In the next request, specify the value of @NextToken@
+    -- from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The element that you want Resolver to sort query logging configurations
+    -- by.
+    --
+    -- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+    -- request and specify the @NextToken@ parameter, you must use the same
+    -- value for @SortBy@, if any, as in the previous request.
+    --
+    -- Valid values include the following elements:
+    --
+    -- -   @Arn@: The ARN of the query logging configuration
+    --
+    -- -   @AssociationCount@: The number of VPCs that are associated with the
+    --     specified configuration
+    --
+    -- -   @CreationTime@: The date and time that Resolver returned when the
+    --     configuration was created
+    --
+    -- -   @CreatorRequestId@: The value that was specified for
+    --     @CreatorRequestId@ when the configuration was created
+    --
+    -- -   @DestinationArn@: The location that logs are sent to
+    --
+    -- -   @Id@: The ID of the configuration
+    --
+    -- -   @Name@: The name of the configuration
+    --
+    -- -   @OwnerId@: The Amazon Web Services account number of the account
+    --     that created the configuration
+    --
+    -- -   @ShareStatus@: Whether the configuration is shared with other Amazon
+    --     Web Services accounts or shared with the current account by another
+    --     Amazon Web Services account. Sharing is configured through Resource
+    --     Access Manager (RAM).
+    --
+    -- -   @Status@: The current status of the configuration. Valid values
+    --     include the following:
+    --
+    --     -   @CREATING@: Resolver is creating the query logging
+    --         configuration.
+    --
+    --     -   @CREATED@: The query logging configuration was successfully
+    --         created. Resolver is logging queries that originate in the
+    --         specified VPC.
+    --
+    --     -   @DELETING@: Resolver is deleting this query logging
+    --         configuration.
+    --
+    --     -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete
+    --         the query logging configuration. Here are two common causes:
+    --
+    --         -   The specified destination (for example, an Amazon S3 bucket)
+    --             was deleted.
+    --
+    --         -   Permissions don\'t allow sending logs to the destination.
+    sortBy :: Prelude.Maybe Prelude.Text,
+    -- | If you specified a value for @SortBy@, the order that you want query
+    -- logging configurations to be listed in, @ASCENDING@ or @DESCENDING@.
+    --
+    -- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+    -- request and specify the @NextToken@ parameter, you must use the same
+    -- value for @SortOrder@, if any, as in the previous request.
+    sortOrder :: Prelude.Maybe SortOrder
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverQueryLogConfigs' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'listResolverQueryLogConfigs_filters' - An optional specification to return a subset of query logging
+-- configurations.
+--
+-- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- values for @Filters@, if any, as in the previous request.
+--
+-- 'maxResults', 'listResolverQueryLogConfigs_maxResults' - The maximum number of query logging configurations that you want to
+-- return in the response to a @ListResolverQueryLogConfigs@ request. If
+-- you don\'t specify a value for @MaxResults@, Resolver returns up to 100
+-- query logging configurations.
+--
+-- 'nextToken', 'listResolverQueryLogConfigs_nextToken' - For the first @ListResolverQueryLogConfigs@ request, omit this value.
+--
+-- If there are more than @MaxResults@ query logging configurations that
+-- match the values that you specify for @Filters@, you can submit another
+-- @ListResolverQueryLogConfigs@ request to get the next group of
+-- configurations. In the next request, specify the value of @NextToken@
+-- from the previous response.
+--
+-- 'sortBy', 'listResolverQueryLogConfigs_sortBy' - The element that you want Resolver to sort query logging configurations
+-- by.
+--
+-- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- value for @SortBy@, if any, as in the previous request.
+--
+-- Valid values include the following elements:
+--
+-- -   @Arn@: The ARN of the query logging configuration
+--
+-- -   @AssociationCount@: The number of VPCs that are associated with the
+--     specified configuration
+--
+-- -   @CreationTime@: The date and time that Resolver returned when the
+--     configuration was created
+--
+-- -   @CreatorRequestId@: The value that was specified for
+--     @CreatorRequestId@ when the configuration was created
+--
+-- -   @DestinationArn@: The location that logs are sent to
+--
+-- -   @Id@: The ID of the configuration
+--
+-- -   @Name@: The name of the configuration
+--
+-- -   @OwnerId@: The Amazon Web Services account number of the account
+--     that created the configuration
+--
+-- -   @ShareStatus@: Whether the configuration is shared with other Amazon
+--     Web Services accounts or shared with the current account by another
+--     Amazon Web Services account. Sharing is configured through Resource
+--     Access Manager (RAM).
+--
+-- -   @Status@: The current status of the configuration. Valid values
+--     include the following:
+--
+--     -   @CREATING@: Resolver is creating the query logging
+--         configuration.
+--
+--     -   @CREATED@: The query logging configuration was successfully
+--         created. Resolver is logging queries that originate in the
+--         specified VPC.
+--
+--     -   @DELETING@: Resolver is deleting this query logging
+--         configuration.
+--
+--     -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete
+--         the query logging configuration. Here are two common causes:
+--
+--         -   The specified destination (for example, an Amazon S3 bucket)
+--             was deleted.
+--
+--         -   Permissions don\'t allow sending logs to the destination.
+--
+-- 'sortOrder', 'listResolverQueryLogConfigs_sortOrder' - If you specified a value for @SortBy@, the order that you want query
+-- logging configurations to be listed in, @ASCENDING@ or @DESCENDING@.
+--
+-- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- value for @SortOrder@, if any, as in the previous request.
+newListResolverQueryLogConfigs ::
+  ListResolverQueryLogConfigs
+newListResolverQueryLogConfigs =
+  ListResolverQueryLogConfigs'
+    { filters =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      sortBy = Prelude.Nothing,
+      sortOrder = Prelude.Nothing
+    }
+
+-- | An optional specification to return a subset of query logging
+-- configurations.
+--
+-- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- values for @Filters@, if any, as in the previous request.
+listResolverQueryLogConfigs_filters :: Lens.Lens' ListResolverQueryLogConfigs (Prelude.Maybe [Filter])
+listResolverQueryLogConfigs_filters = Lens.lens (\ListResolverQueryLogConfigs' {filters} -> filters) (\s@ListResolverQueryLogConfigs' {} a -> s {filters = a} :: ListResolverQueryLogConfigs) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of query logging configurations that you want to
+-- return in the response to a @ListResolverQueryLogConfigs@ request. If
+-- you don\'t specify a value for @MaxResults@, Resolver returns up to 100
+-- query logging configurations.
+listResolverQueryLogConfigs_maxResults :: Lens.Lens' ListResolverQueryLogConfigs (Prelude.Maybe Prelude.Natural)
+listResolverQueryLogConfigs_maxResults = Lens.lens (\ListResolverQueryLogConfigs' {maxResults} -> maxResults) (\s@ListResolverQueryLogConfigs' {} a -> s {maxResults = a} :: ListResolverQueryLogConfigs)
+
+-- | For the first @ListResolverQueryLogConfigs@ request, omit this value.
+--
+-- If there are more than @MaxResults@ query logging configurations that
+-- match the values that you specify for @Filters@, you can submit another
+-- @ListResolverQueryLogConfigs@ request to get the next group of
+-- configurations. In the next request, specify the value of @NextToken@
+-- from the previous response.
+listResolverQueryLogConfigs_nextToken :: Lens.Lens' ListResolverQueryLogConfigs (Prelude.Maybe Prelude.Text)
+listResolverQueryLogConfigs_nextToken = Lens.lens (\ListResolverQueryLogConfigs' {nextToken} -> nextToken) (\s@ListResolverQueryLogConfigs' {} a -> s {nextToken = a} :: ListResolverQueryLogConfigs)
+
+-- | The element that you want Resolver to sort query logging configurations
+-- by.
+--
+-- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- value for @SortBy@, if any, as in the previous request.
+--
+-- Valid values include the following elements:
+--
+-- -   @Arn@: The ARN of the query logging configuration
+--
+-- -   @AssociationCount@: The number of VPCs that are associated with the
+--     specified configuration
+--
+-- -   @CreationTime@: The date and time that Resolver returned when the
+--     configuration was created
+--
+-- -   @CreatorRequestId@: The value that was specified for
+--     @CreatorRequestId@ when the configuration was created
+--
+-- -   @DestinationArn@: The location that logs are sent to
+--
+-- -   @Id@: The ID of the configuration
+--
+-- -   @Name@: The name of the configuration
+--
+-- -   @OwnerId@: The Amazon Web Services account number of the account
+--     that created the configuration
+--
+-- -   @ShareStatus@: Whether the configuration is shared with other Amazon
+--     Web Services accounts or shared with the current account by another
+--     Amazon Web Services account. Sharing is configured through Resource
+--     Access Manager (RAM).
+--
+-- -   @Status@: The current status of the configuration. Valid values
+--     include the following:
+--
+--     -   @CREATING@: Resolver is creating the query logging
+--         configuration.
+--
+--     -   @CREATED@: The query logging configuration was successfully
+--         created. Resolver is logging queries that originate in the
+--         specified VPC.
+--
+--     -   @DELETING@: Resolver is deleting this query logging
+--         configuration.
+--
+--     -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete
+--         the query logging configuration. Here are two common causes:
+--
+--         -   The specified destination (for example, an Amazon S3 bucket)
+--             was deleted.
+--
+--         -   Permissions don\'t allow sending logs to the destination.
+listResolverQueryLogConfigs_sortBy :: Lens.Lens' ListResolverQueryLogConfigs (Prelude.Maybe Prelude.Text)
+listResolverQueryLogConfigs_sortBy = Lens.lens (\ListResolverQueryLogConfigs' {sortBy} -> sortBy) (\s@ListResolverQueryLogConfigs' {} a -> s {sortBy = a} :: ListResolverQueryLogConfigs)
+
+-- | If you specified a value for @SortBy@, the order that you want query
+-- logging configurations to be listed in, @ASCENDING@ or @DESCENDING@.
+--
+-- If you submit a second or subsequent @ListResolverQueryLogConfigs@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- value for @SortOrder@, if any, as in the previous request.
+listResolverQueryLogConfigs_sortOrder :: Lens.Lens' ListResolverQueryLogConfigs (Prelude.Maybe SortOrder)
+listResolverQueryLogConfigs_sortOrder = Lens.lens (\ListResolverQueryLogConfigs' {sortOrder} -> sortOrder) (\s@ListResolverQueryLogConfigs' {} a -> s {sortOrder = a} :: ListResolverQueryLogConfigs)
+
+instance Core.AWSPager ListResolverQueryLogConfigs where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverQueryLogConfigsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverQueryLogConfigsResponse_resolverQueryLogConfigs
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverQueryLogConfigs_nextToken
+          Lens..~ rs
+          Lens.^? listResolverQueryLogConfigsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListResolverQueryLogConfigs where
+  type
+    AWSResponse ListResolverQueryLogConfigs =
+      ListResolverQueryLogConfigsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverQueryLogConfigsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "ResolverQueryLogConfigs"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "TotalCount")
+            Prelude.<*> (x Data..?> "TotalFilteredCount")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListResolverQueryLogConfigs where
+  hashWithSalt _salt ListResolverQueryLogConfigs' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` sortBy
+      `Prelude.hashWithSalt` sortOrder
+
+instance Prelude.NFData ListResolverQueryLogConfigs where
+  rnf ListResolverQueryLogConfigs' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf sortBy
+      `Prelude.seq` Prelude.rnf sortOrder
+
+instance Data.ToHeaders ListResolverQueryLogConfigs where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverQueryLogConfigs" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResolverQueryLogConfigs where
+  toJSON ListResolverQueryLogConfigs' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("SortBy" Data..=) Prelude.<$> sortBy,
+            ("SortOrder" Data..=) Prelude.<$> sortOrder
+          ]
+      )
+
+instance Data.ToPath ListResolverQueryLogConfigs where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResolverQueryLogConfigs where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverQueryLogConfigsResponse' smart constructor.
+data ListResolverQueryLogConfigsResponse = ListResolverQueryLogConfigsResponse'
+  { -- | If there are more than @MaxResults@ query logging configurations, you
+    -- can submit another @ListResolverQueryLogConfigs@ request to get the next
+    -- group of configurations. In the next request, specify the value of
+    -- @NextToken@ from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | A list that contains one @ResolverQueryLogConfig@ element for each query
+    -- logging configuration that matches the values that you specified for
+    -- @Filter@.
+    resolverQueryLogConfigs :: Prelude.Maybe [ResolverQueryLogConfig],
+    -- | The total number of query logging configurations that were created by
+    -- the current account in the specified Region. This count can differ from
+    -- the number of query logging configurations that are returned in a
+    -- @ListResolverQueryLogConfigs@ response, depending on the values that you
+    -- specify in the request.
+    totalCount :: Prelude.Maybe Prelude.Int,
+    -- | The total number of query logging configurations that were created by
+    -- the current account in the specified Region and that match the filters
+    -- that were specified in the @ListResolverQueryLogConfigs@ request. For
+    -- the total number of query logging configurations that were created by
+    -- the current account in the specified Region, see @TotalCount@.
+    totalFilteredCount :: Prelude.Maybe Prelude.Int,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverQueryLogConfigsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listResolverQueryLogConfigsResponse_nextToken' - If there are more than @MaxResults@ query logging configurations, you
+-- can submit another @ListResolverQueryLogConfigs@ request to get the next
+-- group of configurations. In the next request, specify the value of
+-- @NextToken@ from the previous response.
+--
+-- 'resolverQueryLogConfigs', 'listResolverQueryLogConfigsResponse_resolverQueryLogConfigs' - A list that contains one @ResolverQueryLogConfig@ element for each query
+-- logging configuration that matches the values that you specified for
+-- @Filter@.
+--
+-- 'totalCount', 'listResolverQueryLogConfigsResponse_totalCount' - The total number of query logging configurations that were created by
+-- the current account in the specified Region. This count can differ from
+-- the number of query logging configurations that are returned in a
+-- @ListResolverQueryLogConfigs@ response, depending on the values that you
+-- specify in the request.
+--
+-- 'totalFilteredCount', 'listResolverQueryLogConfigsResponse_totalFilteredCount' - The total number of query logging configurations that were created by
+-- the current account in the specified Region and that match the filters
+-- that were specified in the @ListResolverQueryLogConfigs@ request. For
+-- the total number of query logging configurations that were created by
+-- the current account in the specified Region, see @TotalCount@.
+--
+-- 'httpStatus', 'listResolverQueryLogConfigsResponse_httpStatus' - The response's http status code.
+newListResolverQueryLogConfigsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverQueryLogConfigsResponse
+newListResolverQueryLogConfigsResponse pHttpStatus_ =
+  ListResolverQueryLogConfigsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      resolverQueryLogConfigs =
+        Prelude.Nothing,
+      totalCount = Prelude.Nothing,
+      totalFilteredCount = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | If there are more than @MaxResults@ query logging configurations, you
+-- can submit another @ListResolverQueryLogConfigs@ request to get the next
+-- group of configurations. In the next request, specify the value of
+-- @NextToken@ from the previous response.
+listResolverQueryLogConfigsResponse_nextToken :: Lens.Lens' ListResolverQueryLogConfigsResponse (Prelude.Maybe Prelude.Text)
+listResolverQueryLogConfigsResponse_nextToken = Lens.lens (\ListResolverQueryLogConfigsResponse' {nextToken} -> nextToken) (\s@ListResolverQueryLogConfigsResponse' {} a -> s {nextToken = a} :: ListResolverQueryLogConfigsResponse)
+
+-- | A list that contains one @ResolverQueryLogConfig@ element for each query
+-- logging configuration that matches the values that you specified for
+-- @Filter@.
+listResolverQueryLogConfigsResponse_resolverQueryLogConfigs :: Lens.Lens' ListResolverQueryLogConfigsResponse (Prelude.Maybe [ResolverQueryLogConfig])
+listResolverQueryLogConfigsResponse_resolverQueryLogConfigs = Lens.lens (\ListResolverQueryLogConfigsResponse' {resolverQueryLogConfigs} -> resolverQueryLogConfigs) (\s@ListResolverQueryLogConfigsResponse' {} a -> s {resolverQueryLogConfigs = a} :: ListResolverQueryLogConfigsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The total number of query logging configurations that were created by
+-- the current account in the specified Region. This count can differ from
+-- the number of query logging configurations that are returned in a
+-- @ListResolverQueryLogConfigs@ response, depending on the values that you
+-- specify in the request.
+listResolverQueryLogConfigsResponse_totalCount :: Lens.Lens' ListResolverQueryLogConfigsResponse (Prelude.Maybe Prelude.Int)
+listResolverQueryLogConfigsResponse_totalCount = Lens.lens (\ListResolverQueryLogConfigsResponse' {totalCount} -> totalCount) (\s@ListResolverQueryLogConfigsResponse' {} a -> s {totalCount = a} :: ListResolverQueryLogConfigsResponse)
+
+-- | The total number of query logging configurations that were created by
+-- the current account in the specified Region and that match the filters
+-- that were specified in the @ListResolverQueryLogConfigs@ request. For
+-- the total number of query logging configurations that were created by
+-- the current account in the specified Region, see @TotalCount@.
+listResolverQueryLogConfigsResponse_totalFilteredCount :: Lens.Lens' ListResolverQueryLogConfigsResponse (Prelude.Maybe Prelude.Int)
+listResolverQueryLogConfigsResponse_totalFilteredCount = Lens.lens (\ListResolverQueryLogConfigsResponse' {totalFilteredCount} -> totalFilteredCount) (\s@ListResolverQueryLogConfigsResponse' {} a -> s {totalFilteredCount = a} :: ListResolverQueryLogConfigsResponse)
+
+-- | The response's http status code.
+listResolverQueryLogConfigsResponse_httpStatus :: Lens.Lens' ListResolverQueryLogConfigsResponse Prelude.Int
+listResolverQueryLogConfigsResponse_httpStatus = Lens.lens (\ListResolverQueryLogConfigsResponse' {httpStatus} -> httpStatus) (\s@ListResolverQueryLogConfigsResponse' {} a -> s {httpStatus = a} :: ListResolverQueryLogConfigsResponse)
+
+instance
+  Prelude.NFData
+    ListResolverQueryLogConfigsResponse
+  where
+  rnf ListResolverQueryLogConfigsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resolverQueryLogConfigs
+      `Prelude.seq` Prelude.rnf totalCount
+      `Prelude.seq` Prelude.rnf totalFilteredCount
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverRuleAssociations.hs b/gen/Amazonka/Route53Resolver/ListResolverRuleAssociations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverRuleAssociations.hs
@@ -0,0 +1,311 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverRuleAssociations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the associations that were created between Resolver rules and VPCs
+-- using the current Amazon Web Services account.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverRuleAssociations
+  ( -- * Creating a Request
+    ListResolverRuleAssociations (..),
+    newListResolverRuleAssociations,
+
+    -- * Request Lenses
+    listResolverRuleAssociations_filters,
+    listResolverRuleAssociations_maxResults,
+    listResolverRuleAssociations_nextToken,
+
+    -- * Destructuring the Response
+    ListResolverRuleAssociationsResponse (..),
+    newListResolverRuleAssociationsResponse,
+
+    -- * Response Lenses
+    listResolverRuleAssociationsResponse_maxResults,
+    listResolverRuleAssociationsResponse_nextToken,
+    listResolverRuleAssociationsResponse_resolverRuleAssociations,
+    listResolverRuleAssociationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverRuleAssociations' smart constructor.
+data ListResolverRuleAssociations = ListResolverRuleAssociations'
+  { -- | An optional specification to return a subset of Resolver rules, such as
+    -- Resolver rules that are associated with the same VPC ID.
+    --
+    -- If you submit a second or subsequent @ListResolverRuleAssociations@
+    -- request and specify the @NextToken@ parameter, you must use the same
+    -- values for @Filters@, if any, as in the previous request.
+    filters :: Prelude.Maybe [Filter],
+    -- | The maximum number of rule associations that you want to return in the
+    -- response to a @ListResolverRuleAssociations@ request. If you don\'t
+    -- specify a value for @MaxResults@, Resolver returns up to 100 rule
+    -- associations.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first @ListResolverRuleAssociation@ request, omit this value.
+    --
+    -- If you have more than @MaxResults@ rule associations, you can submit
+    -- another @ListResolverRuleAssociation@ request to get the next group of
+    -- rule associations. In the next request, specify the value of @NextToken@
+    -- from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverRuleAssociations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'listResolverRuleAssociations_filters' - An optional specification to return a subset of Resolver rules, such as
+-- Resolver rules that are associated with the same VPC ID.
+--
+-- If you submit a second or subsequent @ListResolverRuleAssociations@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- values for @Filters@, if any, as in the previous request.
+--
+-- 'maxResults', 'listResolverRuleAssociations_maxResults' - The maximum number of rule associations that you want to return in the
+-- response to a @ListResolverRuleAssociations@ request. If you don\'t
+-- specify a value for @MaxResults@, Resolver returns up to 100 rule
+-- associations.
+--
+-- 'nextToken', 'listResolverRuleAssociations_nextToken' - For the first @ListResolverRuleAssociation@ request, omit this value.
+--
+-- If you have more than @MaxResults@ rule associations, you can submit
+-- another @ListResolverRuleAssociation@ request to get the next group of
+-- rule associations. In the next request, specify the value of @NextToken@
+-- from the previous response.
+newListResolverRuleAssociations ::
+  ListResolverRuleAssociations
+newListResolverRuleAssociations =
+  ListResolverRuleAssociations'
+    { filters =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | An optional specification to return a subset of Resolver rules, such as
+-- Resolver rules that are associated with the same VPC ID.
+--
+-- If you submit a second or subsequent @ListResolverRuleAssociations@
+-- request and specify the @NextToken@ parameter, you must use the same
+-- values for @Filters@, if any, as in the previous request.
+listResolverRuleAssociations_filters :: Lens.Lens' ListResolverRuleAssociations (Prelude.Maybe [Filter])
+listResolverRuleAssociations_filters = Lens.lens (\ListResolverRuleAssociations' {filters} -> filters) (\s@ListResolverRuleAssociations' {} a -> s {filters = a} :: ListResolverRuleAssociations) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of rule associations that you want to return in the
+-- response to a @ListResolverRuleAssociations@ request. If you don\'t
+-- specify a value for @MaxResults@, Resolver returns up to 100 rule
+-- associations.
+listResolverRuleAssociations_maxResults :: Lens.Lens' ListResolverRuleAssociations (Prelude.Maybe Prelude.Natural)
+listResolverRuleAssociations_maxResults = Lens.lens (\ListResolverRuleAssociations' {maxResults} -> maxResults) (\s@ListResolverRuleAssociations' {} a -> s {maxResults = a} :: ListResolverRuleAssociations)
+
+-- | For the first @ListResolverRuleAssociation@ request, omit this value.
+--
+-- If you have more than @MaxResults@ rule associations, you can submit
+-- another @ListResolverRuleAssociation@ request to get the next group of
+-- rule associations. In the next request, specify the value of @NextToken@
+-- from the previous response.
+listResolverRuleAssociations_nextToken :: Lens.Lens' ListResolverRuleAssociations (Prelude.Maybe Prelude.Text)
+listResolverRuleAssociations_nextToken = Lens.lens (\ListResolverRuleAssociations' {nextToken} -> nextToken) (\s@ListResolverRuleAssociations' {} a -> s {nextToken = a} :: ListResolverRuleAssociations)
+
+instance Core.AWSPager ListResolverRuleAssociations where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverRuleAssociationsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverRuleAssociationsResponse_resolverRuleAssociations
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverRuleAssociations_nextToken
+          Lens..~ rs
+          Lens.^? listResolverRuleAssociationsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListResolverRuleAssociations where
+  type
+    AWSResponse ListResolverRuleAssociations =
+      ListResolverRuleAssociationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverRuleAssociationsResponse'
+            Prelude.<$> (x Data..?> "MaxResults")
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> ( x
+                            Data..?> "ResolverRuleAssociations"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListResolverRuleAssociations
+  where
+  hashWithSalt _salt ListResolverRuleAssociations' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListResolverRuleAssociations where
+  rnf ListResolverRuleAssociations' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListResolverRuleAssociations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverRuleAssociations" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResolverRuleAssociations where
+  toJSON ListResolverRuleAssociations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListResolverRuleAssociations where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResolverRuleAssociations where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverRuleAssociationsResponse' smart constructor.
+data ListResolverRuleAssociationsResponse = ListResolverRuleAssociationsResponse'
+  { -- | The value that you specified for @MaxResults@ in the request.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | If more than @MaxResults@ rule associations match the specified
+    -- criteria, you can submit another @ListResolverRuleAssociation@ request
+    -- to get the next group of results. In the next request, specify the value
+    -- of @NextToken@ from the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The associations that were created between Resolver rules and VPCs using
+    -- the current Amazon Web Services account, and that match the specified
+    -- filters, if any.
+    resolverRuleAssociations :: Prelude.Maybe [ResolverRuleAssociation],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverRuleAssociationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listResolverRuleAssociationsResponse_maxResults' - The value that you specified for @MaxResults@ in the request.
+--
+-- 'nextToken', 'listResolverRuleAssociationsResponse_nextToken' - If more than @MaxResults@ rule associations match the specified
+-- criteria, you can submit another @ListResolverRuleAssociation@ request
+-- to get the next group of results. In the next request, specify the value
+-- of @NextToken@ from the previous response.
+--
+-- 'resolverRuleAssociations', 'listResolverRuleAssociationsResponse_resolverRuleAssociations' - The associations that were created between Resolver rules and VPCs using
+-- the current Amazon Web Services account, and that match the specified
+-- filters, if any.
+--
+-- 'httpStatus', 'listResolverRuleAssociationsResponse_httpStatus' - The response's http status code.
+newListResolverRuleAssociationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverRuleAssociationsResponse
+newListResolverRuleAssociationsResponse pHttpStatus_ =
+  ListResolverRuleAssociationsResponse'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      resolverRuleAssociations =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The value that you specified for @MaxResults@ in the request.
+listResolverRuleAssociationsResponse_maxResults :: Lens.Lens' ListResolverRuleAssociationsResponse (Prelude.Maybe Prelude.Natural)
+listResolverRuleAssociationsResponse_maxResults = Lens.lens (\ListResolverRuleAssociationsResponse' {maxResults} -> maxResults) (\s@ListResolverRuleAssociationsResponse' {} a -> s {maxResults = a} :: ListResolverRuleAssociationsResponse)
+
+-- | If more than @MaxResults@ rule associations match the specified
+-- criteria, you can submit another @ListResolverRuleAssociation@ request
+-- to get the next group of results. In the next request, specify the value
+-- of @NextToken@ from the previous response.
+listResolverRuleAssociationsResponse_nextToken :: Lens.Lens' ListResolverRuleAssociationsResponse (Prelude.Maybe Prelude.Text)
+listResolverRuleAssociationsResponse_nextToken = Lens.lens (\ListResolverRuleAssociationsResponse' {nextToken} -> nextToken) (\s@ListResolverRuleAssociationsResponse' {} a -> s {nextToken = a} :: ListResolverRuleAssociationsResponse)
+
+-- | The associations that were created between Resolver rules and VPCs using
+-- the current Amazon Web Services account, and that match the specified
+-- filters, if any.
+listResolverRuleAssociationsResponse_resolverRuleAssociations :: Lens.Lens' ListResolverRuleAssociationsResponse (Prelude.Maybe [ResolverRuleAssociation])
+listResolverRuleAssociationsResponse_resolverRuleAssociations = Lens.lens (\ListResolverRuleAssociationsResponse' {resolverRuleAssociations} -> resolverRuleAssociations) (\s@ListResolverRuleAssociationsResponse' {} a -> s {resolverRuleAssociations = a} :: ListResolverRuleAssociationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listResolverRuleAssociationsResponse_httpStatus :: Lens.Lens' ListResolverRuleAssociationsResponse Prelude.Int
+listResolverRuleAssociationsResponse_httpStatus = Lens.lens (\ListResolverRuleAssociationsResponse' {httpStatus} -> httpStatus) (\s@ListResolverRuleAssociationsResponse' {} a -> s {httpStatus = a} :: ListResolverRuleAssociationsResponse)
+
+instance
+  Prelude.NFData
+    ListResolverRuleAssociationsResponse
+  where
+  rnf ListResolverRuleAssociationsResponse' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resolverRuleAssociations
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListResolverRules.hs b/gen/Amazonka/Route53Resolver/ListResolverRules.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListResolverRules.hs
@@ -0,0 +1,294 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListResolverRules
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the Resolver rules that were created using the current Amazon Web
+-- Services account.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListResolverRules
+  ( -- * Creating a Request
+    ListResolverRules (..),
+    newListResolverRules,
+
+    -- * Request Lenses
+    listResolverRules_filters,
+    listResolverRules_maxResults,
+    listResolverRules_nextToken,
+
+    -- * Destructuring the Response
+    ListResolverRulesResponse (..),
+    newListResolverRulesResponse,
+
+    -- * Response Lenses
+    listResolverRulesResponse_maxResults,
+    listResolverRulesResponse_nextToken,
+    listResolverRulesResponse_resolverRules,
+    listResolverRulesResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListResolverRules' smart constructor.
+data ListResolverRules = ListResolverRules'
+  { -- | An optional specification to return a subset of Resolver rules, such as
+    -- all Resolver rules that are associated with the same Resolver endpoint.
+    --
+    -- If you submit a second or subsequent @ListResolverRules@ request and
+    -- specify the @NextToken@ parameter, you must use the same values for
+    -- @Filters@, if any, as in the previous request.
+    filters :: Prelude.Maybe [Filter],
+    -- | The maximum number of Resolver rules that you want to return in the
+    -- response to a @ListResolverRules@ request. If you don\'t specify a value
+    -- for @MaxResults@, Resolver returns up to 100 Resolver rules.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first @ListResolverRules@ request, omit this value.
+    --
+    -- If you have more than @MaxResults@ Resolver rules, you can submit
+    -- another @ListResolverRules@ request to get the next group of Resolver
+    -- rules. In the next request, specify the value of @NextToken@ from the
+    -- previous response.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverRules' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'listResolverRules_filters' - An optional specification to return a subset of Resolver rules, such as
+-- all Resolver rules that are associated with the same Resolver endpoint.
+--
+-- If you submit a second or subsequent @ListResolverRules@ request and
+-- specify the @NextToken@ parameter, you must use the same values for
+-- @Filters@, if any, as in the previous request.
+--
+-- 'maxResults', 'listResolverRules_maxResults' - The maximum number of Resolver rules that you want to return in the
+-- response to a @ListResolverRules@ request. If you don\'t specify a value
+-- for @MaxResults@, Resolver returns up to 100 Resolver rules.
+--
+-- 'nextToken', 'listResolverRules_nextToken' - For the first @ListResolverRules@ request, omit this value.
+--
+-- If you have more than @MaxResults@ Resolver rules, you can submit
+-- another @ListResolverRules@ request to get the next group of Resolver
+-- rules. In the next request, specify the value of @NextToken@ from the
+-- previous response.
+newListResolverRules ::
+  ListResolverRules
+newListResolverRules =
+  ListResolverRules'
+    { filters = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | An optional specification to return a subset of Resolver rules, such as
+-- all Resolver rules that are associated with the same Resolver endpoint.
+--
+-- If you submit a second or subsequent @ListResolverRules@ request and
+-- specify the @NextToken@ parameter, you must use the same values for
+-- @Filters@, if any, as in the previous request.
+listResolverRules_filters :: Lens.Lens' ListResolverRules (Prelude.Maybe [Filter])
+listResolverRules_filters = Lens.lens (\ListResolverRules' {filters} -> filters) (\s@ListResolverRules' {} a -> s {filters = a} :: ListResolverRules) Prelude.. Lens.mapping Lens.coerced
+
+-- | The maximum number of Resolver rules that you want to return in the
+-- response to a @ListResolverRules@ request. If you don\'t specify a value
+-- for @MaxResults@, Resolver returns up to 100 Resolver rules.
+listResolverRules_maxResults :: Lens.Lens' ListResolverRules (Prelude.Maybe Prelude.Natural)
+listResolverRules_maxResults = Lens.lens (\ListResolverRules' {maxResults} -> maxResults) (\s@ListResolverRules' {} a -> s {maxResults = a} :: ListResolverRules)
+
+-- | For the first @ListResolverRules@ request, omit this value.
+--
+-- If you have more than @MaxResults@ Resolver rules, you can submit
+-- another @ListResolverRules@ request to get the next group of Resolver
+-- rules. In the next request, specify the value of @NextToken@ from the
+-- previous response.
+listResolverRules_nextToken :: Lens.Lens' ListResolverRules (Prelude.Maybe Prelude.Text)
+listResolverRules_nextToken = Lens.lens (\ListResolverRules' {nextToken} -> nextToken) (\s@ListResolverRules' {} a -> s {nextToken = a} :: ListResolverRules)
+
+instance Core.AWSPager ListResolverRules where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listResolverRulesResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listResolverRulesResponse_resolverRules
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listResolverRules_nextToken
+          Lens..~ rs
+          Lens.^? listResolverRulesResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListResolverRules where
+  type
+    AWSResponse ListResolverRules =
+      ListResolverRulesResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResolverRulesResponse'
+            Prelude.<$> (x Data..?> "MaxResults")
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (x Data..?> "ResolverRules" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListResolverRules where
+  hashWithSalt _salt ListResolverRules' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListResolverRules where
+  rnf ListResolverRules' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListResolverRules where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListResolverRules" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResolverRules where
+  toJSON ListResolverRules' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Filters" Data..=) Prelude.<$> filters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListResolverRules where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResolverRules where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResolverRulesResponse' smart constructor.
+data ListResolverRulesResponse = ListResolverRulesResponse'
+  { -- | The value that you specified for @MaxResults@ in the request.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | If more than @MaxResults@ Resolver rules match the specified criteria,
+    -- you can submit another @ListResolverRules@ request to get the next group
+    -- of results. In the next request, specify the value of @NextToken@ from
+    -- the previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The Resolver rules that were created using the current Amazon Web
+    -- Services account and that match the specified filters, if any.
+    resolverRules :: Prelude.Maybe [ResolverRule],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResolverRulesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listResolverRulesResponse_maxResults' - The value that you specified for @MaxResults@ in the request.
+--
+-- 'nextToken', 'listResolverRulesResponse_nextToken' - If more than @MaxResults@ Resolver rules match the specified criteria,
+-- you can submit another @ListResolverRules@ request to get the next group
+-- of results. In the next request, specify the value of @NextToken@ from
+-- the previous response.
+--
+-- 'resolverRules', 'listResolverRulesResponse_resolverRules' - The Resolver rules that were created using the current Amazon Web
+-- Services account and that match the specified filters, if any.
+--
+-- 'httpStatus', 'listResolverRulesResponse_httpStatus' - The response's http status code.
+newListResolverRulesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResolverRulesResponse
+newListResolverRulesResponse pHttpStatus_ =
+  ListResolverRulesResponse'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      resolverRules = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The value that you specified for @MaxResults@ in the request.
+listResolverRulesResponse_maxResults :: Lens.Lens' ListResolverRulesResponse (Prelude.Maybe Prelude.Natural)
+listResolverRulesResponse_maxResults = Lens.lens (\ListResolverRulesResponse' {maxResults} -> maxResults) (\s@ListResolverRulesResponse' {} a -> s {maxResults = a} :: ListResolverRulesResponse)
+
+-- | If more than @MaxResults@ Resolver rules match the specified criteria,
+-- you can submit another @ListResolverRules@ request to get the next group
+-- of results. In the next request, specify the value of @NextToken@ from
+-- the previous response.
+listResolverRulesResponse_nextToken :: Lens.Lens' ListResolverRulesResponse (Prelude.Maybe Prelude.Text)
+listResolverRulesResponse_nextToken = Lens.lens (\ListResolverRulesResponse' {nextToken} -> nextToken) (\s@ListResolverRulesResponse' {} a -> s {nextToken = a} :: ListResolverRulesResponse)
+
+-- | The Resolver rules that were created using the current Amazon Web
+-- Services account and that match the specified filters, if any.
+listResolverRulesResponse_resolverRules :: Lens.Lens' ListResolverRulesResponse (Prelude.Maybe [ResolverRule])
+listResolverRulesResponse_resolverRules = Lens.lens (\ListResolverRulesResponse' {resolverRules} -> resolverRules) (\s@ListResolverRulesResponse' {} a -> s {resolverRules = a} :: ListResolverRulesResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listResolverRulesResponse_httpStatus :: Lens.Lens' ListResolverRulesResponse Prelude.Int
+listResolverRulesResponse_httpStatus = Lens.lens (\ListResolverRulesResponse' {httpStatus} -> httpStatus) (\s@ListResolverRulesResponse' {} a -> s {httpStatus = a} :: ListResolverRulesResponse)
+
+instance Prelude.NFData ListResolverRulesResponse where
+  rnf ListResolverRulesResponse' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resolverRules
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/ListTagsForResource.hs b/gen/Amazonka/Route53Resolver/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/ListTagsForResource.hs
@@ -0,0 +1,271 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the tags that you associated with the specified resource.
+--
+-- This operation returns paginated results.
+module Amazonka.Route53Resolver.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_maxResults,
+    listTagsForResource_nextToken,
+    listTagsForResource_resourceArn,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_nextToken,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The maximum number of tags that you want to return in the response to a
+    -- @ListTagsForResource@ request. If you don\'t specify a value for
+    -- @MaxResults@, Resolver returns up to 100 tags.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | For the first @ListTagsForResource@ request, omit this value.
+    --
+    -- If you have more than @MaxResults@ tags, you can submit another
+    -- @ListTagsForResource@ request to get the next group of tags for the
+    -- resource. In the next request, specify the value of @NextToken@ from the
+    -- previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) for the resource that you want to list
+    -- tags for.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listTagsForResource_maxResults' - The maximum number of tags that you want to return in the response to a
+-- @ListTagsForResource@ request. If you don\'t specify a value for
+-- @MaxResults@, Resolver returns up to 100 tags.
+--
+-- 'nextToken', 'listTagsForResource_nextToken' - For the first @ListTagsForResource@ request, omit this value.
+--
+-- If you have more than @MaxResults@ tags, you can submit another
+-- @ListTagsForResource@ request to get the next group of tags for the
+-- resource. In the next request, specify the value of @NextToken@ from the
+-- previous response.
+--
+-- 'resourceArn', 'listTagsForResource_resourceArn' - The Amazon Resource Name (ARN) for the resource that you want to list
+-- tags for.
+newListTagsForResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceArn_ =
+  ListTagsForResource'
+    { maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      resourceArn = pResourceArn_
+    }
+
+-- | The maximum number of tags that you want to return in the response to a
+-- @ListTagsForResource@ request. If you don\'t specify a value for
+-- @MaxResults@, Resolver returns up to 100 tags.
+listTagsForResource_maxResults :: Lens.Lens' ListTagsForResource (Prelude.Maybe Prelude.Natural)
+listTagsForResource_maxResults = Lens.lens (\ListTagsForResource' {maxResults} -> maxResults) (\s@ListTagsForResource' {} a -> s {maxResults = a} :: ListTagsForResource)
+
+-- | For the first @ListTagsForResource@ request, omit this value.
+--
+-- If you have more than @MaxResults@ tags, you can submit another
+-- @ListTagsForResource@ request to get the next group of tags for the
+-- resource. In the next request, specify the value of @NextToken@ from the
+-- previous response.
+listTagsForResource_nextToken :: Lens.Lens' ListTagsForResource (Prelude.Maybe Prelude.Text)
+listTagsForResource_nextToken = Lens.lens (\ListTagsForResource' {nextToken} -> nextToken) (\s@ListTagsForResource' {} a -> s {nextToken = a} :: ListTagsForResource)
+
+-- | The Amazon Resource Name (ARN) for the resource that you want to list
+-- tags for.
+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)
+
+instance Core.AWSPager ListTagsForResource where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listTagsForResourceResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listTagsForResourceResponse_tags
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listTagsForResource_nextToken
+          Lens..~ rs
+          Lens.^? listTagsForResourceResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (x Data..?> "Tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resourceArn
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.ListTagsForResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListTagsForResource where
+  toJSON ListTagsForResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just ("ResourceArn" Data..= resourceArn)
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | If more than @MaxResults@ tags match the specified criteria, you can
+    -- submit another @ListTagsForResource@ request to get the next group of
+    -- results. In the next request, specify the value of @NextToken@ from the
+    -- previous response.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The tags that are associated with the resource that you specified in the
+    -- @ListTagsForResource@ request.
+    tags :: Prelude.Maybe [Tag],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listTagsForResourceResponse_nextToken' - If more than @MaxResults@ tags match the specified criteria, you can
+-- submit another @ListTagsForResource@ request to get the next group of
+-- results. In the next request, specify the value of @NextToken@ from the
+-- previous response.
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - The tags that are associated with the resource that you specified in the
+-- @ListTagsForResource@ request.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { nextToken =
+        Prelude.Nothing,
+      tags = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | If more than @MaxResults@ tags match the specified criteria, you can
+-- submit another @ListTagsForResource@ request to get the next group of
+-- results. In the next request, specify the value of @NextToken@ from the
+-- previous response.
+listTagsForResourceResponse_nextToken :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe Prelude.Text)
+listTagsForResourceResponse_nextToken = Lens.lens (\ListTagsForResourceResponse' {nextToken} -> nextToken) (\s@ListTagsForResourceResponse' {} a -> s {nextToken = a} :: ListTagsForResourceResponse)
+
+-- | The tags that are associated with the resource that you specified in the
+-- @ListTagsForResource@ request.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe [Tag])
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/PutFirewallRuleGroupPolicy.hs b/gen/Amazonka/Route53Resolver/PutFirewallRuleGroupPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/PutFirewallRuleGroupPolicy.hs
@@ -0,0 +1,203 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.PutFirewallRuleGroupPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Attaches an Identity and Access Management (Amazon Web Services IAM)
+-- policy for sharing the rule group. You can use the policy to share the
+-- rule group using Resource Access Manager (RAM).
+module Amazonka.Route53Resolver.PutFirewallRuleGroupPolicy
+  ( -- * Creating a Request
+    PutFirewallRuleGroupPolicy (..),
+    newPutFirewallRuleGroupPolicy,
+
+    -- * Request Lenses
+    putFirewallRuleGroupPolicy_arn,
+    putFirewallRuleGroupPolicy_firewallRuleGroupPolicy,
+
+    -- * Destructuring the Response
+    PutFirewallRuleGroupPolicyResponse (..),
+    newPutFirewallRuleGroupPolicyResponse,
+
+    -- * Response Lenses
+    putFirewallRuleGroupPolicyResponse_returnValue,
+    putFirewallRuleGroupPolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newPutFirewallRuleGroupPolicy' smart constructor.
+data PutFirewallRuleGroupPolicy = PutFirewallRuleGroupPolicy'
+  { -- | The ARN (Amazon Resource Name) for the rule group that you want to
+    -- share.
+    arn :: Prelude.Text,
+    -- | The Identity and Access Management (Amazon Web Services IAM) policy to
+    -- attach to the rule group.
+    firewallRuleGroupPolicy :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutFirewallRuleGroupPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'putFirewallRuleGroupPolicy_arn' - The ARN (Amazon Resource Name) for the rule group that you want to
+-- share.
+--
+-- 'firewallRuleGroupPolicy', 'putFirewallRuleGroupPolicy_firewallRuleGroupPolicy' - The Identity and Access Management (Amazon Web Services IAM) policy to
+-- attach to the rule group.
+newPutFirewallRuleGroupPolicy ::
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'firewallRuleGroupPolicy'
+  Prelude.Text ->
+  PutFirewallRuleGroupPolicy
+newPutFirewallRuleGroupPolicy
+  pArn_
+  pFirewallRuleGroupPolicy_ =
+    PutFirewallRuleGroupPolicy'
+      { arn = pArn_,
+        firewallRuleGroupPolicy =
+          pFirewallRuleGroupPolicy_
+      }
+
+-- | The ARN (Amazon Resource Name) for the rule group that you want to
+-- share.
+putFirewallRuleGroupPolicy_arn :: Lens.Lens' PutFirewallRuleGroupPolicy Prelude.Text
+putFirewallRuleGroupPolicy_arn = Lens.lens (\PutFirewallRuleGroupPolicy' {arn} -> arn) (\s@PutFirewallRuleGroupPolicy' {} a -> s {arn = a} :: PutFirewallRuleGroupPolicy)
+
+-- | The Identity and Access Management (Amazon Web Services IAM) policy to
+-- attach to the rule group.
+putFirewallRuleGroupPolicy_firewallRuleGroupPolicy :: Lens.Lens' PutFirewallRuleGroupPolicy Prelude.Text
+putFirewallRuleGroupPolicy_firewallRuleGroupPolicy = Lens.lens (\PutFirewallRuleGroupPolicy' {firewallRuleGroupPolicy} -> firewallRuleGroupPolicy) (\s@PutFirewallRuleGroupPolicy' {} a -> s {firewallRuleGroupPolicy = a} :: PutFirewallRuleGroupPolicy)
+
+instance Core.AWSRequest PutFirewallRuleGroupPolicy where
+  type
+    AWSResponse PutFirewallRuleGroupPolicy =
+      PutFirewallRuleGroupPolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          PutFirewallRuleGroupPolicyResponse'
+            Prelude.<$> (x Data..?> "ReturnValue")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable PutFirewallRuleGroupPolicy where
+  hashWithSalt _salt PutFirewallRuleGroupPolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` firewallRuleGroupPolicy
+
+instance Prelude.NFData PutFirewallRuleGroupPolicy where
+  rnf PutFirewallRuleGroupPolicy' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf firewallRuleGroupPolicy
+
+instance Data.ToHeaders PutFirewallRuleGroupPolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.PutFirewallRuleGroupPolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON PutFirewallRuleGroupPolicy where
+  toJSON PutFirewallRuleGroupPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Arn" Data..= arn),
+            Prelude.Just
+              ( "FirewallRuleGroupPolicy"
+                  Data..= firewallRuleGroupPolicy
+              )
+          ]
+      )
+
+instance Data.ToPath PutFirewallRuleGroupPolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery PutFirewallRuleGroupPolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newPutFirewallRuleGroupPolicyResponse' smart constructor.
+data PutFirewallRuleGroupPolicyResponse = PutFirewallRuleGroupPolicyResponse'
+  { returnValue :: Prelude.Maybe Prelude.Bool,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutFirewallRuleGroupPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'returnValue', 'putFirewallRuleGroupPolicyResponse_returnValue' -
+--
+-- 'httpStatus', 'putFirewallRuleGroupPolicyResponse_httpStatus' - The response's http status code.
+newPutFirewallRuleGroupPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutFirewallRuleGroupPolicyResponse
+newPutFirewallRuleGroupPolicyResponse pHttpStatus_ =
+  PutFirewallRuleGroupPolicyResponse'
+    { returnValue =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+putFirewallRuleGroupPolicyResponse_returnValue :: Lens.Lens' PutFirewallRuleGroupPolicyResponse (Prelude.Maybe Prelude.Bool)
+putFirewallRuleGroupPolicyResponse_returnValue = Lens.lens (\PutFirewallRuleGroupPolicyResponse' {returnValue} -> returnValue) (\s@PutFirewallRuleGroupPolicyResponse' {} a -> s {returnValue = a} :: PutFirewallRuleGroupPolicyResponse)
+
+-- | The response's http status code.
+putFirewallRuleGroupPolicyResponse_httpStatus :: Lens.Lens' PutFirewallRuleGroupPolicyResponse Prelude.Int
+putFirewallRuleGroupPolicyResponse_httpStatus = Lens.lens (\PutFirewallRuleGroupPolicyResponse' {httpStatus} -> httpStatus) (\s@PutFirewallRuleGroupPolicyResponse' {} a -> s {httpStatus = a} :: PutFirewallRuleGroupPolicyResponse)
+
+instance
+  Prelude.NFData
+    PutFirewallRuleGroupPolicyResponse
+  where
+  rnf PutFirewallRuleGroupPolicyResponse' {..} =
+    Prelude.rnf returnValue
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/PutResolverQueryLogConfigPolicy.hs b/gen/Amazonka/Route53Resolver/PutResolverQueryLogConfigPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/PutResolverQueryLogConfigPolicy.hs
@@ -0,0 +1,268 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.PutResolverQueryLogConfigPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Specifies an Amazon Web Services account that you want to share a query
+-- logging configuration with, the query logging configuration that you
+-- want to share, and the operations that you want the account to be able
+-- to perform on the configuration.
+module Amazonka.Route53Resolver.PutResolverQueryLogConfigPolicy
+  ( -- * Creating a Request
+    PutResolverQueryLogConfigPolicy (..),
+    newPutResolverQueryLogConfigPolicy,
+
+    -- * Request Lenses
+    putResolverQueryLogConfigPolicy_arn,
+    putResolverQueryLogConfigPolicy_resolverQueryLogConfigPolicy,
+
+    -- * Destructuring the Response
+    PutResolverQueryLogConfigPolicyResponse (..),
+    newPutResolverQueryLogConfigPolicyResponse,
+
+    -- * Response Lenses
+    putResolverQueryLogConfigPolicyResponse_returnValue,
+    putResolverQueryLogConfigPolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newPutResolverQueryLogConfigPolicy' smart constructor.
+data PutResolverQueryLogConfigPolicy = PutResolverQueryLogConfigPolicy'
+  { -- | The Amazon Resource Name (ARN) of the account that you want to share
+    -- rules with.
+    arn :: Prelude.Text,
+    -- | An Identity and Access Management policy statement that lists the query
+    -- logging configurations that you want to share with another Amazon Web
+    -- Services account and the operations that you want the account to be able
+    -- to perform. You can specify the following operations in the @Actions@
+    -- section of the statement:
+    --
+    -- -   @route53resolver:AssociateResolverQueryLogConfig@
+    --
+    -- -   @route53resolver:DisassociateResolverQueryLogConfig@
+    --
+    -- -   @route53resolver:ListResolverQueryLogConfigAssociations@
+    --
+    -- -   @route53resolver:ListResolverQueryLogConfigs@
+    --
+    -- In the @Resource@ section of the statement, you specify the ARNs for the
+    -- query logging configurations that you want to share with the account
+    -- that you specified in @Arn@.
+    resolverQueryLogConfigPolicy :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutResolverQueryLogConfigPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'putResolverQueryLogConfigPolicy_arn' - The Amazon Resource Name (ARN) of the account that you want to share
+-- rules with.
+--
+-- 'resolverQueryLogConfigPolicy', 'putResolverQueryLogConfigPolicy_resolverQueryLogConfigPolicy' - An Identity and Access Management policy statement that lists the query
+-- logging configurations that you want to share with another Amazon Web
+-- Services account and the operations that you want the account to be able
+-- to perform. You can specify the following operations in the @Actions@
+-- section of the statement:
+--
+-- -   @route53resolver:AssociateResolverQueryLogConfig@
+--
+-- -   @route53resolver:DisassociateResolverQueryLogConfig@
+--
+-- -   @route53resolver:ListResolverQueryLogConfigAssociations@
+--
+-- -   @route53resolver:ListResolverQueryLogConfigs@
+--
+-- In the @Resource@ section of the statement, you specify the ARNs for the
+-- query logging configurations that you want to share with the account
+-- that you specified in @Arn@.
+newPutResolverQueryLogConfigPolicy ::
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'resolverQueryLogConfigPolicy'
+  Prelude.Text ->
+  PutResolverQueryLogConfigPolicy
+newPutResolverQueryLogConfigPolicy
+  pArn_
+  pResolverQueryLogConfigPolicy_ =
+    PutResolverQueryLogConfigPolicy'
+      { arn = pArn_,
+        resolverQueryLogConfigPolicy =
+          pResolverQueryLogConfigPolicy_
+      }
+
+-- | The Amazon Resource Name (ARN) of the account that you want to share
+-- rules with.
+putResolverQueryLogConfigPolicy_arn :: Lens.Lens' PutResolverQueryLogConfigPolicy Prelude.Text
+putResolverQueryLogConfigPolicy_arn = Lens.lens (\PutResolverQueryLogConfigPolicy' {arn} -> arn) (\s@PutResolverQueryLogConfigPolicy' {} a -> s {arn = a} :: PutResolverQueryLogConfigPolicy)
+
+-- | An Identity and Access Management policy statement that lists the query
+-- logging configurations that you want to share with another Amazon Web
+-- Services account and the operations that you want the account to be able
+-- to perform. You can specify the following operations in the @Actions@
+-- section of the statement:
+--
+-- -   @route53resolver:AssociateResolverQueryLogConfig@
+--
+-- -   @route53resolver:DisassociateResolverQueryLogConfig@
+--
+-- -   @route53resolver:ListResolverQueryLogConfigAssociations@
+--
+-- -   @route53resolver:ListResolverQueryLogConfigs@
+--
+-- In the @Resource@ section of the statement, you specify the ARNs for the
+-- query logging configurations that you want to share with the account
+-- that you specified in @Arn@.
+putResolverQueryLogConfigPolicy_resolverQueryLogConfigPolicy :: Lens.Lens' PutResolverQueryLogConfigPolicy Prelude.Text
+putResolverQueryLogConfigPolicy_resolverQueryLogConfigPolicy = Lens.lens (\PutResolverQueryLogConfigPolicy' {resolverQueryLogConfigPolicy} -> resolverQueryLogConfigPolicy) (\s@PutResolverQueryLogConfigPolicy' {} a -> s {resolverQueryLogConfigPolicy = a} :: PutResolverQueryLogConfigPolicy)
+
+instance
+  Core.AWSRequest
+    PutResolverQueryLogConfigPolicy
+  where
+  type
+    AWSResponse PutResolverQueryLogConfigPolicy =
+      PutResolverQueryLogConfigPolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          PutResolverQueryLogConfigPolicyResponse'
+            Prelude.<$> (x Data..?> "ReturnValue")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    PutResolverQueryLogConfigPolicy
+  where
+  hashWithSalt
+    _salt
+    PutResolverQueryLogConfigPolicy' {..} =
+      _salt
+        `Prelude.hashWithSalt` arn
+        `Prelude.hashWithSalt` resolverQueryLogConfigPolicy
+
+instance
+  Prelude.NFData
+    PutResolverQueryLogConfigPolicy
+  where
+  rnf PutResolverQueryLogConfigPolicy' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf resolverQueryLogConfigPolicy
+
+instance
+  Data.ToHeaders
+    PutResolverQueryLogConfigPolicy
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.PutResolverQueryLogConfigPolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON PutResolverQueryLogConfigPolicy where
+  toJSON PutResolverQueryLogConfigPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Arn" Data..= arn),
+            Prelude.Just
+              ( "ResolverQueryLogConfigPolicy"
+                  Data..= resolverQueryLogConfigPolicy
+              )
+          ]
+      )
+
+instance Data.ToPath PutResolverQueryLogConfigPolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery PutResolverQueryLogConfigPolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to a @PutResolverQueryLogConfigPolicy@ request.
+--
+-- /See:/ 'newPutResolverQueryLogConfigPolicyResponse' smart constructor.
+data PutResolverQueryLogConfigPolicyResponse = PutResolverQueryLogConfigPolicyResponse'
+  { -- | Whether the @PutResolverQueryLogConfigPolicy@ request was successful.
+    returnValue :: Prelude.Maybe Prelude.Bool,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutResolverQueryLogConfigPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'returnValue', 'putResolverQueryLogConfigPolicyResponse_returnValue' - Whether the @PutResolverQueryLogConfigPolicy@ request was successful.
+--
+-- 'httpStatus', 'putResolverQueryLogConfigPolicyResponse_httpStatus' - The response's http status code.
+newPutResolverQueryLogConfigPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutResolverQueryLogConfigPolicyResponse
+newPutResolverQueryLogConfigPolicyResponse
+  pHttpStatus_ =
+    PutResolverQueryLogConfigPolicyResponse'
+      { returnValue =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | Whether the @PutResolverQueryLogConfigPolicy@ request was successful.
+putResolverQueryLogConfigPolicyResponse_returnValue :: Lens.Lens' PutResolverQueryLogConfigPolicyResponse (Prelude.Maybe Prelude.Bool)
+putResolverQueryLogConfigPolicyResponse_returnValue = Lens.lens (\PutResolverQueryLogConfigPolicyResponse' {returnValue} -> returnValue) (\s@PutResolverQueryLogConfigPolicyResponse' {} a -> s {returnValue = a} :: PutResolverQueryLogConfigPolicyResponse)
+
+-- | The response's http status code.
+putResolverQueryLogConfigPolicyResponse_httpStatus :: Lens.Lens' PutResolverQueryLogConfigPolicyResponse Prelude.Int
+putResolverQueryLogConfigPolicyResponse_httpStatus = Lens.lens (\PutResolverQueryLogConfigPolicyResponse' {httpStatus} -> httpStatus) (\s@PutResolverQueryLogConfigPolicyResponse' {} a -> s {httpStatus = a} :: PutResolverQueryLogConfigPolicyResponse)
+
+instance
+  Prelude.NFData
+    PutResolverQueryLogConfigPolicyResponse
+  where
+  rnf PutResolverQueryLogConfigPolicyResponse' {..} =
+    Prelude.rnf returnValue
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/PutResolverRulePolicy.hs b/gen/Amazonka/Route53Resolver/PutResolverRulePolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/PutResolverRulePolicy.hs
@@ -0,0 +1,251 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.PutResolverRulePolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Specifies an Amazon Web Services rule that you want to share with
+-- another account, the account that you want to share the rule with, and
+-- the operations that you want the account to be able to perform on the
+-- rule.
+module Amazonka.Route53Resolver.PutResolverRulePolicy
+  ( -- * Creating a Request
+    PutResolverRulePolicy (..),
+    newPutResolverRulePolicy,
+
+    -- * Request Lenses
+    putResolverRulePolicy_arn,
+    putResolverRulePolicy_resolverRulePolicy,
+
+    -- * Destructuring the Response
+    PutResolverRulePolicyResponse (..),
+    newPutResolverRulePolicyResponse,
+
+    -- * Response Lenses
+    putResolverRulePolicyResponse_returnValue,
+    putResolverRulePolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newPutResolverRulePolicy' smart constructor.
+data PutResolverRulePolicy = PutResolverRulePolicy'
+  { -- | The Amazon Resource Name (ARN) of the rule that you want to share with
+    -- another account.
+    arn :: Prelude.Text,
+    -- | An Identity and Access Management policy statement that lists the rules
+    -- that you want to share with another Amazon Web Services account and the
+    -- operations that you want the account to be able to perform. You can
+    -- specify the following operations in the @Action@ section of the
+    -- statement:
+    --
+    -- -   @route53resolver:GetResolverRule@
+    --
+    -- -   @route53resolver:AssociateResolverRule@
+    --
+    -- -   @route53resolver:DisassociateResolverRule@
+    --
+    -- -   @route53resolver:ListResolverRules@
+    --
+    -- -   @route53resolver:ListResolverRuleAssociations@
+    --
+    -- In the @Resource@ section of the statement, specify the ARN for the rule
+    -- that you want to share with another account. Specify the same ARN that
+    -- you specified in @Arn@.
+    resolverRulePolicy :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutResolverRulePolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'putResolverRulePolicy_arn' - The Amazon Resource Name (ARN) of the rule that you want to share with
+-- another account.
+--
+-- 'resolverRulePolicy', 'putResolverRulePolicy_resolverRulePolicy' - An Identity and Access Management policy statement that lists the rules
+-- that you want to share with another Amazon Web Services account and the
+-- operations that you want the account to be able to perform. You can
+-- specify the following operations in the @Action@ section of the
+-- statement:
+--
+-- -   @route53resolver:GetResolverRule@
+--
+-- -   @route53resolver:AssociateResolverRule@
+--
+-- -   @route53resolver:DisassociateResolverRule@
+--
+-- -   @route53resolver:ListResolverRules@
+--
+-- -   @route53resolver:ListResolverRuleAssociations@
+--
+-- In the @Resource@ section of the statement, specify the ARN for the rule
+-- that you want to share with another account. Specify the same ARN that
+-- you specified in @Arn@.
+newPutResolverRulePolicy ::
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'resolverRulePolicy'
+  Prelude.Text ->
+  PutResolverRulePolicy
+newPutResolverRulePolicy pArn_ pResolverRulePolicy_ =
+  PutResolverRulePolicy'
+    { arn = pArn_,
+      resolverRulePolicy = pResolverRulePolicy_
+    }
+
+-- | The Amazon Resource Name (ARN) of the rule that you want to share with
+-- another account.
+putResolverRulePolicy_arn :: Lens.Lens' PutResolverRulePolicy Prelude.Text
+putResolverRulePolicy_arn = Lens.lens (\PutResolverRulePolicy' {arn} -> arn) (\s@PutResolverRulePolicy' {} a -> s {arn = a} :: PutResolverRulePolicy)
+
+-- | An Identity and Access Management policy statement that lists the rules
+-- that you want to share with another Amazon Web Services account and the
+-- operations that you want the account to be able to perform. You can
+-- specify the following operations in the @Action@ section of the
+-- statement:
+--
+-- -   @route53resolver:GetResolverRule@
+--
+-- -   @route53resolver:AssociateResolverRule@
+--
+-- -   @route53resolver:DisassociateResolverRule@
+--
+-- -   @route53resolver:ListResolverRules@
+--
+-- -   @route53resolver:ListResolverRuleAssociations@
+--
+-- In the @Resource@ section of the statement, specify the ARN for the rule
+-- that you want to share with another account. Specify the same ARN that
+-- you specified in @Arn@.
+putResolverRulePolicy_resolverRulePolicy :: Lens.Lens' PutResolverRulePolicy Prelude.Text
+putResolverRulePolicy_resolverRulePolicy = Lens.lens (\PutResolverRulePolicy' {resolverRulePolicy} -> resolverRulePolicy) (\s@PutResolverRulePolicy' {} a -> s {resolverRulePolicy = a} :: PutResolverRulePolicy)
+
+instance Core.AWSRequest PutResolverRulePolicy where
+  type
+    AWSResponse PutResolverRulePolicy =
+      PutResolverRulePolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          PutResolverRulePolicyResponse'
+            Prelude.<$> (x Data..?> "ReturnValue")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable PutResolverRulePolicy where
+  hashWithSalt _salt PutResolverRulePolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` resolverRulePolicy
+
+instance Prelude.NFData PutResolverRulePolicy where
+  rnf PutResolverRulePolicy' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf resolverRulePolicy
+
+instance Data.ToHeaders PutResolverRulePolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.PutResolverRulePolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON PutResolverRulePolicy where
+  toJSON PutResolverRulePolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Arn" Data..= arn),
+            Prelude.Just
+              ("ResolverRulePolicy" Data..= resolverRulePolicy)
+          ]
+      )
+
+instance Data.ToPath PutResolverRulePolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery PutResolverRulePolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | The response to a @PutResolverRulePolicy@ request.
+--
+-- /See:/ 'newPutResolverRulePolicyResponse' smart constructor.
+data PutResolverRulePolicyResponse = PutResolverRulePolicyResponse'
+  { -- | Whether the @PutResolverRulePolicy@ request was successful.
+    returnValue :: Prelude.Maybe Prelude.Bool,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutResolverRulePolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'returnValue', 'putResolverRulePolicyResponse_returnValue' - Whether the @PutResolverRulePolicy@ request was successful.
+--
+-- 'httpStatus', 'putResolverRulePolicyResponse_httpStatus' - The response's http status code.
+newPutResolverRulePolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutResolverRulePolicyResponse
+newPutResolverRulePolicyResponse pHttpStatus_ =
+  PutResolverRulePolicyResponse'
+    { returnValue =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Whether the @PutResolverRulePolicy@ request was successful.
+putResolverRulePolicyResponse_returnValue :: Lens.Lens' PutResolverRulePolicyResponse (Prelude.Maybe Prelude.Bool)
+putResolverRulePolicyResponse_returnValue = Lens.lens (\PutResolverRulePolicyResponse' {returnValue} -> returnValue) (\s@PutResolverRulePolicyResponse' {} a -> s {returnValue = a} :: PutResolverRulePolicyResponse)
+
+-- | The response's http status code.
+putResolverRulePolicyResponse_httpStatus :: Lens.Lens' PutResolverRulePolicyResponse Prelude.Int
+putResolverRulePolicyResponse_httpStatus = Lens.lens (\PutResolverRulePolicyResponse' {httpStatus} -> httpStatus) (\s@PutResolverRulePolicyResponse' {} a -> s {httpStatus = a} :: PutResolverRulePolicyResponse)
+
+instance Prelude.NFData PutResolverRulePolicyResponse where
+  rnf PutResolverRulePolicyResponse' {..} =
+    Prelude.rnf returnValue
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/TagResource.hs b/gen/Amazonka/Route53Resolver/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/TagResource.hs
@@ -0,0 +1,210 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds one or more tags to a specified resource.
+module Amazonka.Route53Resolver.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceArn,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The Amazon Resource Name (ARN) for the resource that you want to add
+    -- tags to. To get the ARN for a resource, use the applicable @Get@ or
+    -- @List@ command:
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html GetResolverRule>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRuleAssociation.html GetResolverRuleAssociation>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>
+    resourceArn :: Prelude.Text,
+    -- | The tags that you want to add to the specified resource.
+    tags :: [Tag]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'tagResource_resourceArn' - The Amazon Resource Name (ARN) for the resource that you want to add
+-- tags to. To get the ARN for a resource, use the applicable @Get@ or
+-- @List@ command:
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html GetResolverRule>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRuleAssociation.html GetResolverRuleAssociation>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>
+--
+-- 'tags', 'tagResource_tags' - The tags that you want to add to the specified resource.
+newTagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  TagResource
+newTagResource pResourceArn_ =
+  TagResource'
+    { resourceArn = pResourceArn_,
+      tags = Prelude.mempty
+    }
+
+-- | The Amazon Resource Name (ARN) for the resource that you want to add
+-- tags to. To get the ARN for a resource, use the applicable @Get@ or
+-- @List@ command:
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html GetResolverRule>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRuleAssociation.html GetResolverRuleAssociation>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>
+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)
+
+-- | The tags that you want to add to the specified resource.
+tagResource_tags :: Lens.Lens' TagResource [Tag]
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.TagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just ("Tags" Data..= tags)
+          ]
+      )
+
+instance Data.ToPath TagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/Types.hs b/gen/Amazonka/Route53Resolver/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types.hs
@@ -0,0 +1,569 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _ConflictException,
+    _InternalServiceErrorException,
+    _InvalidNextTokenException,
+    _InvalidParameterException,
+    _InvalidPolicyDocument,
+    _InvalidRequestException,
+    _InvalidTagException,
+    _LimitExceededException,
+    _ResourceExistsException,
+    _ResourceInUseException,
+    _ResourceNotFoundException,
+    _ResourceUnavailableException,
+    _ThrottlingException,
+    _UnknownResourceException,
+    _ValidationException,
+
+    -- * Action
+    Action (..),
+
+    -- * AutodefinedReverseFlag
+    AutodefinedReverseFlag (..),
+
+    -- * BlockOverrideDnsType
+    BlockOverrideDnsType (..),
+
+    -- * BlockResponse
+    BlockResponse (..),
+
+    -- * FirewallDomainImportOperation
+    FirewallDomainImportOperation (..),
+
+    -- * FirewallDomainListStatus
+    FirewallDomainListStatus (..),
+
+    -- * FirewallDomainUpdateOperation
+    FirewallDomainUpdateOperation (..),
+
+    -- * FirewallFailOpenStatus
+    FirewallFailOpenStatus (..),
+
+    -- * FirewallRuleGroupAssociationStatus
+    FirewallRuleGroupAssociationStatus (..),
+
+    -- * FirewallRuleGroupStatus
+    FirewallRuleGroupStatus (..),
+
+    -- * IpAddressStatus
+    IpAddressStatus (..),
+
+    -- * MutationProtectionStatus
+    MutationProtectionStatus (..),
+
+    -- * ResolverAutodefinedReverseStatus
+    ResolverAutodefinedReverseStatus (..),
+
+    -- * ResolverDNSSECValidationStatus
+    ResolverDNSSECValidationStatus (..),
+
+    -- * ResolverEndpointDirection
+    ResolverEndpointDirection (..),
+
+    -- * ResolverEndpointStatus
+    ResolverEndpointStatus (..),
+
+    -- * ResolverQueryLogConfigAssociationError
+    ResolverQueryLogConfigAssociationError (..),
+
+    -- * ResolverQueryLogConfigAssociationStatus
+    ResolverQueryLogConfigAssociationStatus (..),
+
+    -- * ResolverQueryLogConfigStatus
+    ResolverQueryLogConfigStatus (..),
+
+    -- * ResolverRuleAssociationStatus
+    ResolverRuleAssociationStatus (..),
+
+    -- * ResolverRuleStatus
+    ResolverRuleStatus (..),
+
+    -- * RuleTypeOption
+    RuleTypeOption (..),
+
+    -- * ShareStatus
+    ShareStatus (..),
+
+    -- * SortOrder
+    SortOrder (..),
+
+    -- * Validation
+    Validation (..),
+
+    -- * Filter
+    Filter (..),
+    newFilter,
+    filter_name,
+    filter_values,
+
+    -- * FirewallConfig
+    FirewallConfig (..),
+    newFirewallConfig,
+    firewallConfig_firewallFailOpen,
+    firewallConfig_id,
+    firewallConfig_ownerId,
+    firewallConfig_resourceId,
+
+    -- * FirewallDomainList
+    FirewallDomainList (..),
+    newFirewallDomainList,
+    firewallDomainList_arn,
+    firewallDomainList_creationTime,
+    firewallDomainList_creatorRequestId,
+    firewallDomainList_domainCount,
+    firewallDomainList_id,
+    firewallDomainList_managedOwnerName,
+    firewallDomainList_modificationTime,
+    firewallDomainList_name,
+    firewallDomainList_status,
+    firewallDomainList_statusMessage,
+
+    -- * FirewallDomainListMetadata
+    FirewallDomainListMetadata (..),
+    newFirewallDomainListMetadata,
+    firewallDomainListMetadata_arn,
+    firewallDomainListMetadata_creatorRequestId,
+    firewallDomainListMetadata_id,
+    firewallDomainListMetadata_managedOwnerName,
+    firewallDomainListMetadata_name,
+
+    -- * FirewallRule
+    FirewallRule (..),
+    newFirewallRule,
+    firewallRule_action,
+    firewallRule_blockOverrideDnsType,
+    firewallRule_blockOverrideDomain,
+    firewallRule_blockOverrideTtl,
+    firewallRule_blockResponse,
+    firewallRule_creationTime,
+    firewallRule_creatorRequestId,
+    firewallRule_firewallDomainListId,
+    firewallRule_firewallRuleGroupId,
+    firewallRule_modificationTime,
+    firewallRule_name,
+    firewallRule_priority,
+
+    -- * FirewallRuleGroup
+    FirewallRuleGroup (..),
+    newFirewallRuleGroup,
+    firewallRuleGroup_arn,
+    firewallRuleGroup_creationTime,
+    firewallRuleGroup_creatorRequestId,
+    firewallRuleGroup_id,
+    firewallRuleGroup_modificationTime,
+    firewallRuleGroup_name,
+    firewallRuleGroup_ownerId,
+    firewallRuleGroup_ruleCount,
+    firewallRuleGroup_shareStatus,
+    firewallRuleGroup_status,
+    firewallRuleGroup_statusMessage,
+
+    -- * FirewallRuleGroupAssociation
+    FirewallRuleGroupAssociation (..),
+    newFirewallRuleGroupAssociation,
+    firewallRuleGroupAssociation_arn,
+    firewallRuleGroupAssociation_creationTime,
+    firewallRuleGroupAssociation_creatorRequestId,
+    firewallRuleGroupAssociation_firewallRuleGroupId,
+    firewallRuleGroupAssociation_id,
+    firewallRuleGroupAssociation_managedOwnerName,
+    firewallRuleGroupAssociation_modificationTime,
+    firewallRuleGroupAssociation_mutationProtection,
+    firewallRuleGroupAssociation_name,
+    firewallRuleGroupAssociation_priority,
+    firewallRuleGroupAssociation_status,
+    firewallRuleGroupAssociation_statusMessage,
+    firewallRuleGroupAssociation_vpcId,
+
+    -- * FirewallRuleGroupMetadata
+    FirewallRuleGroupMetadata (..),
+    newFirewallRuleGroupMetadata,
+    firewallRuleGroupMetadata_arn,
+    firewallRuleGroupMetadata_creatorRequestId,
+    firewallRuleGroupMetadata_id,
+    firewallRuleGroupMetadata_name,
+    firewallRuleGroupMetadata_ownerId,
+    firewallRuleGroupMetadata_shareStatus,
+
+    -- * IpAddressRequest
+    IpAddressRequest (..),
+    newIpAddressRequest,
+    ipAddressRequest_ip,
+    ipAddressRequest_subnetId,
+
+    -- * IpAddressResponse
+    IpAddressResponse (..),
+    newIpAddressResponse,
+    ipAddressResponse_creationTime,
+    ipAddressResponse_ip,
+    ipAddressResponse_ipId,
+    ipAddressResponse_modificationTime,
+    ipAddressResponse_status,
+    ipAddressResponse_statusMessage,
+    ipAddressResponse_subnetId,
+
+    -- * IpAddressUpdate
+    IpAddressUpdate (..),
+    newIpAddressUpdate,
+    ipAddressUpdate_ip,
+    ipAddressUpdate_ipId,
+    ipAddressUpdate_subnetId,
+
+    -- * ResolverConfig
+    ResolverConfig (..),
+    newResolverConfig,
+    resolverConfig_autodefinedReverse,
+    resolverConfig_id,
+    resolverConfig_ownerId,
+    resolverConfig_resourceId,
+
+    -- * ResolverDnssecConfig
+    ResolverDnssecConfig (..),
+    newResolverDnssecConfig,
+    resolverDnssecConfig_id,
+    resolverDnssecConfig_ownerId,
+    resolverDnssecConfig_resourceId,
+    resolverDnssecConfig_validationStatus,
+
+    -- * ResolverEndpoint
+    ResolverEndpoint (..),
+    newResolverEndpoint,
+    resolverEndpoint_arn,
+    resolverEndpoint_creationTime,
+    resolverEndpoint_creatorRequestId,
+    resolverEndpoint_direction,
+    resolverEndpoint_hostVPCId,
+    resolverEndpoint_id,
+    resolverEndpoint_ipAddressCount,
+    resolverEndpoint_modificationTime,
+    resolverEndpoint_name,
+    resolverEndpoint_securityGroupIds,
+    resolverEndpoint_status,
+    resolverEndpoint_statusMessage,
+
+    -- * ResolverQueryLogConfig
+    ResolverQueryLogConfig (..),
+    newResolverQueryLogConfig,
+    resolverQueryLogConfig_arn,
+    resolverQueryLogConfig_associationCount,
+    resolverQueryLogConfig_creationTime,
+    resolverQueryLogConfig_creatorRequestId,
+    resolverQueryLogConfig_destinationArn,
+    resolverQueryLogConfig_id,
+    resolverQueryLogConfig_name,
+    resolverQueryLogConfig_ownerId,
+    resolverQueryLogConfig_shareStatus,
+    resolverQueryLogConfig_status,
+
+    -- * ResolverQueryLogConfigAssociation
+    ResolverQueryLogConfigAssociation (..),
+    newResolverQueryLogConfigAssociation,
+    resolverQueryLogConfigAssociation_creationTime,
+    resolverQueryLogConfigAssociation_error,
+    resolverQueryLogConfigAssociation_errorMessage,
+    resolverQueryLogConfigAssociation_id,
+    resolverQueryLogConfigAssociation_resolverQueryLogConfigId,
+    resolverQueryLogConfigAssociation_resourceId,
+    resolverQueryLogConfigAssociation_status,
+
+    -- * ResolverRule
+    ResolverRule (..),
+    newResolverRule,
+    resolverRule_arn,
+    resolverRule_creationTime,
+    resolverRule_creatorRequestId,
+    resolverRule_domainName,
+    resolverRule_id,
+    resolverRule_modificationTime,
+    resolverRule_name,
+    resolverRule_ownerId,
+    resolverRule_resolverEndpointId,
+    resolverRule_ruleType,
+    resolverRule_shareStatus,
+    resolverRule_status,
+    resolverRule_statusMessage,
+    resolverRule_targetIps,
+
+    -- * ResolverRuleAssociation
+    ResolverRuleAssociation (..),
+    newResolverRuleAssociation,
+    resolverRuleAssociation_id,
+    resolverRuleAssociation_name,
+    resolverRuleAssociation_resolverRuleId,
+    resolverRuleAssociation_status,
+    resolverRuleAssociation_statusMessage,
+    resolverRuleAssociation_vPCId,
+
+    -- * ResolverRuleConfig
+    ResolverRuleConfig (..),
+    newResolverRuleConfig,
+    resolverRuleConfig_name,
+    resolverRuleConfig_resolverEndpointId,
+    resolverRuleConfig_targetIps,
+
+    -- * Tag
+    Tag (..),
+    newTag,
+    tag_key,
+    tag_value,
+
+    -- * TargetAddress
+    TargetAddress (..),
+    newTargetAddress,
+    targetAddress_port,
+    targetAddress_ip,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.Action
+import Amazonka.Route53Resolver.Types.AutodefinedReverseFlag
+import Amazonka.Route53Resolver.Types.BlockOverrideDnsType
+import Amazonka.Route53Resolver.Types.BlockResponse
+import Amazonka.Route53Resolver.Types.Filter
+import Amazonka.Route53Resolver.Types.FirewallConfig
+import Amazonka.Route53Resolver.Types.FirewallDomainImportOperation
+import Amazonka.Route53Resolver.Types.FirewallDomainList
+import Amazonka.Route53Resolver.Types.FirewallDomainListMetadata
+import Amazonka.Route53Resolver.Types.FirewallDomainListStatus
+import Amazonka.Route53Resolver.Types.FirewallDomainUpdateOperation
+import Amazonka.Route53Resolver.Types.FirewallFailOpenStatus
+import Amazonka.Route53Resolver.Types.FirewallRule
+import Amazonka.Route53Resolver.Types.FirewallRuleGroup
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociation
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociationStatus
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupMetadata
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupStatus
+import Amazonka.Route53Resolver.Types.IpAddressRequest
+import Amazonka.Route53Resolver.Types.IpAddressResponse
+import Amazonka.Route53Resolver.Types.IpAddressStatus
+import Amazonka.Route53Resolver.Types.IpAddressUpdate
+import Amazonka.Route53Resolver.Types.MutationProtectionStatus
+import Amazonka.Route53Resolver.Types.ResolverAutodefinedReverseStatus
+import Amazonka.Route53Resolver.Types.ResolverConfig
+import Amazonka.Route53Resolver.Types.ResolverDNSSECValidationStatus
+import Amazonka.Route53Resolver.Types.ResolverDnssecConfig
+import Amazonka.Route53Resolver.Types.ResolverEndpoint
+import Amazonka.Route53Resolver.Types.ResolverEndpointDirection
+import Amazonka.Route53Resolver.Types.ResolverEndpointStatus
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfig
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociation
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationError
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationStatus
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigStatus
+import Amazonka.Route53Resolver.Types.ResolverRule
+import Amazonka.Route53Resolver.Types.ResolverRuleAssociation
+import Amazonka.Route53Resolver.Types.ResolverRuleAssociationStatus
+import Amazonka.Route53Resolver.Types.ResolverRuleConfig
+import Amazonka.Route53Resolver.Types.ResolverRuleStatus
+import Amazonka.Route53Resolver.Types.RuleTypeOption
+import Amazonka.Route53Resolver.Types.ShareStatus
+import Amazonka.Route53Resolver.Types.SortOrder
+import Amazonka.Route53Resolver.Types.Tag
+import Amazonka.Route53Resolver.Types.TargetAddress
+import Amazonka.Route53Resolver.Types.Validation
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2018-04-01@ of the Amazon Route 53 Resolver SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "Route53Resolver",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "route53resolver",
+      Core.signingName = "route53resolver",
+      Core.version = "2018-04-01",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "Route53Resolver",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | The current account doesn\'t have the IAM permissions required to
+-- perform the specified Resolver operation.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+
+_ConflictException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ConflictException =
+  Core._MatchServiceError
+    defaultService
+    "ConflictException"
+
+-- | We encountered an unknown error. Try again in a few minutes.
+_InternalServiceErrorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalServiceErrorException =
+  Core._MatchServiceError
+    defaultService
+    "InternalServiceErrorException"
+
+-- | The value that you specified for @NextToken@ in a @List@ request isn\'t
+-- valid.
+_InvalidNextTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidNextTokenException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidNextTokenException"
+
+-- | One or more parameters in this request are not valid.
+_InvalidParameterException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidParameterException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidParameterException"
+
+-- | The specified Resolver rule policy is invalid.
+_InvalidPolicyDocument :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidPolicyDocument =
+  Core._MatchServiceError
+    defaultService
+    "InvalidPolicyDocument"
+
+-- | The request is invalid.
+_InvalidRequestException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidRequestException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidRequestException"
+
+-- | The specified tag is invalid.
+_InvalidTagException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidTagException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidTagException"
+
+-- | The request caused one or more limits to be exceeded.
+_LimitExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_LimitExceededException =
+  Core._MatchServiceError
+    defaultService
+    "LimitExceededException"
+
+-- | The resource that you tried to create already exists.
+_ResourceExistsException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceExistsException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceExistsException"
+
+-- | The resource that you tried to update or delete is currently in use.
+_ResourceInUseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceInUseException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceInUseException"
+
+-- | The specified resource doesn\'t exist.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
+
+-- | The specified resource isn\'t available.
+_ResourceUnavailableException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceUnavailableException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceUnavailableException"
+
+-- | The request was throttled. Try again in a few minutes.
+_ThrottlingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ThrottlingException =
+  Core._MatchServiceError
+    defaultService
+    "ThrottlingException"
+
+-- | The specified resource doesn\'t exist.
+_UnknownResourceException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_UnknownResourceException =
+  Core._MatchServiceError
+    defaultService
+    "UnknownResourceException"
+
+_ValidationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ValidationException =
+  Core._MatchServiceError
+    defaultService
+    "ValidationException"
diff --git a/gen/Amazonka/Route53Resolver/Types/Action.hs b/gen/Amazonka/Route53Resolver/Types/Action.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/Action.hs
@@ -0,0 +1,73 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.Action
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.Action
+  ( Action
+      ( ..,
+        Action_ALERT,
+        Action_ALLOW,
+        Action_BLOCK
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Action = Action' {fromAction :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Action_ALERT :: Action
+pattern Action_ALERT = Action' "ALERT"
+
+pattern Action_ALLOW :: Action
+pattern Action_ALLOW = Action' "ALLOW"
+
+pattern Action_BLOCK :: Action
+pattern Action_BLOCK = Action' "BLOCK"
+
+{-# COMPLETE
+  Action_ALERT,
+  Action_ALLOW,
+  Action_BLOCK,
+  Action'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/AutodefinedReverseFlag.hs b/gen/Amazonka/Route53Resolver/Types/AutodefinedReverseFlag.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/AutodefinedReverseFlag.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.AutodefinedReverseFlag
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.AutodefinedReverseFlag
+  ( AutodefinedReverseFlag
+      ( ..,
+        AutodefinedReverseFlag_DISABLE,
+        AutodefinedReverseFlag_ENABLE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AutodefinedReverseFlag = AutodefinedReverseFlag'
+  { fromAutodefinedReverseFlag ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AutodefinedReverseFlag_DISABLE :: AutodefinedReverseFlag
+pattern AutodefinedReverseFlag_DISABLE = AutodefinedReverseFlag' "DISABLE"
+
+pattern AutodefinedReverseFlag_ENABLE :: AutodefinedReverseFlag
+pattern AutodefinedReverseFlag_ENABLE = AutodefinedReverseFlag' "ENABLE"
+
+{-# COMPLETE
+  AutodefinedReverseFlag_DISABLE,
+  AutodefinedReverseFlag_ENABLE,
+  AutodefinedReverseFlag'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/BlockOverrideDnsType.hs b/gen/Amazonka/Route53Resolver/Types/BlockOverrideDnsType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/BlockOverrideDnsType.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.BlockOverrideDnsType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.BlockOverrideDnsType
+  ( BlockOverrideDnsType
+      ( ..,
+        BlockOverrideDnsType_CNAME
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype BlockOverrideDnsType = BlockOverrideDnsType'
+  { fromBlockOverrideDnsType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern BlockOverrideDnsType_CNAME :: BlockOverrideDnsType
+pattern BlockOverrideDnsType_CNAME = BlockOverrideDnsType' "CNAME"
+
+{-# COMPLETE
+  BlockOverrideDnsType_CNAME,
+  BlockOverrideDnsType'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/BlockResponse.hs b/gen/Amazonka/Route53Resolver/Types/BlockResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/BlockResponse.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.BlockResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.BlockResponse
+  ( BlockResponse
+      ( ..,
+        BlockResponse_NODATA,
+        BlockResponse_NXDOMAIN,
+        BlockResponse_OVERRIDE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype BlockResponse = BlockResponse'
+  { fromBlockResponse ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern BlockResponse_NODATA :: BlockResponse
+pattern BlockResponse_NODATA = BlockResponse' "NODATA"
+
+pattern BlockResponse_NXDOMAIN :: BlockResponse
+pattern BlockResponse_NXDOMAIN = BlockResponse' "NXDOMAIN"
+
+pattern BlockResponse_OVERRIDE :: BlockResponse
+pattern BlockResponse_OVERRIDE = BlockResponse' "OVERRIDE"
+
+{-# COMPLETE
+  BlockResponse_NODATA,
+  BlockResponse_NXDOMAIN,
+  BlockResponse_OVERRIDE,
+  BlockResponse'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/Filter.hs b/gen/Amazonka/Route53Resolver/Types/Filter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/Filter.hs
@@ -0,0 +1,617 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.Filter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.Filter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | For Resolver list operations
+-- (<https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html ListResolverQueryLogConfigs>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html ListResolverQueryLogConfigAssociations>),
+-- and
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverDnssecConfigs.html ListResolverDnssecConfigs>),
+-- an optional specification to return a subset of objects.
+--
+-- To filter objects, such as Resolver endpoints or Resolver rules, you
+-- specify @Name@ and @Values@. For example, to list only inbound Resolver
+-- endpoints, specify @Direction@ for @Name@ and specify @INBOUND@ for
+-- @Values@.
+--
+-- /See:/ 'newFilter' smart constructor.
+data Filter = Filter'
+  { -- | The name of the parameter that you want to use to filter objects.
+    --
+    -- The valid values for @Name@ depend on the action that you\'re including
+    -- the filter in,
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>,
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>,
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>,
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html ListResolverQueryLogConfigs>,
+    -- or
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html ListResolverQueryLogConfigAssociations>.
+    --
+    -- In early versions of Resolver, values for @Name@ were listed as
+    -- uppercase, with underscore (_) delimiters. For example,
+    -- @CreatorRequestId@ was originally listed as @CREATOR_REQUEST_ID@.
+    -- Uppercase values for @Name@ are still supported.
+    --
+    -- __ListResolverEndpoints__
+    --
+    -- Valid values for @Name@ include the following:
+    --
+    -- -   @CreatorRequestId@: The value that you specified when you created
+    --     the Resolver endpoint.
+    --
+    -- -   @Direction@: Whether you want to return inbound or outbound Resolver
+    --     endpoints. If you specify @DIRECTION@ for @Name@, specify @INBOUND@
+    --     or @OUTBOUND@ for @Values@.
+    --
+    -- -   @HostVPCId@: The ID of the VPC that inbound DNS queries pass through
+    --     on the way from your network to your VPCs in a region, or the VPC
+    --     that outbound queries pass through on the way from your VPCs to your
+    --     network. In a
+    --     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>
+    --     request, @SubnetId@ indirectly identifies the VPC. In a
+    --     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+    --     request, the VPC ID for a Resolver endpoint is returned in the
+    --     @HostVPCId@ element.
+    --
+    -- -   @IpAddressCount@: The number of IP addresses that you have
+    --     associated with the Resolver endpoint.
+    --
+    -- -   @Name@: The name of the Resolver endpoint.
+    --
+    -- -   @SecurityGroupIds@: The IDs of the VPC security groups that you
+    --     specified when you created the Resolver endpoint.
+    --
+    -- -   @Status@: The status of the Resolver endpoint. If you specify
+    --     @Status@ for @Name@, specify one of the following status codes for
+    --     @Values@: @CREATING@, @OPERATIONAL@, @UPDATING@, @AUTO_RECOVERING@,
+    --     @ACTION_NEEDED@, or @DELETING@. For more information, see @Status@
+    --     in
+    --     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverEndpoint.html ResolverEndpoint>.
+    --
+    -- __ListResolverRules__
+    --
+    -- Valid values for @Name@ include the following:
+    --
+    -- -   @CreatorRequestId@: The value that you specified when you created
+    --     the Resolver rule.
+    --
+    -- -   @DomainName@: The domain name for which Resolver is forwarding DNS
+    --     queries to your network. In the value that you specify for @Values@,
+    --     include a trailing dot (.) after the domain name. For example, if
+    --     the domain name is example.com, specify the following value. Note
+    --     the \".\" after @com@:
+    --
+    --     @example.com.@
+    --
+    -- -   @Name@: The name of the Resolver rule.
+    --
+    -- -   @ResolverEndpointId@: The ID of the Resolver endpoint that the
+    --     Resolver rule is associated with.
+    --
+    --     You can filter on the Resolver endpoint only for rules that have a
+    --     value of @FORWARD@ for @RuleType@.
+    --
+    -- -   @Status@: The status of the Resolver rule. If you specify @Status@
+    --     for @Name@, specify one of the following status codes for @Values@:
+    --     @COMPLETE@, @DELETING@, @UPDATING@, or @FAILED@.
+    --
+    -- -   @Type@: The type of the Resolver rule. If you specify @TYPE@ for
+    --     @Name@, specify @FORWARD@ or @SYSTEM@ for @Values@.
+    --
+    -- __ListResolverRuleAssociations__
+    --
+    -- Valid values for @Name@ include the following:
+    --
+    -- -   @Name@: The name of the Resolver rule association.
+    --
+    -- -   @ResolverRuleId@: The ID of the Resolver rule that is associated
+    --     with one or more VPCs.
+    --
+    -- -   @Status@: The status of the Resolver rule association. If you
+    --     specify @Status@ for @Name@, specify one of the following status
+    --     codes for @Values@: @CREATING@, @COMPLETE@, @DELETING@, or @FAILED@.
+    --
+    -- -   @VPCId@: The ID of the VPC that the Resolver rule is associated
+    --     with.
+    --
+    -- __ListResolverQueryLogConfigs__
+    --
+    -- Valid values for @Name@ include the following:
+    --
+    -- -   @Arn@: The ARN for the query logging configuration.
+    --
+    -- -   @AssociationCount@: The number of VPCs that are associated with the
+    --     query logging configuration.
+    --
+    -- -   @CreationTime@: The date and time that the query logging
+    --     configuration was created, in Unix time format and Coordinated
+    --     Universal Time (UTC).
+    --
+    -- -   @CreatorRequestId@: A unique string that identifies the request that
+    --     created the query logging configuration.
+    --
+    -- -   @Destination@: The Amazon Web Services service that you want to
+    --     forward query logs to. Valid values include the following:
+    --
+    --     -   @S3@
+    --
+    --     -   @CloudWatchLogs@
+    --
+    --     -   @KinesisFirehose@
+    --
+    -- -   @DestinationArn@: The ARN of the location that Resolver is sending
+    --     query logs to. This value can be the ARN for an S3 bucket, a
+    --     CloudWatch Logs log group, or a Kinesis Data Firehose delivery
+    --     stream.
+    --
+    -- -   @Id@: The ID of the query logging configuration
+    --
+    -- -   @Name@: The name of the query logging configuration
+    --
+    -- -   @OwnerId@: The Amazon Web Services account ID for the account that
+    --     created the query logging configuration.
+    --
+    -- -   @ShareStatus@: An indication of whether the query logging
+    --     configuration is shared with other Amazon Web Services accounts, or
+    --     was shared with the current account by another Amazon Web Services
+    --     account. Valid values include: @NOT_SHARED@, @SHARED_WITH_ME@, or
+    --     @SHARED_BY_ME@.
+    --
+    -- -   @Status@: The status of the query logging configuration. If you
+    --     specify @Status@ for @Name@, specify the applicable status code for
+    --     @Values@: @CREATING@, @CREATED@, @DELETING@, or @FAILED@. For more
+    --     information, see
+    --     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfig.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfig-Status Status>.
+    --
+    -- __ListResolverQueryLogConfigAssociations__
+    --
+    -- Valid values for @Name@ include the following:
+    --
+    -- -   @CreationTime@: The date and time that the VPC was associated with
+    --     the query logging configuration, in Unix time format and Coordinated
+    --     Universal Time (UTC).
+    --
+    -- -   @Error@: If the value of @Status@ is @FAILED@, specify the cause:
+    --     @DESTINATION_NOT_FOUND@ or @ACCESS_DENIED@.
+    --
+    -- -   @Id@: The ID of the query logging association.
+    --
+    -- -   @ResolverQueryLogConfigId@: The ID of the query logging
+    --     configuration that a VPC is associated with.
+    --
+    -- -   @ResourceId@: The ID of the Amazon VPC that is associated with the
+    --     query logging configuration.
+    --
+    -- -   @Status@: The status of the query logging association. If you
+    --     specify @Status@ for @Name@, specify the applicable status code for
+    --     @Values@: @CREATING@, @CREATED@, @DELETING@, or @FAILED@. For more
+    --     information, see
+    --     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfigAssociation.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfigAssociation-Status Status>.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | When you\'re using a @List@ operation and you want the operation to
+    -- return a subset of objects, such as Resolver endpoints or Resolver
+    -- rules, the value of the parameter that you want to use to filter
+    -- objects. For example, to list only inbound Resolver endpoints, specify
+    -- @Direction@ for @Name@ and specify @INBOUND@ for @Values@.
+    values :: Prelude.Maybe [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Filter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'filter_name' - The name of the parameter that you want to use to filter objects.
+--
+-- The valid values for @Name@ depend on the action that you\'re including
+-- the filter in,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html ListResolverQueryLogConfigs>,
+-- or
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html ListResolverQueryLogConfigAssociations>.
+--
+-- In early versions of Resolver, values for @Name@ were listed as
+-- uppercase, with underscore (_) delimiters. For example,
+-- @CreatorRequestId@ was originally listed as @CREATOR_REQUEST_ID@.
+-- Uppercase values for @Name@ are still supported.
+--
+-- __ListResolverEndpoints__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @CreatorRequestId@: The value that you specified when you created
+--     the Resolver endpoint.
+--
+-- -   @Direction@: Whether you want to return inbound or outbound Resolver
+--     endpoints. If you specify @DIRECTION@ for @Name@, specify @INBOUND@
+--     or @OUTBOUND@ for @Values@.
+--
+-- -   @HostVPCId@: The ID of the VPC that inbound DNS queries pass through
+--     on the way from your network to your VPCs in a region, or the VPC
+--     that outbound queries pass through on the way from your VPCs to your
+--     network. In a
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>
+--     request, @SubnetId@ indirectly identifies the VPC. In a
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+--     request, the VPC ID for a Resolver endpoint is returned in the
+--     @HostVPCId@ element.
+--
+-- -   @IpAddressCount@: The number of IP addresses that you have
+--     associated with the Resolver endpoint.
+--
+-- -   @Name@: The name of the Resolver endpoint.
+--
+-- -   @SecurityGroupIds@: The IDs of the VPC security groups that you
+--     specified when you created the Resolver endpoint.
+--
+-- -   @Status@: The status of the Resolver endpoint. If you specify
+--     @Status@ for @Name@, specify one of the following status codes for
+--     @Values@: @CREATING@, @OPERATIONAL@, @UPDATING@, @AUTO_RECOVERING@,
+--     @ACTION_NEEDED@, or @DELETING@. For more information, see @Status@
+--     in
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverEndpoint.html ResolverEndpoint>.
+--
+-- __ListResolverRules__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @CreatorRequestId@: The value that you specified when you created
+--     the Resolver rule.
+--
+-- -   @DomainName@: The domain name for which Resolver is forwarding DNS
+--     queries to your network. In the value that you specify for @Values@,
+--     include a trailing dot (.) after the domain name. For example, if
+--     the domain name is example.com, specify the following value. Note
+--     the \".\" after @com@:
+--
+--     @example.com.@
+--
+-- -   @Name@: The name of the Resolver rule.
+--
+-- -   @ResolverEndpointId@: The ID of the Resolver endpoint that the
+--     Resolver rule is associated with.
+--
+--     You can filter on the Resolver endpoint only for rules that have a
+--     value of @FORWARD@ for @RuleType@.
+--
+-- -   @Status@: The status of the Resolver rule. If you specify @Status@
+--     for @Name@, specify one of the following status codes for @Values@:
+--     @COMPLETE@, @DELETING@, @UPDATING@, or @FAILED@.
+--
+-- -   @Type@: The type of the Resolver rule. If you specify @TYPE@ for
+--     @Name@, specify @FORWARD@ or @SYSTEM@ for @Values@.
+--
+-- __ListResolverRuleAssociations__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @Name@: The name of the Resolver rule association.
+--
+-- -   @ResolverRuleId@: The ID of the Resolver rule that is associated
+--     with one or more VPCs.
+--
+-- -   @Status@: The status of the Resolver rule association. If you
+--     specify @Status@ for @Name@, specify one of the following status
+--     codes for @Values@: @CREATING@, @COMPLETE@, @DELETING@, or @FAILED@.
+--
+-- -   @VPCId@: The ID of the VPC that the Resolver rule is associated
+--     with.
+--
+-- __ListResolverQueryLogConfigs__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @Arn@: The ARN for the query logging configuration.
+--
+-- -   @AssociationCount@: The number of VPCs that are associated with the
+--     query logging configuration.
+--
+-- -   @CreationTime@: The date and time that the query logging
+--     configuration was created, in Unix time format and Coordinated
+--     Universal Time (UTC).
+--
+-- -   @CreatorRequestId@: A unique string that identifies the request that
+--     created the query logging configuration.
+--
+-- -   @Destination@: The Amazon Web Services service that you want to
+--     forward query logs to. Valid values include the following:
+--
+--     -   @S3@
+--
+--     -   @CloudWatchLogs@
+--
+--     -   @KinesisFirehose@
+--
+-- -   @DestinationArn@: The ARN of the location that Resolver is sending
+--     query logs to. This value can be the ARN for an S3 bucket, a
+--     CloudWatch Logs log group, or a Kinesis Data Firehose delivery
+--     stream.
+--
+-- -   @Id@: The ID of the query logging configuration
+--
+-- -   @Name@: The name of the query logging configuration
+--
+-- -   @OwnerId@: The Amazon Web Services account ID for the account that
+--     created the query logging configuration.
+--
+-- -   @ShareStatus@: An indication of whether the query logging
+--     configuration is shared with other Amazon Web Services accounts, or
+--     was shared with the current account by another Amazon Web Services
+--     account. Valid values include: @NOT_SHARED@, @SHARED_WITH_ME@, or
+--     @SHARED_BY_ME@.
+--
+-- -   @Status@: The status of the query logging configuration. If you
+--     specify @Status@ for @Name@, specify the applicable status code for
+--     @Values@: @CREATING@, @CREATED@, @DELETING@, or @FAILED@. For more
+--     information, see
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfig.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfig-Status Status>.
+--
+-- __ListResolverQueryLogConfigAssociations__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @CreationTime@: The date and time that the VPC was associated with
+--     the query logging configuration, in Unix time format and Coordinated
+--     Universal Time (UTC).
+--
+-- -   @Error@: If the value of @Status@ is @FAILED@, specify the cause:
+--     @DESTINATION_NOT_FOUND@ or @ACCESS_DENIED@.
+--
+-- -   @Id@: The ID of the query logging association.
+--
+-- -   @ResolverQueryLogConfigId@: The ID of the query logging
+--     configuration that a VPC is associated with.
+--
+-- -   @ResourceId@: The ID of the Amazon VPC that is associated with the
+--     query logging configuration.
+--
+-- -   @Status@: The status of the query logging association. If you
+--     specify @Status@ for @Name@, specify the applicable status code for
+--     @Values@: @CREATING@, @CREATED@, @DELETING@, or @FAILED@. For more
+--     information, see
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfigAssociation.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfigAssociation-Status Status>.
+--
+-- 'values', 'filter_values' - When you\'re using a @List@ operation and you want the operation to
+-- return a subset of objects, such as Resolver endpoints or Resolver
+-- rules, the value of the parameter that you want to use to filter
+-- objects. For example, to list only inbound Resolver endpoints, specify
+-- @Direction@ for @Name@ and specify @INBOUND@ for @Values@.
+newFilter ::
+  Filter
+newFilter =
+  Filter'
+    { name = Prelude.Nothing,
+      values = Prelude.Nothing
+    }
+
+-- | The name of the parameter that you want to use to filter objects.
+--
+-- The valid values for @Name@ depend on the action that you\'re including
+-- the filter in,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html ListResolverQueryLogConfigs>,
+-- or
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html ListResolverQueryLogConfigAssociations>.
+--
+-- In early versions of Resolver, values for @Name@ were listed as
+-- uppercase, with underscore (_) delimiters. For example,
+-- @CreatorRequestId@ was originally listed as @CREATOR_REQUEST_ID@.
+-- Uppercase values for @Name@ are still supported.
+--
+-- __ListResolverEndpoints__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @CreatorRequestId@: The value that you specified when you created
+--     the Resolver endpoint.
+--
+-- -   @Direction@: Whether you want to return inbound or outbound Resolver
+--     endpoints. If you specify @DIRECTION@ for @Name@, specify @INBOUND@
+--     or @OUTBOUND@ for @Values@.
+--
+-- -   @HostVPCId@: The ID of the VPC that inbound DNS queries pass through
+--     on the way from your network to your VPCs in a region, or the VPC
+--     that outbound queries pass through on the way from your VPCs to your
+--     network. In a
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>
+--     request, @SubnetId@ indirectly identifies the VPC. In a
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+--     request, the VPC ID for a Resolver endpoint is returned in the
+--     @HostVPCId@ element.
+--
+-- -   @IpAddressCount@: The number of IP addresses that you have
+--     associated with the Resolver endpoint.
+--
+-- -   @Name@: The name of the Resolver endpoint.
+--
+-- -   @SecurityGroupIds@: The IDs of the VPC security groups that you
+--     specified when you created the Resolver endpoint.
+--
+-- -   @Status@: The status of the Resolver endpoint. If you specify
+--     @Status@ for @Name@, specify one of the following status codes for
+--     @Values@: @CREATING@, @OPERATIONAL@, @UPDATING@, @AUTO_RECOVERING@,
+--     @ACTION_NEEDED@, or @DELETING@. For more information, see @Status@
+--     in
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverEndpoint.html ResolverEndpoint>.
+--
+-- __ListResolverRules__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @CreatorRequestId@: The value that you specified when you created
+--     the Resolver rule.
+--
+-- -   @DomainName@: The domain name for which Resolver is forwarding DNS
+--     queries to your network. In the value that you specify for @Values@,
+--     include a trailing dot (.) after the domain name. For example, if
+--     the domain name is example.com, specify the following value. Note
+--     the \".\" after @com@:
+--
+--     @example.com.@
+--
+-- -   @Name@: The name of the Resolver rule.
+--
+-- -   @ResolverEndpointId@: The ID of the Resolver endpoint that the
+--     Resolver rule is associated with.
+--
+--     You can filter on the Resolver endpoint only for rules that have a
+--     value of @FORWARD@ for @RuleType@.
+--
+-- -   @Status@: The status of the Resolver rule. If you specify @Status@
+--     for @Name@, specify one of the following status codes for @Values@:
+--     @COMPLETE@, @DELETING@, @UPDATING@, or @FAILED@.
+--
+-- -   @Type@: The type of the Resolver rule. If you specify @TYPE@ for
+--     @Name@, specify @FORWARD@ or @SYSTEM@ for @Values@.
+--
+-- __ListResolverRuleAssociations__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @Name@: The name of the Resolver rule association.
+--
+-- -   @ResolverRuleId@: The ID of the Resolver rule that is associated
+--     with one or more VPCs.
+--
+-- -   @Status@: The status of the Resolver rule association. If you
+--     specify @Status@ for @Name@, specify one of the following status
+--     codes for @Values@: @CREATING@, @COMPLETE@, @DELETING@, or @FAILED@.
+--
+-- -   @VPCId@: The ID of the VPC that the Resolver rule is associated
+--     with.
+--
+-- __ListResolverQueryLogConfigs__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @Arn@: The ARN for the query logging configuration.
+--
+-- -   @AssociationCount@: The number of VPCs that are associated with the
+--     query logging configuration.
+--
+-- -   @CreationTime@: The date and time that the query logging
+--     configuration was created, in Unix time format and Coordinated
+--     Universal Time (UTC).
+--
+-- -   @CreatorRequestId@: A unique string that identifies the request that
+--     created the query logging configuration.
+--
+-- -   @Destination@: The Amazon Web Services service that you want to
+--     forward query logs to. Valid values include the following:
+--
+--     -   @S3@
+--
+--     -   @CloudWatchLogs@
+--
+--     -   @KinesisFirehose@
+--
+-- -   @DestinationArn@: The ARN of the location that Resolver is sending
+--     query logs to. This value can be the ARN for an S3 bucket, a
+--     CloudWatch Logs log group, or a Kinesis Data Firehose delivery
+--     stream.
+--
+-- -   @Id@: The ID of the query logging configuration
+--
+-- -   @Name@: The name of the query logging configuration
+--
+-- -   @OwnerId@: The Amazon Web Services account ID for the account that
+--     created the query logging configuration.
+--
+-- -   @ShareStatus@: An indication of whether the query logging
+--     configuration is shared with other Amazon Web Services accounts, or
+--     was shared with the current account by another Amazon Web Services
+--     account. Valid values include: @NOT_SHARED@, @SHARED_WITH_ME@, or
+--     @SHARED_BY_ME@.
+--
+-- -   @Status@: The status of the query logging configuration. If you
+--     specify @Status@ for @Name@, specify the applicable status code for
+--     @Values@: @CREATING@, @CREATED@, @DELETING@, or @FAILED@. For more
+--     information, see
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfig.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfig-Status Status>.
+--
+-- __ListResolverQueryLogConfigAssociations__
+--
+-- Valid values for @Name@ include the following:
+--
+-- -   @CreationTime@: The date and time that the VPC was associated with
+--     the query logging configuration, in Unix time format and Coordinated
+--     Universal Time (UTC).
+--
+-- -   @Error@: If the value of @Status@ is @FAILED@, specify the cause:
+--     @DESTINATION_NOT_FOUND@ or @ACCESS_DENIED@.
+--
+-- -   @Id@: The ID of the query logging association.
+--
+-- -   @ResolverQueryLogConfigId@: The ID of the query logging
+--     configuration that a VPC is associated with.
+--
+-- -   @ResourceId@: The ID of the Amazon VPC that is associated with the
+--     query logging configuration.
+--
+-- -   @Status@: The status of the query logging association. If you
+--     specify @Status@ for @Name@, specify the applicable status code for
+--     @Values@: @CREATING@, @CREATED@, @DELETING@, or @FAILED@. For more
+--     information, see
+--     <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ResolverQueryLogConfigAssociation.html#Route53Resolver-Type-route53resolver_ResolverQueryLogConfigAssociation-Status Status>.
+filter_name :: Lens.Lens' Filter (Prelude.Maybe Prelude.Text)
+filter_name = Lens.lens (\Filter' {name} -> name) (\s@Filter' {} a -> s {name = a} :: Filter)
+
+-- | When you\'re using a @List@ operation and you want the operation to
+-- return a subset of objects, such as Resolver endpoints or Resolver
+-- rules, the value of the parameter that you want to use to filter
+-- objects. For example, to list only inbound Resolver endpoints, specify
+-- @Direction@ for @Name@ and specify @INBOUND@ for @Values@.
+filter_values :: Lens.Lens' Filter (Prelude.Maybe [Prelude.Text])
+filter_values = Lens.lens (\Filter' {values} -> values) (\s@Filter' {} a -> s {values = a} :: Filter) Prelude.. Lens.mapping Lens.coerced
+
+instance Prelude.Hashable Filter where
+  hashWithSalt _salt Filter' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` values
+
+instance Prelude.NFData Filter where
+  rnf Filter' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf values
+
+instance Data.ToJSON Filter where
+  toJSON Filter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("Values" Data..=) Prelude.<$> values
+          ]
+      )
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallConfig.hs b/gen/Amazonka/Route53Resolver/Types/FirewallConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallConfig.hs
@@ -0,0 +1,152 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.FirewallFailOpenStatus
+
+-- | Configuration of the firewall behavior provided by DNS Firewall for a
+-- single VPC from Amazon Virtual Private Cloud (Amazon VPC).
+--
+-- /See:/ 'newFirewallConfig' smart constructor.
+data FirewallConfig = FirewallConfig'
+  { -- | Determines how DNS Firewall operates during failures, for example when
+    -- all traffic that is sent to DNS Firewall fails to receive a reply.
+    --
+    -- -   By default, fail open is disabled, which means the failure mode is
+    --     closed. This approach favors security over availability. DNS
+    --     Firewall returns a failure error when it is unable to properly
+    --     evaluate a query.
+    --
+    -- -   If you enable this option, the failure mode is open. This approach
+    --     favors availability over security. DNS Firewall allows queries to
+    --     proceed if it is unable to properly evaluate them.
+    --
+    -- This behavior is only enforced for VPCs that have at least one DNS
+    -- Firewall rule group association.
+    firewallFailOpen :: Prelude.Maybe FirewallFailOpenStatus,
+    -- | The ID of the firewall configuration.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID of the owner of the VPC that this
+    -- firewall configuration applies to.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the VPC that this firewall configuration applies to.
+    resourceId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallFailOpen', 'firewallConfig_firewallFailOpen' - Determines how DNS Firewall operates during failures, for example when
+-- all traffic that is sent to DNS Firewall fails to receive a reply.
+--
+-- -   By default, fail open is disabled, which means the failure mode is
+--     closed. This approach favors security over availability. DNS
+--     Firewall returns a failure error when it is unable to properly
+--     evaluate a query.
+--
+-- -   If you enable this option, the failure mode is open. This approach
+--     favors availability over security. DNS Firewall allows queries to
+--     proceed if it is unable to properly evaluate them.
+--
+-- This behavior is only enforced for VPCs that have at least one DNS
+-- Firewall rule group association.
+--
+-- 'id', 'firewallConfig_id' - The ID of the firewall configuration.
+--
+-- 'ownerId', 'firewallConfig_ownerId' - The Amazon Web Services account ID of the owner of the VPC that this
+-- firewall configuration applies to.
+--
+-- 'resourceId', 'firewallConfig_resourceId' - The ID of the VPC that this firewall configuration applies to.
+newFirewallConfig ::
+  FirewallConfig
+newFirewallConfig =
+  FirewallConfig'
+    { firewallFailOpen = Prelude.Nothing,
+      id = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      resourceId = Prelude.Nothing
+    }
+
+-- | Determines how DNS Firewall operates during failures, for example when
+-- all traffic that is sent to DNS Firewall fails to receive a reply.
+--
+-- -   By default, fail open is disabled, which means the failure mode is
+--     closed. This approach favors security over availability. DNS
+--     Firewall returns a failure error when it is unable to properly
+--     evaluate a query.
+--
+-- -   If you enable this option, the failure mode is open. This approach
+--     favors availability over security. DNS Firewall allows queries to
+--     proceed if it is unable to properly evaluate them.
+--
+-- This behavior is only enforced for VPCs that have at least one DNS
+-- Firewall rule group association.
+firewallConfig_firewallFailOpen :: Lens.Lens' FirewallConfig (Prelude.Maybe FirewallFailOpenStatus)
+firewallConfig_firewallFailOpen = Lens.lens (\FirewallConfig' {firewallFailOpen} -> firewallFailOpen) (\s@FirewallConfig' {} a -> s {firewallFailOpen = a} :: FirewallConfig)
+
+-- | The ID of the firewall configuration.
+firewallConfig_id :: Lens.Lens' FirewallConfig (Prelude.Maybe Prelude.Text)
+firewallConfig_id = Lens.lens (\FirewallConfig' {id} -> id) (\s@FirewallConfig' {} a -> s {id = a} :: FirewallConfig)
+
+-- | The Amazon Web Services account ID of the owner of the VPC that this
+-- firewall configuration applies to.
+firewallConfig_ownerId :: Lens.Lens' FirewallConfig (Prelude.Maybe Prelude.Text)
+firewallConfig_ownerId = Lens.lens (\FirewallConfig' {ownerId} -> ownerId) (\s@FirewallConfig' {} a -> s {ownerId = a} :: FirewallConfig)
+
+-- | The ID of the VPC that this firewall configuration applies to.
+firewallConfig_resourceId :: Lens.Lens' FirewallConfig (Prelude.Maybe Prelude.Text)
+firewallConfig_resourceId = Lens.lens (\FirewallConfig' {resourceId} -> resourceId) (\s@FirewallConfig' {} a -> s {resourceId = a} :: FirewallConfig)
+
+instance Data.FromJSON FirewallConfig where
+  parseJSON =
+    Data.withObject
+      "FirewallConfig"
+      ( \x ->
+          FirewallConfig'
+            Prelude.<$> (x Data..:? "FirewallFailOpen")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "ResourceId")
+      )
+
+instance Prelude.Hashable FirewallConfig where
+  hashWithSalt _salt FirewallConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` firewallFailOpen
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` resourceId
+
+instance Prelude.NFData FirewallConfig where
+  rnf FirewallConfig' {..} =
+    Prelude.rnf firewallFailOpen
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf resourceId
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallDomainImportOperation.hs b/gen/Amazonka/Route53Resolver/Types/FirewallDomainImportOperation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallDomainImportOperation.hs
@@ -0,0 +1,66 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallDomainImportOperation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallDomainImportOperation
+  ( FirewallDomainImportOperation
+      ( ..,
+        FirewallDomainImportOperation_REPLACE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FirewallDomainImportOperation = FirewallDomainImportOperation'
+  { fromFirewallDomainImportOperation ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FirewallDomainImportOperation_REPLACE :: FirewallDomainImportOperation
+pattern FirewallDomainImportOperation_REPLACE = FirewallDomainImportOperation' "REPLACE"
+
+{-# COMPLETE
+  FirewallDomainImportOperation_REPLACE,
+  FirewallDomainImportOperation'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallDomainList.hs b/gen/Amazonka/Route53Resolver/Types/FirewallDomainList.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallDomainList.hs
@@ -0,0 +1,206 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallDomainList
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallDomainList where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.FirewallDomainListStatus
+
+-- | High-level information about a list of firewall domains for use in a
+-- FirewallRule. This is returned by GetFirewallDomainList.
+--
+-- To retrieve the domains that are defined for this domain list, call
+-- ListFirewallDomains.
+--
+-- /See:/ 'newFirewallDomainList' smart constructor.
+data FirewallDomainList = FirewallDomainList'
+  { -- | The Amazon Resource Name (ARN) of the firewall domain list.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the domain list was created, in Unix time format
+    -- and Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A unique string defined by you to identify the request. This allows you
+    -- to retry failed requests without the risk of running the operation
+    -- twice. This can be any unique string, for example, a timestamp.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | The number of domain names that are specified in the domain list.
+    domainCount :: Prelude.Maybe Prelude.Int,
+    -- | The ID of the domain list.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The owner of the list, used only for lists that are not managed by you.
+    -- For example, the managed domain list
+    -- @AWSManagedDomainsMalwareDomainList@ has the managed owner name
+    -- @Route 53 Resolver DNS Firewall@.
+    managedOwnerName :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the domain list was last modified, in Unix time
+    -- format and Coordinated Universal Time (UTC).
+    modificationTime :: Prelude.Maybe Prelude.Text,
+    -- | The name of the domain list.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The status of the domain list.
+    status :: Prelude.Maybe FirewallDomainListStatus,
+    -- | Additional information about the status of the list, if available.
+    statusMessage :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallDomainList' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'firewallDomainList_arn' - The Amazon Resource Name (ARN) of the firewall domain list.
+--
+-- 'creationTime', 'firewallDomainList_creationTime' - The date and time that the domain list was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+--
+-- 'creatorRequestId', 'firewallDomainList_creatorRequestId' - A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+--
+-- 'domainCount', 'firewallDomainList_domainCount' - The number of domain names that are specified in the domain list.
+--
+-- 'id', 'firewallDomainList_id' - The ID of the domain list.
+--
+-- 'managedOwnerName', 'firewallDomainList_managedOwnerName' - The owner of the list, used only for lists that are not managed by you.
+-- For example, the managed domain list
+-- @AWSManagedDomainsMalwareDomainList@ has the managed owner name
+-- @Route 53 Resolver DNS Firewall@.
+--
+-- 'modificationTime', 'firewallDomainList_modificationTime' - The date and time that the domain list was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+--
+-- 'name', 'firewallDomainList_name' - The name of the domain list.
+--
+-- 'status', 'firewallDomainList_status' - The status of the domain list.
+--
+-- 'statusMessage', 'firewallDomainList_statusMessage' - Additional information about the status of the list, if available.
+newFirewallDomainList ::
+  FirewallDomainList
+newFirewallDomainList =
+  FirewallDomainList'
+    { arn = Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      domainCount = Prelude.Nothing,
+      id = Prelude.Nothing,
+      managedOwnerName = Prelude.Nothing,
+      modificationTime = Prelude.Nothing,
+      name = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the firewall domain list.
+firewallDomainList_arn :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_arn = Lens.lens (\FirewallDomainList' {arn} -> arn) (\s@FirewallDomainList' {} a -> s {arn = a} :: FirewallDomainList)
+
+-- | The date and time that the domain list was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+firewallDomainList_creationTime :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_creationTime = Lens.lens (\FirewallDomainList' {creationTime} -> creationTime) (\s@FirewallDomainList' {} a -> s {creationTime = a} :: FirewallDomainList)
+
+-- | A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+firewallDomainList_creatorRequestId :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_creatorRequestId = Lens.lens (\FirewallDomainList' {creatorRequestId} -> creatorRequestId) (\s@FirewallDomainList' {} a -> s {creatorRequestId = a} :: FirewallDomainList)
+
+-- | The number of domain names that are specified in the domain list.
+firewallDomainList_domainCount :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Int)
+firewallDomainList_domainCount = Lens.lens (\FirewallDomainList' {domainCount} -> domainCount) (\s@FirewallDomainList' {} a -> s {domainCount = a} :: FirewallDomainList)
+
+-- | The ID of the domain list.
+firewallDomainList_id :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_id = Lens.lens (\FirewallDomainList' {id} -> id) (\s@FirewallDomainList' {} a -> s {id = a} :: FirewallDomainList)
+
+-- | The owner of the list, used only for lists that are not managed by you.
+-- For example, the managed domain list
+-- @AWSManagedDomainsMalwareDomainList@ has the managed owner name
+-- @Route 53 Resolver DNS Firewall@.
+firewallDomainList_managedOwnerName :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_managedOwnerName = Lens.lens (\FirewallDomainList' {managedOwnerName} -> managedOwnerName) (\s@FirewallDomainList' {} a -> s {managedOwnerName = a} :: FirewallDomainList)
+
+-- | The date and time that the domain list was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+firewallDomainList_modificationTime :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_modificationTime = Lens.lens (\FirewallDomainList' {modificationTime} -> modificationTime) (\s@FirewallDomainList' {} a -> s {modificationTime = a} :: FirewallDomainList)
+
+-- | The name of the domain list.
+firewallDomainList_name :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_name = Lens.lens (\FirewallDomainList' {name} -> name) (\s@FirewallDomainList' {} a -> s {name = a} :: FirewallDomainList)
+
+-- | The status of the domain list.
+firewallDomainList_status :: Lens.Lens' FirewallDomainList (Prelude.Maybe FirewallDomainListStatus)
+firewallDomainList_status = Lens.lens (\FirewallDomainList' {status} -> status) (\s@FirewallDomainList' {} a -> s {status = a} :: FirewallDomainList)
+
+-- | Additional information about the status of the list, if available.
+firewallDomainList_statusMessage :: Lens.Lens' FirewallDomainList (Prelude.Maybe Prelude.Text)
+firewallDomainList_statusMessage = Lens.lens (\FirewallDomainList' {statusMessage} -> statusMessage) (\s@FirewallDomainList' {} a -> s {statusMessage = a} :: FirewallDomainList)
+
+instance Data.FromJSON FirewallDomainList where
+  parseJSON =
+    Data.withObject
+      "FirewallDomainList"
+      ( \x ->
+          FirewallDomainList'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "DomainCount")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "ManagedOwnerName")
+            Prelude.<*> (x Data..:? "ModificationTime")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+      )
+
+instance Prelude.Hashable FirewallDomainList where
+  hashWithSalt _salt FirewallDomainList' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` domainCount
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` managedOwnerName
+      `Prelude.hashWithSalt` modificationTime
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+
+instance Prelude.NFData FirewallDomainList where
+  rnf FirewallDomainList' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf domainCount
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf managedOwnerName
+      `Prelude.seq` Prelude.rnf modificationTime
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallDomainListMetadata.hs b/gen/Amazonka/Route53Resolver/Types/FirewallDomainListMetadata.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallDomainListMetadata.hs
@@ -0,0 +1,139 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallDomainListMetadata
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallDomainListMetadata where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Minimal high-level information for a firewall domain list. The action
+-- ListFirewallDomainLists returns an array of these objects.
+--
+-- To retrieve full information for a firewall domain list, call
+-- GetFirewallDomainList and ListFirewallDomains.
+--
+-- /See:/ 'newFirewallDomainListMetadata' smart constructor.
+data FirewallDomainListMetadata = FirewallDomainListMetadata'
+  { -- | The Amazon Resource Name (ARN) of the firewall domain list metadata.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A unique string defined by you to identify the request. This allows you
+    -- to retry failed requests without the risk of running the operation
+    -- twice. This can be any unique string, for example, a timestamp.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the domain list.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The owner of the list, used only for lists that are not managed by you.
+    -- For example, the managed domain list
+    -- @AWSManagedDomainsMalwareDomainList@ has the managed owner name
+    -- @Route 53 Resolver DNS Firewall@.
+    managedOwnerName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the domain list.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallDomainListMetadata' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'firewallDomainListMetadata_arn' - The Amazon Resource Name (ARN) of the firewall domain list metadata.
+--
+-- 'creatorRequestId', 'firewallDomainListMetadata_creatorRequestId' - A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+--
+-- 'id', 'firewallDomainListMetadata_id' - The ID of the domain list.
+--
+-- 'managedOwnerName', 'firewallDomainListMetadata_managedOwnerName' - The owner of the list, used only for lists that are not managed by you.
+-- For example, the managed domain list
+-- @AWSManagedDomainsMalwareDomainList@ has the managed owner name
+-- @Route 53 Resolver DNS Firewall@.
+--
+-- 'name', 'firewallDomainListMetadata_name' - The name of the domain list.
+newFirewallDomainListMetadata ::
+  FirewallDomainListMetadata
+newFirewallDomainListMetadata =
+  FirewallDomainListMetadata'
+    { arn = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      id = Prelude.Nothing,
+      managedOwnerName = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the firewall domain list metadata.
+firewallDomainListMetadata_arn :: Lens.Lens' FirewallDomainListMetadata (Prelude.Maybe Prelude.Text)
+firewallDomainListMetadata_arn = Lens.lens (\FirewallDomainListMetadata' {arn} -> arn) (\s@FirewallDomainListMetadata' {} a -> s {arn = a} :: FirewallDomainListMetadata)
+
+-- | A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+firewallDomainListMetadata_creatorRequestId :: Lens.Lens' FirewallDomainListMetadata (Prelude.Maybe Prelude.Text)
+firewallDomainListMetadata_creatorRequestId = Lens.lens (\FirewallDomainListMetadata' {creatorRequestId} -> creatorRequestId) (\s@FirewallDomainListMetadata' {} a -> s {creatorRequestId = a} :: FirewallDomainListMetadata)
+
+-- | The ID of the domain list.
+firewallDomainListMetadata_id :: Lens.Lens' FirewallDomainListMetadata (Prelude.Maybe Prelude.Text)
+firewallDomainListMetadata_id = Lens.lens (\FirewallDomainListMetadata' {id} -> id) (\s@FirewallDomainListMetadata' {} a -> s {id = a} :: FirewallDomainListMetadata)
+
+-- | The owner of the list, used only for lists that are not managed by you.
+-- For example, the managed domain list
+-- @AWSManagedDomainsMalwareDomainList@ has the managed owner name
+-- @Route 53 Resolver DNS Firewall@.
+firewallDomainListMetadata_managedOwnerName :: Lens.Lens' FirewallDomainListMetadata (Prelude.Maybe Prelude.Text)
+firewallDomainListMetadata_managedOwnerName = Lens.lens (\FirewallDomainListMetadata' {managedOwnerName} -> managedOwnerName) (\s@FirewallDomainListMetadata' {} a -> s {managedOwnerName = a} :: FirewallDomainListMetadata)
+
+-- | The name of the domain list.
+firewallDomainListMetadata_name :: Lens.Lens' FirewallDomainListMetadata (Prelude.Maybe Prelude.Text)
+firewallDomainListMetadata_name = Lens.lens (\FirewallDomainListMetadata' {name} -> name) (\s@FirewallDomainListMetadata' {} a -> s {name = a} :: FirewallDomainListMetadata)
+
+instance Data.FromJSON FirewallDomainListMetadata where
+  parseJSON =
+    Data.withObject
+      "FirewallDomainListMetadata"
+      ( \x ->
+          FirewallDomainListMetadata'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "ManagedOwnerName")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable FirewallDomainListMetadata where
+  hashWithSalt _salt FirewallDomainListMetadata' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` managedOwnerName
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData FirewallDomainListMetadata where
+  rnf FirewallDomainListMetadata' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf managedOwnerName
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallDomainListStatus.hs b/gen/Amazonka/Route53Resolver/Types/FirewallDomainListStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallDomainListStatus.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallDomainListStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallDomainListStatus
+  ( FirewallDomainListStatus
+      ( ..,
+        FirewallDomainListStatus_COMPLETE,
+        FirewallDomainListStatus_COMPLETE_IMPORT_FAILED,
+        FirewallDomainListStatus_DELETING,
+        FirewallDomainListStatus_IMPORTING,
+        FirewallDomainListStatus_UPDATING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FirewallDomainListStatus = FirewallDomainListStatus'
+  { fromFirewallDomainListStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FirewallDomainListStatus_COMPLETE :: FirewallDomainListStatus
+pattern FirewallDomainListStatus_COMPLETE = FirewallDomainListStatus' "COMPLETE"
+
+pattern FirewallDomainListStatus_COMPLETE_IMPORT_FAILED :: FirewallDomainListStatus
+pattern FirewallDomainListStatus_COMPLETE_IMPORT_FAILED = FirewallDomainListStatus' "COMPLETE_IMPORT_FAILED"
+
+pattern FirewallDomainListStatus_DELETING :: FirewallDomainListStatus
+pattern FirewallDomainListStatus_DELETING = FirewallDomainListStatus' "DELETING"
+
+pattern FirewallDomainListStatus_IMPORTING :: FirewallDomainListStatus
+pattern FirewallDomainListStatus_IMPORTING = FirewallDomainListStatus' "IMPORTING"
+
+pattern FirewallDomainListStatus_UPDATING :: FirewallDomainListStatus
+pattern FirewallDomainListStatus_UPDATING = FirewallDomainListStatus' "UPDATING"
+
+{-# COMPLETE
+  FirewallDomainListStatus_COMPLETE,
+  FirewallDomainListStatus_COMPLETE_IMPORT_FAILED,
+  FirewallDomainListStatus_DELETING,
+  FirewallDomainListStatus_IMPORTING,
+  FirewallDomainListStatus_UPDATING,
+  FirewallDomainListStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallDomainUpdateOperation.hs b/gen/Amazonka/Route53Resolver/Types/FirewallDomainUpdateOperation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallDomainUpdateOperation.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallDomainUpdateOperation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallDomainUpdateOperation
+  ( FirewallDomainUpdateOperation
+      ( ..,
+        FirewallDomainUpdateOperation_ADD,
+        FirewallDomainUpdateOperation_REMOVE,
+        FirewallDomainUpdateOperation_REPLACE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FirewallDomainUpdateOperation = FirewallDomainUpdateOperation'
+  { fromFirewallDomainUpdateOperation ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FirewallDomainUpdateOperation_ADD :: FirewallDomainUpdateOperation
+pattern FirewallDomainUpdateOperation_ADD = FirewallDomainUpdateOperation' "ADD"
+
+pattern FirewallDomainUpdateOperation_REMOVE :: FirewallDomainUpdateOperation
+pattern FirewallDomainUpdateOperation_REMOVE = FirewallDomainUpdateOperation' "REMOVE"
+
+pattern FirewallDomainUpdateOperation_REPLACE :: FirewallDomainUpdateOperation
+pattern FirewallDomainUpdateOperation_REPLACE = FirewallDomainUpdateOperation' "REPLACE"
+
+{-# COMPLETE
+  FirewallDomainUpdateOperation_ADD,
+  FirewallDomainUpdateOperation_REMOVE,
+  FirewallDomainUpdateOperation_REPLACE,
+  FirewallDomainUpdateOperation'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallFailOpenStatus.hs b/gen/Amazonka/Route53Resolver/Types/FirewallFailOpenStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallFailOpenStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallFailOpenStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallFailOpenStatus
+  ( FirewallFailOpenStatus
+      ( ..,
+        FirewallFailOpenStatus_DISABLED,
+        FirewallFailOpenStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FirewallFailOpenStatus = FirewallFailOpenStatus'
+  { fromFirewallFailOpenStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FirewallFailOpenStatus_DISABLED :: FirewallFailOpenStatus
+pattern FirewallFailOpenStatus_DISABLED = FirewallFailOpenStatus' "DISABLED"
+
+pattern FirewallFailOpenStatus_ENABLED :: FirewallFailOpenStatus
+pattern FirewallFailOpenStatus_ENABLED = FirewallFailOpenStatus' "ENABLED"
+
+{-# COMPLETE
+  FirewallFailOpenStatus_DISABLED,
+  FirewallFailOpenStatus_ENABLED,
+  FirewallFailOpenStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallRule.hs b/gen/Amazonka/Route53Resolver/Types/FirewallRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallRule.hs
@@ -0,0 +1,303 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.Action
+import Amazonka.Route53Resolver.Types.BlockOverrideDnsType
+import Amazonka.Route53Resolver.Types.BlockResponse
+
+-- | A single firewall rule in a rule group.
+--
+-- /See:/ 'newFirewallRule' smart constructor.
+data FirewallRule = FirewallRule'
+  { -- | The action that DNS Firewall should take on a DNS query when it matches
+    -- one of the domains in the rule\'s domain list:
+    --
+    -- -   @ALLOW@ - Permit the request to go through.
+    --
+    -- -   @ALERT@ - Permit the request to go through but send an alert to the
+    --     logs.
+    --
+    -- -   @BLOCK@ - Disallow the request. If this is specified, additional
+    --     handling details are provided in the rule\'s @BlockResponse@
+    --     setting.
+    action :: Prelude.Maybe Action,
+    -- | The DNS record\'s type. This determines the format of the record value
+    -- that you provided in @BlockOverrideDomain@. Used for the rule action
+    -- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    blockOverrideDnsType :: Prelude.Maybe BlockOverrideDnsType,
+    -- | The custom DNS record to send back in response to the query. Used for
+    -- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    blockOverrideDomain :: Prelude.Maybe Prelude.Text,
+    -- | The recommended amount of time, in seconds, for the DNS resolver or web
+    -- browser to cache the provided override record. Used for the rule action
+    -- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    blockOverrideTtl :: Prelude.Maybe Prelude.Int,
+    -- | The way that you want DNS Firewall to block the request. Used for the
+    -- rule action setting @BLOCK@.
+    --
+    -- -   @NODATA@ - Respond indicating that the query was successful, but no
+    --     response is available for it.
+    --
+    -- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+    --     query doesn\'t exist.
+    --
+    -- -   @OVERRIDE@ - Provide a custom override in the response. This option
+    --     requires custom handling details in the rule\'s @BlockOverride*@
+    --     settings.
+    blockResponse :: Prelude.Maybe BlockResponse,
+    -- | The date and time that the rule was created, in Unix time format and
+    -- Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A unique string defined by you to identify the request. This allows you
+    -- to retry failed requests without the risk of executing the operation
+    -- twice. This can be any unique string, for example, a timestamp.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the domain list that\'s used in the rule.
+    firewallDomainListId :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the firewall rule group of the rule.
+    firewallRuleGroupId :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the rule was last modified, in Unix time format
+    -- and Coordinated Universal Time (UTC).
+    modificationTime :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The priority of the rule in the rule group. This value must be unique
+    -- within the rule group. DNS Firewall processes the rules in a rule group
+    -- by order of priority, starting from the lowest setting.
+    priority :: Prelude.Maybe Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'firewallRule_action' - The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request to go through but send an alert to the
+--     logs.
+--
+-- -   @BLOCK@ - Disallow the request. If this is specified, additional
+--     handling details are provided in the rule\'s @BlockResponse@
+--     setting.
+--
+-- 'blockOverrideDnsType', 'firewallRule_blockOverrideDnsType' - The DNS record\'s type. This determines the format of the record value
+-- that you provided in @BlockOverrideDomain@. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- 'blockOverrideDomain', 'firewallRule_blockOverrideDomain' - The custom DNS record to send back in response to the query. Used for
+-- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- 'blockOverrideTtl', 'firewallRule_blockOverrideTtl' - The recommended amount of time, in seconds, for the DNS resolver or web
+-- browser to cache the provided override record. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- 'blockResponse', 'firewallRule_blockResponse' - The way that you want DNS Firewall to block the request. Used for the
+-- rule action setting @BLOCK@.
+--
+-- -   @NODATA@ - Respond indicating that the query was successful, but no
+--     response is available for it.
+--
+-- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+--     query doesn\'t exist.
+--
+-- -   @OVERRIDE@ - Provide a custom override in the response. This option
+--     requires custom handling details in the rule\'s @BlockOverride*@
+--     settings.
+--
+-- 'creationTime', 'firewallRule_creationTime' - The date and time that the rule was created, in Unix time format and
+-- Coordinated Universal Time (UTC).
+--
+-- 'creatorRequestId', 'firewallRule_creatorRequestId' - A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of executing the operation
+-- twice. This can be any unique string, for example, a timestamp.
+--
+-- 'firewallDomainListId', 'firewallRule_firewallDomainListId' - The ID of the domain list that\'s used in the rule.
+--
+-- 'firewallRuleGroupId', 'firewallRule_firewallRuleGroupId' - The unique identifier of the firewall rule group of the rule.
+--
+-- 'modificationTime', 'firewallRule_modificationTime' - The date and time that the rule was last modified, in Unix time format
+-- and Coordinated Universal Time (UTC).
+--
+-- 'name', 'firewallRule_name' - The name of the rule.
+--
+-- 'priority', 'firewallRule_priority' - The priority of the rule in the rule group. This value must be unique
+-- within the rule group. DNS Firewall processes the rules in a rule group
+-- by order of priority, starting from the lowest setting.
+newFirewallRule ::
+  FirewallRule
+newFirewallRule =
+  FirewallRule'
+    { action = Prelude.Nothing,
+      blockOverrideDnsType = Prelude.Nothing,
+      blockOverrideDomain = Prelude.Nothing,
+      blockOverrideTtl = Prelude.Nothing,
+      blockResponse = Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      firewallDomainListId = Prelude.Nothing,
+      firewallRuleGroupId = Prelude.Nothing,
+      modificationTime = Prelude.Nothing,
+      name = Prelude.Nothing,
+      priority = Prelude.Nothing
+    }
+
+-- | The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request to go through but send an alert to the
+--     logs.
+--
+-- -   @BLOCK@ - Disallow the request. If this is specified, additional
+--     handling details are provided in the rule\'s @BlockResponse@
+--     setting.
+firewallRule_action :: Lens.Lens' FirewallRule (Prelude.Maybe Action)
+firewallRule_action = Lens.lens (\FirewallRule' {action} -> action) (\s@FirewallRule' {} a -> s {action = a} :: FirewallRule)
+
+-- | The DNS record\'s type. This determines the format of the record value
+-- that you provided in @BlockOverrideDomain@. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+firewallRule_blockOverrideDnsType :: Lens.Lens' FirewallRule (Prelude.Maybe BlockOverrideDnsType)
+firewallRule_blockOverrideDnsType = Lens.lens (\FirewallRule' {blockOverrideDnsType} -> blockOverrideDnsType) (\s@FirewallRule' {} a -> s {blockOverrideDnsType = a} :: FirewallRule)
+
+-- | The custom DNS record to send back in response to the query. Used for
+-- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+firewallRule_blockOverrideDomain :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Text)
+firewallRule_blockOverrideDomain = Lens.lens (\FirewallRule' {blockOverrideDomain} -> blockOverrideDomain) (\s@FirewallRule' {} a -> s {blockOverrideDomain = a} :: FirewallRule)
+
+-- | The recommended amount of time, in seconds, for the DNS resolver or web
+-- browser to cache the provided override record. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+firewallRule_blockOverrideTtl :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Int)
+firewallRule_blockOverrideTtl = Lens.lens (\FirewallRule' {blockOverrideTtl} -> blockOverrideTtl) (\s@FirewallRule' {} a -> s {blockOverrideTtl = a} :: FirewallRule)
+
+-- | The way that you want DNS Firewall to block the request. Used for the
+-- rule action setting @BLOCK@.
+--
+-- -   @NODATA@ - Respond indicating that the query was successful, but no
+--     response is available for it.
+--
+-- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+--     query doesn\'t exist.
+--
+-- -   @OVERRIDE@ - Provide a custom override in the response. This option
+--     requires custom handling details in the rule\'s @BlockOverride*@
+--     settings.
+firewallRule_blockResponse :: Lens.Lens' FirewallRule (Prelude.Maybe BlockResponse)
+firewallRule_blockResponse = Lens.lens (\FirewallRule' {blockResponse} -> blockResponse) (\s@FirewallRule' {} a -> s {blockResponse = a} :: FirewallRule)
+
+-- | The date and time that the rule was created, in Unix time format and
+-- Coordinated Universal Time (UTC).
+firewallRule_creationTime :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Text)
+firewallRule_creationTime = Lens.lens (\FirewallRule' {creationTime} -> creationTime) (\s@FirewallRule' {} a -> s {creationTime = a} :: FirewallRule)
+
+-- | A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of executing the operation
+-- twice. This can be any unique string, for example, a timestamp.
+firewallRule_creatorRequestId :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Text)
+firewallRule_creatorRequestId = Lens.lens (\FirewallRule' {creatorRequestId} -> creatorRequestId) (\s@FirewallRule' {} a -> s {creatorRequestId = a} :: FirewallRule)
+
+-- | The ID of the domain list that\'s used in the rule.
+firewallRule_firewallDomainListId :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Text)
+firewallRule_firewallDomainListId = Lens.lens (\FirewallRule' {firewallDomainListId} -> firewallDomainListId) (\s@FirewallRule' {} a -> s {firewallDomainListId = a} :: FirewallRule)
+
+-- | The unique identifier of the firewall rule group of the rule.
+firewallRule_firewallRuleGroupId :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Text)
+firewallRule_firewallRuleGroupId = Lens.lens (\FirewallRule' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@FirewallRule' {} a -> s {firewallRuleGroupId = a} :: FirewallRule)
+
+-- | The date and time that the rule was last modified, in Unix time format
+-- and Coordinated Universal Time (UTC).
+firewallRule_modificationTime :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Text)
+firewallRule_modificationTime = Lens.lens (\FirewallRule' {modificationTime} -> modificationTime) (\s@FirewallRule' {} a -> s {modificationTime = a} :: FirewallRule)
+
+-- | The name of the rule.
+firewallRule_name :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Text)
+firewallRule_name = Lens.lens (\FirewallRule' {name} -> name) (\s@FirewallRule' {} a -> s {name = a} :: FirewallRule)
+
+-- | The priority of the rule in the rule group. This value must be unique
+-- within the rule group. DNS Firewall processes the rules in a rule group
+-- by order of priority, starting from the lowest setting.
+firewallRule_priority :: Lens.Lens' FirewallRule (Prelude.Maybe Prelude.Int)
+firewallRule_priority = Lens.lens (\FirewallRule' {priority} -> priority) (\s@FirewallRule' {} a -> s {priority = a} :: FirewallRule)
+
+instance Data.FromJSON FirewallRule where
+  parseJSON =
+    Data.withObject
+      "FirewallRule"
+      ( \x ->
+          FirewallRule'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "BlockOverrideDnsType")
+            Prelude.<*> (x Data..:? "BlockOverrideDomain")
+            Prelude.<*> (x Data..:? "BlockOverrideTtl")
+            Prelude.<*> (x Data..:? "BlockResponse")
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "FirewallDomainListId")
+            Prelude.<*> (x Data..:? "FirewallRuleGroupId")
+            Prelude.<*> (x Data..:? "ModificationTime")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Priority")
+      )
+
+instance Prelude.Hashable FirewallRule where
+  hashWithSalt _salt FirewallRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` blockOverrideDnsType
+      `Prelude.hashWithSalt` blockOverrideDomain
+      `Prelude.hashWithSalt` blockOverrideTtl
+      `Prelude.hashWithSalt` blockResponse
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` firewallDomainListId
+      `Prelude.hashWithSalt` firewallRuleGroupId
+      `Prelude.hashWithSalt` modificationTime
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` priority
+
+instance Prelude.NFData FirewallRule where
+  rnf FirewallRule' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf blockOverrideDnsType
+      `Prelude.seq` Prelude.rnf blockOverrideDomain
+      `Prelude.seq` Prelude.rnf blockOverrideTtl
+      `Prelude.seq` Prelude.rnf blockResponse
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf firewallDomainListId
+      `Prelude.seq` Prelude.rnf firewallRuleGroupId
+      `Prelude.seq` Prelude.rnf modificationTime
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf priority
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroup.hs b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroup.hs
@@ -0,0 +1,224 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallRuleGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupStatus
+import Amazonka.Route53Resolver.Types.ShareStatus
+
+-- | High-level information for a firewall rule group. A firewall rule group
+-- is a collection of rules that DNS Firewall uses to filter DNS network
+-- traffic for a VPC. To retrieve the rules for the rule group, call
+-- ListFirewallRules.
+--
+-- /See:/ 'newFirewallRuleGroup' smart constructor.
+data FirewallRuleGroup = FirewallRuleGroup'
+  { -- | The ARN (Amazon Resource Name) of the rule group.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the rule group was created, in Unix time format
+    -- and Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A unique string defined by you to identify the request. This allows you
+    -- to retry failed requests without the risk of running the operation
+    -- twice. This can be any unique string, for example, a timestamp.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the rule group.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the rule group was last modified, in Unix time
+    -- format and Coordinated Universal Time (UTC).
+    modificationTime :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rule group.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID for the account that created the rule
+    -- group. When a rule group is shared with your account, this is the
+    -- account that has shared the rule group with you.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The number of rules in the rule group.
+    ruleCount :: Prelude.Maybe Prelude.Int,
+    -- | Whether the rule group is shared with other Amazon Web Services
+    -- accounts, or was shared with the current account by another Amazon Web
+    -- Services account. Sharing is configured through Resource Access Manager
+    -- (RAM).
+    shareStatus :: Prelude.Maybe ShareStatus,
+    -- | The status of the domain list.
+    status :: Prelude.Maybe FirewallRuleGroupStatus,
+    -- | Additional information about the status of the rule group, if available.
+    statusMessage :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'firewallRuleGroup_arn' - The ARN (Amazon Resource Name) of the rule group.
+--
+-- 'creationTime', 'firewallRuleGroup_creationTime' - The date and time that the rule group was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+--
+-- 'creatorRequestId', 'firewallRuleGroup_creatorRequestId' - A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+--
+-- 'id', 'firewallRuleGroup_id' - The ID of the rule group.
+--
+-- 'modificationTime', 'firewallRuleGroup_modificationTime' - The date and time that the rule group was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+--
+-- 'name', 'firewallRuleGroup_name' - The name of the rule group.
+--
+-- 'ownerId', 'firewallRuleGroup_ownerId' - The Amazon Web Services account ID for the account that created the rule
+-- group. When a rule group is shared with your account, this is the
+-- account that has shared the rule group with you.
+--
+-- 'ruleCount', 'firewallRuleGroup_ruleCount' - The number of rules in the rule group.
+--
+-- 'shareStatus', 'firewallRuleGroup_shareStatus' - Whether the rule group is shared with other Amazon Web Services
+-- accounts, or was shared with the current account by another Amazon Web
+-- Services account. Sharing is configured through Resource Access Manager
+-- (RAM).
+--
+-- 'status', 'firewallRuleGroup_status' - The status of the domain list.
+--
+-- 'statusMessage', 'firewallRuleGroup_statusMessage' - Additional information about the status of the rule group, if available.
+newFirewallRuleGroup ::
+  FirewallRuleGroup
+newFirewallRuleGroup =
+  FirewallRuleGroup'
+    { arn = Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      id = Prelude.Nothing,
+      modificationTime = Prelude.Nothing,
+      name = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      ruleCount = Prelude.Nothing,
+      shareStatus = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing
+    }
+
+-- | The ARN (Amazon Resource Name) of the rule group.
+firewallRuleGroup_arn :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_arn = Lens.lens (\FirewallRuleGroup' {arn} -> arn) (\s@FirewallRuleGroup' {} a -> s {arn = a} :: FirewallRuleGroup)
+
+-- | The date and time that the rule group was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+firewallRuleGroup_creationTime :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_creationTime = Lens.lens (\FirewallRuleGroup' {creationTime} -> creationTime) (\s@FirewallRuleGroup' {} a -> s {creationTime = a} :: FirewallRuleGroup)
+
+-- | A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+firewallRuleGroup_creatorRequestId :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_creatorRequestId = Lens.lens (\FirewallRuleGroup' {creatorRequestId} -> creatorRequestId) (\s@FirewallRuleGroup' {} a -> s {creatorRequestId = a} :: FirewallRuleGroup)
+
+-- | The ID of the rule group.
+firewallRuleGroup_id :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_id = Lens.lens (\FirewallRuleGroup' {id} -> id) (\s@FirewallRuleGroup' {} a -> s {id = a} :: FirewallRuleGroup)
+
+-- | The date and time that the rule group was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+firewallRuleGroup_modificationTime :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_modificationTime = Lens.lens (\FirewallRuleGroup' {modificationTime} -> modificationTime) (\s@FirewallRuleGroup' {} a -> s {modificationTime = a} :: FirewallRuleGroup)
+
+-- | The name of the rule group.
+firewallRuleGroup_name :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_name = Lens.lens (\FirewallRuleGroup' {name} -> name) (\s@FirewallRuleGroup' {} a -> s {name = a} :: FirewallRuleGroup)
+
+-- | The Amazon Web Services account ID for the account that created the rule
+-- group. When a rule group is shared with your account, this is the
+-- account that has shared the rule group with you.
+firewallRuleGroup_ownerId :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_ownerId = Lens.lens (\FirewallRuleGroup' {ownerId} -> ownerId) (\s@FirewallRuleGroup' {} a -> s {ownerId = a} :: FirewallRuleGroup)
+
+-- | The number of rules in the rule group.
+firewallRuleGroup_ruleCount :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Int)
+firewallRuleGroup_ruleCount = Lens.lens (\FirewallRuleGroup' {ruleCount} -> ruleCount) (\s@FirewallRuleGroup' {} a -> s {ruleCount = a} :: FirewallRuleGroup)
+
+-- | Whether the rule group is shared with other Amazon Web Services
+-- accounts, or was shared with the current account by another Amazon Web
+-- Services account. Sharing is configured through Resource Access Manager
+-- (RAM).
+firewallRuleGroup_shareStatus :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe ShareStatus)
+firewallRuleGroup_shareStatus = Lens.lens (\FirewallRuleGroup' {shareStatus} -> shareStatus) (\s@FirewallRuleGroup' {} a -> s {shareStatus = a} :: FirewallRuleGroup)
+
+-- | The status of the domain list.
+firewallRuleGroup_status :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe FirewallRuleGroupStatus)
+firewallRuleGroup_status = Lens.lens (\FirewallRuleGroup' {status} -> status) (\s@FirewallRuleGroup' {} a -> s {status = a} :: FirewallRuleGroup)
+
+-- | Additional information about the status of the rule group, if available.
+firewallRuleGroup_statusMessage :: Lens.Lens' FirewallRuleGroup (Prelude.Maybe Prelude.Text)
+firewallRuleGroup_statusMessage = Lens.lens (\FirewallRuleGroup' {statusMessage} -> statusMessage) (\s@FirewallRuleGroup' {} a -> s {statusMessage = a} :: FirewallRuleGroup)
+
+instance Data.FromJSON FirewallRuleGroup where
+  parseJSON =
+    Data.withObject
+      "FirewallRuleGroup"
+      ( \x ->
+          FirewallRuleGroup'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "ModificationTime")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "RuleCount")
+            Prelude.<*> (x Data..:? "ShareStatus")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+      )
+
+instance Prelude.Hashable FirewallRuleGroup where
+  hashWithSalt _salt FirewallRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` modificationTime
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` ruleCount
+      `Prelude.hashWithSalt` shareStatus
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+
+instance Prelude.NFData FirewallRuleGroup where
+  rnf FirewallRuleGroup' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf modificationTime
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf ruleCount
+      `Prelude.seq` Prelude.rnf shareStatus
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupAssociation.hs b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupAssociation.hs
@@ -0,0 +1,256 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociationStatus
+import Amazonka.Route53Resolver.Types.MutationProtectionStatus
+
+-- | An association between a firewall rule group and a VPC, which enables
+-- DNS filtering for the VPC.
+--
+-- /See:/ 'newFirewallRuleGroupAssociation' smart constructor.
+data FirewallRuleGroupAssociation = FirewallRuleGroupAssociation'
+  { -- | The Amazon Resource Name (ARN) of the firewall rule group association.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the association was created, in Unix time format
+    -- and Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A unique string defined by you to identify the request. This allows you
+    -- to retry failed requests without the risk of running the operation
+    -- twice. This can be any unique string, for example, a timestamp.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the firewall rule group.
+    firewallRuleGroupId :: Prelude.Maybe Prelude.Text,
+    -- | The identifier for the association.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The owner of the association, used only for associations that are not
+    -- managed by you. If you use Firewall Manager to manage your DNS
+    -- Firewalls, then this reports Firewall Manager as the managed owner.
+    managedOwnerName :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the association was last modified, in Unix time
+    -- format and Coordinated Universal Time (UTC).
+    modificationTime :: Prelude.Maybe Prelude.Text,
+    -- | If enabled, this setting disallows modification or removal of the
+    -- association, to help prevent against accidentally altering DNS firewall
+    -- protections.
+    mutationProtection :: Prelude.Maybe MutationProtectionStatus,
+    -- | The name of the association.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The setting that determines the processing order of the rule group among
+    -- the rule groups that are associated with a single VPC. DNS Firewall
+    -- filters VPC traffic starting from rule group with the lowest numeric
+    -- priority setting.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The current status of the association.
+    status :: Prelude.Maybe FirewallRuleGroupAssociationStatus,
+    -- | Additional information about the status of the response, if available.
+    statusMessage :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier of the VPC that is associated with the rule group.
+    vpcId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallRuleGroupAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'firewallRuleGroupAssociation_arn' - The Amazon Resource Name (ARN) of the firewall rule group association.
+--
+-- 'creationTime', 'firewallRuleGroupAssociation_creationTime' - The date and time that the association was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+--
+-- 'creatorRequestId', 'firewallRuleGroupAssociation_creatorRequestId' - A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+--
+-- 'firewallRuleGroupId', 'firewallRuleGroupAssociation_firewallRuleGroupId' - The unique identifier of the firewall rule group.
+--
+-- 'id', 'firewallRuleGroupAssociation_id' - The identifier for the association.
+--
+-- 'managedOwnerName', 'firewallRuleGroupAssociation_managedOwnerName' - The owner of the association, used only for associations that are not
+-- managed by you. If you use Firewall Manager to manage your DNS
+-- Firewalls, then this reports Firewall Manager as the managed owner.
+--
+-- 'modificationTime', 'firewallRuleGroupAssociation_modificationTime' - The date and time that the association was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+--
+-- 'mutationProtection', 'firewallRuleGroupAssociation_mutationProtection' - If enabled, this setting disallows modification or removal of the
+-- association, to help prevent against accidentally altering DNS firewall
+-- protections.
+--
+-- 'name', 'firewallRuleGroupAssociation_name' - The name of the association.
+--
+-- 'priority', 'firewallRuleGroupAssociation_priority' - The setting that determines the processing order of the rule group among
+-- the rule groups that are associated with a single VPC. DNS Firewall
+-- filters VPC traffic starting from rule group with the lowest numeric
+-- priority setting.
+--
+-- 'status', 'firewallRuleGroupAssociation_status' - The current status of the association.
+--
+-- 'statusMessage', 'firewallRuleGroupAssociation_statusMessage' - Additional information about the status of the response, if available.
+--
+-- 'vpcId', 'firewallRuleGroupAssociation_vpcId' - The unique identifier of the VPC that is associated with the rule group.
+newFirewallRuleGroupAssociation ::
+  FirewallRuleGroupAssociation
+newFirewallRuleGroupAssociation =
+  FirewallRuleGroupAssociation'
+    { arn =
+        Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      firewallRuleGroupId = Prelude.Nothing,
+      id = Prelude.Nothing,
+      managedOwnerName = Prelude.Nothing,
+      modificationTime = Prelude.Nothing,
+      mutationProtection = Prelude.Nothing,
+      name = Prelude.Nothing,
+      priority = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing,
+      vpcId = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the firewall rule group association.
+firewallRuleGroupAssociation_arn :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_arn = Lens.lens (\FirewallRuleGroupAssociation' {arn} -> arn) (\s@FirewallRuleGroupAssociation' {} a -> s {arn = a} :: FirewallRuleGroupAssociation)
+
+-- | The date and time that the association was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+firewallRuleGroupAssociation_creationTime :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_creationTime = Lens.lens (\FirewallRuleGroupAssociation' {creationTime} -> creationTime) (\s@FirewallRuleGroupAssociation' {} a -> s {creationTime = a} :: FirewallRuleGroupAssociation)
+
+-- | A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+firewallRuleGroupAssociation_creatorRequestId :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_creatorRequestId = Lens.lens (\FirewallRuleGroupAssociation' {creatorRequestId} -> creatorRequestId) (\s@FirewallRuleGroupAssociation' {} a -> s {creatorRequestId = a} :: FirewallRuleGroupAssociation)
+
+-- | The unique identifier of the firewall rule group.
+firewallRuleGroupAssociation_firewallRuleGroupId :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_firewallRuleGroupId = Lens.lens (\FirewallRuleGroupAssociation' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@FirewallRuleGroupAssociation' {} a -> s {firewallRuleGroupId = a} :: FirewallRuleGroupAssociation)
+
+-- | The identifier for the association.
+firewallRuleGroupAssociation_id :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_id = Lens.lens (\FirewallRuleGroupAssociation' {id} -> id) (\s@FirewallRuleGroupAssociation' {} a -> s {id = a} :: FirewallRuleGroupAssociation)
+
+-- | The owner of the association, used only for associations that are not
+-- managed by you. If you use Firewall Manager to manage your DNS
+-- Firewalls, then this reports Firewall Manager as the managed owner.
+firewallRuleGroupAssociation_managedOwnerName :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_managedOwnerName = Lens.lens (\FirewallRuleGroupAssociation' {managedOwnerName} -> managedOwnerName) (\s@FirewallRuleGroupAssociation' {} a -> s {managedOwnerName = a} :: FirewallRuleGroupAssociation)
+
+-- | The date and time that the association was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+firewallRuleGroupAssociation_modificationTime :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_modificationTime = Lens.lens (\FirewallRuleGroupAssociation' {modificationTime} -> modificationTime) (\s@FirewallRuleGroupAssociation' {} a -> s {modificationTime = a} :: FirewallRuleGroupAssociation)
+
+-- | If enabled, this setting disallows modification or removal of the
+-- association, to help prevent against accidentally altering DNS firewall
+-- protections.
+firewallRuleGroupAssociation_mutationProtection :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe MutationProtectionStatus)
+firewallRuleGroupAssociation_mutationProtection = Lens.lens (\FirewallRuleGroupAssociation' {mutationProtection} -> mutationProtection) (\s@FirewallRuleGroupAssociation' {} a -> s {mutationProtection = a} :: FirewallRuleGroupAssociation)
+
+-- | The name of the association.
+firewallRuleGroupAssociation_name :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_name = Lens.lens (\FirewallRuleGroupAssociation' {name} -> name) (\s@FirewallRuleGroupAssociation' {} a -> s {name = a} :: FirewallRuleGroupAssociation)
+
+-- | The setting that determines the processing order of the rule group among
+-- the rule groups that are associated with a single VPC. DNS Firewall
+-- filters VPC traffic starting from rule group with the lowest numeric
+-- priority setting.
+firewallRuleGroupAssociation_priority :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Int)
+firewallRuleGroupAssociation_priority = Lens.lens (\FirewallRuleGroupAssociation' {priority} -> priority) (\s@FirewallRuleGroupAssociation' {} a -> s {priority = a} :: FirewallRuleGroupAssociation)
+
+-- | The current status of the association.
+firewallRuleGroupAssociation_status :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe FirewallRuleGroupAssociationStatus)
+firewallRuleGroupAssociation_status = Lens.lens (\FirewallRuleGroupAssociation' {status} -> status) (\s@FirewallRuleGroupAssociation' {} a -> s {status = a} :: FirewallRuleGroupAssociation)
+
+-- | Additional information about the status of the response, if available.
+firewallRuleGroupAssociation_statusMessage :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_statusMessage = Lens.lens (\FirewallRuleGroupAssociation' {statusMessage} -> statusMessage) (\s@FirewallRuleGroupAssociation' {} a -> s {statusMessage = a} :: FirewallRuleGroupAssociation)
+
+-- | The unique identifier of the VPC that is associated with the rule group.
+firewallRuleGroupAssociation_vpcId :: Lens.Lens' FirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+firewallRuleGroupAssociation_vpcId = Lens.lens (\FirewallRuleGroupAssociation' {vpcId} -> vpcId) (\s@FirewallRuleGroupAssociation' {} a -> s {vpcId = a} :: FirewallRuleGroupAssociation)
+
+instance Data.FromJSON FirewallRuleGroupAssociation where
+  parseJSON =
+    Data.withObject
+      "FirewallRuleGroupAssociation"
+      ( \x ->
+          FirewallRuleGroupAssociation'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "FirewallRuleGroupId")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "ManagedOwnerName")
+            Prelude.<*> (x Data..:? "ModificationTime")
+            Prelude.<*> (x Data..:? "MutationProtection")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Priority")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+            Prelude.<*> (x Data..:? "VpcId")
+      )
+
+instance
+  Prelude.Hashable
+    FirewallRuleGroupAssociation
+  where
+  hashWithSalt _salt FirewallRuleGroupAssociation' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` firewallRuleGroupId
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` managedOwnerName
+      `Prelude.hashWithSalt` modificationTime
+      `Prelude.hashWithSalt` mutationProtection
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+      `Prelude.hashWithSalt` vpcId
+
+instance Prelude.NFData FirewallRuleGroupAssociation where
+  rnf FirewallRuleGroupAssociation' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf firewallRuleGroupId
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf managedOwnerName
+      `Prelude.seq` Prelude.rnf modificationTime
+      `Prelude.seq` Prelude.rnf mutationProtection
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+      `Prelude.seq` Prelude.rnf vpcId
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupAssociationStatus.hs b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupAssociationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupAssociationStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallRuleGroupAssociationStatus
+  ( FirewallRuleGroupAssociationStatus
+      ( ..,
+        FirewallRuleGroupAssociationStatus_COMPLETE,
+        FirewallRuleGroupAssociationStatus_DELETING,
+        FirewallRuleGroupAssociationStatus_UPDATING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FirewallRuleGroupAssociationStatus = FirewallRuleGroupAssociationStatus'
+  { fromFirewallRuleGroupAssociationStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FirewallRuleGroupAssociationStatus_COMPLETE :: FirewallRuleGroupAssociationStatus
+pattern FirewallRuleGroupAssociationStatus_COMPLETE = FirewallRuleGroupAssociationStatus' "COMPLETE"
+
+pattern FirewallRuleGroupAssociationStatus_DELETING :: FirewallRuleGroupAssociationStatus
+pattern FirewallRuleGroupAssociationStatus_DELETING = FirewallRuleGroupAssociationStatus' "DELETING"
+
+pattern FirewallRuleGroupAssociationStatus_UPDATING :: FirewallRuleGroupAssociationStatus
+pattern FirewallRuleGroupAssociationStatus_UPDATING = FirewallRuleGroupAssociationStatus' "UPDATING"
+
+{-# COMPLETE
+  FirewallRuleGroupAssociationStatus_COMPLETE,
+  FirewallRuleGroupAssociationStatus_DELETING,
+  FirewallRuleGroupAssociationStatus_UPDATING,
+  FirewallRuleGroupAssociationStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupMetadata.hs b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupMetadata.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupMetadata.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallRuleGroupMetadata
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallRuleGroupMetadata where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ShareStatus
+
+-- | Minimal high-level information for a firewall rule group. The action
+-- ListFirewallRuleGroups returns an array of these objects.
+--
+-- To retrieve full information for a firewall rule group, call
+-- GetFirewallRuleGroup and ListFirewallRules.
+--
+-- /See:/ 'newFirewallRuleGroupMetadata' smart constructor.
+data FirewallRuleGroupMetadata = FirewallRuleGroupMetadata'
+  { -- | The ARN (Amazon Resource Name) of the rule group.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A unique string defined by you to identify the request. This allows you
+    -- to retry failed requests without the risk of running the operation
+    -- twice. This can be any unique string, for example, a timestamp.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the rule group.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rule group.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID for the account that created the rule
+    -- group. When a rule group is shared with your account, this is the
+    -- account that has shared the rule group with you.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | Whether the rule group is shared with other Amazon Web Services
+    -- accounts, or was shared with the current account by another Amazon Web
+    -- Services account. Sharing is configured through Resource Access Manager
+    -- (RAM).
+    shareStatus :: Prelude.Maybe ShareStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallRuleGroupMetadata' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'firewallRuleGroupMetadata_arn' - The ARN (Amazon Resource Name) of the rule group.
+--
+-- 'creatorRequestId', 'firewallRuleGroupMetadata_creatorRequestId' - A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+--
+-- 'id', 'firewallRuleGroupMetadata_id' - The ID of the rule group.
+--
+-- 'name', 'firewallRuleGroupMetadata_name' - The name of the rule group.
+--
+-- 'ownerId', 'firewallRuleGroupMetadata_ownerId' - The Amazon Web Services account ID for the account that created the rule
+-- group. When a rule group is shared with your account, this is the
+-- account that has shared the rule group with you.
+--
+-- 'shareStatus', 'firewallRuleGroupMetadata_shareStatus' - Whether the rule group is shared with other Amazon Web Services
+-- accounts, or was shared with the current account by another Amazon Web
+-- Services account. Sharing is configured through Resource Access Manager
+-- (RAM).
+newFirewallRuleGroupMetadata ::
+  FirewallRuleGroupMetadata
+newFirewallRuleGroupMetadata =
+  FirewallRuleGroupMetadata'
+    { arn = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      id = Prelude.Nothing,
+      name = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      shareStatus = Prelude.Nothing
+    }
+
+-- | The ARN (Amazon Resource Name) of the rule group.
+firewallRuleGroupMetadata_arn :: Lens.Lens' FirewallRuleGroupMetadata (Prelude.Maybe Prelude.Text)
+firewallRuleGroupMetadata_arn = Lens.lens (\FirewallRuleGroupMetadata' {arn} -> arn) (\s@FirewallRuleGroupMetadata' {} a -> s {arn = a} :: FirewallRuleGroupMetadata)
+
+-- | A unique string defined by you to identify the request. This allows you
+-- to retry failed requests without the risk of running the operation
+-- twice. This can be any unique string, for example, a timestamp.
+firewallRuleGroupMetadata_creatorRequestId :: Lens.Lens' FirewallRuleGroupMetadata (Prelude.Maybe Prelude.Text)
+firewallRuleGroupMetadata_creatorRequestId = Lens.lens (\FirewallRuleGroupMetadata' {creatorRequestId} -> creatorRequestId) (\s@FirewallRuleGroupMetadata' {} a -> s {creatorRequestId = a} :: FirewallRuleGroupMetadata)
+
+-- | The ID of the rule group.
+firewallRuleGroupMetadata_id :: Lens.Lens' FirewallRuleGroupMetadata (Prelude.Maybe Prelude.Text)
+firewallRuleGroupMetadata_id = Lens.lens (\FirewallRuleGroupMetadata' {id} -> id) (\s@FirewallRuleGroupMetadata' {} a -> s {id = a} :: FirewallRuleGroupMetadata)
+
+-- | The name of the rule group.
+firewallRuleGroupMetadata_name :: Lens.Lens' FirewallRuleGroupMetadata (Prelude.Maybe Prelude.Text)
+firewallRuleGroupMetadata_name = Lens.lens (\FirewallRuleGroupMetadata' {name} -> name) (\s@FirewallRuleGroupMetadata' {} a -> s {name = a} :: FirewallRuleGroupMetadata)
+
+-- | The Amazon Web Services account ID for the account that created the rule
+-- group. When a rule group is shared with your account, this is the
+-- account that has shared the rule group with you.
+firewallRuleGroupMetadata_ownerId :: Lens.Lens' FirewallRuleGroupMetadata (Prelude.Maybe Prelude.Text)
+firewallRuleGroupMetadata_ownerId = Lens.lens (\FirewallRuleGroupMetadata' {ownerId} -> ownerId) (\s@FirewallRuleGroupMetadata' {} a -> s {ownerId = a} :: FirewallRuleGroupMetadata)
+
+-- | Whether the rule group is shared with other Amazon Web Services
+-- accounts, or was shared with the current account by another Amazon Web
+-- Services account. Sharing is configured through Resource Access Manager
+-- (RAM).
+firewallRuleGroupMetadata_shareStatus :: Lens.Lens' FirewallRuleGroupMetadata (Prelude.Maybe ShareStatus)
+firewallRuleGroupMetadata_shareStatus = Lens.lens (\FirewallRuleGroupMetadata' {shareStatus} -> shareStatus) (\s@FirewallRuleGroupMetadata' {} a -> s {shareStatus = a} :: FirewallRuleGroupMetadata)
+
+instance Data.FromJSON FirewallRuleGroupMetadata where
+  parseJSON =
+    Data.withObject
+      "FirewallRuleGroupMetadata"
+      ( \x ->
+          FirewallRuleGroupMetadata'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "ShareStatus")
+      )
+
+instance Prelude.Hashable FirewallRuleGroupMetadata where
+  hashWithSalt _salt FirewallRuleGroupMetadata' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` shareStatus
+
+instance Prelude.NFData FirewallRuleGroupMetadata where
+  rnf FirewallRuleGroupMetadata' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf shareStatus
diff --git a/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupStatus.hs b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/FirewallRuleGroupStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.FirewallRuleGroupStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.FirewallRuleGroupStatus
+  ( FirewallRuleGroupStatus
+      ( ..,
+        FirewallRuleGroupStatus_COMPLETE,
+        FirewallRuleGroupStatus_DELETING,
+        FirewallRuleGroupStatus_UPDATING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FirewallRuleGroupStatus = FirewallRuleGroupStatus'
+  { fromFirewallRuleGroupStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FirewallRuleGroupStatus_COMPLETE :: FirewallRuleGroupStatus
+pattern FirewallRuleGroupStatus_COMPLETE = FirewallRuleGroupStatus' "COMPLETE"
+
+pattern FirewallRuleGroupStatus_DELETING :: FirewallRuleGroupStatus
+pattern FirewallRuleGroupStatus_DELETING = FirewallRuleGroupStatus' "DELETING"
+
+pattern FirewallRuleGroupStatus_UPDATING :: FirewallRuleGroupStatus
+pattern FirewallRuleGroupStatus_UPDATING = FirewallRuleGroupStatus' "UPDATING"
+
+{-# COMPLETE
+  FirewallRuleGroupStatus_COMPLETE,
+  FirewallRuleGroupStatus_DELETING,
+  FirewallRuleGroupStatus_UPDATING,
+  FirewallRuleGroupStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/IpAddressRequest.hs b/gen/Amazonka/Route53Resolver/Types/IpAddressRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/IpAddressRequest.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.IpAddressRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.IpAddressRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | In a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>
+-- request, the IP address that DNS queries originate from (for outbound
+-- endpoints) or that you forward DNS queries to (for inbound endpoints).
+-- @IpAddressRequest@ also includes the ID of the subnet that contains the
+-- IP address.
+--
+-- /See:/ 'newIpAddressRequest' smart constructor.
+data IpAddressRequest = IpAddressRequest'
+  { -- | The IP address that you want to use for DNS queries.
+    ip :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the subnet that contains the IP address.
+    subnetId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IpAddressRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ip', 'ipAddressRequest_ip' - The IP address that you want to use for DNS queries.
+--
+-- 'subnetId', 'ipAddressRequest_subnetId' - The ID of the subnet that contains the IP address.
+newIpAddressRequest ::
+  -- | 'subnetId'
+  Prelude.Text ->
+  IpAddressRequest
+newIpAddressRequest pSubnetId_ =
+  IpAddressRequest'
+    { ip = Prelude.Nothing,
+      subnetId = pSubnetId_
+    }
+
+-- | The IP address that you want to use for DNS queries.
+ipAddressRequest_ip :: Lens.Lens' IpAddressRequest (Prelude.Maybe Prelude.Text)
+ipAddressRequest_ip = Lens.lens (\IpAddressRequest' {ip} -> ip) (\s@IpAddressRequest' {} a -> s {ip = a} :: IpAddressRequest)
+
+-- | The ID of the subnet that contains the IP address.
+ipAddressRequest_subnetId :: Lens.Lens' IpAddressRequest Prelude.Text
+ipAddressRequest_subnetId = Lens.lens (\IpAddressRequest' {subnetId} -> subnetId) (\s@IpAddressRequest' {} a -> s {subnetId = a} :: IpAddressRequest)
+
+instance Prelude.Hashable IpAddressRequest where
+  hashWithSalt _salt IpAddressRequest' {..} =
+    _salt
+      `Prelude.hashWithSalt` ip
+      `Prelude.hashWithSalt` subnetId
+
+instance Prelude.NFData IpAddressRequest where
+  rnf IpAddressRequest' {..} =
+    Prelude.rnf ip `Prelude.seq` Prelude.rnf subnetId
+
+instance Data.ToJSON IpAddressRequest where
+  toJSON IpAddressRequest' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Ip" Data..=) Prelude.<$> ip,
+            Prelude.Just ("SubnetId" Data..= subnetId)
+          ]
+      )
diff --git a/gen/Amazonka/Route53Resolver/Types/IpAddressResponse.hs b/gen/Amazonka/Route53Resolver/Types/IpAddressResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/IpAddressResponse.hs
@@ -0,0 +1,157 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.IpAddressResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.IpAddressResponse where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.IpAddressStatus
+
+-- | In the response to a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+-- request, information about the IP addresses that the Resolver endpoint
+-- uses for DNS queries.
+--
+-- /See:/ 'newIpAddressResponse' smart constructor.
+data IpAddressResponse = IpAddressResponse'
+  { -- | The date and time that the IP address was created, in Unix time format
+    -- and Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | One IP address that the Resolver endpoint uses for DNS queries.
+    ip :: Prelude.Maybe Prelude.Text,
+    -- | The ID of one IP address.
+    ipId :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the IP address was last modified, in Unix time
+    -- format and Coordinated Universal Time (UTC).
+    modificationTime :: Prelude.Maybe Prelude.Text,
+    -- | A status code that gives the current status of the request.
+    status :: Prelude.Maybe IpAddressStatus,
+    -- | A message that provides additional information about the status of the
+    -- request.
+    statusMessage :: Prelude.Maybe Prelude.Text,
+    -- | The ID of one subnet.
+    subnetId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IpAddressResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'creationTime', 'ipAddressResponse_creationTime' - The date and time that the IP address was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+--
+-- 'ip', 'ipAddressResponse_ip' - One IP address that the Resolver endpoint uses for DNS queries.
+--
+-- 'ipId', 'ipAddressResponse_ipId' - The ID of one IP address.
+--
+-- 'modificationTime', 'ipAddressResponse_modificationTime' - The date and time that the IP address was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+--
+-- 'status', 'ipAddressResponse_status' - A status code that gives the current status of the request.
+--
+-- 'statusMessage', 'ipAddressResponse_statusMessage' - A message that provides additional information about the status of the
+-- request.
+--
+-- 'subnetId', 'ipAddressResponse_subnetId' - The ID of one subnet.
+newIpAddressResponse ::
+  IpAddressResponse
+newIpAddressResponse =
+  IpAddressResponse'
+    { creationTime = Prelude.Nothing,
+      ip = Prelude.Nothing,
+      ipId = Prelude.Nothing,
+      modificationTime = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing,
+      subnetId = Prelude.Nothing
+    }
+
+-- | The date and time that the IP address was created, in Unix time format
+-- and Coordinated Universal Time (UTC).
+ipAddressResponse_creationTime :: Lens.Lens' IpAddressResponse (Prelude.Maybe Prelude.Text)
+ipAddressResponse_creationTime = Lens.lens (\IpAddressResponse' {creationTime} -> creationTime) (\s@IpAddressResponse' {} a -> s {creationTime = a} :: IpAddressResponse)
+
+-- | One IP address that the Resolver endpoint uses for DNS queries.
+ipAddressResponse_ip :: Lens.Lens' IpAddressResponse (Prelude.Maybe Prelude.Text)
+ipAddressResponse_ip = Lens.lens (\IpAddressResponse' {ip} -> ip) (\s@IpAddressResponse' {} a -> s {ip = a} :: IpAddressResponse)
+
+-- | The ID of one IP address.
+ipAddressResponse_ipId :: Lens.Lens' IpAddressResponse (Prelude.Maybe Prelude.Text)
+ipAddressResponse_ipId = Lens.lens (\IpAddressResponse' {ipId} -> ipId) (\s@IpAddressResponse' {} a -> s {ipId = a} :: IpAddressResponse)
+
+-- | The date and time that the IP address was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+ipAddressResponse_modificationTime :: Lens.Lens' IpAddressResponse (Prelude.Maybe Prelude.Text)
+ipAddressResponse_modificationTime = Lens.lens (\IpAddressResponse' {modificationTime} -> modificationTime) (\s@IpAddressResponse' {} a -> s {modificationTime = a} :: IpAddressResponse)
+
+-- | A status code that gives the current status of the request.
+ipAddressResponse_status :: Lens.Lens' IpAddressResponse (Prelude.Maybe IpAddressStatus)
+ipAddressResponse_status = Lens.lens (\IpAddressResponse' {status} -> status) (\s@IpAddressResponse' {} a -> s {status = a} :: IpAddressResponse)
+
+-- | A message that provides additional information about the status of the
+-- request.
+ipAddressResponse_statusMessage :: Lens.Lens' IpAddressResponse (Prelude.Maybe Prelude.Text)
+ipAddressResponse_statusMessage = Lens.lens (\IpAddressResponse' {statusMessage} -> statusMessage) (\s@IpAddressResponse' {} a -> s {statusMessage = a} :: IpAddressResponse)
+
+-- | The ID of one subnet.
+ipAddressResponse_subnetId :: Lens.Lens' IpAddressResponse (Prelude.Maybe Prelude.Text)
+ipAddressResponse_subnetId = Lens.lens (\IpAddressResponse' {subnetId} -> subnetId) (\s@IpAddressResponse' {} a -> s {subnetId = a} :: IpAddressResponse)
+
+instance Data.FromJSON IpAddressResponse where
+  parseJSON =
+    Data.withObject
+      "IpAddressResponse"
+      ( \x ->
+          IpAddressResponse'
+            Prelude.<$> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "Ip")
+            Prelude.<*> (x Data..:? "IpId")
+            Prelude.<*> (x Data..:? "ModificationTime")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+            Prelude.<*> (x Data..:? "SubnetId")
+      )
+
+instance Prelude.Hashable IpAddressResponse where
+  hashWithSalt _salt IpAddressResponse' {..} =
+    _salt
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` ip
+      `Prelude.hashWithSalt` ipId
+      `Prelude.hashWithSalt` modificationTime
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+      `Prelude.hashWithSalt` subnetId
+
+instance Prelude.NFData IpAddressResponse where
+  rnf IpAddressResponse' {..} =
+    Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf ip
+      `Prelude.seq` Prelude.rnf ipId
+      `Prelude.seq` Prelude.rnf modificationTime
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+      `Prelude.seq` Prelude.rnf subnetId
diff --git a/gen/Amazonka/Route53Resolver/Types/IpAddressStatus.hs b/gen/Amazonka/Route53Resolver/Types/IpAddressStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/IpAddressStatus.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.IpAddressStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.IpAddressStatus
+  ( IpAddressStatus
+      ( ..,
+        IpAddressStatus_ATTACHED,
+        IpAddressStatus_ATTACHING,
+        IpAddressStatus_CREATING,
+        IpAddressStatus_DELETE_FAILED_FAS_EXPIRED,
+        IpAddressStatus_DELETING,
+        IpAddressStatus_DETACHING,
+        IpAddressStatus_FAILED_CREATION,
+        IpAddressStatus_FAILED_RESOURCE_GONE,
+        IpAddressStatus_REMAP_ATTACHING,
+        IpAddressStatus_REMAP_DETACHING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype IpAddressStatus = IpAddressStatus'
+  { fromIpAddressStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern IpAddressStatus_ATTACHED :: IpAddressStatus
+pattern IpAddressStatus_ATTACHED = IpAddressStatus' "ATTACHED"
+
+pattern IpAddressStatus_ATTACHING :: IpAddressStatus
+pattern IpAddressStatus_ATTACHING = IpAddressStatus' "ATTACHING"
+
+pattern IpAddressStatus_CREATING :: IpAddressStatus
+pattern IpAddressStatus_CREATING = IpAddressStatus' "CREATING"
+
+pattern IpAddressStatus_DELETE_FAILED_FAS_EXPIRED :: IpAddressStatus
+pattern IpAddressStatus_DELETE_FAILED_FAS_EXPIRED = IpAddressStatus' "DELETE_FAILED_FAS_EXPIRED"
+
+pattern IpAddressStatus_DELETING :: IpAddressStatus
+pattern IpAddressStatus_DELETING = IpAddressStatus' "DELETING"
+
+pattern IpAddressStatus_DETACHING :: IpAddressStatus
+pattern IpAddressStatus_DETACHING = IpAddressStatus' "DETACHING"
+
+pattern IpAddressStatus_FAILED_CREATION :: IpAddressStatus
+pattern IpAddressStatus_FAILED_CREATION = IpAddressStatus' "FAILED_CREATION"
+
+pattern IpAddressStatus_FAILED_RESOURCE_GONE :: IpAddressStatus
+pattern IpAddressStatus_FAILED_RESOURCE_GONE = IpAddressStatus' "FAILED_RESOURCE_GONE"
+
+pattern IpAddressStatus_REMAP_ATTACHING :: IpAddressStatus
+pattern IpAddressStatus_REMAP_ATTACHING = IpAddressStatus' "REMAP_ATTACHING"
+
+pattern IpAddressStatus_REMAP_DETACHING :: IpAddressStatus
+pattern IpAddressStatus_REMAP_DETACHING = IpAddressStatus' "REMAP_DETACHING"
+
+{-# COMPLETE
+  IpAddressStatus_ATTACHED,
+  IpAddressStatus_ATTACHING,
+  IpAddressStatus_CREATING,
+  IpAddressStatus_DELETE_FAILED_FAS_EXPIRED,
+  IpAddressStatus_DELETING,
+  IpAddressStatus_DETACHING,
+  IpAddressStatus_FAILED_CREATION,
+  IpAddressStatus_FAILED_RESOURCE_GONE,
+  IpAddressStatus_REMAP_ATTACHING,
+  IpAddressStatus_REMAP_DETACHING,
+  IpAddressStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/IpAddressUpdate.hs b/gen/Amazonka/Route53Resolver/Types/IpAddressUpdate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/IpAddressUpdate.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.IpAddressUpdate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.IpAddressUpdate where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | In an
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverEndpoint.html UpdateResolverEndpoint>
+-- request, information about an IP address to update.
+--
+-- /See:/ 'newIpAddressUpdate' smart constructor.
+data IpAddressUpdate = IpAddressUpdate'
+  { -- | The new IP address.
+    ip :: Prelude.Maybe Prelude.Text,
+    -- | /Only when removing an IP address from a Resolver endpoint/: The ID of
+    -- the IP address that you want to remove. To get this ID, use
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>.
+    ipId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the subnet that includes the IP address that you want to
+    -- update. To get this ID, use
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>.
+    subnetId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IpAddressUpdate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ip', 'ipAddressUpdate_ip' - The new IP address.
+--
+-- 'ipId', 'ipAddressUpdate_ipId' - /Only when removing an IP address from a Resolver endpoint/: The ID of
+-- the IP address that you want to remove. To get this ID, use
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>.
+--
+-- 'subnetId', 'ipAddressUpdate_subnetId' - The ID of the subnet that includes the IP address that you want to
+-- update. To get this ID, use
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>.
+newIpAddressUpdate ::
+  IpAddressUpdate
+newIpAddressUpdate =
+  IpAddressUpdate'
+    { ip = Prelude.Nothing,
+      ipId = Prelude.Nothing,
+      subnetId = Prelude.Nothing
+    }
+
+-- | The new IP address.
+ipAddressUpdate_ip :: Lens.Lens' IpAddressUpdate (Prelude.Maybe Prelude.Text)
+ipAddressUpdate_ip = Lens.lens (\IpAddressUpdate' {ip} -> ip) (\s@IpAddressUpdate' {} a -> s {ip = a} :: IpAddressUpdate)
+
+-- | /Only when removing an IP address from a Resolver endpoint/: The ID of
+-- the IP address that you want to remove. To get this ID, use
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>.
+ipAddressUpdate_ipId :: Lens.Lens' IpAddressUpdate (Prelude.Maybe Prelude.Text)
+ipAddressUpdate_ipId = Lens.lens (\IpAddressUpdate' {ipId} -> ipId) (\s@IpAddressUpdate' {} a -> s {ipId = a} :: IpAddressUpdate)
+
+-- | The ID of the subnet that includes the IP address that you want to
+-- update. To get this ID, use
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>.
+ipAddressUpdate_subnetId :: Lens.Lens' IpAddressUpdate (Prelude.Maybe Prelude.Text)
+ipAddressUpdate_subnetId = Lens.lens (\IpAddressUpdate' {subnetId} -> subnetId) (\s@IpAddressUpdate' {} a -> s {subnetId = a} :: IpAddressUpdate)
+
+instance Prelude.Hashable IpAddressUpdate where
+  hashWithSalt _salt IpAddressUpdate' {..} =
+    _salt
+      `Prelude.hashWithSalt` ip
+      `Prelude.hashWithSalt` ipId
+      `Prelude.hashWithSalt` subnetId
+
+instance Prelude.NFData IpAddressUpdate where
+  rnf IpAddressUpdate' {..} =
+    Prelude.rnf ip
+      `Prelude.seq` Prelude.rnf ipId
+      `Prelude.seq` Prelude.rnf subnetId
+
+instance Data.ToJSON IpAddressUpdate where
+  toJSON IpAddressUpdate' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Ip" Data..=) Prelude.<$> ip,
+            ("IpId" Data..=) Prelude.<$> ipId,
+            ("SubnetId" Data..=) Prelude.<$> subnetId
+          ]
+      )
diff --git a/gen/Amazonka/Route53Resolver/Types/MutationProtectionStatus.hs b/gen/Amazonka/Route53Resolver/Types/MutationProtectionStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/MutationProtectionStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.MutationProtectionStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.MutationProtectionStatus
+  ( MutationProtectionStatus
+      ( ..,
+        MutationProtectionStatus_DISABLED,
+        MutationProtectionStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype MutationProtectionStatus = MutationProtectionStatus'
+  { fromMutationProtectionStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern MutationProtectionStatus_DISABLED :: MutationProtectionStatus
+pattern MutationProtectionStatus_DISABLED = MutationProtectionStatus' "DISABLED"
+
+pattern MutationProtectionStatus_ENABLED :: MutationProtectionStatus
+pattern MutationProtectionStatus_ENABLED = MutationProtectionStatus' "ENABLED"
+
+{-# COMPLETE
+  MutationProtectionStatus_DISABLED,
+  MutationProtectionStatus_ENABLED,
+  MutationProtectionStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverAutodefinedReverseStatus.hs b/gen/Amazonka/Route53Resolver/Types/ResolverAutodefinedReverseStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverAutodefinedReverseStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverAutodefinedReverseStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverAutodefinedReverseStatus
+  ( ResolverAutodefinedReverseStatus
+      ( ..,
+        ResolverAutodefinedReverseStatus_DISABLED,
+        ResolverAutodefinedReverseStatus_DISABLING,
+        ResolverAutodefinedReverseStatus_ENABLED,
+        ResolverAutodefinedReverseStatus_ENABLING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverAutodefinedReverseStatus = ResolverAutodefinedReverseStatus'
+  { fromResolverAutodefinedReverseStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverAutodefinedReverseStatus_DISABLED :: ResolverAutodefinedReverseStatus
+pattern ResolverAutodefinedReverseStatus_DISABLED = ResolverAutodefinedReverseStatus' "DISABLED"
+
+pattern ResolverAutodefinedReverseStatus_DISABLING :: ResolverAutodefinedReverseStatus
+pattern ResolverAutodefinedReverseStatus_DISABLING = ResolverAutodefinedReverseStatus' "DISABLING"
+
+pattern ResolverAutodefinedReverseStatus_ENABLED :: ResolverAutodefinedReverseStatus
+pattern ResolverAutodefinedReverseStatus_ENABLED = ResolverAutodefinedReverseStatus' "ENABLED"
+
+pattern ResolverAutodefinedReverseStatus_ENABLING :: ResolverAutodefinedReverseStatus
+pattern ResolverAutodefinedReverseStatus_ENABLING = ResolverAutodefinedReverseStatus' "ENABLING"
+
+{-# COMPLETE
+  ResolverAutodefinedReverseStatus_DISABLED,
+  ResolverAutodefinedReverseStatus_DISABLING,
+  ResolverAutodefinedReverseStatus_ENABLED,
+  ResolverAutodefinedReverseStatus_ENABLING,
+  ResolverAutodefinedReverseStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverConfig.hs b/gen/Amazonka/Route53Resolver/Types/ResolverConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverConfig.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ResolverAutodefinedReverseStatus
+
+-- | A complex type that contains information about a Resolver configuration
+-- for a VPC.
+--
+-- /See:/ 'newResolverConfig' smart constructor.
+data ResolverConfig = ResolverConfig'
+  { -- | The status of whether or not the Resolver will create autodefined rules
+    -- for reverse DNS lookups. This is enabled by default. The status can be
+    -- one of following:
+    --
+    -- Status of the rules generated by VPCs based on CIDR\/Region for reverse
+    -- DNS resolution. The status can be one of following:
+    --
+    -- -   __ENABLING:__ Autodefined rules for reverse DNS lookups are being
+    --     enabled but are not complete.
+    --
+    -- -   __ENABLED:__ Autodefined rules for reverse DNS lookups are enabled.
+    --
+    -- -   __DISABLING:__ Autodefined rules for reverse DNS lookups are being
+    --     disabled but are not complete.
+    --
+    -- -   __DISABLED:__ Autodefined rules for reverse DNS lookups are
+    --     disabled.
+    autodefinedReverse :: Prelude.Maybe ResolverAutodefinedReverseStatus,
+    -- | ID for the Resolver configuration.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The owner account ID of the Amazon Virtual Private Cloud VPC.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Amazon Virtual Private Cloud VPC that you\'re configuring
+    -- Resolver for.
+    resourceId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autodefinedReverse', 'resolverConfig_autodefinedReverse' - The status of whether or not the Resolver will create autodefined rules
+-- for reverse DNS lookups. This is enabled by default. The status can be
+-- one of following:
+--
+-- Status of the rules generated by VPCs based on CIDR\/Region for reverse
+-- DNS resolution. The status can be one of following:
+--
+-- -   __ENABLING:__ Autodefined rules for reverse DNS lookups are being
+--     enabled but are not complete.
+--
+-- -   __ENABLED:__ Autodefined rules for reverse DNS lookups are enabled.
+--
+-- -   __DISABLING:__ Autodefined rules for reverse DNS lookups are being
+--     disabled but are not complete.
+--
+-- -   __DISABLED:__ Autodefined rules for reverse DNS lookups are
+--     disabled.
+--
+-- 'id', 'resolverConfig_id' - ID for the Resolver configuration.
+--
+-- 'ownerId', 'resolverConfig_ownerId' - The owner account ID of the Amazon Virtual Private Cloud VPC.
+--
+-- 'resourceId', 'resolverConfig_resourceId' - The ID of the Amazon Virtual Private Cloud VPC that you\'re configuring
+-- Resolver for.
+newResolverConfig ::
+  ResolverConfig
+newResolverConfig =
+  ResolverConfig'
+    { autodefinedReverse =
+        Prelude.Nothing,
+      id = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      resourceId = Prelude.Nothing
+    }
+
+-- | The status of whether or not the Resolver will create autodefined rules
+-- for reverse DNS lookups. This is enabled by default. The status can be
+-- one of following:
+--
+-- Status of the rules generated by VPCs based on CIDR\/Region for reverse
+-- DNS resolution. The status can be one of following:
+--
+-- -   __ENABLING:__ Autodefined rules for reverse DNS lookups are being
+--     enabled but are not complete.
+--
+-- -   __ENABLED:__ Autodefined rules for reverse DNS lookups are enabled.
+--
+-- -   __DISABLING:__ Autodefined rules for reverse DNS lookups are being
+--     disabled but are not complete.
+--
+-- -   __DISABLED:__ Autodefined rules for reverse DNS lookups are
+--     disabled.
+resolverConfig_autodefinedReverse :: Lens.Lens' ResolverConfig (Prelude.Maybe ResolverAutodefinedReverseStatus)
+resolverConfig_autodefinedReverse = Lens.lens (\ResolverConfig' {autodefinedReverse} -> autodefinedReverse) (\s@ResolverConfig' {} a -> s {autodefinedReverse = a} :: ResolverConfig)
+
+-- | ID for the Resolver configuration.
+resolverConfig_id :: Lens.Lens' ResolverConfig (Prelude.Maybe Prelude.Text)
+resolverConfig_id = Lens.lens (\ResolverConfig' {id} -> id) (\s@ResolverConfig' {} a -> s {id = a} :: ResolverConfig)
+
+-- | The owner account ID of the Amazon Virtual Private Cloud VPC.
+resolverConfig_ownerId :: Lens.Lens' ResolverConfig (Prelude.Maybe Prelude.Text)
+resolverConfig_ownerId = Lens.lens (\ResolverConfig' {ownerId} -> ownerId) (\s@ResolverConfig' {} a -> s {ownerId = a} :: ResolverConfig)
+
+-- | The ID of the Amazon Virtual Private Cloud VPC that you\'re configuring
+-- Resolver for.
+resolverConfig_resourceId :: Lens.Lens' ResolverConfig (Prelude.Maybe Prelude.Text)
+resolverConfig_resourceId = Lens.lens (\ResolverConfig' {resourceId} -> resourceId) (\s@ResolverConfig' {} a -> s {resourceId = a} :: ResolverConfig)
+
+instance Data.FromJSON ResolverConfig where
+  parseJSON =
+    Data.withObject
+      "ResolverConfig"
+      ( \x ->
+          ResolverConfig'
+            Prelude.<$> (x Data..:? "AutodefinedReverse")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "ResourceId")
+      )
+
+instance Prelude.Hashable ResolverConfig where
+  hashWithSalt _salt ResolverConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` autodefinedReverse
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` resourceId
+
+instance Prelude.NFData ResolverConfig where
+  rnf ResolverConfig' {..} =
+    Prelude.rnf autodefinedReverse
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf resourceId
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverDNSSECValidationStatus.hs b/gen/Amazonka/Route53Resolver/Types/ResolverDNSSECValidationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverDNSSECValidationStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverDNSSECValidationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverDNSSECValidationStatus
+  ( ResolverDNSSECValidationStatus
+      ( ..,
+        ResolverDNSSECValidationStatus_DISABLED,
+        ResolverDNSSECValidationStatus_DISABLING,
+        ResolverDNSSECValidationStatus_ENABLED,
+        ResolverDNSSECValidationStatus_ENABLING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverDNSSECValidationStatus = ResolverDNSSECValidationStatus'
+  { fromResolverDNSSECValidationStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverDNSSECValidationStatus_DISABLED :: ResolverDNSSECValidationStatus
+pattern ResolverDNSSECValidationStatus_DISABLED = ResolverDNSSECValidationStatus' "DISABLED"
+
+pattern ResolverDNSSECValidationStatus_DISABLING :: ResolverDNSSECValidationStatus
+pattern ResolverDNSSECValidationStatus_DISABLING = ResolverDNSSECValidationStatus' "DISABLING"
+
+pattern ResolverDNSSECValidationStatus_ENABLED :: ResolverDNSSECValidationStatus
+pattern ResolverDNSSECValidationStatus_ENABLED = ResolverDNSSECValidationStatus' "ENABLED"
+
+pattern ResolverDNSSECValidationStatus_ENABLING :: ResolverDNSSECValidationStatus
+pattern ResolverDNSSECValidationStatus_ENABLING = ResolverDNSSECValidationStatus' "ENABLING"
+
+{-# COMPLETE
+  ResolverDNSSECValidationStatus_DISABLED,
+  ResolverDNSSECValidationStatus_DISABLING,
+  ResolverDNSSECValidationStatus_ENABLED,
+  ResolverDNSSECValidationStatus_ENABLING,
+  ResolverDNSSECValidationStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverDnssecConfig.hs b/gen/Amazonka/Route53Resolver/Types/ResolverDnssecConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverDnssecConfig.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverDnssecConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverDnssecConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ResolverDNSSECValidationStatus
+
+-- | A complex type that contains information about a configuration for
+-- DNSSEC validation.
+--
+-- /See:/ 'newResolverDnssecConfig' smart constructor.
+data ResolverDnssecConfig = ResolverDnssecConfig'
+  { -- | The ID for a configuration for DNSSEC validation.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The owner account ID of the virtual private cloud (VPC) for a
+    -- configuration for DNSSEC validation.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the virtual private cloud (VPC) that you\'re configuring the
+    -- DNSSEC validation status for.
+    resourceId :: Prelude.Maybe Prelude.Text,
+    -- | The validation status for a DNSSEC configuration. The status can be one
+    -- of the following:
+    --
+    -- -   __ENABLING:__ DNSSEC validation is being enabled but is not
+    --     complete.
+    --
+    -- -   __ENABLED:__ DNSSEC validation is enabled.
+    --
+    -- -   __DISABLING:__ DNSSEC validation is being disabled but is not
+    --     complete.
+    --
+    -- -   __DISABLED__ DNSSEC validation is disabled.
+    validationStatus :: Prelude.Maybe ResolverDNSSECValidationStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverDnssecConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'resolverDnssecConfig_id' - The ID for a configuration for DNSSEC validation.
+--
+-- 'ownerId', 'resolverDnssecConfig_ownerId' - The owner account ID of the virtual private cloud (VPC) for a
+-- configuration for DNSSEC validation.
+--
+-- 'resourceId', 'resolverDnssecConfig_resourceId' - The ID of the virtual private cloud (VPC) that you\'re configuring the
+-- DNSSEC validation status for.
+--
+-- 'validationStatus', 'resolverDnssecConfig_validationStatus' - The validation status for a DNSSEC configuration. The status can be one
+-- of the following:
+--
+-- -   __ENABLING:__ DNSSEC validation is being enabled but is not
+--     complete.
+--
+-- -   __ENABLED:__ DNSSEC validation is enabled.
+--
+-- -   __DISABLING:__ DNSSEC validation is being disabled but is not
+--     complete.
+--
+-- -   __DISABLED__ DNSSEC validation is disabled.
+newResolverDnssecConfig ::
+  ResolverDnssecConfig
+newResolverDnssecConfig =
+  ResolverDnssecConfig'
+    { id = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      resourceId = Prelude.Nothing,
+      validationStatus = Prelude.Nothing
+    }
+
+-- | The ID for a configuration for DNSSEC validation.
+resolverDnssecConfig_id :: Lens.Lens' ResolverDnssecConfig (Prelude.Maybe Prelude.Text)
+resolverDnssecConfig_id = Lens.lens (\ResolverDnssecConfig' {id} -> id) (\s@ResolverDnssecConfig' {} a -> s {id = a} :: ResolverDnssecConfig)
+
+-- | The owner account ID of the virtual private cloud (VPC) for a
+-- configuration for DNSSEC validation.
+resolverDnssecConfig_ownerId :: Lens.Lens' ResolverDnssecConfig (Prelude.Maybe Prelude.Text)
+resolverDnssecConfig_ownerId = Lens.lens (\ResolverDnssecConfig' {ownerId} -> ownerId) (\s@ResolverDnssecConfig' {} a -> s {ownerId = a} :: ResolverDnssecConfig)
+
+-- | The ID of the virtual private cloud (VPC) that you\'re configuring the
+-- DNSSEC validation status for.
+resolverDnssecConfig_resourceId :: Lens.Lens' ResolverDnssecConfig (Prelude.Maybe Prelude.Text)
+resolverDnssecConfig_resourceId = Lens.lens (\ResolverDnssecConfig' {resourceId} -> resourceId) (\s@ResolverDnssecConfig' {} a -> s {resourceId = a} :: ResolverDnssecConfig)
+
+-- | The validation status for a DNSSEC configuration. The status can be one
+-- of the following:
+--
+-- -   __ENABLING:__ DNSSEC validation is being enabled but is not
+--     complete.
+--
+-- -   __ENABLED:__ DNSSEC validation is enabled.
+--
+-- -   __DISABLING:__ DNSSEC validation is being disabled but is not
+--     complete.
+--
+-- -   __DISABLED__ DNSSEC validation is disabled.
+resolverDnssecConfig_validationStatus :: Lens.Lens' ResolverDnssecConfig (Prelude.Maybe ResolverDNSSECValidationStatus)
+resolverDnssecConfig_validationStatus = Lens.lens (\ResolverDnssecConfig' {validationStatus} -> validationStatus) (\s@ResolverDnssecConfig' {} a -> s {validationStatus = a} :: ResolverDnssecConfig)
+
+instance Data.FromJSON ResolverDnssecConfig where
+  parseJSON =
+    Data.withObject
+      "ResolverDnssecConfig"
+      ( \x ->
+          ResolverDnssecConfig'
+            Prelude.<$> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "ResourceId")
+            Prelude.<*> (x Data..:? "ValidationStatus")
+      )
+
+instance Prelude.Hashable ResolverDnssecConfig where
+  hashWithSalt _salt ResolverDnssecConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` resourceId
+      `Prelude.hashWithSalt` validationStatus
+
+instance Prelude.NFData ResolverDnssecConfig where
+  rnf ResolverDnssecConfig' {..} =
+    Prelude.rnf id
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf resourceId
+      `Prelude.seq` Prelude.rnf validationStatus
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverEndpoint.hs b/gen/Amazonka/Route53Resolver/Types/ResolverEndpoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverEndpoint.hs
@@ -0,0 +1,376 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverEndpoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverEndpoint where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ResolverEndpointDirection
+import Amazonka.Route53Resolver.Types.ResolverEndpointStatus
+
+-- | In the response to a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverEndpoint.html DeleteResolverEndpoint>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>,
+-- or
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverEndpoint.html UpdateResolverEndpoint>
+-- request, a complex type that contains settings for an existing inbound
+-- or outbound Resolver endpoint.
+--
+-- /See:/ 'newResolverEndpoint' smart constructor.
+data ResolverEndpoint = ResolverEndpoint'
+  { -- | The ARN (Amazon Resource Name) for the Resolver endpoint.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the endpoint was created, in Unix time format and
+    -- Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A unique string that identifies the request that created the Resolver
+    -- endpoint. The @CreatorRequestId@ allows failed requests to be retried
+    -- without the risk of running the operation twice.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the Resolver endpoint allows inbound or outbound DNS
+    -- queries:
+    --
+    -- -   @INBOUND@: allows DNS queries to your VPC from your network
+    --
+    -- -   @OUTBOUND@: allows DNS queries from your VPC to your network
+    direction :: Prelude.Maybe ResolverEndpointDirection,
+    -- | The ID of the VPC that you want to create the Resolver endpoint in.
+    hostVPCId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Resolver endpoint.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The number of IP addresses that the Resolver endpoint can use for DNS
+    -- queries.
+    ipAddressCount :: Prelude.Maybe Prelude.Int,
+    -- | The date and time that the endpoint was last modified, in Unix time
+    -- format and Coordinated Universal Time (UTC).
+    modificationTime :: Prelude.Maybe Prelude.Text,
+    -- | The name that you assigned to the Resolver endpoint when you submitted a
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>
+    -- request.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of one or more security groups that control access to this VPC.
+    -- The security group must include one or more inbound rules (for inbound
+    -- endpoints) or outbound rules (for outbound endpoints). Inbound and
+    -- outbound rules must allow TCP and UDP access. For inbound access, open
+    -- port 53. For outbound access, open the port that you\'re using for DNS
+    -- queries on your network.
+    securityGroupIds :: Prelude.Maybe [Prelude.Text],
+    -- | A code that specifies the current status of the Resolver endpoint. Valid
+    -- values include the following:
+    --
+    -- -   @CREATING@: Resolver is creating and configuring one or more Amazon
+    --     VPC network interfaces for this endpoint.
+    --
+    -- -   @OPERATIONAL@: The Amazon VPC network interfaces for this endpoint
+    --     are correctly configured and able to pass inbound or outbound DNS
+    --     queries between your network and Resolver.
+    --
+    -- -   @UPDATING@: Resolver is associating or disassociating one or more
+    --     network interfaces with this endpoint.
+    --
+    -- -   @AUTO_RECOVERING@: Resolver is trying to recover one or more of the
+    --     network interfaces that are associated with this endpoint. During
+    --     the recovery process, the endpoint functions with limited capacity
+    --     because of the limit on the number of DNS queries per IP address
+    --     (per network interface). For the current limit, see
+    --     <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-entities-resolver Limits on Route 53 Resolver>.
+    --
+    -- -   @ACTION_NEEDED@: This endpoint is unhealthy, and Resolver can\'t
+    --     automatically recover it. To resolve the problem, we recommend that
+    --     you check each IP address that you associated with the endpoint. For
+    --     each IP address that isn\'t available, add another IP address and
+    --     then delete the IP address that isn\'t available. (An endpoint must
+    --     always include at least two IP addresses.) A status of
+    --     @ACTION_NEEDED@ can have a variety of causes. Here are two common
+    --     causes:
+    --
+    --     -   One or more of the network interfaces that are associated with
+    --         the endpoint were deleted using Amazon VPC.
+    --
+    --     -   The network interface couldn\'t be created for some reason
+    --         that\'s outside the control of Resolver.
+    --
+    -- -   @DELETING@: Resolver is deleting this endpoint and the associated
+    --     network interfaces.
+    status :: Prelude.Maybe ResolverEndpointStatus,
+    -- | A detailed description of the status of the Resolver endpoint.
+    statusMessage :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverEndpoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'resolverEndpoint_arn' - The ARN (Amazon Resource Name) for the Resolver endpoint.
+--
+-- 'creationTime', 'resolverEndpoint_creationTime' - The date and time that the endpoint was created, in Unix time format and
+-- Coordinated Universal Time (UTC).
+--
+-- 'creatorRequestId', 'resolverEndpoint_creatorRequestId' - A unique string that identifies the request that created the Resolver
+-- endpoint. The @CreatorRequestId@ allows failed requests to be retried
+-- without the risk of running the operation twice.
+--
+-- 'direction', 'resolverEndpoint_direction' - Indicates whether the Resolver endpoint allows inbound or outbound DNS
+-- queries:
+--
+-- -   @INBOUND@: allows DNS queries to your VPC from your network
+--
+-- -   @OUTBOUND@: allows DNS queries from your VPC to your network
+--
+-- 'hostVPCId', 'resolverEndpoint_hostVPCId' - The ID of the VPC that you want to create the Resolver endpoint in.
+--
+-- 'id', 'resolverEndpoint_id' - The ID of the Resolver endpoint.
+--
+-- 'ipAddressCount', 'resolverEndpoint_ipAddressCount' - The number of IP addresses that the Resolver endpoint can use for DNS
+-- queries.
+--
+-- 'modificationTime', 'resolverEndpoint_modificationTime' - The date and time that the endpoint was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+--
+-- 'name', 'resolverEndpoint_name' - The name that you assigned to the Resolver endpoint when you submitted a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>
+-- request.
+--
+-- 'securityGroupIds', 'resolverEndpoint_securityGroupIds' - The ID of one or more security groups that control access to this VPC.
+-- The security group must include one or more inbound rules (for inbound
+-- endpoints) or outbound rules (for outbound endpoints). Inbound and
+-- outbound rules must allow TCP and UDP access. For inbound access, open
+-- port 53. For outbound access, open the port that you\'re using for DNS
+-- queries on your network.
+--
+-- 'status', 'resolverEndpoint_status' - A code that specifies the current status of the Resolver endpoint. Valid
+-- values include the following:
+--
+-- -   @CREATING@: Resolver is creating and configuring one or more Amazon
+--     VPC network interfaces for this endpoint.
+--
+-- -   @OPERATIONAL@: The Amazon VPC network interfaces for this endpoint
+--     are correctly configured and able to pass inbound or outbound DNS
+--     queries between your network and Resolver.
+--
+-- -   @UPDATING@: Resolver is associating or disassociating one or more
+--     network interfaces with this endpoint.
+--
+-- -   @AUTO_RECOVERING@: Resolver is trying to recover one or more of the
+--     network interfaces that are associated with this endpoint. During
+--     the recovery process, the endpoint functions with limited capacity
+--     because of the limit on the number of DNS queries per IP address
+--     (per network interface). For the current limit, see
+--     <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-entities-resolver Limits on Route 53 Resolver>.
+--
+-- -   @ACTION_NEEDED@: This endpoint is unhealthy, and Resolver can\'t
+--     automatically recover it. To resolve the problem, we recommend that
+--     you check each IP address that you associated with the endpoint. For
+--     each IP address that isn\'t available, add another IP address and
+--     then delete the IP address that isn\'t available. (An endpoint must
+--     always include at least two IP addresses.) A status of
+--     @ACTION_NEEDED@ can have a variety of causes. Here are two common
+--     causes:
+--
+--     -   One or more of the network interfaces that are associated with
+--         the endpoint were deleted using Amazon VPC.
+--
+--     -   The network interface couldn\'t be created for some reason
+--         that\'s outside the control of Resolver.
+--
+-- -   @DELETING@: Resolver is deleting this endpoint and the associated
+--     network interfaces.
+--
+-- 'statusMessage', 'resolverEndpoint_statusMessage' - A detailed description of the status of the Resolver endpoint.
+newResolverEndpoint ::
+  ResolverEndpoint
+newResolverEndpoint =
+  ResolverEndpoint'
+    { arn = Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      direction = Prelude.Nothing,
+      hostVPCId = Prelude.Nothing,
+      id = Prelude.Nothing,
+      ipAddressCount = Prelude.Nothing,
+      modificationTime = Prelude.Nothing,
+      name = Prelude.Nothing,
+      securityGroupIds = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing
+    }
+
+-- | The ARN (Amazon Resource Name) for the Resolver endpoint.
+resolverEndpoint_arn :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_arn = Lens.lens (\ResolverEndpoint' {arn} -> arn) (\s@ResolverEndpoint' {} a -> s {arn = a} :: ResolverEndpoint)
+
+-- | The date and time that the endpoint was created, in Unix time format and
+-- Coordinated Universal Time (UTC).
+resolverEndpoint_creationTime :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_creationTime = Lens.lens (\ResolverEndpoint' {creationTime} -> creationTime) (\s@ResolverEndpoint' {} a -> s {creationTime = a} :: ResolverEndpoint)
+
+-- | A unique string that identifies the request that created the Resolver
+-- endpoint. The @CreatorRequestId@ allows failed requests to be retried
+-- without the risk of running the operation twice.
+resolverEndpoint_creatorRequestId :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_creatorRequestId = Lens.lens (\ResolverEndpoint' {creatorRequestId} -> creatorRequestId) (\s@ResolverEndpoint' {} a -> s {creatorRequestId = a} :: ResolverEndpoint)
+
+-- | Indicates whether the Resolver endpoint allows inbound or outbound DNS
+-- queries:
+--
+-- -   @INBOUND@: allows DNS queries to your VPC from your network
+--
+-- -   @OUTBOUND@: allows DNS queries from your VPC to your network
+resolverEndpoint_direction :: Lens.Lens' ResolverEndpoint (Prelude.Maybe ResolverEndpointDirection)
+resolverEndpoint_direction = Lens.lens (\ResolverEndpoint' {direction} -> direction) (\s@ResolverEndpoint' {} a -> s {direction = a} :: ResolverEndpoint)
+
+-- | The ID of the VPC that you want to create the Resolver endpoint in.
+resolverEndpoint_hostVPCId :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_hostVPCId = Lens.lens (\ResolverEndpoint' {hostVPCId} -> hostVPCId) (\s@ResolverEndpoint' {} a -> s {hostVPCId = a} :: ResolverEndpoint)
+
+-- | The ID of the Resolver endpoint.
+resolverEndpoint_id :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_id = Lens.lens (\ResolverEndpoint' {id} -> id) (\s@ResolverEndpoint' {} a -> s {id = a} :: ResolverEndpoint)
+
+-- | The number of IP addresses that the Resolver endpoint can use for DNS
+-- queries.
+resolverEndpoint_ipAddressCount :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Int)
+resolverEndpoint_ipAddressCount = Lens.lens (\ResolverEndpoint' {ipAddressCount} -> ipAddressCount) (\s@ResolverEndpoint' {} a -> s {ipAddressCount = a} :: ResolverEndpoint)
+
+-- | The date and time that the endpoint was last modified, in Unix time
+-- format and Coordinated Universal Time (UTC).
+resolverEndpoint_modificationTime :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_modificationTime = Lens.lens (\ResolverEndpoint' {modificationTime} -> modificationTime) (\s@ResolverEndpoint' {} a -> s {modificationTime = a} :: ResolverEndpoint)
+
+-- | The name that you assigned to the Resolver endpoint when you submitted a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverEndpoint.html CreateResolverEndpoint>
+-- request.
+resolverEndpoint_name :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_name = Lens.lens (\ResolverEndpoint' {name} -> name) (\s@ResolverEndpoint' {} a -> s {name = a} :: ResolverEndpoint)
+
+-- | The ID of one or more security groups that control access to this VPC.
+-- The security group must include one or more inbound rules (for inbound
+-- endpoints) or outbound rules (for outbound endpoints). Inbound and
+-- outbound rules must allow TCP and UDP access. For inbound access, open
+-- port 53. For outbound access, open the port that you\'re using for DNS
+-- queries on your network.
+resolverEndpoint_securityGroupIds :: Lens.Lens' ResolverEndpoint (Prelude.Maybe [Prelude.Text])
+resolverEndpoint_securityGroupIds = Lens.lens (\ResolverEndpoint' {securityGroupIds} -> securityGroupIds) (\s@ResolverEndpoint' {} a -> s {securityGroupIds = a} :: ResolverEndpoint) Prelude.. Lens.mapping Lens.coerced
+
+-- | A code that specifies the current status of the Resolver endpoint. Valid
+-- values include the following:
+--
+-- -   @CREATING@: Resolver is creating and configuring one or more Amazon
+--     VPC network interfaces for this endpoint.
+--
+-- -   @OPERATIONAL@: The Amazon VPC network interfaces for this endpoint
+--     are correctly configured and able to pass inbound or outbound DNS
+--     queries between your network and Resolver.
+--
+-- -   @UPDATING@: Resolver is associating or disassociating one or more
+--     network interfaces with this endpoint.
+--
+-- -   @AUTO_RECOVERING@: Resolver is trying to recover one or more of the
+--     network interfaces that are associated with this endpoint. During
+--     the recovery process, the endpoint functions with limited capacity
+--     because of the limit on the number of DNS queries per IP address
+--     (per network interface). For the current limit, see
+--     <https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-entities-resolver Limits on Route 53 Resolver>.
+--
+-- -   @ACTION_NEEDED@: This endpoint is unhealthy, and Resolver can\'t
+--     automatically recover it. To resolve the problem, we recommend that
+--     you check each IP address that you associated with the endpoint. For
+--     each IP address that isn\'t available, add another IP address and
+--     then delete the IP address that isn\'t available. (An endpoint must
+--     always include at least two IP addresses.) A status of
+--     @ACTION_NEEDED@ can have a variety of causes. Here are two common
+--     causes:
+--
+--     -   One or more of the network interfaces that are associated with
+--         the endpoint were deleted using Amazon VPC.
+--
+--     -   The network interface couldn\'t be created for some reason
+--         that\'s outside the control of Resolver.
+--
+-- -   @DELETING@: Resolver is deleting this endpoint and the associated
+--     network interfaces.
+resolverEndpoint_status :: Lens.Lens' ResolverEndpoint (Prelude.Maybe ResolverEndpointStatus)
+resolverEndpoint_status = Lens.lens (\ResolverEndpoint' {status} -> status) (\s@ResolverEndpoint' {} a -> s {status = a} :: ResolverEndpoint)
+
+-- | A detailed description of the status of the Resolver endpoint.
+resolverEndpoint_statusMessage :: Lens.Lens' ResolverEndpoint (Prelude.Maybe Prelude.Text)
+resolverEndpoint_statusMessage = Lens.lens (\ResolverEndpoint' {statusMessage} -> statusMessage) (\s@ResolverEndpoint' {} a -> s {statusMessage = a} :: ResolverEndpoint)
+
+instance Data.FromJSON ResolverEndpoint where
+  parseJSON =
+    Data.withObject
+      "ResolverEndpoint"
+      ( \x ->
+          ResolverEndpoint'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "Direction")
+            Prelude.<*> (x Data..:? "HostVPCId")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "IpAddressCount")
+            Prelude.<*> (x Data..:? "ModificationTime")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> ( x
+                            Data..:? "SecurityGroupIds"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+      )
+
+instance Prelude.Hashable ResolverEndpoint where
+  hashWithSalt _salt ResolverEndpoint' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` direction
+      `Prelude.hashWithSalt` hostVPCId
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` ipAddressCount
+      `Prelude.hashWithSalt` modificationTime
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` securityGroupIds
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+
+instance Prelude.NFData ResolverEndpoint where
+  rnf ResolverEndpoint' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf direction
+      `Prelude.seq` Prelude.rnf hostVPCId
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf ipAddressCount
+      `Prelude.seq` Prelude.rnf modificationTime
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf securityGroupIds
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverEndpointDirection.hs b/gen/Amazonka/Route53Resolver/Types/ResolverEndpointDirection.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverEndpointDirection.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverEndpointDirection
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverEndpointDirection
+  ( ResolverEndpointDirection
+      ( ..,
+        ResolverEndpointDirection_INBOUND,
+        ResolverEndpointDirection_OUTBOUND
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverEndpointDirection = ResolverEndpointDirection'
+  { fromResolverEndpointDirection ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverEndpointDirection_INBOUND :: ResolverEndpointDirection
+pattern ResolverEndpointDirection_INBOUND = ResolverEndpointDirection' "INBOUND"
+
+pattern ResolverEndpointDirection_OUTBOUND :: ResolverEndpointDirection
+pattern ResolverEndpointDirection_OUTBOUND = ResolverEndpointDirection' "OUTBOUND"
+
+{-# COMPLETE
+  ResolverEndpointDirection_INBOUND,
+  ResolverEndpointDirection_OUTBOUND,
+  ResolverEndpointDirection'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverEndpointStatus.hs b/gen/Amazonka/Route53Resolver/Types/ResolverEndpointStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverEndpointStatus.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverEndpointStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverEndpointStatus
+  ( ResolverEndpointStatus
+      ( ..,
+        ResolverEndpointStatus_ACTION_NEEDED,
+        ResolverEndpointStatus_AUTO_RECOVERING,
+        ResolverEndpointStatus_CREATING,
+        ResolverEndpointStatus_DELETING,
+        ResolverEndpointStatus_OPERATIONAL,
+        ResolverEndpointStatus_UPDATING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverEndpointStatus = ResolverEndpointStatus'
+  { fromResolverEndpointStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverEndpointStatus_ACTION_NEEDED :: ResolverEndpointStatus
+pattern ResolverEndpointStatus_ACTION_NEEDED = ResolverEndpointStatus' "ACTION_NEEDED"
+
+pattern ResolverEndpointStatus_AUTO_RECOVERING :: ResolverEndpointStatus
+pattern ResolverEndpointStatus_AUTO_RECOVERING = ResolverEndpointStatus' "AUTO_RECOVERING"
+
+pattern ResolverEndpointStatus_CREATING :: ResolverEndpointStatus
+pattern ResolverEndpointStatus_CREATING = ResolverEndpointStatus' "CREATING"
+
+pattern ResolverEndpointStatus_DELETING :: ResolverEndpointStatus
+pattern ResolverEndpointStatus_DELETING = ResolverEndpointStatus' "DELETING"
+
+pattern ResolverEndpointStatus_OPERATIONAL :: ResolverEndpointStatus
+pattern ResolverEndpointStatus_OPERATIONAL = ResolverEndpointStatus' "OPERATIONAL"
+
+pattern ResolverEndpointStatus_UPDATING :: ResolverEndpointStatus
+pattern ResolverEndpointStatus_UPDATING = ResolverEndpointStatus' "UPDATING"
+
+{-# COMPLETE
+  ResolverEndpointStatus_ACTION_NEEDED,
+  ResolverEndpointStatus_AUTO_RECOVERING,
+  ResolverEndpointStatus_CREATING,
+  ResolverEndpointStatus_DELETING,
+  ResolverEndpointStatus_OPERATIONAL,
+  ResolverEndpointStatus_UPDATING,
+  ResolverEndpointStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfig.hs b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfig.hs
@@ -0,0 +1,270 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverQueryLogConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverQueryLogConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigStatus
+import Amazonka.Route53Resolver.Types.ShareStatus
+
+-- | In the response to a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverQueryLogConfig.html CreateResolverQueryLogConfig>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverQueryLogConfig.html DeleteResolverQueryLogConfig>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverQueryLogConfig.html GetResolverQueryLogConfig>,
+-- or
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigs.html ListResolverQueryLogConfigs>
+-- request, a complex type that contains settings for one query logging
+-- configuration.
+--
+-- /See:/ 'newResolverQueryLogConfig' smart constructor.
+data ResolverQueryLogConfig = ResolverQueryLogConfig'
+  { -- | The ARN for the query logging configuration.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The number of VPCs that are associated with the query logging
+    -- configuration.
+    associationCount :: Prelude.Maybe Prelude.Int,
+    -- | The date and time that the query logging configuration was created, in
+    -- Unix time format and Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A unique string that identifies the request that created the query
+    -- logging configuration. The @CreatorRequestId@ allows failed requests to
+    -- be retried without the risk of running the operation twice.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | The ARN of the resource that you want Resolver to send query logs: an
+    -- Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data
+    -- Firehose delivery stream.
+    destinationArn :: Prelude.Maybe Prelude.Text,
+    -- | The ID for the query logging configuration.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the query logging configuration.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Web Services account ID for the account that created the
+    -- query logging configuration.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | An indication of whether the query logging configuration is shared with
+    -- other Amazon Web Services accounts, or was shared with the current
+    -- account by another Amazon Web Services account. Sharing is configured
+    -- through Resource Access Manager (RAM).
+    shareStatus :: Prelude.Maybe ShareStatus,
+    -- | The status of the specified query logging configuration. Valid values
+    -- include the following:
+    --
+    -- -   @CREATING@: Resolver is creating the query logging configuration.
+    --
+    -- -   @CREATED@: The query logging configuration was successfully created.
+    --     Resolver is logging queries that originate in the specified VPC.
+    --
+    -- -   @DELETING@: Resolver is deleting this query logging configuration.
+    --
+    -- -   @FAILED@: Resolver can\'t deliver logs to the location that is
+    --     specified in the query logging configuration. Here are two common
+    --     causes:
+    --
+    --     -   The specified destination (for example, an Amazon S3 bucket) was
+    --         deleted.
+    --
+    --     -   Permissions don\'t allow sending logs to the destination.
+    status :: Prelude.Maybe ResolverQueryLogConfigStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverQueryLogConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'resolverQueryLogConfig_arn' - The ARN for the query logging configuration.
+--
+-- 'associationCount', 'resolverQueryLogConfig_associationCount' - The number of VPCs that are associated with the query logging
+-- configuration.
+--
+-- 'creationTime', 'resolverQueryLogConfig_creationTime' - The date and time that the query logging configuration was created, in
+-- Unix time format and Coordinated Universal Time (UTC).
+--
+-- 'creatorRequestId', 'resolverQueryLogConfig_creatorRequestId' - A unique string that identifies the request that created the query
+-- logging configuration. The @CreatorRequestId@ allows failed requests to
+-- be retried without the risk of running the operation twice.
+--
+-- 'destinationArn', 'resolverQueryLogConfig_destinationArn' - The ARN of the resource that you want Resolver to send query logs: an
+-- Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data
+-- Firehose delivery stream.
+--
+-- 'id', 'resolverQueryLogConfig_id' - The ID for the query logging configuration.
+--
+-- 'name', 'resolverQueryLogConfig_name' - The name of the query logging configuration.
+--
+-- 'ownerId', 'resolverQueryLogConfig_ownerId' - The Amazon Web Services account ID for the account that created the
+-- query logging configuration.
+--
+-- 'shareStatus', 'resolverQueryLogConfig_shareStatus' - An indication of whether the query logging configuration is shared with
+-- other Amazon Web Services accounts, or was shared with the current
+-- account by another Amazon Web Services account. Sharing is configured
+-- through Resource Access Manager (RAM).
+--
+-- 'status', 'resolverQueryLogConfig_status' - The status of the specified query logging configuration. Valid values
+-- include the following:
+--
+-- -   @CREATING@: Resolver is creating the query logging configuration.
+--
+-- -   @CREATED@: The query logging configuration was successfully created.
+--     Resolver is logging queries that originate in the specified VPC.
+--
+-- -   @DELETING@: Resolver is deleting this query logging configuration.
+--
+-- -   @FAILED@: Resolver can\'t deliver logs to the location that is
+--     specified in the query logging configuration. Here are two common
+--     causes:
+--
+--     -   The specified destination (for example, an Amazon S3 bucket) was
+--         deleted.
+--
+--     -   Permissions don\'t allow sending logs to the destination.
+newResolverQueryLogConfig ::
+  ResolverQueryLogConfig
+newResolverQueryLogConfig =
+  ResolverQueryLogConfig'
+    { arn = Prelude.Nothing,
+      associationCount = Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      destinationArn = Prelude.Nothing,
+      id = Prelude.Nothing,
+      name = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      shareStatus = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The ARN for the query logging configuration.
+resolverQueryLogConfig_arn :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfig_arn = Lens.lens (\ResolverQueryLogConfig' {arn} -> arn) (\s@ResolverQueryLogConfig' {} a -> s {arn = a} :: ResolverQueryLogConfig)
+
+-- | The number of VPCs that are associated with the query logging
+-- configuration.
+resolverQueryLogConfig_associationCount :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Int)
+resolverQueryLogConfig_associationCount = Lens.lens (\ResolverQueryLogConfig' {associationCount} -> associationCount) (\s@ResolverQueryLogConfig' {} a -> s {associationCount = a} :: ResolverQueryLogConfig)
+
+-- | The date and time that the query logging configuration was created, in
+-- Unix time format and Coordinated Universal Time (UTC).
+resolverQueryLogConfig_creationTime :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfig_creationTime = Lens.lens (\ResolverQueryLogConfig' {creationTime} -> creationTime) (\s@ResolverQueryLogConfig' {} a -> s {creationTime = a} :: ResolverQueryLogConfig)
+
+-- | A unique string that identifies the request that created the query
+-- logging configuration. The @CreatorRequestId@ allows failed requests to
+-- be retried without the risk of running the operation twice.
+resolverQueryLogConfig_creatorRequestId :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfig_creatorRequestId = Lens.lens (\ResolverQueryLogConfig' {creatorRequestId} -> creatorRequestId) (\s@ResolverQueryLogConfig' {} a -> s {creatorRequestId = a} :: ResolverQueryLogConfig)
+
+-- | The ARN of the resource that you want Resolver to send query logs: an
+-- Amazon S3 bucket, a CloudWatch Logs log group, or a Kinesis Data
+-- Firehose delivery stream.
+resolverQueryLogConfig_destinationArn :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfig_destinationArn = Lens.lens (\ResolverQueryLogConfig' {destinationArn} -> destinationArn) (\s@ResolverQueryLogConfig' {} a -> s {destinationArn = a} :: ResolverQueryLogConfig)
+
+-- | The ID for the query logging configuration.
+resolverQueryLogConfig_id :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfig_id = Lens.lens (\ResolverQueryLogConfig' {id} -> id) (\s@ResolverQueryLogConfig' {} a -> s {id = a} :: ResolverQueryLogConfig)
+
+-- | The name of the query logging configuration.
+resolverQueryLogConfig_name :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfig_name = Lens.lens (\ResolverQueryLogConfig' {name} -> name) (\s@ResolverQueryLogConfig' {} a -> s {name = a} :: ResolverQueryLogConfig)
+
+-- | The Amazon Web Services account ID for the account that created the
+-- query logging configuration.
+resolverQueryLogConfig_ownerId :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfig_ownerId = Lens.lens (\ResolverQueryLogConfig' {ownerId} -> ownerId) (\s@ResolverQueryLogConfig' {} a -> s {ownerId = a} :: ResolverQueryLogConfig)
+
+-- | An indication of whether the query logging configuration is shared with
+-- other Amazon Web Services accounts, or was shared with the current
+-- account by another Amazon Web Services account. Sharing is configured
+-- through Resource Access Manager (RAM).
+resolverQueryLogConfig_shareStatus :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe ShareStatus)
+resolverQueryLogConfig_shareStatus = Lens.lens (\ResolverQueryLogConfig' {shareStatus} -> shareStatus) (\s@ResolverQueryLogConfig' {} a -> s {shareStatus = a} :: ResolverQueryLogConfig)
+
+-- | The status of the specified query logging configuration. Valid values
+-- include the following:
+--
+-- -   @CREATING@: Resolver is creating the query logging configuration.
+--
+-- -   @CREATED@: The query logging configuration was successfully created.
+--     Resolver is logging queries that originate in the specified VPC.
+--
+-- -   @DELETING@: Resolver is deleting this query logging configuration.
+--
+-- -   @FAILED@: Resolver can\'t deliver logs to the location that is
+--     specified in the query logging configuration. Here are two common
+--     causes:
+--
+--     -   The specified destination (for example, an Amazon S3 bucket) was
+--         deleted.
+--
+--     -   Permissions don\'t allow sending logs to the destination.
+resolverQueryLogConfig_status :: Lens.Lens' ResolverQueryLogConfig (Prelude.Maybe ResolverQueryLogConfigStatus)
+resolverQueryLogConfig_status = Lens.lens (\ResolverQueryLogConfig' {status} -> status) (\s@ResolverQueryLogConfig' {} a -> s {status = a} :: ResolverQueryLogConfig)
+
+instance Data.FromJSON ResolverQueryLogConfig where
+  parseJSON =
+    Data.withObject
+      "ResolverQueryLogConfig"
+      ( \x ->
+          ResolverQueryLogConfig'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "AssociationCount")
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "DestinationArn")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "ShareStatus")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance Prelude.Hashable ResolverQueryLogConfig where
+  hashWithSalt _salt ResolverQueryLogConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` associationCount
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` destinationArn
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` shareStatus
+      `Prelude.hashWithSalt` status
+
+instance Prelude.NFData ResolverQueryLogConfig where
+  rnf ResolverQueryLogConfig' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf associationCount
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf destinationArn
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf shareStatus
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociation.hs b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociation.hs
@@ -0,0 +1,244 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationError
+import Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationStatus
+
+-- | In the response to an
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverQueryLogConfig.html AssociateResolverQueryLogConfig>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverQueryLogConfig.html DisassociateResolverQueryLogConfig>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverQueryLogConfigAssociation.html GetResolverQueryLogConfigAssociation>,
+-- or
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverQueryLogConfigAssociations.html ListResolverQueryLogConfigAssociations>,
+-- request, a complex type that contains settings for a specified
+-- association between an Amazon VPC and a query logging configuration.
+--
+-- /See:/ 'newResolverQueryLogConfigAssociation' smart constructor.
+data ResolverQueryLogConfigAssociation = ResolverQueryLogConfigAssociation'
+  { -- | The date and time that the VPC was associated with the query logging
+    -- configuration, in Unix time format and Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | If the value of @Status@ is @FAILED@, the value of @Error@ indicates the
+    -- cause:
+    --
+    -- -   @DESTINATION_NOT_FOUND@: The specified destination (for example, an
+    --     Amazon S3 bucket) was deleted.
+    --
+    -- -   @ACCESS_DENIED@: Permissions don\'t allow sending logs to the
+    --     destination.
+    --
+    -- If the value of @Status@ is a value other than @FAILED@, @Error@ is
+    -- null.
+    error :: Prelude.Maybe ResolverQueryLogConfigAssociationError,
+    -- | Contains additional information about the error. If the value or @Error@
+    -- is null, the value of @ErrorMessage@ also is null.
+    errorMessage :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the query logging association.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the query logging configuration that a VPC is associated with.
+    resolverQueryLogConfigId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Amazon VPC that is associated with the query logging
+    -- configuration.
+    resourceId :: Prelude.Maybe Prelude.Text,
+    -- | The status of the specified query logging association. Valid values
+    -- include the following:
+    --
+    -- -   @CREATING@: Resolver is creating an association between an Amazon
+    --     VPC and a query logging configuration.
+    --
+    -- -   @CREATED@: The association between an Amazon VPC and a query logging
+    --     configuration was successfully created. Resolver is logging queries
+    --     that originate in the specified VPC.
+    --
+    -- -   @DELETING@: Resolver is deleting this query logging association.
+    --
+    -- -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete the
+    --     query logging association.
+    status :: Prelude.Maybe ResolverQueryLogConfigAssociationStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverQueryLogConfigAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'creationTime', 'resolverQueryLogConfigAssociation_creationTime' - The date and time that the VPC was associated with the query logging
+-- configuration, in Unix time format and Coordinated Universal Time (UTC).
+--
+-- 'error', 'resolverQueryLogConfigAssociation_error' - If the value of @Status@ is @FAILED@, the value of @Error@ indicates the
+-- cause:
+--
+-- -   @DESTINATION_NOT_FOUND@: The specified destination (for example, an
+--     Amazon S3 bucket) was deleted.
+--
+-- -   @ACCESS_DENIED@: Permissions don\'t allow sending logs to the
+--     destination.
+--
+-- If the value of @Status@ is a value other than @FAILED@, @Error@ is
+-- null.
+--
+-- 'errorMessage', 'resolverQueryLogConfigAssociation_errorMessage' - Contains additional information about the error. If the value or @Error@
+-- is null, the value of @ErrorMessage@ also is null.
+--
+-- 'id', 'resolverQueryLogConfigAssociation_id' - The ID of the query logging association.
+--
+-- 'resolverQueryLogConfigId', 'resolverQueryLogConfigAssociation_resolverQueryLogConfigId' - The ID of the query logging configuration that a VPC is associated with.
+--
+-- 'resourceId', 'resolverQueryLogConfigAssociation_resourceId' - The ID of the Amazon VPC that is associated with the query logging
+-- configuration.
+--
+-- 'status', 'resolverQueryLogConfigAssociation_status' - The status of the specified query logging association. Valid values
+-- include the following:
+--
+-- -   @CREATING@: Resolver is creating an association between an Amazon
+--     VPC and a query logging configuration.
+--
+-- -   @CREATED@: The association between an Amazon VPC and a query logging
+--     configuration was successfully created. Resolver is logging queries
+--     that originate in the specified VPC.
+--
+-- -   @DELETING@: Resolver is deleting this query logging association.
+--
+-- -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete the
+--     query logging association.
+newResolverQueryLogConfigAssociation ::
+  ResolverQueryLogConfigAssociation
+newResolverQueryLogConfigAssociation =
+  ResolverQueryLogConfigAssociation'
+    { creationTime =
+        Prelude.Nothing,
+      error = Prelude.Nothing,
+      errorMessage = Prelude.Nothing,
+      id = Prelude.Nothing,
+      resolverQueryLogConfigId =
+        Prelude.Nothing,
+      resourceId = Prelude.Nothing,
+      status = Prelude.Nothing
+    }
+
+-- | The date and time that the VPC was associated with the query logging
+-- configuration, in Unix time format and Coordinated Universal Time (UTC).
+resolverQueryLogConfigAssociation_creationTime :: Lens.Lens' ResolverQueryLogConfigAssociation (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfigAssociation_creationTime = Lens.lens (\ResolverQueryLogConfigAssociation' {creationTime} -> creationTime) (\s@ResolverQueryLogConfigAssociation' {} a -> s {creationTime = a} :: ResolverQueryLogConfigAssociation)
+
+-- | If the value of @Status@ is @FAILED@, the value of @Error@ indicates the
+-- cause:
+--
+-- -   @DESTINATION_NOT_FOUND@: The specified destination (for example, an
+--     Amazon S3 bucket) was deleted.
+--
+-- -   @ACCESS_DENIED@: Permissions don\'t allow sending logs to the
+--     destination.
+--
+-- If the value of @Status@ is a value other than @FAILED@, @Error@ is
+-- null.
+resolverQueryLogConfigAssociation_error :: Lens.Lens' ResolverQueryLogConfigAssociation (Prelude.Maybe ResolverQueryLogConfigAssociationError)
+resolverQueryLogConfigAssociation_error = Lens.lens (\ResolverQueryLogConfigAssociation' {error} -> error) (\s@ResolverQueryLogConfigAssociation' {} a -> s {error = a} :: ResolverQueryLogConfigAssociation)
+
+-- | Contains additional information about the error. If the value or @Error@
+-- is null, the value of @ErrorMessage@ also is null.
+resolverQueryLogConfigAssociation_errorMessage :: Lens.Lens' ResolverQueryLogConfigAssociation (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfigAssociation_errorMessage = Lens.lens (\ResolverQueryLogConfigAssociation' {errorMessage} -> errorMessage) (\s@ResolverQueryLogConfigAssociation' {} a -> s {errorMessage = a} :: ResolverQueryLogConfigAssociation)
+
+-- | The ID of the query logging association.
+resolverQueryLogConfigAssociation_id :: Lens.Lens' ResolverQueryLogConfigAssociation (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfigAssociation_id = Lens.lens (\ResolverQueryLogConfigAssociation' {id} -> id) (\s@ResolverQueryLogConfigAssociation' {} a -> s {id = a} :: ResolverQueryLogConfigAssociation)
+
+-- | The ID of the query logging configuration that a VPC is associated with.
+resolverQueryLogConfigAssociation_resolverQueryLogConfigId :: Lens.Lens' ResolverQueryLogConfigAssociation (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfigAssociation_resolverQueryLogConfigId = Lens.lens (\ResolverQueryLogConfigAssociation' {resolverQueryLogConfigId} -> resolverQueryLogConfigId) (\s@ResolverQueryLogConfigAssociation' {} a -> s {resolverQueryLogConfigId = a} :: ResolverQueryLogConfigAssociation)
+
+-- | The ID of the Amazon VPC that is associated with the query logging
+-- configuration.
+resolverQueryLogConfigAssociation_resourceId :: Lens.Lens' ResolverQueryLogConfigAssociation (Prelude.Maybe Prelude.Text)
+resolverQueryLogConfigAssociation_resourceId = Lens.lens (\ResolverQueryLogConfigAssociation' {resourceId} -> resourceId) (\s@ResolverQueryLogConfigAssociation' {} a -> s {resourceId = a} :: ResolverQueryLogConfigAssociation)
+
+-- | The status of the specified query logging association. Valid values
+-- include the following:
+--
+-- -   @CREATING@: Resolver is creating an association between an Amazon
+--     VPC and a query logging configuration.
+--
+-- -   @CREATED@: The association between an Amazon VPC and a query logging
+--     configuration was successfully created. Resolver is logging queries
+--     that originate in the specified VPC.
+--
+-- -   @DELETING@: Resolver is deleting this query logging association.
+--
+-- -   @FAILED@: Resolver either couldn\'t create or couldn\'t delete the
+--     query logging association.
+resolverQueryLogConfigAssociation_status :: Lens.Lens' ResolverQueryLogConfigAssociation (Prelude.Maybe ResolverQueryLogConfigAssociationStatus)
+resolverQueryLogConfigAssociation_status = Lens.lens (\ResolverQueryLogConfigAssociation' {status} -> status) (\s@ResolverQueryLogConfigAssociation' {} a -> s {status = a} :: ResolverQueryLogConfigAssociation)
+
+instance
+  Data.FromJSON
+    ResolverQueryLogConfigAssociation
+  where
+  parseJSON =
+    Data.withObject
+      "ResolverQueryLogConfigAssociation"
+      ( \x ->
+          ResolverQueryLogConfigAssociation'
+            Prelude.<$> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "Error")
+            Prelude.<*> (x Data..:? "ErrorMessage")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "ResolverQueryLogConfigId")
+            Prelude.<*> (x Data..:? "ResourceId")
+            Prelude.<*> (x Data..:? "Status")
+      )
+
+instance
+  Prelude.Hashable
+    ResolverQueryLogConfigAssociation
+  where
+  hashWithSalt
+    _salt
+    ResolverQueryLogConfigAssociation' {..} =
+      _salt
+        `Prelude.hashWithSalt` creationTime
+        `Prelude.hashWithSalt` error
+        `Prelude.hashWithSalt` errorMessage
+        `Prelude.hashWithSalt` id
+        `Prelude.hashWithSalt` resolverQueryLogConfigId
+        `Prelude.hashWithSalt` resourceId
+        `Prelude.hashWithSalt` status
+
+instance
+  Prelude.NFData
+    ResolverQueryLogConfigAssociation
+  where
+  rnf ResolverQueryLogConfigAssociation' {..} =
+    Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf error
+      `Prelude.seq` Prelude.rnf errorMessage
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf resolverQueryLogConfigId
+      `Prelude.seq` Prelude.rnf resourceId
+      `Prelude.seq` Prelude.rnf status
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociationError.hs b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociationError.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociationError.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationError
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationError
+  ( ResolverQueryLogConfigAssociationError
+      ( ..,
+        ResolverQueryLogConfigAssociationError_ACCESS_DENIED,
+        ResolverQueryLogConfigAssociationError_DESTINATION_NOT_FOUND,
+        ResolverQueryLogConfigAssociationError_INTERNAL_SERVICE_ERROR,
+        ResolverQueryLogConfigAssociationError_NONE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverQueryLogConfigAssociationError = ResolverQueryLogConfigAssociationError'
+  { fromResolverQueryLogConfigAssociationError ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverQueryLogConfigAssociationError_ACCESS_DENIED :: ResolverQueryLogConfigAssociationError
+pattern ResolverQueryLogConfigAssociationError_ACCESS_DENIED = ResolverQueryLogConfigAssociationError' "ACCESS_DENIED"
+
+pattern ResolverQueryLogConfigAssociationError_DESTINATION_NOT_FOUND :: ResolverQueryLogConfigAssociationError
+pattern ResolverQueryLogConfigAssociationError_DESTINATION_NOT_FOUND = ResolverQueryLogConfigAssociationError' "DESTINATION_NOT_FOUND"
+
+pattern ResolverQueryLogConfigAssociationError_INTERNAL_SERVICE_ERROR :: ResolverQueryLogConfigAssociationError
+pattern ResolverQueryLogConfigAssociationError_INTERNAL_SERVICE_ERROR = ResolverQueryLogConfigAssociationError' "INTERNAL_SERVICE_ERROR"
+
+pattern ResolverQueryLogConfigAssociationError_NONE :: ResolverQueryLogConfigAssociationError
+pattern ResolverQueryLogConfigAssociationError_NONE = ResolverQueryLogConfigAssociationError' "NONE"
+
+{-# COMPLETE
+  ResolverQueryLogConfigAssociationError_ACCESS_DENIED,
+  ResolverQueryLogConfigAssociationError_DESTINATION_NOT_FOUND,
+  ResolverQueryLogConfigAssociationError_INTERNAL_SERVICE_ERROR,
+  ResolverQueryLogConfigAssociationError_NONE,
+  ResolverQueryLogConfigAssociationError'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociationStatus.hs b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigAssociationStatus.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverQueryLogConfigAssociationStatus
+  ( ResolverQueryLogConfigAssociationStatus
+      ( ..,
+        ResolverQueryLogConfigAssociationStatus_ACTION_NEEDED,
+        ResolverQueryLogConfigAssociationStatus_ACTIVE,
+        ResolverQueryLogConfigAssociationStatus_CREATING,
+        ResolverQueryLogConfigAssociationStatus_DELETING,
+        ResolverQueryLogConfigAssociationStatus_FAILED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverQueryLogConfigAssociationStatus = ResolverQueryLogConfigAssociationStatus'
+  { fromResolverQueryLogConfigAssociationStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverQueryLogConfigAssociationStatus_ACTION_NEEDED :: ResolverQueryLogConfigAssociationStatus
+pattern ResolverQueryLogConfigAssociationStatus_ACTION_NEEDED = ResolverQueryLogConfigAssociationStatus' "ACTION_NEEDED"
+
+pattern ResolverQueryLogConfigAssociationStatus_ACTIVE :: ResolverQueryLogConfigAssociationStatus
+pattern ResolverQueryLogConfigAssociationStatus_ACTIVE = ResolverQueryLogConfigAssociationStatus' "ACTIVE"
+
+pattern ResolverQueryLogConfigAssociationStatus_CREATING :: ResolverQueryLogConfigAssociationStatus
+pattern ResolverQueryLogConfigAssociationStatus_CREATING = ResolverQueryLogConfigAssociationStatus' "CREATING"
+
+pattern ResolverQueryLogConfigAssociationStatus_DELETING :: ResolverQueryLogConfigAssociationStatus
+pattern ResolverQueryLogConfigAssociationStatus_DELETING = ResolverQueryLogConfigAssociationStatus' "DELETING"
+
+pattern ResolverQueryLogConfigAssociationStatus_FAILED :: ResolverQueryLogConfigAssociationStatus
+pattern ResolverQueryLogConfigAssociationStatus_FAILED = ResolverQueryLogConfigAssociationStatus' "FAILED"
+
+{-# COMPLETE
+  ResolverQueryLogConfigAssociationStatus_ACTION_NEEDED,
+  ResolverQueryLogConfigAssociationStatus_ACTIVE,
+  ResolverQueryLogConfigAssociationStatus_CREATING,
+  ResolverQueryLogConfigAssociationStatus_DELETING,
+  ResolverQueryLogConfigAssociationStatus_FAILED,
+  ResolverQueryLogConfigAssociationStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigStatus.hs b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverQueryLogConfigStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverQueryLogConfigStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverQueryLogConfigStatus
+  ( ResolverQueryLogConfigStatus
+      ( ..,
+        ResolverQueryLogConfigStatus_CREATED,
+        ResolverQueryLogConfigStatus_CREATING,
+        ResolverQueryLogConfigStatus_DELETING,
+        ResolverQueryLogConfigStatus_FAILED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverQueryLogConfigStatus = ResolverQueryLogConfigStatus'
+  { fromResolverQueryLogConfigStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverQueryLogConfigStatus_CREATED :: ResolverQueryLogConfigStatus
+pattern ResolverQueryLogConfigStatus_CREATED = ResolverQueryLogConfigStatus' "CREATED"
+
+pattern ResolverQueryLogConfigStatus_CREATING :: ResolverQueryLogConfigStatus
+pattern ResolverQueryLogConfigStatus_CREATING = ResolverQueryLogConfigStatus' "CREATING"
+
+pattern ResolverQueryLogConfigStatus_DELETING :: ResolverQueryLogConfigStatus
+pattern ResolverQueryLogConfigStatus_DELETING = ResolverQueryLogConfigStatus' "DELETING"
+
+pattern ResolverQueryLogConfigStatus_FAILED :: ResolverQueryLogConfigStatus
+pattern ResolverQueryLogConfigStatus_FAILED = ResolverQueryLogConfigStatus' "FAILED"
+
+{-# COMPLETE
+  ResolverQueryLogConfigStatus_CREATED,
+  ResolverQueryLogConfigStatus_CREATING,
+  ResolverQueryLogConfigStatus_DELETING,
+  ResolverQueryLogConfigStatus_FAILED,
+  ResolverQueryLogConfigStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverRule.hs b/gen/Amazonka/Route53Resolver/Types/ResolverRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverRule.hs
@@ -0,0 +1,325 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ResolverRuleStatus
+import Amazonka.Route53Resolver.Types.RuleTypeOption
+import Amazonka.Route53Resolver.Types.ShareStatus
+import Amazonka.Route53Resolver.Types.TargetAddress
+
+-- | For queries that originate in your VPC, detailed information about a
+-- Resolver rule, which specifies how to route DNS queries out of the VPC.
+-- The @ResolverRule@ parameter appears in the response to a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverRule.html CreateResolverRule>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DeleteResolverRule.html DeleteResolverRule>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html GetResolverRule>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>,
+-- or
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverRule.html UpdateResolverRule>
+-- request.
+--
+-- /See:/ 'newResolverRule' smart constructor.
+data ResolverRule = ResolverRule'
+  { -- | The ARN (Amazon Resource Name) for the Resolver rule specified by @Id@.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the Resolver rule was created, in Unix time
+    -- format and Coordinated Universal Time (UTC).
+    creationTime :: Prelude.Maybe Prelude.Text,
+    -- | A unique string that you specified when you created the Resolver rule.
+    -- @CreatorRequestId@ identifies the request and allows failed requests to
+    -- be retried without the risk of running the operation twice.
+    creatorRequestId :: Prelude.Maybe Prelude.Text,
+    -- | DNS queries for this domain name are forwarded to the IP addresses that
+    -- are specified in @TargetIps@. If a query matches multiple Resolver rules
+    -- (example.com and www.example.com), the query is routed using the
+    -- Resolver rule that contains the most specific domain name
+    -- (www.example.com).
+    domainName :: Prelude.Maybe Prelude.Text,
+    -- | The ID that Resolver assigned to the Resolver rule when you created it.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The date and time that the Resolver rule was last updated, in Unix time
+    -- format and Coordinated Universal Time (UTC).
+    modificationTime :: Prelude.Maybe Prelude.Text,
+    -- | The name for the Resolver rule, which you specified when you created the
+    -- Resolver rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | When a rule is shared with another Amazon Web Services account, the
+    -- account ID of the account that the rule is shared with.
+    ownerId :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the endpoint that the rule is associated with.
+    resolverEndpointId :: Prelude.Maybe Prelude.Text,
+    -- | When you want to forward DNS queries for specified domain name to
+    -- resolvers on your network, specify @FORWARD@.
+    --
+    -- When you have a forwarding rule to forward DNS queries for a domain to
+    -- your network and you want Resolver to process queries for a subdomain of
+    -- that domain, specify @SYSTEM@.
+    --
+    -- For example, to forward DNS queries for example.com to resolvers on your
+    -- network, you create a rule and specify @FORWARD@ for @RuleType@. To then
+    -- have Resolver process queries for apex.example.com, you create a rule
+    -- and specify @SYSTEM@ for @RuleType@.
+    --
+    -- Currently, only Resolver can create rules that have a value of
+    -- @RECURSIVE@ for @RuleType@.
+    ruleType :: Prelude.Maybe RuleTypeOption,
+    -- | Whether the rule is shared and, if so, whether the current account is
+    -- sharing the rule with another account, or another account is sharing the
+    -- rule with the current account.
+    shareStatus :: Prelude.Maybe ShareStatus,
+    -- | A code that specifies the current status of the Resolver rule.
+    status :: Prelude.Maybe ResolverRuleStatus,
+    -- | A detailed description of the status of a Resolver rule.
+    statusMessage :: Prelude.Maybe Prelude.Text,
+    -- | An array that contains the IP addresses and ports that an outbound
+    -- endpoint forwards DNS queries to. Typically, these are the IP addresses
+    -- of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not
+    -- supported.
+    targetIps :: Prelude.Maybe (Prelude.NonEmpty TargetAddress)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'resolverRule_arn' - The ARN (Amazon Resource Name) for the Resolver rule specified by @Id@.
+--
+-- 'creationTime', 'resolverRule_creationTime' - The date and time that the Resolver rule was created, in Unix time
+-- format and Coordinated Universal Time (UTC).
+--
+-- 'creatorRequestId', 'resolverRule_creatorRequestId' - A unique string that you specified when you created the Resolver rule.
+-- @CreatorRequestId@ identifies the request and allows failed requests to
+-- be retried without the risk of running the operation twice.
+--
+-- 'domainName', 'resolverRule_domainName' - DNS queries for this domain name are forwarded to the IP addresses that
+-- are specified in @TargetIps@. If a query matches multiple Resolver rules
+-- (example.com and www.example.com), the query is routed using the
+-- Resolver rule that contains the most specific domain name
+-- (www.example.com).
+--
+-- 'id', 'resolverRule_id' - The ID that Resolver assigned to the Resolver rule when you created it.
+--
+-- 'modificationTime', 'resolverRule_modificationTime' - The date and time that the Resolver rule was last updated, in Unix time
+-- format and Coordinated Universal Time (UTC).
+--
+-- 'name', 'resolverRule_name' - The name for the Resolver rule, which you specified when you created the
+-- Resolver rule.
+--
+-- 'ownerId', 'resolverRule_ownerId' - When a rule is shared with another Amazon Web Services account, the
+-- account ID of the account that the rule is shared with.
+--
+-- 'resolverEndpointId', 'resolverRule_resolverEndpointId' - The ID of the endpoint that the rule is associated with.
+--
+-- 'ruleType', 'resolverRule_ruleType' - When you want to forward DNS queries for specified domain name to
+-- resolvers on your network, specify @FORWARD@.
+--
+-- When you have a forwarding rule to forward DNS queries for a domain to
+-- your network and you want Resolver to process queries for a subdomain of
+-- that domain, specify @SYSTEM@.
+--
+-- For example, to forward DNS queries for example.com to resolvers on your
+-- network, you create a rule and specify @FORWARD@ for @RuleType@. To then
+-- have Resolver process queries for apex.example.com, you create a rule
+-- and specify @SYSTEM@ for @RuleType@.
+--
+-- Currently, only Resolver can create rules that have a value of
+-- @RECURSIVE@ for @RuleType@.
+--
+-- 'shareStatus', 'resolverRule_shareStatus' - Whether the rule is shared and, if so, whether the current account is
+-- sharing the rule with another account, or another account is sharing the
+-- rule with the current account.
+--
+-- 'status', 'resolverRule_status' - A code that specifies the current status of the Resolver rule.
+--
+-- 'statusMessage', 'resolverRule_statusMessage' - A detailed description of the status of a Resolver rule.
+--
+-- 'targetIps', 'resolverRule_targetIps' - An array that contains the IP addresses and ports that an outbound
+-- endpoint forwards DNS queries to. Typically, these are the IP addresses
+-- of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not
+-- supported.
+newResolverRule ::
+  ResolverRule
+newResolverRule =
+  ResolverRule'
+    { arn = Prelude.Nothing,
+      creationTime = Prelude.Nothing,
+      creatorRequestId = Prelude.Nothing,
+      domainName = Prelude.Nothing,
+      id = Prelude.Nothing,
+      modificationTime = Prelude.Nothing,
+      name = Prelude.Nothing,
+      ownerId = Prelude.Nothing,
+      resolverEndpointId = Prelude.Nothing,
+      ruleType = Prelude.Nothing,
+      shareStatus = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing,
+      targetIps = Prelude.Nothing
+    }
+
+-- | The ARN (Amazon Resource Name) for the Resolver rule specified by @Id@.
+resolverRule_arn :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_arn = Lens.lens (\ResolverRule' {arn} -> arn) (\s@ResolverRule' {} a -> s {arn = a} :: ResolverRule)
+
+-- | The date and time that the Resolver rule was created, in Unix time
+-- format and Coordinated Universal Time (UTC).
+resolverRule_creationTime :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_creationTime = Lens.lens (\ResolverRule' {creationTime} -> creationTime) (\s@ResolverRule' {} a -> s {creationTime = a} :: ResolverRule)
+
+-- | A unique string that you specified when you created the Resolver rule.
+-- @CreatorRequestId@ identifies the request and allows failed requests to
+-- be retried without the risk of running the operation twice.
+resolverRule_creatorRequestId :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_creatorRequestId = Lens.lens (\ResolverRule' {creatorRequestId} -> creatorRequestId) (\s@ResolverRule' {} a -> s {creatorRequestId = a} :: ResolverRule)
+
+-- | DNS queries for this domain name are forwarded to the IP addresses that
+-- are specified in @TargetIps@. If a query matches multiple Resolver rules
+-- (example.com and www.example.com), the query is routed using the
+-- Resolver rule that contains the most specific domain name
+-- (www.example.com).
+resolverRule_domainName :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_domainName = Lens.lens (\ResolverRule' {domainName} -> domainName) (\s@ResolverRule' {} a -> s {domainName = a} :: ResolverRule)
+
+-- | The ID that Resolver assigned to the Resolver rule when you created it.
+resolverRule_id :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_id = Lens.lens (\ResolverRule' {id} -> id) (\s@ResolverRule' {} a -> s {id = a} :: ResolverRule)
+
+-- | The date and time that the Resolver rule was last updated, in Unix time
+-- format and Coordinated Universal Time (UTC).
+resolverRule_modificationTime :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_modificationTime = Lens.lens (\ResolverRule' {modificationTime} -> modificationTime) (\s@ResolverRule' {} a -> s {modificationTime = a} :: ResolverRule)
+
+-- | The name for the Resolver rule, which you specified when you created the
+-- Resolver rule.
+resolverRule_name :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_name = Lens.lens (\ResolverRule' {name} -> name) (\s@ResolverRule' {} a -> s {name = a} :: ResolverRule)
+
+-- | When a rule is shared with another Amazon Web Services account, the
+-- account ID of the account that the rule is shared with.
+resolverRule_ownerId :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_ownerId = Lens.lens (\ResolverRule' {ownerId} -> ownerId) (\s@ResolverRule' {} a -> s {ownerId = a} :: ResolverRule)
+
+-- | The ID of the endpoint that the rule is associated with.
+resolverRule_resolverEndpointId :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_resolverEndpointId = Lens.lens (\ResolverRule' {resolverEndpointId} -> resolverEndpointId) (\s@ResolverRule' {} a -> s {resolverEndpointId = a} :: ResolverRule)
+
+-- | When you want to forward DNS queries for specified domain name to
+-- resolvers on your network, specify @FORWARD@.
+--
+-- When you have a forwarding rule to forward DNS queries for a domain to
+-- your network and you want Resolver to process queries for a subdomain of
+-- that domain, specify @SYSTEM@.
+--
+-- For example, to forward DNS queries for example.com to resolvers on your
+-- network, you create a rule and specify @FORWARD@ for @RuleType@. To then
+-- have Resolver process queries for apex.example.com, you create a rule
+-- and specify @SYSTEM@ for @RuleType@.
+--
+-- Currently, only Resolver can create rules that have a value of
+-- @RECURSIVE@ for @RuleType@.
+resolverRule_ruleType :: Lens.Lens' ResolverRule (Prelude.Maybe RuleTypeOption)
+resolverRule_ruleType = Lens.lens (\ResolverRule' {ruleType} -> ruleType) (\s@ResolverRule' {} a -> s {ruleType = a} :: ResolverRule)
+
+-- | Whether the rule is shared and, if so, whether the current account is
+-- sharing the rule with another account, or another account is sharing the
+-- rule with the current account.
+resolverRule_shareStatus :: Lens.Lens' ResolverRule (Prelude.Maybe ShareStatus)
+resolverRule_shareStatus = Lens.lens (\ResolverRule' {shareStatus} -> shareStatus) (\s@ResolverRule' {} a -> s {shareStatus = a} :: ResolverRule)
+
+-- | A code that specifies the current status of the Resolver rule.
+resolverRule_status :: Lens.Lens' ResolverRule (Prelude.Maybe ResolverRuleStatus)
+resolverRule_status = Lens.lens (\ResolverRule' {status} -> status) (\s@ResolverRule' {} a -> s {status = a} :: ResolverRule)
+
+-- | A detailed description of the status of a Resolver rule.
+resolverRule_statusMessage :: Lens.Lens' ResolverRule (Prelude.Maybe Prelude.Text)
+resolverRule_statusMessage = Lens.lens (\ResolverRule' {statusMessage} -> statusMessage) (\s@ResolverRule' {} a -> s {statusMessage = a} :: ResolverRule)
+
+-- | An array that contains the IP addresses and ports that an outbound
+-- endpoint forwards DNS queries to. Typically, these are the IP addresses
+-- of DNS resolvers on your network. Specify IPv4 addresses. IPv6 is not
+-- supported.
+resolverRule_targetIps :: Lens.Lens' ResolverRule (Prelude.Maybe (Prelude.NonEmpty TargetAddress))
+resolverRule_targetIps = Lens.lens (\ResolverRule' {targetIps} -> targetIps) (\s@ResolverRule' {} a -> s {targetIps = a} :: ResolverRule) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON ResolverRule where
+  parseJSON =
+    Data.withObject
+      "ResolverRule"
+      ( \x ->
+          ResolverRule'
+            Prelude.<$> (x Data..:? "Arn")
+            Prelude.<*> (x Data..:? "CreationTime")
+            Prelude.<*> (x Data..:? "CreatorRequestId")
+            Prelude.<*> (x Data..:? "DomainName")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "ModificationTime")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "OwnerId")
+            Prelude.<*> (x Data..:? "ResolverEndpointId")
+            Prelude.<*> (x Data..:? "RuleType")
+            Prelude.<*> (x Data..:? "ShareStatus")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+            Prelude.<*> (x Data..:? "TargetIps")
+      )
+
+instance Prelude.Hashable ResolverRule where
+  hashWithSalt _salt ResolverRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` creationTime
+      `Prelude.hashWithSalt` creatorRequestId
+      `Prelude.hashWithSalt` domainName
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` modificationTime
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` ownerId
+      `Prelude.hashWithSalt` resolverEndpointId
+      `Prelude.hashWithSalt` ruleType
+      `Prelude.hashWithSalt` shareStatus
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+      `Prelude.hashWithSalt` targetIps
+
+instance Prelude.NFData ResolverRule where
+  rnf ResolverRule' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf creationTime
+      `Prelude.seq` Prelude.rnf creatorRequestId
+      `Prelude.seq` Prelude.rnf domainName
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf modificationTime
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf ownerId
+      `Prelude.seq` Prelude.rnf resolverEndpointId
+      `Prelude.seq` Prelude.rnf ruleType
+      `Prelude.seq` Prelude.rnf shareStatus
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+      `Prelude.seq` Prelude.rnf targetIps
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverRuleAssociation.hs b/gen/Amazonka/Route53Resolver/Types/ResolverRuleAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverRuleAssociation.hs
@@ -0,0 +1,158 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverRuleAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverRuleAssociation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.ResolverRuleAssociationStatus
+
+-- | In the response to an
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html AssociateResolverRule>,
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_DisassociateResolverRule.html DisassociateResolverRule>,
+-- or
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>
+-- request, provides information about an association between a Resolver
+-- rule and a VPC. The association determines which DNS queries that
+-- originate in the VPC are forwarded to your network.
+--
+-- /See:/ 'newResolverRuleAssociation' smart constructor.
+data ResolverRuleAssociation = ResolverRuleAssociation'
+  { -- | The ID of the association between a Resolver rule and a VPC. Resolver
+    -- assigns this value when you submit an
+    -- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html AssociateResolverRule>
+    -- request.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of an association between a Resolver rule and a VPC.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Resolver rule that you associated with the VPC that is
+    -- specified by @VPCId@.
+    resolverRuleId :: Prelude.Maybe Prelude.Text,
+    -- | A code that specifies the current status of the association between a
+    -- Resolver rule and a VPC.
+    status :: Prelude.Maybe ResolverRuleAssociationStatus,
+    -- | A detailed description of the status of the association between a
+    -- Resolver rule and a VPC.
+    statusMessage :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the VPC that you associated the Resolver rule with.
+    vPCId :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverRuleAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'resolverRuleAssociation_id' - The ID of the association between a Resolver rule and a VPC. Resolver
+-- assigns this value when you submit an
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html AssociateResolverRule>
+-- request.
+--
+-- 'name', 'resolverRuleAssociation_name' - The name of an association between a Resolver rule and a VPC.
+--
+-- 'resolverRuleId', 'resolverRuleAssociation_resolverRuleId' - The ID of the Resolver rule that you associated with the VPC that is
+-- specified by @VPCId@.
+--
+-- 'status', 'resolverRuleAssociation_status' - A code that specifies the current status of the association between a
+-- Resolver rule and a VPC.
+--
+-- 'statusMessage', 'resolverRuleAssociation_statusMessage' - A detailed description of the status of the association between a
+-- Resolver rule and a VPC.
+--
+-- 'vPCId', 'resolverRuleAssociation_vPCId' - The ID of the VPC that you associated the Resolver rule with.
+newResolverRuleAssociation ::
+  ResolverRuleAssociation
+newResolverRuleAssociation =
+  ResolverRuleAssociation'
+    { id = Prelude.Nothing,
+      name = Prelude.Nothing,
+      resolverRuleId = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing,
+      vPCId = Prelude.Nothing
+    }
+
+-- | The ID of the association between a Resolver rule and a VPC. Resolver
+-- assigns this value when you submit an
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_AssociateResolverRule.html AssociateResolverRule>
+-- request.
+resolverRuleAssociation_id :: Lens.Lens' ResolverRuleAssociation (Prelude.Maybe Prelude.Text)
+resolverRuleAssociation_id = Lens.lens (\ResolverRuleAssociation' {id} -> id) (\s@ResolverRuleAssociation' {} a -> s {id = a} :: ResolverRuleAssociation)
+
+-- | The name of an association between a Resolver rule and a VPC.
+resolverRuleAssociation_name :: Lens.Lens' ResolverRuleAssociation (Prelude.Maybe Prelude.Text)
+resolverRuleAssociation_name = Lens.lens (\ResolverRuleAssociation' {name} -> name) (\s@ResolverRuleAssociation' {} a -> s {name = a} :: ResolverRuleAssociation)
+
+-- | The ID of the Resolver rule that you associated with the VPC that is
+-- specified by @VPCId@.
+resolverRuleAssociation_resolverRuleId :: Lens.Lens' ResolverRuleAssociation (Prelude.Maybe Prelude.Text)
+resolverRuleAssociation_resolverRuleId = Lens.lens (\ResolverRuleAssociation' {resolverRuleId} -> resolverRuleId) (\s@ResolverRuleAssociation' {} a -> s {resolverRuleId = a} :: ResolverRuleAssociation)
+
+-- | A code that specifies the current status of the association between a
+-- Resolver rule and a VPC.
+resolverRuleAssociation_status :: Lens.Lens' ResolverRuleAssociation (Prelude.Maybe ResolverRuleAssociationStatus)
+resolverRuleAssociation_status = Lens.lens (\ResolverRuleAssociation' {status} -> status) (\s@ResolverRuleAssociation' {} a -> s {status = a} :: ResolverRuleAssociation)
+
+-- | A detailed description of the status of the association between a
+-- Resolver rule and a VPC.
+resolverRuleAssociation_statusMessage :: Lens.Lens' ResolverRuleAssociation (Prelude.Maybe Prelude.Text)
+resolverRuleAssociation_statusMessage = Lens.lens (\ResolverRuleAssociation' {statusMessage} -> statusMessage) (\s@ResolverRuleAssociation' {} a -> s {statusMessage = a} :: ResolverRuleAssociation)
+
+-- | The ID of the VPC that you associated the Resolver rule with.
+resolverRuleAssociation_vPCId :: Lens.Lens' ResolverRuleAssociation (Prelude.Maybe Prelude.Text)
+resolverRuleAssociation_vPCId = Lens.lens (\ResolverRuleAssociation' {vPCId} -> vPCId) (\s@ResolverRuleAssociation' {} a -> s {vPCId = a} :: ResolverRuleAssociation)
+
+instance Data.FromJSON ResolverRuleAssociation where
+  parseJSON =
+    Data.withObject
+      "ResolverRuleAssociation"
+      ( \x ->
+          ResolverRuleAssociation'
+            Prelude.<$> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "ResolverRuleId")
+            Prelude.<*> (x Data..:? "Status")
+            Prelude.<*> (x Data..:? "StatusMessage")
+            Prelude.<*> (x Data..:? "VPCId")
+      )
+
+instance Prelude.Hashable ResolverRuleAssociation where
+  hashWithSalt _salt ResolverRuleAssociation' {..} =
+    _salt
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` resolverRuleId
+      `Prelude.hashWithSalt` status
+      `Prelude.hashWithSalt` statusMessage
+      `Prelude.hashWithSalt` vPCId
+
+instance Prelude.NFData ResolverRuleAssociation where
+  rnf ResolverRuleAssociation' {..} =
+    Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf resolverRuleId
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+      `Prelude.seq` Prelude.rnf vPCId
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverRuleAssociationStatus.hs b/gen/Amazonka/Route53Resolver/Types/ResolverRuleAssociationStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverRuleAssociationStatus.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverRuleAssociationStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverRuleAssociationStatus
+  ( ResolverRuleAssociationStatus
+      ( ..,
+        ResolverRuleAssociationStatus_COMPLETE,
+        ResolverRuleAssociationStatus_CREATING,
+        ResolverRuleAssociationStatus_DELETING,
+        ResolverRuleAssociationStatus_FAILED,
+        ResolverRuleAssociationStatus_OVERRIDDEN
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverRuleAssociationStatus = ResolverRuleAssociationStatus'
+  { fromResolverRuleAssociationStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverRuleAssociationStatus_COMPLETE :: ResolverRuleAssociationStatus
+pattern ResolverRuleAssociationStatus_COMPLETE = ResolverRuleAssociationStatus' "COMPLETE"
+
+pattern ResolverRuleAssociationStatus_CREATING :: ResolverRuleAssociationStatus
+pattern ResolverRuleAssociationStatus_CREATING = ResolverRuleAssociationStatus' "CREATING"
+
+pattern ResolverRuleAssociationStatus_DELETING :: ResolverRuleAssociationStatus
+pattern ResolverRuleAssociationStatus_DELETING = ResolverRuleAssociationStatus' "DELETING"
+
+pattern ResolverRuleAssociationStatus_FAILED :: ResolverRuleAssociationStatus
+pattern ResolverRuleAssociationStatus_FAILED = ResolverRuleAssociationStatus' "FAILED"
+
+pattern ResolverRuleAssociationStatus_OVERRIDDEN :: ResolverRuleAssociationStatus
+pattern ResolverRuleAssociationStatus_OVERRIDDEN = ResolverRuleAssociationStatus' "OVERRIDDEN"
+
+{-# COMPLETE
+  ResolverRuleAssociationStatus_COMPLETE,
+  ResolverRuleAssociationStatus_CREATING,
+  ResolverRuleAssociationStatus_DELETING,
+  ResolverRuleAssociationStatus_FAILED,
+  ResolverRuleAssociationStatus_OVERRIDDEN,
+  ResolverRuleAssociationStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverRuleConfig.hs b/gen/Amazonka/Route53Resolver/Types/ResolverRuleConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverRuleConfig.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverRuleConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverRuleConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Types.TargetAddress
+
+-- | In an
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_UpdateResolverRule.html UpdateResolverRule>
+-- request, information about the changes that you want to make.
+--
+-- /See:/ 'newResolverRuleConfig' smart constructor.
+data ResolverRuleConfig = ResolverRuleConfig'
+  { -- | The new name for the Resolver rule. The name that you specify appears in
+    -- the Resolver dashboard in the Route 53 console.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the new outbound Resolver endpoint that you want to use to
+    -- route DNS queries to the IP addresses that you specify in @TargetIps@.
+    resolverEndpointId :: Prelude.Maybe Prelude.Text,
+    -- | For DNS queries that originate in your VPC, the new IP addresses that
+    -- you want to route outbound DNS queries to.
+    targetIps :: Prelude.Maybe (Prelude.NonEmpty TargetAddress)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResolverRuleConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'resolverRuleConfig_name' - The new name for the Resolver rule. The name that you specify appears in
+-- the Resolver dashboard in the Route 53 console.
+--
+-- 'resolverEndpointId', 'resolverRuleConfig_resolverEndpointId' - The ID of the new outbound Resolver endpoint that you want to use to
+-- route DNS queries to the IP addresses that you specify in @TargetIps@.
+--
+-- 'targetIps', 'resolverRuleConfig_targetIps' - For DNS queries that originate in your VPC, the new IP addresses that
+-- you want to route outbound DNS queries to.
+newResolverRuleConfig ::
+  ResolverRuleConfig
+newResolverRuleConfig =
+  ResolverRuleConfig'
+    { name = Prelude.Nothing,
+      resolverEndpointId = Prelude.Nothing,
+      targetIps = Prelude.Nothing
+    }
+
+-- | The new name for the Resolver rule. The name that you specify appears in
+-- the Resolver dashboard in the Route 53 console.
+resolverRuleConfig_name :: Lens.Lens' ResolverRuleConfig (Prelude.Maybe Prelude.Text)
+resolverRuleConfig_name = Lens.lens (\ResolverRuleConfig' {name} -> name) (\s@ResolverRuleConfig' {} a -> s {name = a} :: ResolverRuleConfig)
+
+-- | The ID of the new outbound Resolver endpoint that you want to use to
+-- route DNS queries to the IP addresses that you specify in @TargetIps@.
+resolverRuleConfig_resolverEndpointId :: Lens.Lens' ResolverRuleConfig (Prelude.Maybe Prelude.Text)
+resolverRuleConfig_resolverEndpointId = Lens.lens (\ResolverRuleConfig' {resolverEndpointId} -> resolverEndpointId) (\s@ResolverRuleConfig' {} a -> s {resolverEndpointId = a} :: ResolverRuleConfig)
+
+-- | For DNS queries that originate in your VPC, the new IP addresses that
+-- you want to route outbound DNS queries to.
+resolverRuleConfig_targetIps :: Lens.Lens' ResolverRuleConfig (Prelude.Maybe (Prelude.NonEmpty TargetAddress))
+resolverRuleConfig_targetIps = Lens.lens (\ResolverRuleConfig' {targetIps} -> targetIps) (\s@ResolverRuleConfig' {} a -> s {targetIps = a} :: ResolverRuleConfig) Prelude.. Lens.mapping Lens.coerced
+
+instance Prelude.Hashable ResolverRuleConfig where
+  hashWithSalt _salt ResolverRuleConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` resolverEndpointId
+      `Prelude.hashWithSalt` targetIps
+
+instance Prelude.NFData ResolverRuleConfig where
+  rnf ResolverRuleConfig' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf resolverEndpointId
+      `Prelude.seq` Prelude.rnf targetIps
+
+instance Data.ToJSON ResolverRuleConfig where
+  toJSON ResolverRuleConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            ("ResolverEndpointId" Data..=)
+              Prelude.<$> resolverEndpointId,
+            ("TargetIps" Data..=) Prelude.<$> targetIps
+          ]
+      )
diff --git a/gen/Amazonka/Route53Resolver/Types/ResolverRuleStatus.hs b/gen/Amazonka/Route53Resolver/Types/ResolverRuleStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ResolverRuleStatus.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ResolverRuleStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ResolverRuleStatus
+  ( ResolverRuleStatus
+      ( ..,
+        ResolverRuleStatus_COMPLETE,
+        ResolverRuleStatus_DELETING,
+        ResolverRuleStatus_FAILED,
+        ResolverRuleStatus_UPDATING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResolverRuleStatus = ResolverRuleStatus'
+  { fromResolverRuleStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResolverRuleStatus_COMPLETE :: ResolverRuleStatus
+pattern ResolverRuleStatus_COMPLETE = ResolverRuleStatus' "COMPLETE"
+
+pattern ResolverRuleStatus_DELETING :: ResolverRuleStatus
+pattern ResolverRuleStatus_DELETING = ResolverRuleStatus' "DELETING"
+
+pattern ResolverRuleStatus_FAILED :: ResolverRuleStatus
+pattern ResolverRuleStatus_FAILED = ResolverRuleStatus' "FAILED"
+
+pattern ResolverRuleStatus_UPDATING :: ResolverRuleStatus
+pattern ResolverRuleStatus_UPDATING = ResolverRuleStatus' "UPDATING"
+
+{-# COMPLETE
+  ResolverRuleStatus_COMPLETE,
+  ResolverRuleStatus_DELETING,
+  ResolverRuleStatus_FAILED,
+  ResolverRuleStatus_UPDATING,
+  ResolverRuleStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/RuleTypeOption.hs b/gen/Amazonka/Route53Resolver/Types/RuleTypeOption.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/RuleTypeOption.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.RuleTypeOption
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.RuleTypeOption
+  ( RuleTypeOption
+      ( ..,
+        RuleTypeOption_FORWARD,
+        RuleTypeOption_RECURSIVE,
+        RuleTypeOption_SYSTEM
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype RuleTypeOption = RuleTypeOption'
+  { fromRuleTypeOption ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern RuleTypeOption_FORWARD :: RuleTypeOption
+pattern RuleTypeOption_FORWARD = RuleTypeOption' "FORWARD"
+
+pattern RuleTypeOption_RECURSIVE :: RuleTypeOption
+pattern RuleTypeOption_RECURSIVE = RuleTypeOption' "RECURSIVE"
+
+pattern RuleTypeOption_SYSTEM :: RuleTypeOption
+pattern RuleTypeOption_SYSTEM = RuleTypeOption' "SYSTEM"
+
+{-# COMPLETE
+  RuleTypeOption_FORWARD,
+  RuleTypeOption_RECURSIVE,
+  RuleTypeOption_SYSTEM,
+  RuleTypeOption'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/ShareStatus.hs b/gen/Amazonka/Route53Resolver/Types/ShareStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/ShareStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.ShareStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.ShareStatus
+  ( ShareStatus
+      ( ..,
+        ShareStatus_NOT_SHARED,
+        ShareStatus_SHARED_BY_ME,
+        ShareStatus_SHARED_WITH_ME
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ShareStatus = ShareStatus'
+  { fromShareStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ShareStatus_NOT_SHARED :: ShareStatus
+pattern ShareStatus_NOT_SHARED = ShareStatus' "NOT_SHARED"
+
+pattern ShareStatus_SHARED_BY_ME :: ShareStatus
+pattern ShareStatus_SHARED_BY_ME = ShareStatus' "SHARED_BY_ME"
+
+pattern ShareStatus_SHARED_WITH_ME :: ShareStatus
+pattern ShareStatus_SHARED_WITH_ME = ShareStatus' "SHARED_WITH_ME"
+
+{-# COMPLETE
+  ShareStatus_NOT_SHARED,
+  ShareStatus_SHARED_BY_ME,
+  ShareStatus_SHARED_WITH_ME,
+  ShareStatus'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/SortOrder.hs b/gen/Amazonka/Route53Resolver/Types/SortOrder.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/SortOrder.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.SortOrder
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.SortOrder
+  ( SortOrder
+      ( ..,
+        SortOrder_ASCENDING,
+        SortOrder_DESCENDING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SortOrder = SortOrder'
+  { fromSortOrder ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SortOrder_ASCENDING :: SortOrder
+pattern SortOrder_ASCENDING = SortOrder' "ASCENDING"
+
+pattern SortOrder_DESCENDING :: SortOrder
+pattern SortOrder_DESCENDING = SortOrder' "DESCENDING"
+
+{-# COMPLETE
+  SortOrder_ASCENDING,
+  SortOrder_DESCENDING,
+  SortOrder'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/Types/Tag.hs b/gen/Amazonka/Route53Resolver/Types/Tag.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/Tag.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.Tag
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.Tag where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | One tag that you want to add to the specified resource. A tag consists
+-- of a @Key@ (a name for the tag) and a @Value@.
+--
+-- /See:/ 'newTag' smart constructor.
+data Tag = Tag'
+  { -- | The name for the tag. For example, if you want to associate Resolver
+    -- resources with the account IDs of your customers for billing purposes,
+    -- the value of @Key@ might be @account-id@.
+    key :: Prelude.Text,
+    -- | The value for the tag. For example, if @Key@ is @account-id@, then
+    -- @Value@ might be the ID of the customer account that you\'re creating
+    -- the resource for.
+    value :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Tag' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'tag_key' - The name for the tag. For example, if you want to associate Resolver
+-- resources with the account IDs of your customers for billing purposes,
+-- the value of @Key@ might be @account-id@.
+--
+-- 'value', 'tag_value' - The value for the tag. For example, if @Key@ is @account-id@, then
+-- @Value@ might be the ID of the customer account that you\'re creating
+-- the resource for.
+newTag ::
+  -- | 'key'
+  Prelude.Text ->
+  -- | 'value'
+  Prelude.Text ->
+  Tag
+newTag pKey_ pValue_ =
+  Tag' {key = pKey_, value = pValue_}
+
+-- | The name for the tag. For example, if you want to associate Resolver
+-- resources with the account IDs of your customers for billing purposes,
+-- the value of @Key@ might be @account-id@.
+tag_key :: Lens.Lens' Tag Prelude.Text
+tag_key = Lens.lens (\Tag' {key} -> key) (\s@Tag' {} a -> s {key = a} :: Tag)
+
+-- | The value for the tag. For example, if @Key@ is @account-id@, then
+-- @Value@ might be the ID of the customer account that you\'re creating
+-- the resource for.
+tag_value :: Lens.Lens' Tag Prelude.Text
+tag_value = Lens.lens (\Tag' {value} -> value) (\s@Tag' {} a -> s {value = a} :: Tag)
+
+instance Data.FromJSON Tag where
+  parseJSON =
+    Data.withObject
+      "Tag"
+      ( \x ->
+          Tag'
+            Prelude.<$> (x Data..: "Key")
+            Prelude.<*> (x Data..: "Value")
+      )
+
+instance Prelude.Hashable Tag where
+  hashWithSalt _salt Tag' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData Tag where
+  rnf Tag' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON Tag where
+  toJSON Tag' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Key" Data..= key),
+            Prelude.Just ("Value" Data..= value)
+          ]
+      )
diff --git a/gen/Amazonka/Route53Resolver/Types/TargetAddress.hs b/gen/Amazonka/Route53Resolver/Types/TargetAddress.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/TargetAddress.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.TargetAddress
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.TargetAddress where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | In a
+-- <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_CreateResolverRule.html CreateResolverRule>
+-- request, an array of the IPs that you want to forward DNS queries to.
+--
+-- /See:/ 'newTargetAddress' smart constructor.
+data TargetAddress = TargetAddress'
+  { -- | The port at @Ip@ that you want to forward DNS queries to.
+    port :: Prelude.Maybe Prelude.Natural,
+    -- | One IP address that you want to forward DNS queries to. You can specify
+    -- only IPv4 addresses.
+    ip :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TargetAddress' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'port', 'targetAddress_port' - The port at @Ip@ that you want to forward DNS queries to.
+--
+-- 'ip', 'targetAddress_ip' - One IP address that you want to forward DNS queries to. You can specify
+-- only IPv4 addresses.
+newTargetAddress ::
+  -- | 'ip'
+  Prelude.Text ->
+  TargetAddress
+newTargetAddress pIp_ =
+  TargetAddress' {port = Prelude.Nothing, ip = pIp_}
+
+-- | The port at @Ip@ that you want to forward DNS queries to.
+targetAddress_port :: Lens.Lens' TargetAddress (Prelude.Maybe Prelude.Natural)
+targetAddress_port = Lens.lens (\TargetAddress' {port} -> port) (\s@TargetAddress' {} a -> s {port = a} :: TargetAddress)
+
+-- | One IP address that you want to forward DNS queries to. You can specify
+-- only IPv4 addresses.
+targetAddress_ip :: Lens.Lens' TargetAddress Prelude.Text
+targetAddress_ip = Lens.lens (\TargetAddress' {ip} -> ip) (\s@TargetAddress' {} a -> s {ip = a} :: TargetAddress)
+
+instance Data.FromJSON TargetAddress where
+  parseJSON =
+    Data.withObject
+      "TargetAddress"
+      ( \x ->
+          TargetAddress'
+            Prelude.<$> (x Data..:? "Port")
+            Prelude.<*> (x Data..: "Ip")
+      )
+
+instance Prelude.Hashable TargetAddress where
+  hashWithSalt _salt TargetAddress' {..} =
+    _salt
+      `Prelude.hashWithSalt` port
+      `Prelude.hashWithSalt` ip
+
+instance Prelude.NFData TargetAddress where
+  rnf TargetAddress' {..} =
+    Prelude.rnf port `Prelude.seq` Prelude.rnf ip
+
+instance Data.ToJSON TargetAddress where
+  toJSON TargetAddress' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Port" Data..=) Prelude.<$> port,
+            Prelude.Just ("Ip" Data..= ip)
+          ]
+      )
diff --git a/gen/Amazonka/Route53Resolver/Types/Validation.hs b/gen/Amazonka/Route53Resolver/Types/Validation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Types/Validation.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Types.Validation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Types.Validation
+  ( Validation
+      ( ..,
+        Validation_DISABLE,
+        Validation_ENABLE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Validation = Validation'
+  { fromValidation ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Validation_DISABLE :: Validation
+pattern Validation_DISABLE = Validation' "DISABLE"
+
+pattern Validation_ENABLE :: Validation
+pattern Validation_ENABLE = Validation' "ENABLE"
+
+{-# COMPLETE
+  Validation_DISABLE,
+  Validation_ENABLE,
+  Validation'
+  #-}
diff --git a/gen/Amazonka/Route53Resolver/UntagResource.hs b/gen/Amazonka/Route53Resolver/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UntagResource.hs
@@ -0,0 +1,213 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes one or more tags from a specified resource.
+module Amazonka.Route53Resolver.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceArn,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The Amazon Resource Name (ARN) for the resource that you want to remove
+    -- tags from. To get the ARN for a resource, use the applicable @Get@ or
+    -- @List@ command:
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html GetResolverRule>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRuleAssociation.html GetResolverRuleAssociation>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>
+    --
+    -- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>
+    resourceArn :: Prelude.Text,
+    -- | The tags that you want to remove to the specified resource.
+    tagKeys :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'untagResource_resourceArn' - The Amazon Resource Name (ARN) for the resource that you want to remove
+-- tags from. To get the ARN for a resource, use the applicable @Get@ or
+-- @List@ command:
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html GetResolverRule>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRuleAssociation.html GetResolverRuleAssociation>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>
+--
+-- 'tagKeys', 'untagResource_tagKeys' - The tags that you want to remove to the specified resource.
+newUntagResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  UntagResource
+newUntagResource pResourceArn_ =
+  UntagResource'
+    { resourceArn = pResourceArn_,
+      tagKeys = Prelude.mempty
+    }
+
+-- | The Amazon Resource Name (ARN) for the resource that you want to remove
+-- tags from. To get the ARN for a resource, use the applicable @Get@ or
+-- @List@ command:
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverEndpoint.html GetResolverEndpoint>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRule.html GetResolverRule>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_GetResolverRuleAssociation.html GetResolverRuleAssociation>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverEndpoints.html ListResolverEndpoints>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRuleAssociations.html ListResolverRuleAssociations>
+--
+-- -   <https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53resolver_ListResolverRules.html ListResolverRules>
+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)
+
+-- | The tags that you want to remove to the specified resource.
+untagResource_tagKeys :: Lens.Lens' UntagResource [Prelude.Text]
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UntagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UntagResource where
+  toJSON UntagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just ("TagKeys" Data..= tagKeys)
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UntagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateFirewallConfig.hs b/gen/Amazonka/Route53Resolver/UpdateFirewallConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateFirewallConfig.hs
@@ -0,0 +1,235 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateFirewallConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the configuration of the firewall behavior provided by DNS
+-- Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon
+-- VPC).
+module Amazonka.Route53Resolver.UpdateFirewallConfig
+  ( -- * Creating a Request
+    UpdateFirewallConfig (..),
+    newUpdateFirewallConfig,
+
+    -- * Request Lenses
+    updateFirewallConfig_resourceId,
+    updateFirewallConfig_firewallFailOpen,
+
+    -- * Destructuring the Response
+    UpdateFirewallConfigResponse (..),
+    newUpdateFirewallConfigResponse,
+
+    -- * Response Lenses
+    updateFirewallConfigResponse_firewallConfig,
+    updateFirewallConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateFirewallConfig' smart constructor.
+data UpdateFirewallConfig = UpdateFirewallConfig'
+  { -- | The ID of the VPC that the configuration is for.
+    resourceId :: Prelude.Text,
+    -- | Determines how Route 53 Resolver handles queries during failures, for
+    -- example when all traffic that is sent to DNS Firewall fails to receive a
+    -- reply.
+    --
+    -- -   By default, fail open is disabled, which means the failure mode is
+    --     closed. This approach favors security over availability. DNS
+    --     Firewall blocks queries that it is unable to evaluate properly.
+    --
+    -- -   If you enable this option, the failure mode is open. This approach
+    --     favors availability over security. DNS Firewall allows queries to
+    --     proceed if it is unable to properly evaluate them.
+    --
+    -- This behavior is only enforced for VPCs that have at least one DNS
+    -- Firewall rule group association.
+    firewallFailOpen :: FirewallFailOpenStatus
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceId', 'updateFirewallConfig_resourceId' - The ID of the VPC that the configuration is for.
+--
+-- 'firewallFailOpen', 'updateFirewallConfig_firewallFailOpen' - Determines how Route 53 Resolver handles queries during failures, for
+-- example when all traffic that is sent to DNS Firewall fails to receive a
+-- reply.
+--
+-- -   By default, fail open is disabled, which means the failure mode is
+--     closed. This approach favors security over availability. DNS
+--     Firewall blocks queries that it is unable to evaluate properly.
+--
+-- -   If you enable this option, the failure mode is open. This approach
+--     favors availability over security. DNS Firewall allows queries to
+--     proceed if it is unable to properly evaluate them.
+--
+-- This behavior is only enforced for VPCs that have at least one DNS
+-- Firewall rule group association.
+newUpdateFirewallConfig ::
+  -- | 'resourceId'
+  Prelude.Text ->
+  -- | 'firewallFailOpen'
+  FirewallFailOpenStatus ->
+  UpdateFirewallConfig
+newUpdateFirewallConfig
+  pResourceId_
+  pFirewallFailOpen_ =
+    UpdateFirewallConfig'
+      { resourceId = pResourceId_,
+        firewallFailOpen = pFirewallFailOpen_
+      }
+
+-- | The ID of the VPC that the configuration is for.
+updateFirewallConfig_resourceId :: Lens.Lens' UpdateFirewallConfig Prelude.Text
+updateFirewallConfig_resourceId = Lens.lens (\UpdateFirewallConfig' {resourceId} -> resourceId) (\s@UpdateFirewallConfig' {} a -> s {resourceId = a} :: UpdateFirewallConfig)
+
+-- | Determines how Route 53 Resolver handles queries during failures, for
+-- example when all traffic that is sent to DNS Firewall fails to receive a
+-- reply.
+--
+-- -   By default, fail open is disabled, which means the failure mode is
+--     closed. This approach favors security over availability. DNS
+--     Firewall blocks queries that it is unable to evaluate properly.
+--
+-- -   If you enable this option, the failure mode is open. This approach
+--     favors availability over security. DNS Firewall allows queries to
+--     proceed if it is unable to properly evaluate them.
+--
+-- This behavior is only enforced for VPCs that have at least one DNS
+-- Firewall rule group association.
+updateFirewallConfig_firewallFailOpen :: Lens.Lens' UpdateFirewallConfig FirewallFailOpenStatus
+updateFirewallConfig_firewallFailOpen = Lens.lens (\UpdateFirewallConfig' {firewallFailOpen} -> firewallFailOpen) (\s@UpdateFirewallConfig' {} a -> s {firewallFailOpen = a} :: UpdateFirewallConfig)
+
+instance Core.AWSRequest UpdateFirewallConfig where
+  type
+    AWSResponse UpdateFirewallConfig =
+      UpdateFirewallConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateFirewallConfigResponse'
+            Prelude.<$> (x Data..?> "FirewallConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateFirewallConfig where
+  hashWithSalt _salt UpdateFirewallConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceId
+      `Prelude.hashWithSalt` firewallFailOpen
+
+instance Prelude.NFData UpdateFirewallConfig where
+  rnf UpdateFirewallConfig' {..} =
+    Prelude.rnf resourceId
+      `Prelude.seq` Prelude.rnf firewallFailOpen
+
+instance Data.ToHeaders UpdateFirewallConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateFirewallConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFirewallConfig where
+  toJSON UpdateFirewallConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceId" Data..= resourceId),
+            Prelude.Just
+              ("FirewallFailOpen" Data..= firewallFailOpen)
+          ]
+      )
+
+instance Data.ToPath UpdateFirewallConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateFirewallConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFirewallConfigResponse' smart constructor.
+data UpdateFirewallConfigResponse = UpdateFirewallConfigResponse'
+  { -- | Configuration of the firewall behavior provided by DNS Firewall for a
+    -- single VPC.
+    firewallConfig :: Prelude.Maybe FirewallConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallConfig', 'updateFirewallConfigResponse_firewallConfig' - Configuration of the firewall behavior provided by DNS Firewall for a
+-- single VPC.
+--
+-- 'httpStatus', 'updateFirewallConfigResponse_httpStatus' - The response's http status code.
+newUpdateFirewallConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateFirewallConfigResponse
+newUpdateFirewallConfigResponse pHttpStatus_ =
+  UpdateFirewallConfigResponse'
+    { firewallConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Configuration of the firewall behavior provided by DNS Firewall for a
+-- single VPC.
+updateFirewallConfigResponse_firewallConfig :: Lens.Lens' UpdateFirewallConfigResponse (Prelude.Maybe FirewallConfig)
+updateFirewallConfigResponse_firewallConfig = Lens.lens (\UpdateFirewallConfigResponse' {firewallConfig} -> firewallConfig) (\s@UpdateFirewallConfigResponse' {} a -> s {firewallConfig = a} :: UpdateFirewallConfigResponse)
+
+-- | The response's http status code.
+updateFirewallConfigResponse_httpStatus :: Lens.Lens' UpdateFirewallConfigResponse Prelude.Int
+updateFirewallConfigResponse_httpStatus = Lens.lens (\UpdateFirewallConfigResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallConfigResponse' {} a -> s {httpStatus = a} :: UpdateFirewallConfigResponse)
+
+instance Prelude.NFData UpdateFirewallConfigResponse where
+  rnf UpdateFirewallConfigResponse' {..} =
+    Prelude.rnf firewallConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateFirewallDomains.hs b/gen/Amazonka/Route53Resolver/UpdateFirewallDomains.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateFirewallDomains.hs
@@ -0,0 +1,301 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateFirewallDomains
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the firewall domain list from an array of domain specifications.
+module Amazonka.Route53Resolver.UpdateFirewallDomains
+  ( -- * Creating a Request
+    UpdateFirewallDomains (..),
+    newUpdateFirewallDomains,
+
+    -- * Request Lenses
+    updateFirewallDomains_firewallDomainListId,
+    updateFirewallDomains_operation,
+    updateFirewallDomains_domains,
+
+    -- * Destructuring the Response
+    UpdateFirewallDomainsResponse (..),
+    newUpdateFirewallDomainsResponse,
+
+    -- * Response Lenses
+    updateFirewallDomainsResponse_id,
+    updateFirewallDomainsResponse_name,
+    updateFirewallDomainsResponse_status,
+    updateFirewallDomainsResponse_statusMessage,
+    updateFirewallDomainsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateFirewallDomains' smart constructor.
+data UpdateFirewallDomains = UpdateFirewallDomains'
+  { -- | The ID of the domain list whose domains you want to update.
+    firewallDomainListId :: Prelude.Text,
+    -- | What you want DNS Firewall to do with the domains that you are
+    -- providing:
+    --
+    -- -   @ADD@ - Add the domains to the ones that are already in the domain
+    --     list.
+    --
+    -- -   @REMOVE@ - Search the domain list for the domains and remove them
+    --     from the list.
+    --
+    -- -   @REPLACE@ - Update the domain list to exactly match the list that
+    --     you are providing.
+    operation :: FirewallDomainUpdateOperation,
+    -- | A list of domains to use in the update operation.
+    --
+    -- Each domain specification in your domain list must satisfy the following
+    -- requirements:
+    --
+    -- -   It can optionally start with @*@ (asterisk).
+    --
+    -- -   With the exception of the optional starting asterisk, it must only
+    --     contain the following characters: @A-Z@, @a-z@, @0-9@, @-@ (hyphen).
+    --
+    -- -   It must be from 1-255 characters in length.
+    domains :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallDomains' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallDomainListId', 'updateFirewallDomains_firewallDomainListId' - The ID of the domain list whose domains you want to update.
+--
+-- 'operation', 'updateFirewallDomains_operation' - What you want DNS Firewall to do with the domains that you are
+-- providing:
+--
+-- -   @ADD@ - Add the domains to the ones that are already in the domain
+--     list.
+--
+-- -   @REMOVE@ - Search the domain list for the domains and remove them
+--     from the list.
+--
+-- -   @REPLACE@ - Update the domain list to exactly match the list that
+--     you are providing.
+--
+-- 'domains', 'updateFirewallDomains_domains' - A list of domains to use in the update operation.
+--
+-- Each domain specification in your domain list must satisfy the following
+-- requirements:
+--
+-- -   It can optionally start with @*@ (asterisk).
+--
+-- -   With the exception of the optional starting asterisk, it must only
+--     contain the following characters: @A-Z@, @a-z@, @0-9@, @-@ (hyphen).
+--
+-- -   It must be from 1-255 characters in length.
+newUpdateFirewallDomains ::
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  -- | 'operation'
+  FirewallDomainUpdateOperation ->
+  UpdateFirewallDomains
+newUpdateFirewallDomains
+  pFirewallDomainListId_
+  pOperation_ =
+    UpdateFirewallDomains'
+      { firewallDomainListId =
+          pFirewallDomainListId_,
+        operation = pOperation_,
+        domains = Prelude.mempty
+      }
+
+-- | The ID of the domain list whose domains you want to update.
+updateFirewallDomains_firewallDomainListId :: Lens.Lens' UpdateFirewallDomains Prelude.Text
+updateFirewallDomains_firewallDomainListId = Lens.lens (\UpdateFirewallDomains' {firewallDomainListId} -> firewallDomainListId) (\s@UpdateFirewallDomains' {} a -> s {firewallDomainListId = a} :: UpdateFirewallDomains)
+
+-- | What you want DNS Firewall to do with the domains that you are
+-- providing:
+--
+-- -   @ADD@ - Add the domains to the ones that are already in the domain
+--     list.
+--
+-- -   @REMOVE@ - Search the domain list for the domains and remove them
+--     from the list.
+--
+-- -   @REPLACE@ - Update the domain list to exactly match the list that
+--     you are providing.
+updateFirewallDomains_operation :: Lens.Lens' UpdateFirewallDomains FirewallDomainUpdateOperation
+updateFirewallDomains_operation = Lens.lens (\UpdateFirewallDomains' {operation} -> operation) (\s@UpdateFirewallDomains' {} a -> s {operation = a} :: UpdateFirewallDomains)
+
+-- | A list of domains to use in the update operation.
+--
+-- Each domain specification in your domain list must satisfy the following
+-- requirements:
+--
+-- -   It can optionally start with @*@ (asterisk).
+--
+-- -   With the exception of the optional starting asterisk, it must only
+--     contain the following characters: @A-Z@, @a-z@, @0-9@, @-@ (hyphen).
+--
+-- -   It must be from 1-255 characters in length.
+updateFirewallDomains_domains :: Lens.Lens' UpdateFirewallDomains [Prelude.Text]
+updateFirewallDomains_domains = Lens.lens (\UpdateFirewallDomains' {domains} -> domains) (\s@UpdateFirewallDomains' {} a -> s {domains = a} :: UpdateFirewallDomains) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UpdateFirewallDomains where
+  type
+    AWSResponse UpdateFirewallDomains =
+      UpdateFirewallDomainsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateFirewallDomainsResponse'
+            Prelude.<$> (x Data..?> "Id")
+            Prelude.<*> (x Data..?> "Name")
+            Prelude.<*> (x Data..?> "Status")
+            Prelude.<*> (x Data..?> "StatusMessage")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateFirewallDomains where
+  hashWithSalt _salt UpdateFirewallDomains' {..} =
+    _salt
+      `Prelude.hashWithSalt` firewallDomainListId
+      `Prelude.hashWithSalt` operation
+      `Prelude.hashWithSalt` domains
+
+instance Prelude.NFData UpdateFirewallDomains where
+  rnf UpdateFirewallDomains' {..} =
+    Prelude.rnf firewallDomainListId
+      `Prelude.seq` Prelude.rnf operation
+      `Prelude.seq` Prelude.rnf domains
+
+instance Data.ToHeaders UpdateFirewallDomains where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateFirewallDomains" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFirewallDomains where
+  toJSON UpdateFirewallDomains' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              ),
+            Prelude.Just ("Operation" Data..= operation),
+            Prelude.Just ("Domains" Data..= domains)
+          ]
+      )
+
+instance Data.ToPath UpdateFirewallDomains where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateFirewallDomains where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFirewallDomainsResponse' smart constructor.
+data UpdateFirewallDomainsResponse = UpdateFirewallDomainsResponse'
+  { -- | The ID of the firewall domain list that DNS Firewall just updated.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the domain list.
+    name :: Prelude.Maybe Prelude.Text,
+    status :: Prelude.Maybe FirewallDomainListStatus,
+    -- | Additional information about the status of the list, if available.
+    statusMessage :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallDomainsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'id', 'updateFirewallDomainsResponse_id' - The ID of the firewall domain list that DNS Firewall just updated.
+--
+-- 'name', 'updateFirewallDomainsResponse_name' - The name of the domain list.
+--
+-- 'status', 'updateFirewallDomainsResponse_status' -
+--
+-- 'statusMessage', 'updateFirewallDomainsResponse_statusMessage' - Additional information about the status of the list, if available.
+--
+-- 'httpStatus', 'updateFirewallDomainsResponse_httpStatus' - The response's http status code.
+newUpdateFirewallDomainsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateFirewallDomainsResponse
+newUpdateFirewallDomainsResponse pHttpStatus_ =
+  UpdateFirewallDomainsResponse'
+    { id =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      status = Prelude.Nothing,
+      statusMessage = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The ID of the firewall domain list that DNS Firewall just updated.
+updateFirewallDomainsResponse_id :: Lens.Lens' UpdateFirewallDomainsResponse (Prelude.Maybe Prelude.Text)
+updateFirewallDomainsResponse_id = Lens.lens (\UpdateFirewallDomainsResponse' {id} -> id) (\s@UpdateFirewallDomainsResponse' {} a -> s {id = a} :: UpdateFirewallDomainsResponse)
+
+-- | The name of the domain list.
+updateFirewallDomainsResponse_name :: Lens.Lens' UpdateFirewallDomainsResponse (Prelude.Maybe Prelude.Text)
+updateFirewallDomainsResponse_name = Lens.lens (\UpdateFirewallDomainsResponse' {name} -> name) (\s@UpdateFirewallDomainsResponse' {} a -> s {name = a} :: UpdateFirewallDomainsResponse)
+
+updateFirewallDomainsResponse_status :: Lens.Lens' UpdateFirewallDomainsResponse (Prelude.Maybe FirewallDomainListStatus)
+updateFirewallDomainsResponse_status = Lens.lens (\UpdateFirewallDomainsResponse' {status} -> status) (\s@UpdateFirewallDomainsResponse' {} a -> s {status = a} :: UpdateFirewallDomainsResponse)
+
+-- | Additional information about the status of the list, if available.
+updateFirewallDomainsResponse_statusMessage :: Lens.Lens' UpdateFirewallDomainsResponse (Prelude.Maybe Prelude.Text)
+updateFirewallDomainsResponse_statusMessage = Lens.lens (\UpdateFirewallDomainsResponse' {statusMessage} -> statusMessage) (\s@UpdateFirewallDomainsResponse' {} a -> s {statusMessage = a} :: UpdateFirewallDomainsResponse)
+
+-- | The response's http status code.
+updateFirewallDomainsResponse_httpStatus :: Lens.Lens' UpdateFirewallDomainsResponse Prelude.Int
+updateFirewallDomainsResponse_httpStatus = Lens.lens (\UpdateFirewallDomainsResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallDomainsResponse' {} a -> s {httpStatus = a} :: UpdateFirewallDomainsResponse)
+
+instance Prelude.NFData UpdateFirewallDomainsResponse where
+  rnf UpdateFirewallDomainsResponse' {..} =
+    Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf status
+      `Prelude.seq` Prelude.rnf statusMessage
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateFirewallRule.hs b/gen/Amazonka/Route53Resolver/UpdateFirewallRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateFirewallRule.hs
@@ -0,0 +1,384 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateFirewallRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the specified firewall rule.
+module Amazonka.Route53Resolver.UpdateFirewallRule
+  ( -- * Creating a Request
+    UpdateFirewallRule (..),
+    newUpdateFirewallRule,
+
+    -- * Request Lenses
+    updateFirewallRule_action,
+    updateFirewallRule_blockOverrideDnsType,
+    updateFirewallRule_blockOverrideDomain,
+    updateFirewallRule_blockOverrideTtl,
+    updateFirewallRule_blockResponse,
+    updateFirewallRule_name,
+    updateFirewallRule_priority,
+    updateFirewallRule_firewallRuleGroupId,
+    updateFirewallRule_firewallDomainListId,
+
+    -- * Destructuring the Response
+    UpdateFirewallRuleResponse (..),
+    newUpdateFirewallRuleResponse,
+
+    -- * Response Lenses
+    updateFirewallRuleResponse_firewallRule,
+    updateFirewallRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateFirewallRule' smart constructor.
+data UpdateFirewallRule = UpdateFirewallRule'
+  { -- | The action that DNS Firewall should take on a DNS query when it matches
+    -- one of the domains in the rule\'s domain list:
+    --
+    -- -   @ALLOW@ - Permit the request to go through.
+    --
+    -- -   @ALERT@ - Permit the request to go through but send an alert to the
+    --     logs.
+    --
+    -- -   @BLOCK@ - Disallow the request. This option requires additional
+    --     details in the rule\'s @BlockResponse@.
+    action :: Prelude.Maybe Action,
+    -- | The DNS record\'s type. This determines the format of the record value
+    -- that you provided in @BlockOverrideDomain@. Used for the rule action
+    -- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    blockOverrideDnsType :: Prelude.Maybe BlockOverrideDnsType,
+    -- | The custom DNS record to send back in response to the query. Used for
+    -- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    blockOverrideDomain :: Prelude.Maybe Prelude.Text,
+    -- | The recommended amount of time, in seconds, for the DNS resolver or web
+    -- browser to cache the provided override record. Used for the rule action
+    -- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+    blockOverrideTtl :: Prelude.Maybe Prelude.Natural,
+    -- | The way that you want DNS Firewall to block the request. Used for the
+    -- rule action setting @BLOCK@.
+    --
+    -- -   @NODATA@ - Respond indicating that the query was successful, but no
+    --     response is available for it.
+    --
+    -- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+    --     query doesn\'t exist.
+    --
+    -- -   @OVERRIDE@ - Provide a custom override in the response. This option
+    --     requires custom handling details in the rule\'s @BlockOverride*@
+    --     settings.
+    blockResponse :: Prelude.Maybe BlockResponse,
+    -- | The name of the rule.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The setting that determines the processing order of the rule in the rule
+    -- group. DNS Firewall processes the rules in a rule group by order of
+    -- priority, starting from the lowest setting.
+    --
+    -- You must specify a unique priority for each rule in a rule group. To
+    -- make it easier to insert rules later, leave space between the numbers,
+    -- for example, use 100, 200, and so on. You can change the priority
+    -- setting for the rules in a rule group at any time.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The unique identifier of the firewall rule group for the rule.
+    firewallRuleGroupId :: Prelude.Text,
+    -- | The ID of the domain list to use in the rule.
+    firewallDomainListId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'updateFirewallRule_action' - The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request to go through but send an alert to the
+--     logs.
+--
+-- -   @BLOCK@ - Disallow the request. This option requires additional
+--     details in the rule\'s @BlockResponse@.
+--
+-- 'blockOverrideDnsType', 'updateFirewallRule_blockOverrideDnsType' - The DNS record\'s type. This determines the format of the record value
+-- that you provided in @BlockOverrideDomain@. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- 'blockOverrideDomain', 'updateFirewallRule_blockOverrideDomain' - The custom DNS record to send back in response to the query. Used for
+-- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- 'blockOverrideTtl', 'updateFirewallRule_blockOverrideTtl' - The recommended amount of time, in seconds, for the DNS resolver or web
+-- browser to cache the provided override record. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+--
+-- 'blockResponse', 'updateFirewallRule_blockResponse' - The way that you want DNS Firewall to block the request. Used for the
+-- rule action setting @BLOCK@.
+--
+-- -   @NODATA@ - Respond indicating that the query was successful, but no
+--     response is available for it.
+--
+-- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+--     query doesn\'t exist.
+--
+-- -   @OVERRIDE@ - Provide a custom override in the response. This option
+--     requires custom handling details in the rule\'s @BlockOverride*@
+--     settings.
+--
+-- 'name', 'updateFirewallRule_name' - The name of the rule.
+--
+-- 'priority', 'updateFirewallRule_priority' - The setting that determines the processing order of the rule in the rule
+-- group. DNS Firewall processes the rules in a rule group by order of
+-- priority, starting from the lowest setting.
+--
+-- You must specify a unique priority for each rule in a rule group. To
+-- make it easier to insert rules later, leave space between the numbers,
+-- for example, use 100, 200, and so on. You can change the priority
+-- setting for the rules in a rule group at any time.
+--
+-- 'firewallRuleGroupId', 'updateFirewallRule_firewallRuleGroupId' - The unique identifier of the firewall rule group for the rule.
+--
+-- 'firewallDomainListId', 'updateFirewallRule_firewallDomainListId' - The ID of the domain list to use in the rule.
+newUpdateFirewallRule ::
+  -- | 'firewallRuleGroupId'
+  Prelude.Text ->
+  -- | 'firewallDomainListId'
+  Prelude.Text ->
+  UpdateFirewallRule
+newUpdateFirewallRule
+  pFirewallRuleGroupId_
+  pFirewallDomainListId_ =
+    UpdateFirewallRule'
+      { action = Prelude.Nothing,
+        blockOverrideDnsType = Prelude.Nothing,
+        blockOverrideDomain = Prelude.Nothing,
+        blockOverrideTtl = Prelude.Nothing,
+        blockResponse = Prelude.Nothing,
+        name = Prelude.Nothing,
+        priority = Prelude.Nothing,
+        firewallRuleGroupId = pFirewallRuleGroupId_,
+        firewallDomainListId = pFirewallDomainListId_
+      }
+
+-- | The action that DNS Firewall should take on a DNS query when it matches
+-- one of the domains in the rule\'s domain list:
+--
+-- -   @ALLOW@ - Permit the request to go through.
+--
+-- -   @ALERT@ - Permit the request to go through but send an alert to the
+--     logs.
+--
+-- -   @BLOCK@ - Disallow the request. This option requires additional
+--     details in the rule\'s @BlockResponse@.
+updateFirewallRule_action :: Lens.Lens' UpdateFirewallRule (Prelude.Maybe Action)
+updateFirewallRule_action = Lens.lens (\UpdateFirewallRule' {action} -> action) (\s@UpdateFirewallRule' {} a -> s {action = a} :: UpdateFirewallRule)
+
+-- | The DNS record\'s type. This determines the format of the record value
+-- that you provided in @BlockOverrideDomain@. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+updateFirewallRule_blockOverrideDnsType :: Lens.Lens' UpdateFirewallRule (Prelude.Maybe BlockOverrideDnsType)
+updateFirewallRule_blockOverrideDnsType = Lens.lens (\UpdateFirewallRule' {blockOverrideDnsType} -> blockOverrideDnsType) (\s@UpdateFirewallRule' {} a -> s {blockOverrideDnsType = a} :: UpdateFirewallRule)
+
+-- | The custom DNS record to send back in response to the query. Used for
+-- the rule action @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+updateFirewallRule_blockOverrideDomain :: Lens.Lens' UpdateFirewallRule (Prelude.Maybe Prelude.Text)
+updateFirewallRule_blockOverrideDomain = Lens.lens (\UpdateFirewallRule' {blockOverrideDomain} -> blockOverrideDomain) (\s@UpdateFirewallRule' {} a -> s {blockOverrideDomain = a} :: UpdateFirewallRule)
+
+-- | The recommended amount of time, in seconds, for the DNS resolver or web
+-- browser to cache the provided override record. Used for the rule action
+-- @BLOCK@ with a @BlockResponse@ setting of @OVERRIDE@.
+updateFirewallRule_blockOverrideTtl :: Lens.Lens' UpdateFirewallRule (Prelude.Maybe Prelude.Natural)
+updateFirewallRule_blockOverrideTtl = Lens.lens (\UpdateFirewallRule' {blockOverrideTtl} -> blockOverrideTtl) (\s@UpdateFirewallRule' {} a -> s {blockOverrideTtl = a} :: UpdateFirewallRule)
+
+-- | The way that you want DNS Firewall to block the request. Used for the
+-- rule action setting @BLOCK@.
+--
+-- -   @NODATA@ - Respond indicating that the query was successful, but no
+--     response is available for it.
+--
+-- -   @NXDOMAIN@ - Respond indicating that the domain name that\'s in the
+--     query doesn\'t exist.
+--
+-- -   @OVERRIDE@ - Provide a custom override in the response. This option
+--     requires custom handling details in the rule\'s @BlockOverride*@
+--     settings.
+updateFirewallRule_blockResponse :: Lens.Lens' UpdateFirewallRule (Prelude.Maybe BlockResponse)
+updateFirewallRule_blockResponse = Lens.lens (\UpdateFirewallRule' {blockResponse} -> blockResponse) (\s@UpdateFirewallRule' {} a -> s {blockResponse = a} :: UpdateFirewallRule)
+
+-- | The name of the rule.
+updateFirewallRule_name :: Lens.Lens' UpdateFirewallRule (Prelude.Maybe Prelude.Text)
+updateFirewallRule_name = Lens.lens (\UpdateFirewallRule' {name} -> name) (\s@UpdateFirewallRule' {} a -> s {name = a} :: UpdateFirewallRule)
+
+-- | The setting that determines the processing order of the rule in the rule
+-- group. DNS Firewall processes the rules in a rule group by order of
+-- priority, starting from the lowest setting.
+--
+-- You must specify a unique priority for each rule in a rule group. To
+-- make it easier to insert rules later, leave space between the numbers,
+-- for example, use 100, 200, and so on. You can change the priority
+-- setting for the rules in a rule group at any time.
+updateFirewallRule_priority :: Lens.Lens' UpdateFirewallRule (Prelude.Maybe Prelude.Int)
+updateFirewallRule_priority = Lens.lens (\UpdateFirewallRule' {priority} -> priority) (\s@UpdateFirewallRule' {} a -> s {priority = a} :: UpdateFirewallRule)
+
+-- | The unique identifier of the firewall rule group for the rule.
+updateFirewallRule_firewallRuleGroupId :: Lens.Lens' UpdateFirewallRule Prelude.Text
+updateFirewallRule_firewallRuleGroupId = Lens.lens (\UpdateFirewallRule' {firewallRuleGroupId} -> firewallRuleGroupId) (\s@UpdateFirewallRule' {} a -> s {firewallRuleGroupId = a} :: UpdateFirewallRule)
+
+-- | The ID of the domain list to use in the rule.
+updateFirewallRule_firewallDomainListId :: Lens.Lens' UpdateFirewallRule Prelude.Text
+updateFirewallRule_firewallDomainListId = Lens.lens (\UpdateFirewallRule' {firewallDomainListId} -> firewallDomainListId) (\s@UpdateFirewallRule' {} a -> s {firewallDomainListId = a} :: UpdateFirewallRule)
+
+instance Core.AWSRequest UpdateFirewallRule where
+  type
+    AWSResponse UpdateFirewallRule =
+      UpdateFirewallRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateFirewallRuleResponse'
+            Prelude.<$> (x Data..?> "FirewallRule")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateFirewallRule where
+  hashWithSalt _salt UpdateFirewallRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` blockOverrideDnsType
+      `Prelude.hashWithSalt` blockOverrideDomain
+      `Prelude.hashWithSalt` blockOverrideTtl
+      `Prelude.hashWithSalt` blockResponse
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` firewallRuleGroupId
+      `Prelude.hashWithSalt` firewallDomainListId
+
+instance Prelude.NFData UpdateFirewallRule where
+  rnf UpdateFirewallRule' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf blockOverrideDnsType
+      `Prelude.seq` Prelude.rnf blockOverrideDomain
+      `Prelude.seq` Prelude.rnf blockOverrideTtl
+      `Prelude.seq` Prelude.rnf blockResponse
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf firewallRuleGroupId
+      `Prelude.seq` Prelude.rnf firewallDomainListId
+
+instance Data.ToHeaders UpdateFirewallRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateFirewallRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateFirewallRule where
+  toJSON UpdateFirewallRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("BlockOverrideDnsType" Data..=)
+              Prelude.<$> blockOverrideDnsType,
+            ("BlockOverrideDomain" Data..=)
+              Prelude.<$> blockOverrideDomain,
+            ("BlockOverrideTtl" Data..=)
+              Prelude.<$> blockOverrideTtl,
+            ("BlockResponse" Data..=) Prelude.<$> blockResponse,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Priority" Data..=) Prelude.<$> priority,
+            Prelude.Just
+              ("FirewallRuleGroupId" Data..= firewallRuleGroupId),
+            Prelude.Just
+              ( "FirewallDomainListId"
+                  Data..= firewallDomainListId
+              )
+          ]
+      )
+
+instance Data.ToPath UpdateFirewallRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateFirewallRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFirewallRuleResponse' smart constructor.
+data UpdateFirewallRuleResponse = UpdateFirewallRuleResponse'
+  { -- | The firewall rule that you just updated.
+    firewallRule :: Prelude.Maybe FirewallRule,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRule', 'updateFirewallRuleResponse_firewallRule' - The firewall rule that you just updated.
+--
+-- 'httpStatus', 'updateFirewallRuleResponse_httpStatus' - The response's http status code.
+newUpdateFirewallRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateFirewallRuleResponse
+newUpdateFirewallRuleResponse pHttpStatus_ =
+  UpdateFirewallRuleResponse'
+    { firewallRule =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The firewall rule that you just updated.
+updateFirewallRuleResponse_firewallRule :: Lens.Lens' UpdateFirewallRuleResponse (Prelude.Maybe FirewallRule)
+updateFirewallRuleResponse_firewallRule = Lens.lens (\UpdateFirewallRuleResponse' {firewallRule} -> firewallRule) (\s@UpdateFirewallRuleResponse' {} a -> s {firewallRule = a} :: UpdateFirewallRuleResponse)
+
+-- | The response's http status code.
+updateFirewallRuleResponse_httpStatus :: Lens.Lens' UpdateFirewallRuleResponse Prelude.Int
+updateFirewallRuleResponse_httpStatus = Lens.lens (\UpdateFirewallRuleResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallRuleResponse' {} a -> s {httpStatus = a} :: UpdateFirewallRuleResponse)
+
+instance Prelude.NFData UpdateFirewallRuleResponse where
+  rnf UpdateFirewallRuleResponse' {..} =
+    Prelude.rnf firewallRule
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateFirewallRuleGroupAssociation.hs b/gen/Amazonka/Route53Resolver/UpdateFirewallRuleGroupAssociation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateFirewallRuleGroupAssociation.hs
@@ -0,0 +1,280 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateFirewallRuleGroupAssociation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Changes the association of a FirewallRuleGroup with a VPC. The
+-- association enables DNS filtering for the VPC.
+module Amazonka.Route53Resolver.UpdateFirewallRuleGroupAssociation
+  ( -- * Creating a Request
+    UpdateFirewallRuleGroupAssociation (..),
+    newUpdateFirewallRuleGroupAssociation,
+
+    -- * Request Lenses
+    updateFirewallRuleGroupAssociation_mutationProtection,
+    updateFirewallRuleGroupAssociation_name,
+    updateFirewallRuleGroupAssociation_priority,
+    updateFirewallRuleGroupAssociation_firewallRuleGroupAssociationId,
+
+    -- * Destructuring the Response
+    UpdateFirewallRuleGroupAssociationResponse (..),
+    newUpdateFirewallRuleGroupAssociationResponse,
+
+    -- * Response Lenses
+    updateFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation,
+    updateFirewallRuleGroupAssociationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateFirewallRuleGroupAssociation' smart constructor.
+data UpdateFirewallRuleGroupAssociation = UpdateFirewallRuleGroupAssociation'
+  { -- | If enabled, this setting disallows modification or removal of the
+    -- association, to help prevent against accidentally altering DNS firewall
+    -- protections.
+    mutationProtection :: Prelude.Maybe MutationProtectionStatus,
+    -- | The name of the rule group association.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The setting that determines the processing order of the rule group among
+    -- the rule groups that you associate with the specified VPC. DNS Firewall
+    -- filters VPC traffic starting from the rule group with the lowest numeric
+    -- priority setting.
+    --
+    -- You must specify a unique priority for each rule group that you
+    -- associate with a single VPC. To make it easier to insert rule groups
+    -- later, leave space between the numbers, for example, use 100, 200, and
+    -- so on. You can change the priority setting for a rule group association
+    -- after you create it.
+    priority :: Prelude.Maybe Prelude.Int,
+    -- | The identifier of the FirewallRuleGroupAssociation.
+    firewallRuleGroupAssociationId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallRuleGroupAssociation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mutationProtection', 'updateFirewallRuleGroupAssociation_mutationProtection' - If enabled, this setting disallows modification or removal of the
+-- association, to help prevent against accidentally altering DNS firewall
+-- protections.
+--
+-- 'name', 'updateFirewallRuleGroupAssociation_name' - The name of the rule group association.
+--
+-- 'priority', 'updateFirewallRuleGroupAssociation_priority' - The setting that determines the processing order of the rule group among
+-- the rule groups that you associate with the specified VPC. DNS Firewall
+-- filters VPC traffic starting from the rule group with the lowest numeric
+-- priority setting.
+--
+-- You must specify a unique priority for each rule group that you
+-- associate with a single VPC. To make it easier to insert rule groups
+-- later, leave space between the numbers, for example, use 100, 200, and
+-- so on. You can change the priority setting for a rule group association
+-- after you create it.
+--
+-- 'firewallRuleGroupAssociationId', 'updateFirewallRuleGroupAssociation_firewallRuleGroupAssociationId' - The identifier of the FirewallRuleGroupAssociation.
+newUpdateFirewallRuleGroupAssociation ::
+  -- | 'firewallRuleGroupAssociationId'
+  Prelude.Text ->
+  UpdateFirewallRuleGroupAssociation
+newUpdateFirewallRuleGroupAssociation
+  pFirewallRuleGroupAssociationId_ =
+    UpdateFirewallRuleGroupAssociation'
+      { mutationProtection =
+          Prelude.Nothing,
+        name = Prelude.Nothing,
+        priority = Prelude.Nothing,
+        firewallRuleGroupAssociationId =
+          pFirewallRuleGroupAssociationId_
+      }
+
+-- | If enabled, this setting disallows modification or removal of the
+-- association, to help prevent against accidentally altering DNS firewall
+-- protections.
+updateFirewallRuleGroupAssociation_mutationProtection :: Lens.Lens' UpdateFirewallRuleGroupAssociation (Prelude.Maybe MutationProtectionStatus)
+updateFirewallRuleGroupAssociation_mutationProtection = Lens.lens (\UpdateFirewallRuleGroupAssociation' {mutationProtection} -> mutationProtection) (\s@UpdateFirewallRuleGroupAssociation' {} a -> s {mutationProtection = a} :: UpdateFirewallRuleGroupAssociation)
+
+-- | The name of the rule group association.
+updateFirewallRuleGroupAssociation_name :: Lens.Lens' UpdateFirewallRuleGroupAssociation (Prelude.Maybe Prelude.Text)
+updateFirewallRuleGroupAssociation_name = Lens.lens (\UpdateFirewallRuleGroupAssociation' {name} -> name) (\s@UpdateFirewallRuleGroupAssociation' {} a -> s {name = a} :: UpdateFirewallRuleGroupAssociation)
+
+-- | The setting that determines the processing order of the rule group among
+-- the rule groups that you associate with the specified VPC. DNS Firewall
+-- filters VPC traffic starting from the rule group with the lowest numeric
+-- priority setting.
+--
+-- You must specify a unique priority for each rule group that you
+-- associate with a single VPC. To make it easier to insert rule groups
+-- later, leave space between the numbers, for example, use 100, 200, and
+-- so on. You can change the priority setting for a rule group association
+-- after you create it.
+updateFirewallRuleGroupAssociation_priority :: Lens.Lens' UpdateFirewallRuleGroupAssociation (Prelude.Maybe Prelude.Int)
+updateFirewallRuleGroupAssociation_priority = Lens.lens (\UpdateFirewallRuleGroupAssociation' {priority} -> priority) (\s@UpdateFirewallRuleGroupAssociation' {} a -> s {priority = a} :: UpdateFirewallRuleGroupAssociation)
+
+-- | The identifier of the FirewallRuleGroupAssociation.
+updateFirewallRuleGroupAssociation_firewallRuleGroupAssociationId :: Lens.Lens' UpdateFirewallRuleGroupAssociation Prelude.Text
+updateFirewallRuleGroupAssociation_firewallRuleGroupAssociationId = Lens.lens (\UpdateFirewallRuleGroupAssociation' {firewallRuleGroupAssociationId} -> firewallRuleGroupAssociationId) (\s@UpdateFirewallRuleGroupAssociation' {} a -> s {firewallRuleGroupAssociationId = a} :: UpdateFirewallRuleGroupAssociation)
+
+instance
+  Core.AWSRequest
+    UpdateFirewallRuleGroupAssociation
+  where
+  type
+    AWSResponse UpdateFirewallRuleGroupAssociation =
+      UpdateFirewallRuleGroupAssociationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateFirewallRuleGroupAssociationResponse'
+            Prelude.<$> (x Data..?> "FirewallRuleGroupAssociation")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateFirewallRuleGroupAssociation
+  where
+  hashWithSalt
+    _salt
+    UpdateFirewallRuleGroupAssociation' {..} =
+      _salt
+        `Prelude.hashWithSalt` mutationProtection
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` priority
+        `Prelude.hashWithSalt` firewallRuleGroupAssociationId
+
+instance
+  Prelude.NFData
+    UpdateFirewallRuleGroupAssociation
+  where
+  rnf UpdateFirewallRuleGroupAssociation' {..} =
+    Prelude.rnf mutationProtection
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf firewallRuleGroupAssociationId
+
+instance
+  Data.ToHeaders
+    UpdateFirewallRuleGroupAssociation
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateFirewallRuleGroupAssociation" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    UpdateFirewallRuleGroupAssociation
+  where
+  toJSON UpdateFirewallRuleGroupAssociation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MutationProtection" Data..=)
+              Prelude.<$> mutationProtection,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Priority" Data..=) Prelude.<$> priority,
+            Prelude.Just
+              ( "FirewallRuleGroupAssociationId"
+                  Data..= firewallRuleGroupAssociationId
+              )
+          ]
+      )
+
+instance
+  Data.ToPath
+    UpdateFirewallRuleGroupAssociation
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    UpdateFirewallRuleGroupAssociation
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateFirewallRuleGroupAssociationResponse' smart constructor.
+data UpdateFirewallRuleGroupAssociationResponse = UpdateFirewallRuleGroupAssociationResponse'
+  { -- | The association that you just updated.
+    firewallRuleGroupAssociation :: Prelude.Maybe FirewallRuleGroupAssociation,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateFirewallRuleGroupAssociationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'firewallRuleGroupAssociation', 'updateFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation' - The association that you just updated.
+--
+-- 'httpStatus', 'updateFirewallRuleGroupAssociationResponse_httpStatus' - The response's http status code.
+newUpdateFirewallRuleGroupAssociationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateFirewallRuleGroupAssociationResponse
+newUpdateFirewallRuleGroupAssociationResponse
+  pHttpStatus_ =
+    UpdateFirewallRuleGroupAssociationResponse'
+      { firewallRuleGroupAssociation =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The association that you just updated.
+updateFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation :: Lens.Lens' UpdateFirewallRuleGroupAssociationResponse (Prelude.Maybe FirewallRuleGroupAssociation)
+updateFirewallRuleGroupAssociationResponse_firewallRuleGroupAssociation = Lens.lens (\UpdateFirewallRuleGroupAssociationResponse' {firewallRuleGroupAssociation} -> firewallRuleGroupAssociation) (\s@UpdateFirewallRuleGroupAssociationResponse' {} a -> s {firewallRuleGroupAssociation = a} :: UpdateFirewallRuleGroupAssociationResponse)
+
+-- | The response's http status code.
+updateFirewallRuleGroupAssociationResponse_httpStatus :: Lens.Lens' UpdateFirewallRuleGroupAssociationResponse Prelude.Int
+updateFirewallRuleGroupAssociationResponse_httpStatus = Lens.lens (\UpdateFirewallRuleGroupAssociationResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallRuleGroupAssociationResponse' {} a -> s {httpStatus = a} :: UpdateFirewallRuleGroupAssociationResponse)
+
+instance
+  Prelude.NFData
+    UpdateFirewallRuleGroupAssociationResponse
+  where
+  rnf UpdateFirewallRuleGroupAssociationResponse' {..} =
+    Prelude.rnf firewallRuleGroupAssociation
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateResolverConfig.hs b/gen/Amazonka/Route53Resolver/UpdateResolverConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateResolverConfig.hs
@@ -0,0 +1,221 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateResolverConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the behavior configuration of Route 53 Resolver behavior for a
+-- single VPC from Amazon Virtual Private Cloud.
+module Amazonka.Route53Resolver.UpdateResolverConfig
+  ( -- * Creating a Request
+    UpdateResolverConfig (..),
+    newUpdateResolverConfig,
+
+    -- * Request Lenses
+    updateResolverConfig_resourceId,
+    updateResolverConfig_autodefinedReverseFlag,
+
+    -- * Destructuring the Response
+    UpdateResolverConfigResponse (..),
+    newUpdateResolverConfigResponse,
+
+    -- * Response Lenses
+    updateResolverConfigResponse_resolverConfig,
+    updateResolverConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateResolverConfig' smart constructor.
+data UpdateResolverConfig = UpdateResolverConfig'
+  { -- | Resource ID of the Amazon VPC that you want to update the Resolver
+    -- configuration for.
+    resourceId :: Prelude.Text,
+    -- | Indicates whether or not the Resolver will create autodefined rules for
+    -- reverse DNS lookups. This is enabled by default. Disabling this option
+    -- will also affect EC2-Classic instances using ClassicLink. For more
+    -- information, see
+    -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html ClassicLink>
+    -- in the /Amazon EC2 guide/.
+    --
+    -- It can take some time for the status change to be completed.
+    autodefinedReverseFlag :: AutodefinedReverseFlag
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceId', 'updateResolverConfig_resourceId' - Resource ID of the Amazon VPC that you want to update the Resolver
+-- configuration for.
+--
+-- 'autodefinedReverseFlag', 'updateResolverConfig_autodefinedReverseFlag' - Indicates whether or not the Resolver will create autodefined rules for
+-- reverse DNS lookups. This is enabled by default. Disabling this option
+-- will also affect EC2-Classic instances using ClassicLink. For more
+-- information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html ClassicLink>
+-- in the /Amazon EC2 guide/.
+--
+-- It can take some time for the status change to be completed.
+newUpdateResolverConfig ::
+  -- | 'resourceId'
+  Prelude.Text ->
+  -- | 'autodefinedReverseFlag'
+  AutodefinedReverseFlag ->
+  UpdateResolverConfig
+newUpdateResolverConfig
+  pResourceId_
+  pAutodefinedReverseFlag_ =
+    UpdateResolverConfig'
+      { resourceId = pResourceId_,
+        autodefinedReverseFlag = pAutodefinedReverseFlag_
+      }
+
+-- | Resource ID of the Amazon VPC that you want to update the Resolver
+-- configuration for.
+updateResolverConfig_resourceId :: Lens.Lens' UpdateResolverConfig Prelude.Text
+updateResolverConfig_resourceId = Lens.lens (\UpdateResolverConfig' {resourceId} -> resourceId) (\s@UpdateResolverConfig' {} a -> s {resourceId = a} :: UpdateResolverConfig)
+
+-- | Indicates whether or not the Resolver will create autodefined rules for
+-- reverse DNS lookups. This is enabled by default. Disabling this option
+-- will also affect EC2-Classic instances using ClassicLink. For more
+-- information, see
+-- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html ClassicLink>
+-- in the /Amazon EC2 guide/.
+--
+-- It can take some time for the status change to be completed.
+updateResolverConfig_autodefinedReverseFlag :: Lens.Lens' UpdateResolverConfig AutodefinedReverseFlag
+updateResolverConfig_autodefinedReverseFlag = Lens.lens (\UpdateResolverConfig' {autodefinedReverseFlag} -> autodefinedReverseFlag) (\s@UpdateResolverConfig' {} a -> s {autodefinedReverseFlag = a} :: UpdateResolverConfig)
+
+instance Core.AWSRequest UpdateResolverConfig where
+  type
+    AWSResponse UpdateResolverConfig =
+      UpdateResolverConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateResolverConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateResolverConfig where
+  hashWithSalt _salt UpdateResolverConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceId
+      `Prelude.hashWithSalt` autodefinedReverseFlag
+
+instance Prelude.NFData UpdateResolverConfig where
+  rnf UpdateResolverConfig' {..} =
+    Prelude.rnf resourceId
+      `Prelude.seq` Prelude.rnf autodefinedReverseFlag
+
+instance Data.ToHeaders UpdateResolverConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateResolverConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateResolverConfig where
+  toJSON UpdateResolverConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceId" Data..= resourceId),
+            Prelude.Just
+              ( "AutodefinedReverseFlag"
+                  Data..= autodefinedReverseFlag
+              )
+          ]
+      )
+
+instance Data.ToPath UpdateResolverConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateResolverConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateResolverConfigResponse' smart constructor.
+data UpdateResolverConfigResponse = UpdateResolverConfigResponse'
+  { -- | An array that contains settings for the specified Resolver
+    -- configuration.
+    resolverConfig :: Prelude.Maybe ResolverConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverConfig', 'updateResolverConfigResponse_resolverConfig' - An array that contains settings for the specified Resolver
+-- configuration.
+--
+-- 'httpStatus', 'updateResolverConfigResponse_httpStatus' - The response's http status code.
+newUpdateResolverConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateResolverConfigResponse
+newUpdateResolverConfigResponse pHttpStatus_ =
+  UpdateResolverConfigResponse'
+    { resolverConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | An array that contains settings for the specified Resolver
+-- configuration.
+updateResolverConfigResponse_resolverConfig :: Lens.Lens' UpdateResolverConfigResponse (Prelude.Maybe ResolverConfig)
+updateResolverConfigResponse_resolverConfig = Lens.lens (\UpdateResolverConfigResponse' {resolverConfig} -> resolverConfig) (\s@UpdateResolverConfigResponse' {} a -> s {resolverConfig = a} :: UpdateResolverConfigResponse)
+
+-- | The response's http status code.
+updateResolverConfigResponse_httpStatus :: Lens.Lens' UpdateResolverConfigResponse Prelude.Int
+updateResolverConfigResponse_httpStatus = Lens.lens (\UpdateResolverConfigResponse' {httpStatus} -> httpStatus) (\s@UpdateResolverConfigResponse' {} a -> s {httpStatus = a} :: UpdateResolverConfigResponse)
+
+instance Prelude.NFData UpdateResolverConfigResponse where
+  rnf UpdateResolverConfigResponse' {..} =
+    Prelude.rnf resolverConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateResolverDnssecConfig.hs b/gen/Amazonka/Route53Resolver/UpdateResolverDnssecConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateResolverDnssecConfig.hs
@@ -0,0 +1,207 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateResolverDnssecConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates an existing DNSSEC validation configuration. If there is no
+-- existing DNSSEC validation configuration, one is created.
+module Amazonka.Route53Resolver.UpdateResolverDnssecConfig
+  ( -- * Creating a Request
+    UpdateResolverDnssecConfig (..),
+    newUpdateResolverDnssecConfig,
+
+    -- * Request Lenses
+    updateResolverDnssecConfig_resourceId,
+    updateResolverDnssecConfig_validation,
+
+    -- * Destructuring the Response
+    UpdateResolverDnssecConfigResponse (..),
+    newUpdateResolverDnssecConfigResponse,
+
+    -- * Response Lenses
+    updateResolverDnssecConfigResponse_resolverDNSSECConfig,
+    updateResolverDnssecConfigResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateResolverDnssecConfig' smart constructor.
+data UpdateResolverDnssecConfig = UpdateResolverDnssecConfig'
+  { -- | The ID of the virtual private cloud (VPC) that you\'re updating the
+    -- DNSSEC validation status for.
+    resourceId :: Prelude.Text,
+    -- | The new value that you are specifying for DNSSEC validation for the VPC.
+    -- The value can be @ENABLE@ or @DISABLE@. Be aware that it can take time
+    -- for a validation status change to be completed.
+    validation :: Validation
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverDnssecConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceId', 'updateResolverDnssecConfig_resourceId' - The ID of the virtual private cloud (VPC) that you\'re updating the
+-- DNSSEC validation status for.
+--
+-- 'validation', 'updateResolverDnssecConfig_validation' - The new value that you are specifying for DNSSEC validation for the VPC.
+-- The value can be @ENABLE@ or @DISABLE@. Be aware that it can take time
+-- for a validation status change to be completed.
+newUpdateResolverDnssecConfig ::
+  -- | 'resourceId'
+  Prelude.Text ->
+  -- | 'validation'
+  Validation ->
+  UpdateResolverDnssecConfig
+newUpdateResolverDnssecConfig
+  pResourceId_
+  pValidation_ =
+    UpdateResolverDnssecConfig'
+      { resourceId =
+          pResourceId_,
+        validation = pValidation_
+      }
+
+-- | The ID of the virtual private cloud (VPC) that you\'re updating the
+-- DNSSEC validation status for.
+updateResolverDnssecConfig_resourceId :: Lens.Lens' UpdateResolverDnssecConfig Prelude.Text
+updateResolverDnssecConfig_resourceId = Lens.lens (\UpdateResolverDnssecConfig' {resourceId} -> resourceId) (\s@UpdateResolverDnssecConfig' {} a -> s {resourceId = a} :: UpdateResolverDnssecConfig)
+
+-- | The new value that you are specifying for DNSSEC validation for the VPC.
+-- The value can be @ENABLE@ or @DISABLE@. Be aware that it can take time
+-- for a validation status change to be completed.
+updateResolverDnssecConfig_validation :: Lens.Lens' UpdateResolverDnssecConfig Validation
+updateResolverDnssecConfig_validation = Lens.lens (\UpdateResolverDnssecConfig' {validation} -> validation) (\s@UpdateResolverDnssecConfig' {} a -> s {validation = a} :: UpdateResolverDnssecConfig)
+
+instance Core.AWSRequest UpdateResolverDnssecConfig where
+  type
+    AWSResponse UpdateResolverDnssecConfig =
+      UpdateResolverDnssecConfigResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateResolverDnssecConfigResponse'
+            Prelude.<$> (x Data..?> "ResolverDNSSECConfig")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateResolverDnssecConfig where
+  hashWithSalt _salt UpdateResolverDnssecConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceId
+      `Prelude.hashWithSalt` validation
+
+instance Prelude.NFData UpdateResolverDnssecConfig where
+  rnf UpdateResolverDnssecConfig' {..} =
+    Prelude.rnf resourceId
+      `Prelude.seq` Prelude.rnf validation
+
+instance Data.ToHeaders UpdateResolverDnssecConfig where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateResolverDnssecConfig" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateResolverDnssecConfig where
+  toJSON UpdateResolverDnssecConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceId" Data..= resourceId),
+            Prelude.Just ("Validation" Data..= validation)
+          ]
+      )
+
+instance Data.ToPath UpdateResolverDnssecConfig where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateResolverDnssecConfig where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateResolverDnssecConfigResponse' smart constructor.
+data UpdateResolverDnssecConfigResponse = UpdateResolverDnssecConfigResponse'
+  { -- | A complex type that contains settings for the specified DNSSEC
+    -- configuration.
+    resolverDNSSECConfig :: Prelude.Maybe ResolverDnssecConfig,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverDnssecConfigResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverDNSSECConfig', 'updateResolverDnssecConfigResponse_resolverDNSSECConfig' - A complex type that contains settings for the specified DNSSEC
+-- configuration.
+--
+-- 'httpStatus', 'updateResolverDnssecConfigResponse_httpStatus' - The response's http status code.
+newUpdateResolverDnssecConfigResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateResolverDnssecConfigResponse
+newUpdateResolverDnssecConfigResponse pHttpStatus_ =
+  UpdateResolverDnssecConfigResponse'
+    { resolverDNSSECConfig =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A complex type that contains settings for the specified DNSSEC
+-- configuration.
+updateResolverDnssecConfigResponse_resolverDNSSECConfig :: Lens.Lens' UpdateResolverDnssecConfigResponse (Prelude.Maybe ResolverDnssecConfig)
+updateResolverDnssecConfigResponse_resolverDNSSECConfig = Lens.lens (\UpdateResolverDnssecConfigResponse' {resolverDNSSECConfig} -> resolverDNSSECConfig) (\s@UpdateResolverDnssecConfigResponse' {} a -> s {resolverDNSSECConfig = a} :: UpdateResolverDnssecConfigResponse)
+
+-- | The response's http status code.
+updateResolverDnssecConfigResponse_httpStatus :: Lens.Lens' UpdateResolverDnssecConfigResponse Prelude.Int
+updateResolverDnssecConfigResponse_httpStatus = Lens.lens (\UpdateResolverDnssecConfigResponse' {httpStatus} -> httpStatus) (\s@UpdateResolverDnssecConfigResponse' {} a -> s {httpStatus = a} :: UpdateResolverDnssecConfigResponse)
+
+instance
+  Prelude.NFData
+    UpdateResolverDnssecConfigResponse
+  where
+  rnf UpdateResolverDnssecConfigResponse' {..} =
+    Prelude.rnf resolverDNSSECConfig
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateResolverEndpoint.hs b/gen/Amazonka/Route53Resolver/UpdateResolverEndpoint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateResolverEndpoint.hs
@@ -0,0 +1,190 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateResolverEndpoint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the name of an inbound or an outbound Resolver endpoint.
+module Amazonka.Route53Resolver.UpdateResolverEndpoint
+  ( -- * Creating a Request
+    UpdateResolverEndpoint (..),
+    newUpdateResolverEndpoint,
+
+    -- * Request Lenses
+    updateResolverEndpoint_name,
+    updateResolverEndpoint_resolverEndpointId,
+
+    -- * Destructuring the Response
+    UpdateResolverEndpointResponse (..),
+    newUpdateResolverEndpointResponse,
+
+    -- * Response Lenses
+    updateResolverEndpointResponse_resolverEndpoint,
+    updateResolverEndpointResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateResolverEndpoint' smart constructor.
+data UpdateResolverEndpoint = UpdateResolverEndpoint'
+  { -- | The name of the Resolver endpoint that you want to update.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ID of the Resolver endpoint that you want to update.
+    resolverEndpointId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverEndpoint' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'updateResolverEndpoint_name' - The name of the Resolver endpoint that you want to update.
+--
+-- 'resolverEndpointId', 'updateResolverEndpoint_resolverEndpointId' - The ID of the Resolver endpoint that you want to update.
+newUpdateResolverEndpoint ::
+  -- | 'resolverEndpointId'
+  Prelude.Text ->
+  UpdateResolverEndpoint
+newUpdateResolverEndpoint pResolverEndpointId_ =
+  UpdateResolverEndpoint'
+    { name = Prelude.Nothing,
+      resolverEndpointId = pResolverEndpointId_
+    }
+
+-- | The name of the Resolver endpoint that you want to update.
+updateResolverEndpoint_name :: Lens.Lens' UpdateResolverEndpoint (Prelude.Maybe Prelude.Text)
+updateResolverEndpoint_name = Lens.lens (\UpdateResolverEndpoint' {name} -> name) (\s@UpdateResolverEndpoint' {} a -> s {name = a} :: UpdateResolverEndpoint)
+
+-- | The ID of the Resolver endpoint that you want to update.
+updateResolverEndpoint_resolverEndpointId :: Lens.Lens' UpdateResolverEndpoint Prelude.Text
+updateResolverEndpoint_resolverEndpointId = Lens.lens (\UpdateResolverEndpoint' {resolverEndpointId} -> resolverEndpointId) (\s@UpdateResolverEndpoint' {} a -> s {resolverEndpointId = a} :: UpdateResolverEndpoint)
+
+instance Core.AWSRequest UpdateResolverEndpoint where
+  type
+    AWSResponse UpdateResolverEndpoint =
+      UpdateResolverEndpointResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateResolverEndpointResponse'
+            Prelude.<$> (x Data..?> "ResolverEndpoint")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateResolverEndpoint where
+  hashWithSalt _salt UpdateResolverEndpoint' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` resolverEndpointId
+
+instance Prelude.NFData UpdateResolverEndpoint where
+  rnf UpdateResolverEndpoint' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf resolverEndpointId
+
+instance Data.ToHeaders UpdateResolverEndpoint where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateResolverEndpoint" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateResolverEndpoint where
+  toJSON UpdateResolverEndpoint' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Name" Data..=) Prelude.<$> name,
+            Prelude.Just
+              ("ResolverEndpointId" Data..= resolverEndpointId)
+          ]
+      )
+
+instance Data.ToPath UpdateResolverEndpoint where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateResolverEndpoint where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateResolverEndpointResponse' smart constructor.
+data UpdateResolverEndpointResponse = UpdateResolverEndpointResponse'
+  { -- | The response to an @UpdateResolverEndpoint@ request.
+    resolverEndpoint :: Prelude.Maybe ResolverEndpoint,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverEndpointResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverEndpoint', 'updateResolverEndpointResponse_resolverEndpoint' - The response to an @UpdateResolverEndpoint@ request.
+--
+-- 'httpStatus', 'updateResolverEndpointResponse_httpStatus' - The response's http status code.
+newUpdateResolverEndpointResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateResolverEndpointResponse
+newUpdateResolverEndpointResponse pHttpStatus_ =
+  UpdateResolverEndpointResponse'
+    { resolverEndpoint =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The response to an @UpdateResolverEndpoint@ request.
+updateResolverEndpointResponse_resolverEndpoint :: Lens.Lens' UpdateResolverEndpointResponse (Prelude.Maybe ResolverEndpoint)
+updateResolverEndpointResponse_resolverEndpoint = Lens.lens (\UpdateResolverEndpointResponse' {resolverEndpoint} -> resolverEndpoint) (\s@UpdateResolverEndpointResponse' {} a -> s {resolverEndpoint = a} :: UpdateResolverEndpointResponse)
+
+-- | The response's http status code.
+updateResolverEndpointResponse_httpStatus :: Lens.Lens' UpdateResolverEndpointResponse Prelude.Int
+updateResolverEndpointResponse_httpStatus = Lens.lens (\UpdateResolverEndpointResponse' {httpStatus} -> httpStatus) (\s@UpdateResolverEndpointResponse' {} a -> s {httpStatus = a} :: UpdateResolverEndpointResponse)
+
+instance
+  Prelude.NFData
+    UpdateResolverEndpointResponse
+  where
+  rnf UpdateResolverEndpointResponse' {..} =
+    Prelude.rnf resolverEndpoint
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/UpdateResolverRule.hs b/gen/Amazonka/Route53Resolver/UpdateResolverRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/UpdateResolverRule.hs
@@ -0,0 +1,192 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.UpdateResolverRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates settings for a specified Resolver rule. @ResolverRuleId@ is
+-- required, and all other parameters are optional. If you don\'t specify a
+-- parameter, it retains its current value.
+module Amazonka.Route53Resolver.UpdateResolverRule
+  ( -- * Creating a Request
+    UpdateResolverRule (..),
+    newUpdateResolverRule,
+
+    -- * Request Lenses
+    updateResolverRule_resolverRuleId,
+    updateResolverRule_config,
+
+    -- * Destructuring the Response
+    UpdateResolverRuleResponse (..),
+    newUpdateResolverRuleResponse,
+
+    -- * Response Lenses
+    updateResolverRuleResponse_resolverRule,
+    updateResolverRuleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Route53Resolver.Types
+
+-- | /See:/ 'newUpdateResolverRule' smart constructor.
+data UpdateResolverRule = UpdateResolverRule'
+  { -- | The ID of the Resolver rule that you want to update.
+    resolverRuleId :: Prelude.Text,
+    -- | The new settings for the Resolver rule.
+    config :: ResolverRuleConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRuleId', 'updateResolverRule_resolverRuleId' - The ID of the Resolver rule that you want to update.
+--
+-- 'config', 'updateResolverRule_config' - The new settings for the Resolver rule.
+newUpdateResolverRule ::
+  -- | 'resolverRuleId'
+  Prelude.Text ->
+  -- | 'config'
+  ResolverRuleConfig ->
+  UpdateResolverRule
+newUpdateResolverRule pResolverRuleId_ pConfig_ =
+  UpdateResolverRule'
+    { resolverRuleId =
+        pResolverRuleId_,
+      config = pConfig_
+    }
+
+-- | The ID of the Resolver rule that you want to update.
+updateResolverRule_resolverRuleId :: Lens.Lens' UpdateResolverRule Prelude.Text
+updateResolverRule_resolverRuleId = Lens.lens (\UpdateResolverRule' {resolverRuleId} -> resolverRuleId) (\s@UpdateResolverRule' {} a -> s {resolverRuleId = a} :: UpdateResolverRule)
+
+-- | The new settings for the Resolver rule.
+updateResolverRule_config :: Lens.Lens' UpdateResolverRule ResolverRuleConfig
+updateResolverRule_config = Lens.lens (\UpdateResolverRule' {config} -> config) (\s@UpdateResolverRule' {} a -> s {config = a} :: UpdateResolverRule)
+
+instance Core.AWSRequest UpdateResolverRule where
+  type
+    AWSResponse UpdateResolverRule =
+      UpdateResolverRuleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateResolverRuleResponse'
+            Prelude.<$> (x Data..?> "ResolverRule")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateResolverRule where
+  hashWithSalt _salt UpdateResolverRule' {..} =
+    _salt
+      `Prelude.hashWithSalt` resolverRuleId
+      `Prelude.hashWithSalt` config
+
+instance Prelude.NFData UpdateResolverRule where
+  rnf UpdateResolverRule' {..} =
+    Prelude.rnf resolverRuleId
+      `Prelude.seq` Prelude.rnf config
+
+instance Data.ToHeaders UpdateResolverRule where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "Route53Resolver.UpdateResolverRule" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateResolverRule where
+  toJSON UpdateResolverRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ResolverRuleId" Data..= resolverRuleId),
+            Prelude.Just ("Config" Data..= config)
+          ]
+      )
+
+instance Data.ToPath UpdateResolverRule where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateResolverRule where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateResolverRuleResponse' smart constructor.
+data UpdateResolverRuleResponse = UpdateResolverRuleResponse'
+  { -- | The response to an @UpdateResolverRule@ request.
+    resolverRule :: Prelude.Maybe ResolverRule,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateResolverRuleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resolverRule', 'updateResolverRuleResponse_resolverRule' - The response to an @UpdateResolverRule@ request.
+--
+-- 'httpStatus', 'updateResolverRuleResponse_httpStatus' - The response's http status code.
+newUpdateResolverRuleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateResolverRuleResponse
+newUpdateResolverRuleResponse pHttpStatus_ =
+  UpdateResolverRuleResponse'
+    { resolverRule =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The response to an @UpdateResolverRule@ request.
+updateResolverRuleResponse_resolverRule :: Lens.Lens' UpdateResolverRuleResponse (Prelude.Maybe ResolverRule)
+updateResolverRuleResponse_resolverRule = Lens.lens (\UpdateResolverRuleResponse' {resolverRule} -> resolverRule) (\s@UpdateResolverRuleResponse' {} a -> s {resolverRule = a} :: UpdateResolverRuleResponse)
+
+-- | The response's http status code.
+updateResolverRuleResponse_httpStatus :: Lens.Lens' UpdateResolverRuleResponse Prelude.Int
+updateResolverRuleResponse_httpStatus = Lens.lens (\UpdateResolverRuleResponse' {httpStatus} -> httpStatus) (\s@UpdateResolverRuleResponse' {} a -> s {httpStatus = a} :: UpdateResolverRuleResponse)
+
+instance Prelude.NFData UpdateResolverRuleResponse where
+  rnf UpdateResolverRuleResponse' {..} =
+    Prelude.rnf resolverRule
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Route53Resolver/Waiters.hs b/gen/Amazonka/Route53Resolver/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Route53Resolver/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Route53Resolver.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Route53Resolver.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Route53Resolver.Lens
+import Amazonka.Route53Resolver.Types
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.Route53Resolver
+import Test.Amazonka.Route53Resolver.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "Route53Resolver"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/Route53Resolver.hs b/test/Test/Amazonka/Gen/Route53Resolver.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/Route53Resolver.hs
@@ -0,0 +1,1298 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.Route53Resolver
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.Route53Resolver where
+
+import Amazonka.Route53Resolver
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.Route53Resolver.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestAssociateFirewallRuleGroup $
+--             newAssociateFirewallRuleGroup
+--
+--         , requestAssociateResolverEndpointIpAddress $
+--             newAssociateResolverEndpointIpAddress
+--
+--         , requestAssociateResolverQueryLogConfig $
+--             newAssociateResolverQueryLogConfig
+--
+--         , requestAssociateResolverRule $
+--             newAssociateResolverRule
+--
+--         , requestCreateFirewallDomainList $
+--             newCreateFirewallDomainList
+--
+--         , requestCreateFirewallRule $
+--             newCreateFirewallRule
+--
+--         , requestCreateFirewallRuleGroup $
+--             newCreateFirewallRuleGroup
+--
+--         , requestCreateResolverEndpoint $
+--             newCreateResolverEndpoint
+--
+--         , requestCreateResolverQueryLogConfig $
+--             newCreateResolverQueryLogConfig
+--
+--         , requestCreateResolverRule $
+--             newCreateResolverRule
+--
+--         , requestDeleteFirewallDomainList $
+--             newDeleteFirewallDomainList
+--
+--         , requestDeleteFirewallRule $
+--             newDeleteFirewallRule
+--
+--         , requestDeleteFirewallRuleGroup $
+--             newDeleteFirewallRuleGroup
+--
+--         , requestDeleteResolverEndpoint $
+--             newDeleteResolverEndpoint
+--
+--         , requestDeleteResolverQueryLogConfig $
+--             newDeleteResolverQueryLogConfig
+--
+--         , requestDeleteResolverRule $
+--             newDeleteResolverRule
+--
+--         , requestDisassociateFirewallRuleGroup $
+--             newDisassociateFirewallRuleGroup
+--
+--         , requestDisassociateResolverEndpointIpAddress $
+--             newDisassociateResolverEndpointIpAddress
+--
+--         , requestDisassociateResolverQueryLogConfig $
+--             newDisassociateResolverQueryLogConfig
+--
+--         , requestDisassociateResolverRule $
+--             newDisassociateResolverRule
+--
+--         , requestGetFirewallConfig $
+--             newGetFirewallConfig
+--
+--         , requestGetFirewallDomainList $
+--             newGetFirewallDomainList
+--
+--         , requestGetFirewallRuleGroup $
+--             newGetFirewallRuleGroup
+--
+--         , requestGetFirewallRuleGroupAssociation $
+--             newGetFirewallRuleGroupAssociation
+--
+--         , requestGetFirewallRuleGroupPolicy $
+--             newGetFirewallRuleGroupPolicy
+--
+--         , requestGetResolverConfig $
+--             newGetResolverConfig
+--
+--         , requestGetResolverDnssecConfig $
+--             newGetResolverDnssecConfig
+--
+--         , requestGetResolverEndpoint $
+--             newGetResolverEndpoint
+--
+--         , requestGetResolverQueryLogConfig $
+--             newGetResolverQueryLogConfig
+--
+--         , requestGetResolverQueryLogConfigAssociation $
+--             newGetResolverQueryLogConfigAssociation
+--
+--         , requestGetResolverQueryLogConfigPolicy $
+--             newGetResolverQueryLogConfigPolicy
+--
+--         , requestGetResolverRule $
+--             newGetResolverRule
+--
+--         , requestGetResolverRuleAssociation $
+--             newGetResolverRuleAssociation
+--
+--         , requestGetResolverRulePolicy $
+--             newGetResolverRulePolicy
+--
+--         , requestImportFirewallDomains $
+--             newImportFirewallDomains
+--
+--         , requestListFirewallConfigs $
+--             newListFirewallConfigs
+--
+--         , requestListFirewallDomainLists $
+--             newListFirewallDomainLists
+--
+--         , requestListFirewallDomains $
+--             newListFirewallDomains
+--
+--         , requestListFirewallRuleGroupAssociations $
+--             newListFirewallRuleGroupAssociations
+--
+--         , requestListFirewallRuleGroups $
+--             newListFirewallRuleGroups
+--
+--         , requestListFirewallRules $
+--             newListFirewallRules
+--
+--         , requestListResolverConfigs $
+--             newListResolverConfigs
+--
+--         , requestListResolverDnssecConfigs $
+--             newListResolverDnssecConfigs
+--
+--         , requestListResolverEndpointIpAddresses $
+--             newListResolverEndpointIpAddresses
+--
+--         , requestListResolverEndpoints $
+--             newListResolverEndpoints
+--
+--         , requestListResolverQueryLogConfigAssociations $
+--             newListResolverQueryLogConfigAssociations
+--
+--         , requestListResolverQueryLogConfigs $
+--             newListResolverQueryLogConfigs
+--
+--         , requestListResolverRuleAssociations $
+--             newListResolverRuleAssociations
+--
+--         , requestListResolverRules $
+--             newListResolverRules
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestPutFirewallRuleGroupPolicy $
+--             newPutFirewallRuleGroupPolicy
+--
+--         , requestPutResolverQueryLogConfigPolicy $
+--             newPutResolverQueryLogConfigPolicy
+--
+--         , requestPutResolverRulePolicy $
+--             newPutResolverRulePolicy
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateFirewallConfig $
+--             newUpdateFirewallConfig
+--
+--         , requestUpdateFirewallDomains $
+--             newUpdateFirewallDomains
+--
+--         , requestUpdateFirewallRule $
+--             newUpdateFirewallRule
+--
+--         , requestUpdateFirewallRuleGroupAssociation $
+--             newUpdateFirewallRuleGroupAssociation
+--
+--         , requestUpdateResolverConfig $
+--             newUpdateResolverConfig
+--
+--         , requestUpdateResolverDnssecConfig $
+--             newUpdateResolverDnssecConfig
+--
+--         , requestUpdateResolverEndpoint $
+--             newUpdateResolverEndpoint
+--
+--         , requestUpdateResolverRule $
+--             newUpdateResolverRule
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseAssociateFirewallRuleGroup $
+--             newAssociateFirewallRuleGroupResponse
+--
+--         , responseAssociateResolverEndpointIpAddress $
+--             newAssociateResolverEndpointIpAddressResponse
+--
+--         , responseAssociateResolverQueryLogConfig $
+--             newAssociateResolverQueryLogConfigResponse
+--
+--         , responseAssociateResolverRule $
+--             newAssociateResolverRuleResponse
+--
+--         , responseCreateFirewallDomainList $
+--             newCreateFirewallDomainListResponse
+--
+--         , responseCreateFirewallRule $
+--             newCreateFirewallRuleResponse
+--
+--         , responseCreateFirewallRuleGroup $
+--             newCreateFirewallRuleGroupResponse
+--
+--         , responseCreateResolverEndpoint $
+--             newCreateResolverEndpointResponse
+--
+--         , responseCreateResolverQueryLogConfig $
+--             newCreateResolverQueryLogConfigResponse
+--
+--         , responseCreateResolverRule $
+--             newCreateResolverRuleResponse
+--
+--         , responseDeleteFirewallDomainList $
+--             newDeleteFirewallDomainListResponse
+--
+--         , responseDeleteFirewallRule $
+--             newDeleteFirewallRuleResponse
+--
+--         , responseDeleteFirewallRuleGroup $
+--             newDeleteFirewallRuleGroupResponse
+--
+--         , responseDeleteResolverEndpoint $
+--             newDeleteResolverEndpointResponse
+--
+--         , responseDeleteResolverQueryLogConfig $
+--             newDeleteResolverQueryLogConfigResponse
+--
+--         , responseDeleteResolverRule $
+--             newDeleteResolverRuleResponse
+--
+--         , responseDisassociateFirewallRuleGroup $
+--             newDisassociateFirewallRuleGroupResponse
+--
+--         , responseDisassociateResolverEndpointIpAddress $
+--             newDisassociateResolverEndpointIpAddressResponse
+--
+--         , responseDisassociateResolverQueryLogConfig $
+--             newDisassociateResolverQueryLogConfigResponse
+--
+--         , responseDisassociateResolverRule $
+--             newDisassociateResolverRuleResponse
+--
+--         , responseGetFirewallConfig $
+--             newGetFirewallConfigResponse
+--
+--         , responseGetFirewallDomainList $
+--             newGetFirewallDomainListResponse
+--
+--         , responseGetFirewallRuleGroup $
+--             newGetFirewallRuleGroupResponse
+--
+--         , responseGetFirewallRuleGroupAssociation $
+--             newGetFirewallRuleGroupAssociationResponse
+--
+--         , responseGetFirewallRuleGroupPolicy $
+--             newGetFirewallRuleGroupPolicyResponse
+--
+--         , responseGetResolverConfig $
+--             newGetResolverConfigResponse
+--
+--         , responseGetResolverDnssecConfig $
+--             newGetResolverDnssecConfigResponse
+--
+--         , responseGetResolverEndpoint $
+--             newGetResolverEndpointResponse
+--
+--         , responseGetResolverQueryLogConfig $
+--             newGetResolverQueryLogConfigResponse
+--
+--         , responseGetResolverQueryLogConfigAssociation $
+--             newGetResolverQueryLogConfigAssociationResponse
+--
+--         , responseGetResolverQueryLogConfigPolicy $
+--             newGetResolverQueryLogConfigPolicyResponse
+--
+--         , responseGetResolverRule $
+--             newGetResolverRuleResponse
+--
+--         , responseGetResolverRuleAssociation $
+--             newGetResolverRuleAssociationResponse
+--
+--         , responseGetResolverRulePolicy $
+--             newGetResolverRulePolicyResponse
+--
+--         , responseImportFirewallDomains $
+--             newImportFirewallDomainsResponse
+--
+--         , responseListFirewallConfigs $
+--             newListFirewallConfigsResponse
+--
+--         , responseListFirewallDomainLists $
+--             newListFirewallDomainListsResponse
+--
+--         , responseListFirewallDomains $
+--             newListFirewallDomainsResponse
+--
+--         , responseListFirewallRuleGroupAssociations $
+--             newListFirewallRuleGroupAssociationsResponse
+--
+--         , responseListFirewallRuleGroups $
+--             newListFirewallRuleGroupsResponse
+--
+--         , responseListFirewallRules $
+--             newListFirewallRulesResponse
+--
+--         , responseListResolverConfigs $
+--             newListResolverConfigsResponse
+--
+--         , responseListResolverDnssecConfigs $
+--             newListResolverDnssecConfigsResponse
+--
+--         , responseListResolverEndpointIpAddresses $
+--             newListResolverEndpointIpAddressesResponse
+--
+--         , responseListResolverEndpoints $
+--             newListResolverEndpointsResponse
+--
+--         , responseListResolverQueryLogConfigAssociations $
+--             newListResolverQueryLogConfigAssociationsResponse
+--
+--         , responseListResolverQueryLogConfigs $
+--             newListResolverQueryLogConfigsResponse
+--
+--         , responseListResolverRuleAssociations $
+--             newListResolverRuleAssociationsResponse
+--
+--         , responseListResolverRules $
+--             newListResolverRulesResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responsePutFirewallRuleGroupPolicy $
+--             newPutFirewallRuleGroupPolicyResponse
+--
+--         , responsePutResolverQueryLogConfigPolicy $
+--             newPutResolverQueryLogConfigPolicyResponse
+--
+--         , responsePutResolverRulePolicy $
+--             newPutResolverRulePolicyResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateFirewallConfig $
+--             newUpdateFirewallConfigResponse
+--
+--         , responseUpdateFirewallDomains $
+--             newUpdateFirewallDomainsResponse
+--
+--         , responseUpdateFirewallRule $
+--             newUpdateFirewallRuleResponse
+--
+--         , responseUpdateFirewallRuleGroupAssociation $
+--             newUpdateFirewallRuleGroupAssociationResponse
+--
+--         , responseUpdateResolverConfig $
+--             newUpdateResolverConfigResponse
+--
+--         , responseUpdateResolverDnssecConfig $
+--             newUpdateResolverDnssecConfigResponse
+--
+--         , responseUpdateResolverEndpoint $
+--             newUpdateResolverEndpointResponse
+--
+--         , responseUpdateResolverRule $
+--             newUpdateResolverRuleResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestAssociateFirewallRuleGroup :: AssociateFirewallRuleGroup -> TestTree
+requestAssociateFirewallRuleGroup =
+  req
+    "AssociateFirewallRuleGroup"
+    "fixture/AssociateFirewallRuleGroup.yaml"
+
+requestAssociateResolverEndpointIpAddress :: AssociateResolverEndpointIpAddress -> TestTree
+requestAssociateResolverEndpointIpAddress =
+  req
+    "AssociateResolverEndpointIpAddress"
+    "fixture/AssociateResolverEndpointIpAddress.yaml"
+
+requestAssociateResolverQueryLogConfig :: AssociateResolverQueryLogConfig -> TestTree
+requestAssociateResolverQueryLogConfig =
+  req
+    "AssociateResolverQueryLogConfig"
+    "fixture/AssociateResolverQueryLogConfig.yaml"
+
+requestAssociateResolverRule :: AssociateResolverRule -> TestTree
+requestAssociateResolverRule =
+  req
+    "AssociateResolverRule"
+    "fixture/AssociateResolverRule.yaml"
+
+requestCreateFirewallDomainList :: CreateFirewallDomainList -> TestTree
+requestCreateFirewallDomainList =
+  req
+    "CreateFirewallDomainList"
+    "fixture/CreateFirewallDomainList.yaml"
+
+requestCreateFirewallRule :: CreateFirewallRule -> TestTree
+requestCreateFirewallRule =
+  req
+    "CreateFirewallRule"
+    "fixture/CreateFirewallRule.yaml"
+
+requestCreateFirewallRuleGroup :: CreateFirewallRuleGroup -> TestTree
+requestCreateFirewallRuleGroup =
+  req
+    "CreateFirewallRuleGroup"
+    "fixture/CreateFirewallRuleGroup.yaml"
+
+requestCreateResolverEndpoint :: CreateResolverEndpoint -> TestTree
+requestCreateResolverEndpoint =
+  req
+    "CreateResolverEndpoint"
+    "fixture/CreateResolverEndpoint.yaml"
+
+requestCreateResolverQueryLogConfig :: CreateResolverQueryLogConfig -> TestTree
+requestCreateResolverQueryLogConfig =
+  req
+    "CreateResolverQueryLogConfig"
+    "fixture/CreateResolverQueryLogConfig.yaml"
+
+requestCreateResolverRule :: CreateResolverRule -> TestTree
+requestCreateResolverRule =
+  req
+    "CreateResolverRule"
+    "fixture/CreateResolverRule.yaml"
+
+requestDeleteFirewallDomainList :: DeleteFirewallDomainList -> TestTree
+requestDeleteFirewallDomainList =
+  req
+    "DeleteFirewallDomainList"
+    "fixture/DeleteFirewallDomainList.yaml"
+
+requestDeleteFirewallRule :: DeleteFirewallRule -> TestTree
+requestDeleteFirewallRule =
+  req
+    "DeleteFirewallRule"
+    "fixture/DeleteFirewallRule.yaml"
+
+requestDeleteFirewallRuleGroup :: DeleteFirewallRuleGroup -> TestTree
+requestDeleteFirewallRuleGroup =
+  req
+    "DeleteFirewallRuleGroup"
+    "fixture/DeleteFirewallRuleGroup.yaml"
+
+requestDeleteResolverEndpoint :: DeleteResolverEndpoint -> TestTree
+requestDeleteResolverEndpoint =
+  req
+    "DeleteResolverEndpoint"
+    "fixture/DeleteResolverEndpoint.yaml"
+
+requestDeleteResolverQueryLogConfig :: DeleteResolverQueryLogConfig -> TestTree
+requestDeleteResolverQueryLogConfig =
+  req
+    "DeleteResolverQueryLogConfig"
+    "fixture/DeleteResolverQueryLogConfig.yaml"
+
+requestDeleteResolverRule :: DeleteResolverRule -> TestTree
+requestDeleteResolverRule =
+  req
+    "DeleteResolverRule"
+    "fixture/DeleteResolverRule.yaml"
+
+requestDisassociateFirewallRuleGroup :: DisassociateFirewallRuleGroup -> TestTree
+requestDisassociateFirewallRuleGroup =
+  req
+    "DisassociateFirewallRuleGroup"
+    "fixture/DisassociateFirewallRuleGroup.yaml"
+
+requestDisassociateResolverEndpointIpAddress :: DisassociateResolverEndpointIpAddress -> TestTree
+requestDisassociateResolverEndpointIpAddress =
+  req
+    "DisassociateResolverEndpointIpAddress"
+    "fixture/DisassociateResolverEndpointIpAddress.yaml"
+
+requestDisassociateResolverQueryLogConfig :: DisassociateResolverQueryLogConfig -> TestTree
+requestDisassociateResolverQueryLogConfig =
+  req
+    "DisassociateResolverQueryLogConfig"
+    "fixture/DisassociateResolverQueryLogConfig.yaml"
+
+requestDisassociateResolverRule :: DisassociateResolverRule -> TestTree
+requestDisassociateResolverRule =
+  req
+    "DisassociateResolverRule"
+    "fixture/DisassociateResolverRule.yaml"
+
+requestGetFirewallConfig :: GetFirewallConfig -> TestTree
+requestGetFirewallConfig =
+  req
+    "GetFirewallConfig"
+    "fixture/GetFirewallConfig.yaml"
+
+requestGetFirewallDomainList :: GetFirewallDomainList -> TestTree
+requestGetFirewallDomainList =
+  req
+    "GetFirewallDomainList"
+    "fixture/GetFirewallDomainList.yaml"
+
+requestGetFirewallRuleGroup :: GetFirewallRuleGroup -> TestTree
+requestGetFirewallRuleGroup =
+  req
+    "GetFirewallRuleGroup"
+    "fixture/GetFirewallRuleGroup.yaml"
+
+requestGetFirewallRuleGroupAssociation :: GetFirewallRuleGroupAssociation -> TestTree
+requestGetFirewallRuleGroupAssociation =
+  req
+    "GetFirewallRuleGroupAssociation"
+    "fixture/GetFirewallRuleGroupAssociation.yaml"
+
+requestGetFirewallRuleGroupPolicy :: GetFirewallRuleGroupPolicy -> TestTree
+requestGetFirewallRuleGroupPolicy =
+  req
+    "GetFirewallRuleGroupPolicy"
+    "fixture/GetFirewallRuleGroupPolicy.yaml"
+
+requestGetResolverConfig :: GetResolverConfig -> TestTree
+requestGetResolverConfig =
+  req
+    "GetResolverConfig"
+    "fixture/GetResolverConfig.yaml"
+
+requestGetResolverDnssecConfig :: GetResolverDnssecConfig -> TestTree
+requestGetResolverDnssecConfig =
+  req
+    "GetResolverDnssecConfig"
+    "fixture/GetResolverDnssecConfig.yaml"
+
+requestGetResolverEndpoint :: GetResolverEndpoint -> TestTree
+requestGetResolverEndpoint =
+  req
+    "GetResolverEndpoint"
+    "fixture/GetResolverEndpoint.yaml"
+
+requestGetResolverQueryLogConfig :: GetResolverQueryLogConfig -> TestTree
+requestGetResolverQueryLogConfig =
+  req
+    "GetResolverQueryLogConfig"
+    "fixture/GetResolverQueryLogConfig.yaml"
+
+requestGetResolverQueryLogConfigAssociation :: GetResolverQueryLogConfigAssociation -> TestTree
+requestGetResolverQueryLogConfigAssociation =
+  req
+    "GetResolverQueryLogConfigAssociation"
+    "fixture/GetResolverQueryLogConfigAssociation.yaml"
+
+requestGetResolverQueryLogConfigPolicy :: GetResolverQueryLogConfigPolicy -> TestTree
+requestGetResolverQueryLogConfigPolicy =
+  req
+    "GetResolverQueryLogConfigPolicy"
+    "fixture/GetResolverQueryLogConfigPolicy.yaml"
+
+requestGetResolverRule :: GetResolverRule -> TestTree
+requestGetResolverRule =
+  req
+    "GetResolverRule"
+    "fixture/GetResolverRule.yaml"
+
+requestGetResolverRuleAssociation :: GetResolverRuleAssociation -> TestTree
+requestGetResolverRuleAssociation =
+  req
+    "GetResolverRuleAssociation"
+    "fixture/GetResolverRuleAssociation.yaml"
+
+requestGetResolverRulePolicy :: GetResolverRulePolicy -> TestTree
+requestGetResolverRulePolicy =
+  req
+    "GetResolverRulePolicy"
+    "fixture/GetResolverRulePolicy.yaml"
+
+requestImportFirewallDomains :: ImportFirewallDomains -> TestTree
+requestImportFirewallDomains =
+  req
+    "ImportFirewallDomains"
+    "fixture/ImportFirewallDomains.yaml"
+
+requestListFirewallConfigs :: ListFirewallConfigs -> TestTree
+requestListFirewallConfigs =
+  req
+    "ListFirewallConfigs"
+    "fixture/ListFirewallConfigs.yaml"
+
+requestListFirewallDomainLists :: ListFirewallDomainLists -> TestTree
+requestListFirewallDomainLists =
+  req
+    "ListFirewallDomainLists"
+    "fixture/ListFirewallDomainLists.yaml"
+
+requestListFirewallDomains :: ListFirewallDomains -> TestTree
+requestListFirewallDomains =
+  req
+    "ListFirewallDomains"
+    "fixture/ListFirewallDomains.yaml"
+
+requestListFirewallRuleGroupAssociations :: ListFirewallRuleGroupAssociations -> TestTree
+requestListFirewallRuleGroupAssociations =
+  req
+    "ListFirewallRuleGroupAssociations"
+    "fixture/ListFirewallRuleGroupAssociations.yaml"
+
+requestListFirewallRuleGroups :: ListFirewallRuleGroups -> TestTree
+requestListFirewallRuleGroups =
+  req
+    "ListFirewallRuleGroups"
+    "fixture/ListFirewallRuleGroups.yaml"
+
+requestListFirewallRules :: ListFirewallRules -> TestTree
+requestListFirewallRules =
+  req
+    "ListFirewallRules"
+    "fixture/ListFirewallRules.yaml"
+
+requestListResolverConfigs :: ListResolverConfigs -> TestTree
+requestListResolverConfigs =
+  req
+    "ListResolverConfigs"
+    "fixture/ListResolverConfigs.yaml"
+
+requestListResolverDnssecConfigs :: ListResolverDnssecConfigs -> TestTree
+requestListResolverDnssecConfigs =
+  req
+    "ListResolverDnssecConfigs"
+    "fixture/ListResolverDnssecConfigs.yaml"
+
+requestListResolverEndpointIpAddresses :: ListResolverEndpointIpAddresses -> TestTree
+requestListResolverEndpointIpAddresses =
+  req
+    "ListResolverEndpointIpAddresses"
+    "fixture/ListResolverEndpointIpAddresses.yaml"
+
+requestListResolverEndpoints :: ListResolverEndpoints -> TestTree
+requestListResolverEndpoints =
+  req
+    "ListResolverEndpoints"
+    "fixture/ListResolverEndpoints.yaml"
+
+requestListResolverQueryLogConfigAssociations :: ListResolverQueryLogConfigAssociations -> TestTree
+requestListResolverQueryLogConfigAssociations =
+  req
+    "ListResolverQueryLogConfigAssociations"
+    "fixture/ListResolverQueryLogConfigAssociations.yaml"
+
+requestListResolverQueryLogConfigs :: ListResolverQueryLogConfigs -> TestTree
+requestListResolverQueryLogConfigs =
+  req
+    "ListResolverQueryLogConfigs"
+    "fixture/ListResolverQueryLogConfigs.yaml"
+
+requestListResolverRuleAssociations :: ListResolverRuleAssociations -> TestTree
+requestListResolverRuleAssociations =
+  req
+    "ListResolverRuleAssociations"
+    "fixture/ListResolverRuleAssociations.yaml"
+
+requestListResolverRules :: ListResolverRules -> TestTree
+requestListResolverRules =
+  req
+    "ListResolverRules"
+    "fixture/ListResolverRules.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestPutFirewallRuleGroupPolicy :: PutFirewallRuleGroupPolicy -> TestTree
+requestPutFirewallRuleGroupPolicy =
+  req
+    "PutFirewallRuleGroupPolicy"
+    "fixture/PutFirewallRuleGroupPolicy.yaml"
+
+requestPutResolverQueryLogConfigPolicy :: PutResolverQueryLogConfigPolicy -> TestTree
+requestPutResolverQueryLogConfigPolicy =
+  req
+    "PutResolverQueryLogConfigPolicy"
+    "fixture/PutResolverQueryLogConfigPolicy.yaml"
+
+requestPutResolverRulePolicy :: PutResolverRulePolicy -> TestTree
+requestPutResolverRulePolicy =
+  req
+    "PutResolverRulePolicy"
+    "fixture/PutResolverRulePolicy.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateFirewallConfig :: UpdateFirewallConfig -> TestTree
+requestUpdateFirewallConfig =
+  req
+    "UpdateFirewallConfig"
+    "fixture/UpdateFirewallConfig.yaml"
+
+requestUpdateFirewallDomains :: UpdateFirewallDomains -> TestTree
+requestUpdateFirewallDomains =
+  req
+    "UpdateFirewallDomains"
+    "fixture/UpdateFirewallDomains.yaml"
+
+requestUpdateFirewallRule :: UpdateFirewallRule -> TestTree
+requestUpdateFirewallRule =
+  req
+    "UpdateFirewallRule"
+    "fixture/UpdateFirewallRule.yaml"
+
+requestUpdateFirewallRuleGroupAssociation :: UpdateFirewallRuleGroupAssociation -> TestTree
+requestUpdateFirewallRuleGroupAssociation =
+  req
+    "UpdateFirewallRuleGroupAssociation"
+    "fixture/UpdateFirewallRuleGroupAssociation.yaml"
+
+requestUpdateResolverConfig :: UpdateResolverConfig -> TestTree
+requestUpdateResolverConfig =
+  req
+    "UpdateResolverConfig"
+    "fixture/UpdateResolverConfig.yaml"
+
+requestUpdateResolverDnssecConfig :: UpdateResolverDnssecConfig -> TestTree
+requestUpdateResolverDnssecConfig =
+  req
+    "UpdateResolverDnssecConfig"
+    "fixture/UpdateResolverDnssecConfig.yaml"
+
+requestUpdateResolverEndpoint :: UpdateResolverEndpoint -> TestTree
+requestUpdateResolverEndpoint =
+  req
+    "UpdateResolverEndpoint"
+    "fixture/UpdateResolverEndpoint.yaml"
+
+requestUpdateResolverRule :: UpdateResolverRule -> TestTree
+requestUpdateResolverRule =
+  req
+    "UpdateResolverRule"
+    "fixture/UpdateResolverRule.yaml"
+
+-- Responses
+
+responseAssociateFirewallRuleGroup :: AssociateFirewallRuleGroupResponse -> TestTree
+responseAssociateFirewallRuleGroup =
+  res
+    "AssociateFirewallRuleGroupResponse"
+    "fixture/AssociateFirewallRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateFirewallRuleGroup)
+
+responseAssociateResolverEndpointIpAddress :: AssociateResolverEndpointIpAddressResponse -> TestTree
+responseAssociateResolverEndpointIpAddress =
+  res
+    "AssociateResolverEndpointIpAddressResponse"
+    "fixture/AssociateResolverEndpointIpAddressResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateResolverEndpointIpAddress)
+
+responseAssociateResolverQueryLogConfig :: AssociateResolverQueryLogConfigResponse -> TestTree
+responseAssociateResolverQueryLogConfig =
+  res
+    "AssociateResolverQueryLogConfigResponse"
+    "fixture/AssociateResolverQueryLogConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateResolverQueryLogConfig)
+
+responseAssociateResolverRule :: AssociateResolverRuleResponse -> TestTree
+responseAssociateResolverRule =
+  res
+    "AssociateResolverRuleResponse"
+    "fixture/AssociateResolverRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateResolverRule)
+
+responseCreateFirewallDomainList :: CreateFirewallDomainListResponse -> TestTree
+responseCreateFirewallDomainList =
+  res
+    "CreateFirewallDomainListResponse"
+    "fixture/CreateFirewallDomainListResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateFirewallDomainList)
+
+responseCreateFirewallRule :: CreateFirewallRuleResponse -> TestTree
+responseCreateFirewallRule =
+  res
+    "CreateFirewallRuleResponse"
+    "fixture/CreateFirewallRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateFirewallRule)
+
+responseCreateFirewallRuleGroup :: CreateFirewallRuleGroupResponse -> TestTree
+responseCreateFirewallRuleGroup =
+  res
+    "CreateFirewallRuleGroupResponse"
+    "fixture/CreateFirewallRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateFirewallRuleGroup)
+
+responseCreateResolverEndpoint :: CreateResolverEndpointResponse -> TestTree
+responseCreateResolverEndpoint =
+  res
+    "CreateResolverEndpointResponse"
+    "fixture/CreateResolverEndpointResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateResolverEndpoint)
+
+responseCreateResolverQueryLogConfig :: CreateResolverQueryLogConfigResponse -> TestTree
+responseCreateResolverQueryLogConfig =
+  res
+    "CreateResolverQueryLogConfigResponse"
+    "fixture/CreateResolverQueryLogConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateResolverQueryLogConfig)
+
+responseCreateResolverRule :: CreateResolverRuleResponse -> TestTree
+responseCreateResolverRule =
+  res
+    "CreateResolverRuleResponse"
+    "fixture/CreateResolverRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateResolverRule)
+
+responseDeleteFirewallDomainList :: DeleteFirewallDomainListResponse -> TestTree
+responseDeleteFirewallDomainList =
+  res
+    "DeleteFirewallDomainListResponse"
+    "fixture/DeleteFirewallDomainListResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteFirewallDomainList)
+
+responseDeleteFirewallRule :: DeleteFirewallRuleResponse -> TestTree
+responseDeleteFirewallRule =
+  res
+    "DeleteFirewallRuleResponse"
+    "fixture/DeleteFirewallRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteFirewallRule)
+
+responseDeleteFirewallRuleGroup :: DeleteFirewallRuleGroupResponse -> TestTree
+responseDeleteFirewallRuleGroup =
+  res
+    "DeleteFirewallRuleGroupResponse"
+    "fixture/DeleteFirewallRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteFirewallRuleGroup)
+
+responseDeleteResolverEndpoint :: DeleteResolverEndpointResponse -> TestTree
+responseDeleteResolverEndpoint =
+  res
+    "DeleteResolverEndpointResponse"
+    "fixture/DeleteResolverEndpointResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteResolverEndpoint)
+
+responseDeleteResolverQueryLogConfig :: DeleteResolverQueryLogConfigResponse -> TestTree
+responseDeleteResolverQueryLogConfig =
+  res
+    "DeleteResolverQueryLogConfigResponse"
+    "fixture/DeleteResolverQueryLogConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteResolverQueryLogConfig)
+
+responseDeleteResolverRule :: DeleteResolverRuleResponse -> TestTree
+responseDeleteResolverRule =
+  res
+    "DeleteResolverRuleResponse"
+    "fixture/DeleteResolverRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteResolverRule)
+
+responseDisassociateFirewallRuleGroup :: DisassociateFirewallRuleGroupResponse -> TestTree
+responseDisassociateFirewallRuleGroup =
+  res
+    "DisassociateFirewallRuleGroupResponse"
+    "fixture/DisassociateFirewallRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateFirewallRuleGroup)
+
+responseDisassociateResolverEndpointIpAddress :: DisassociateResolverEndpointIpAddressResponse -> TestTree
+responseDisassociateResolverEndpointIpAddress =
+  res
+    "DisassociateResolverEndpointIpAddressResponse"
+    "fixture/DisassociateResolverEndpointIpAddressResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateResolverEndpointIpAddress)
+
+responseDisassociateResolverQueryLogConfig :: DisassociateResolverQueryLogConfigResponse -> TestTree
+responseDisassociateResolverQueryLogConfig =
+  res
+    "DisassociateResolverQueryLogConfigResponse"
+    "fixture/DisassociateResolverQueryLogConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateResolverQueryLogConfig)
+
+responseDisassociateResolverRule :: DisassociateResolverRuleResponse -> TestTree
+responseDisassociateResolverRule =
+  res
+    "DisassociateResolverRuleResponse"
+    "fixture/DisassociateResolverRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateResolverRule)
+
+responseGetFirewallConfig :: GetFirewallConfigResponse -> TestTree
+responseGetFirewallConfig =
+  res
+    "GetFirewallConfigResponse"
+    "fixture/GetFirewallConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFirewallConfig)
+
+responseGetFirewallDomainList :: GetFirewallDomainListResponse -> TestTree
+responseGetFirewallDomainList =
+  res
+    "GetFirewallDomainListResponse"
+    "fixture/GetFirewallDomainListResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFirewallDomainList)
+
+responseGetFirewallRuleGroup :: GetFirewallRuleGroupResponse -> TestTree
+responseGetFirewallRuleGroup =
+  res
+    "GetFirewallRuleGroupResponse"
+    "fixture/GetFirewallRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFirewallRuleGroup)
+
+responseGetFirewallRuleGroupAssociation :: GetFirewallRuleGroupAssociationResponse -> TestTree
+responseGetFirewallRuleGroupAssociation =
+  res
+    "GetFirewallRuleGroupAssociationResponse"
+    "fixture/GetFirewallRuleGroupAssociationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFirewallRuleGroupAssociation)
+
+responseGetFirewallRuleGroupPolicy :: GetFirewallRuleGroupPolicyResponse -> TestTree
+responseGetFirewallRuleGroupPolicy =
+  res
+    "GetFirewallRuleGroupPolicyResponse"
+    "fixture/GetFirewallRuleGroupPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetFirewallRuleGroupPolicy)
+
+responseGetResolverConfig :: GetResolverConfigResponse -> TestTree
+responseGetResolverConfig =
+  res
+    "GetResolverConfigResponse"
+    "fixture/GetResolverConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverConfig)
+
+responseGetResolverDnssecConfig :: GetResolverDnssecConfigResponse -> TestTree
+responseGetResolverDnssecConfig =
+  res
+    "GetResolverDnssecConfigResponse"
+    "fixture/GetResolverDnssecConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverDnssecConfig)
+
+responseGetResolverEndpoint :: GetResolverEndpointResponse -> TestTree
+responseGetResolverEndpoint =
+  res
+    "GetResolverEndpointResponse"
+    "fixture/GetResolverEndpointResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverEndpoint)
+
+responseGetResolverQueryLogConfig :: GetResolverQueryLogConfigResponse -> TestTree
+responseGetResolverQueryLogConfig =
+  res
+    "GetResolverQueryLogConfigResponse"
+    "fixture/GetResolverQueryLogConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverQueryLogConfig)
+
+responseGetResolverQueryLogConfigAssociation :: GetResolverQueryLogConfigAssociationResponse -> TestTree
+responseGetResolverQueryLogConfigAssociation =
+  res
+    "GetResolverQueryLogConfigAssociationResponse"
+    "fixture/GetResolverQueryLogConfigAssociationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverQueryLogConfigAssociation)
+
+responseGetResolverQueryLogConfigPolicy :: GetResolverQueryLogConfigPolicyResponse -> TestTree
+responseGetResolverQueryLogConfigPolicy =
+  res
+    "GetResolverQueryLogConfigPolicyResponse"
+    "fixture/GetResolverQueryLogConfigPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverQueryLogConfigPolicy)
+
+responseGetResolverRule :: GetResolverRuleResponse -> TestTree
+responseGetResolverRule =
+  res
+    "GetResolverRuleResponse"
+    "fixture/GetResolverRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverRule)
+
+responseGetResolverRuleAssociation :: GetResolverRuleAssociationResponse -> TestTree
+responseGetResolverRuleAssociation =
+  res
+    "GetResolverRuleAssociationResponse"
+    "fixture/GetResolverRuleAssociationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverRuleAssociation)
+
+responseGetResolverRulePolicy :: GetResolverRulePolicyResponse -> TestTree
+responseGetResolverRulePolicy =
+  res
+    "GetResolverRulePolicyResponse"
+    "fixture/GetResolverRulePolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetResolverRulePolicy)
+
+responseImportFirewallDomains :: ImportFirewallDomainsResponse -> TestTree
+responseImportFirewallDomains =
+  res
+    "ImportFirewallDomainsResponse"
+    "fixture/ImportFirewallDomainsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ImportFirewallDomains)
+
+responseListFirewallConfigs :: ListFirewallConfigsResponse -> TestTree
+responseListFirewallConfigs =
+  res
+    "ListFirewallConfigsResponse"
+    "fixture/ListFirewallConfigsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFirewallConfigs)
+
+responseListFirewallDomainLists :: ListFirewallDomainListsResponse -> TestTree
+responseListFirewallDomainLists =
+  res
+    "ListFirewallDomainListsResponse"
+    "fixture/ListFirewallDomainListsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFirewallDomainLists)
+
+responseListFirewallDomains :: ListFirewallDomainsResponse -> TestTree
+responseListFirewallDomains =
+  res
+    "ListFirewallDomainsResponse"
+    "fixture/ListFirewallDomainsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFirewallDomains)
+
+responseListFirewallRuleGroupAssociations :: ListFirewallRuleGroupAssociationsResponse -> TestTree
+responseListFirewallRuleGroupAssociations =
+  res
+    "ListFirewallRuleGroupAssociationsResponse"
+    "fixture/ListFirewallRuleGroupAssociationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFirewallRuleGroupAssociations)
+
+responseListFirewallRuleGroups :: ListFirewallRuleGroupsResponse -> TestTree
+responseListFirewallRuleGroups =
+  res
+    "ListFirewallRuleGroupsResponse"
+    "fixture/ListFirewallRuleGroupsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFirewallRuleGroups)
+
+responseListFirewallRules :: ListFirewallRulesResponse -> TestTree
+responseListFirewallRules =
+  res
+    "ListFirewallRulesResponse"
+    "fixture/ListFirewallRulesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListFirewallRules)
+
+responseListResolverConfigs :: ListResolverConfigsResponse -> TestTree
+responseListResolverConfigs =
+  res
+    "ListResolverConfigsResponse"
+    "fixture/ListResolverConfigsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverConfigs)
+
+responseListResolverDnssecConfigs :: ListResolverDnssecConfigsResponse -> TestTree
+responseListResolverDnssecConfigs =
+  res
+    "ListResolverDnssecConfigsResponse"
+    "fixture/ListResolverDnssecConfigsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverDnssecConfigs)
+
+responseListResolverEndpointIpAddresses :: ListResolverEndpointIpAddressesResponse -> TestTree
+responseListResolverEndpointIpAddresses =
+  res
+    "ListResolverEndpointIpAddressesResponse"
+    "fixture/ListResolverEndpointIpAddressesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverEndpointIpAddresses)
+
+responseListResolverEndpoints :: ListResolverEndpointsResponse -> TestTree
+responseListResolverEndpoints =
+  res
+    "ListResolverEndpointsResponse"
+    "fixture/ListResolverEndpointsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverEndpoints)
+
+responseListResolverQueryLogConfigAssociations :: ListResolverQueryLogConfigAssociationsResponse -> TestTree
+responseListResolverQueryLogConfigAssociations =
+  res
+    "ListResolverQueryLogConfigAssociationsResponse"
+    "fixture/ListResolverQueryLogConfigAssociationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverQueryLogConfigAssociations)
+
+responseListResolverQueryLogConfigs :: ListResolverQueryLogConfigsResponse -> TestTree
+responseListResolverQueryLogConfigs =
+  res
+    "ListResolverQueryLogConfigsResponse"
+    "fixture/ListResolverQueryLogConfigsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverQueryLogConfigs)
+
+responseListResolverRuleAssociations :: ListResolverRuleAssociationsResponse -> TestTree
+responseListResolverRuleAssociations =
+  res
+    "ListResolverRuleAssociationsResponse"
+    "fixture/ListResolverRuleAssociationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverRuleAssociations)
+
+responseListResolverRules :: ListResolverRulesResponse -> TestTree
+responseListResolverRules =
+  res
+    "ListResolverRulesResponse"
+    "fixture/ListResolverRulesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResolverRules)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responsePutFirewallRuleGroupPolicy :: PutFirewallRuleGroupPolicyResponse -> TestTree
+responsePutFirewallRuleGroupPolicy =
+  res
+    "PutFirewallRuleGroupPolicyResponse"
+    "fixture/PutFirewallRuleGroupPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutFirewallRuleGroupPolicy)
+
+responsePutResolverQueryLogConfigPolicy :: PutResolverQueryLogConfigPolicyResponse -> TestTree
+responsePutResolverQueryLogConfigPolicy =
+  res
+    "PutResolverQueryLogConfigPolicyResponse"
+    "fixture/PutResolverQueryLogConfigPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutResolverQueryLogConfigPolicy)
+
+responsePutResolverRulePolicy :: PutResolverRulePolicyResponse -> TestTree
+responsePutResolverRulePolicy =
+  res
+    "PutResolverRulePolicyResponse"
+    "fixture/PutResolverRulePolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutResolverRulePolicy)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateFirewallConfig :: UpdateFirewallConfigResponse -> TestTree
+responseUpdateFirewallConfig =
+  res
+    "UpdateFirewallConfigResponse"
+    "fixture/UpdateFirewallConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallConfig)
+
+responseUpdateFirewallDomains :: UpdateFirewallDomainsResponse -> TestTree
+responseUpdateFirewallDomains =
+  res
+    "UpdateFirewallDomainsResponse"
+    "fixture/UpdateFirewallDomainsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallDomains)
+
+responseUpdateFirewallRule :: UpdateFirewallRuleResponse -> TestTree
+responseUpdateFirewallRule =
+  res
+    "UpdateFirewallRuleResponse"
+    "fixture/UpdateFirewallRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallRule)
+
+responseUpdateFirewallRuleGroupAssociation :: UpdateFirewallRuleGroupAssociationResponse -> TestTree
+responseUpdateFirewallRuleGroupAssociation =
+  res
+    "UpdateFirewallRuleGroupAssociationResponse"
+    "fixture/UpdateFirewallRuleGroupAssociationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallRuleGroupAssociation)
+
+responseUpdateResolverConfig :: UpdateResolverConfigResponse -> TestTree
+responseUpdateResolverConfig =
+  res
+    "UpdateResolverConfigResponse"
+    "fixture/UpdateResolverConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateResolverConfig)
+
+responseUpdateResolverDnssecConfig :: UpdateResolverDnssecConfigResponse -> TestTree
+responseUpdateResolverDnssecConfig =
+  res
+    "UpdateResolverDnssecConfigResponse"
+    "fixture/UpdateResolverDnssecConfigResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateResolverDnssecConfig)
+
+responseUpdateResolverEndpoint :: UpdateResolverEndpointResponse -> TestTree
+responseUpdateResolverEndpoint =
+  res
+    "UpdateResolverEndpointResponse"
+    "fixture/UpdateResolverEndpointResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateResolverEndpoint)
+
+responseUpdateResolverRule :: UpdateResolverRuleResponse -> TestTree
+responseUpdateResolverRule =
+  res
+    "UpdateResolverRuleResponse"
+    "fixture/UpdateResolverRuleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateResolverRule)
diff --git a/test/Test/Amazonka/Route53Resolver.hs b/test/Test/Amazonka/Route53Resolver.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Route53Resolver.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.Route53Resolver
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Route53Resolver
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/Route53Resolver/Internal.hs b/test/Test/Amazonka/Route53Resolver/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Route53Resolver/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.Route53Resolver.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Route53Resolver.Internal where
